From 1419d4887aab3a8f7beeddeff7ec3ba7a22b70c0 Mon Sep 17 00:00:00 2001
From: Huang Yaming <yumminhuang@gmail.com>
Date: Fri, 27 Mar 2020 14:49:52 +0800
Subject: [PATCH] Ignore imported ACM Certificate in check_extra724

---
 checks/check_extra724 | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/checks/check_extra724 b/checks/check_extra724
index 068a07d2..bb750855 100644
--- a/checks/check_extra724
+++ b/checks/check_extra724
@@ -24,10 +24,16 @@ extra724(){
       for cert_arn in $LIST_OF_CERTS;do
         CT_ENABLED=$($AWSCLI acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.Options.CertificateTransparencyLoggingPreference --output text)
         CERT_DOMAIN_NAME=$(aws acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.DomainName --output text)
-        if [[ $CT_ENABLED == "ENABLED" ]];then
-          textPass "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging enabled!" "$regx"
+        CERT_TYPE=$(aws acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.Type --output text)
+        if [[ $CERT_TYPE == "IMPORTED" ]];then
+          # Ignore imported certificate
+          textInfo "$regx: ACM Certificate $CERT_DOMAIN_NAME is imported." "$regx"
         else
-          textFail "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging disabled!" "$regx"
+          if [[ $CT_ENABLED == "ENABLED" ]];then
+            textPass "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging enabled!" "$regx"
+          else
+            textFail "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging disabled!" "$regx"
+          fi
         fi
       done
     else