diff --git a/.github/scripts/samples-linters/ignore-list/terraform b/.github/scripts/samples-linters/ignore-list/terraform
index c6627976e1f..eeec02f3fcf 100644
--- a/.github/scripts/samples-linters/ignore-list/terraform
+++ b/.github/scripts/samples-linters/ignore-list/terraform
@@ -8,3 +8,5 @@ assets/queries/terraform/aws/hardcoded_aws_access_key/test/positive.tf
 assets/queries/terraform/aws/hardcoded_aws_access_key/test/negative.tf
 assets/queries/terraform/aws/iam_role_allows_all_principals_to_assume/test/positive.tf
 assets/queries/terraform/aws/iam_role_allows_all_principals_to_assume/test/negative.tf
+assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/positive2.tf
+assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/negative2.tf
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/metadata.json b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/metadata.json
new file mode 100644
index 00000000000..95e1fd20fff
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/metadata.json
@@ -0,0 +1,9 @@
+{
+  "id": "b16cdb37-ce15-4ab2-8401-d42b05d123fc",
+  "queryName": "API Gateway Without Configured Authorizer",
+  "severity": "MEDIUM",
+  "category": "Access Control",
+  "descriptionText": "API Gateway REST API should have an API Gateway Authorizer",
+  "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/aws_api_gateway_module.html",
+  "platform": "Ansible"
+}
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/query.rego b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/query.rego
new file mode 100644
index 00000000000..8f2aba41a68
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/query.rego
@@ -0,0 +1,74 @@
+package Cx
+
+import data.generic.ansible as ansLib
+
+modules := {"community.aws.aws_api_gateway", "aws_api_gateway"}
+
+CxPolicy[result] {
+	task := ansLib.tasks[id][t]
+
+	apiGateway := task[modules[m]]
+	ansLib.checkState(apiGateway)
+
+	content_info := get_content(apiGateway)
+
+	object.get(content_info.content.components.securitySchemes[x], "x-amazon-apigateway-authorizer", "undefined") == "undefined"
+
+	result := {
+		"documentId": id,
+		"searchKey": sprintf("name={{%s}}.{{%s}}.%s", [task.name, modules[m], content_info.attribute]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": sprintf("'%s.%s' has a authorizer set", [modules[m], content_info.attribute]),
+		"keyActualValue": sprintf("'%s.%s' does not have a authorizer set", [modules[m], content_info.attribute]),
+	}
+}
+
+CxPolicy[result] {
+	task := ansLib.tasks[id][t]
+
+	apiGateway := task[modules[m]]
+	ansLib.checkState(apiGateway)
+
+	text := apiGateway.swagger_text
+
+	not contains(text, "x-amazon-apigateway-authorizer")
+
+	result := {
+		"documentId": id,
+		"searchKey": sprintf("name={{%s}}.{{%s}}.swagger_text", [task.name, modules[m]]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": sprintf("'%s.swagger_text' has a authorizer set", [modules[m]]),
+		"keyActualValue": sprintf("'%s.swagger_text' does not have a authorizer set", [modules[m]]),
+	}
+}
+
+CxPolicy[result] {
+	task := ansLib.tasks[id][t]
+
+	apiGateway := task[modules[m]]
+	ansLib.checkState(apiGateway)
+
+	without_authorizer(apiGateway)
+
+	result := {
+		"documentId": id,
+		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": sprintf("'%s' has swagger_file, swagger_text or swagger_dict set", [modules[m]]),
+		"keyActualValue": sprintf("'%s' does not have swagger_file, swagger_text or swagger_dict set", [modules[m]]),
+	}
+}
+
+without_authorizer(apiGateway) {
+	object.get(apiGateway, "swagger_file", "undefined") == "undefined"
+	object.get(apiGateway, "swagger_text", "undefined") == "undefined"
+	object.get(apiGateway, "swagger_dict", "undefined") == "undefined"
+}
+
+get_content(apiGateway) = content_info {
+	content := apiGateway.swagger_file.content
+	content_info := {"content": content, "attribute": "swagger_file"}
+} else = content_info {
+	content := apiGateway.swagger_dict
+	content_info := {"content": content, "attribute": "swagger_dict"}
+}
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/negative1.yaml b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/negative1.yaml
new file mode 100644
index 00000000000..bbbf5f2e87c
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/negative1.yaml
@@ -0,0 +1,9 @@
+- name: Setup AWS API Gateway setup on AWS and deploy API definition3
+  community.aws.aws_api_gateway:
+    swagger_file: swaggerFile.yaml
+    stage: production
+    cache_enabled: true
+    cache_size: "1.6"
+    tracing_enabled: true
+    endpoint_type: EDGE
+    state: present
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/negative2.yaml b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/negative2.yaml
new file mode 100644
index 00000000000..b7dd522761f
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/negative2.yaml
@@ -0,0 +1,39 @@
+- name: Setup AWS API Gateway setup on AWS and deploy API definition22222
+  community.aws.aws_api_gateway:
+    swagger_dict:
+      {
+        "openapi": "3.0.0",
+        "info":
+          {
+            "title": "Simple API Overview",
+            "version": "1.0.0",
+            "contact": { "name": "contact", "email": "user@gmail.com" },
+          },
+        "components":
+          {
+            "securitySchemes":
+              {
+                "request_authorizer_single_stagevar":
+                  {
+                    "type": "apiKey",
+                    "name": "Unused",
+                    "in": "header",
+                    "x-amazon-apigateway-authtype": "custom",
+                    "x-amazon-apigateway-authorizer":
+                      {
+                        "type": "request",
+                        "identitySource": "stageVariables.stage",
+                        "authorizerCredentials": "arn:aws:iam::123456789012:role/AWSepIntegTest-CS-LambdaRole",
+                        "authorizerUri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789012:function:APIGateway-Request-Authorizer:vtwo/invocations",
+                        "authorizerResultTtlInSeconds": 300,
+                      },
+                  },
+              },
+          },
+      }
+    stage: production
+    cache_enabled: true
+    cache_size: "1.6"
+    tracing_enabled: true
+    endpoint_type: EDGE
+    state: present
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/negative3.yaml b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/negative3.yaml
new file mode 100644
index 00000000000..a3c62e5567f
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/negative3.yaml
@@ -0,0 +1,27 @@
+- name: Setup AWS API Gateway setup on AWS and deploy API 222
+  aws_api_gateway:
+    swagger_text: |
+      openapi: 3.0.0
+      info:
+        title: Sample API
+        description: Optional multiline or single-line description
+        version: 0.1.9
+      components:
+        securitySchemes:
+          request_authorizer_single_stagevar:
+            type: apiKey
+            name: Unused
+            in: header
+            x-amazon-apigateway-authtype: custom
+            x-amazon-apigateway-authorizer:
+              type: request
+              identitySource: stageVariables.stage
+              authorizerCredentials: arn:aws:iam::123456789012:role/AWSepIntegTest-CS-LambdaRole
+              authorizerUri: arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789012:function:APIGateway-Request-Authorizer:vtwo/invocations
+              authorizerResultTtlInSeconds: 300
+          stage: production
+    cache_enabled: true
+    cache_size: "1.6"
+    tracing_enabled: true
+    endpoint_type: EDGE
+    state: present
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive1.yaml b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive1.yaml
new file mode 100644
index 00000000000..a11620fd9fe
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive1.yaml
@@ -0,0 +1,31 @@
+- name: Setup AWS API Gateway setup on AWS and deploy API definition
+  community.aws.aws_api_gateway:
+    swagger_dict:
+      {
+        "openapi": "3.0.0",
+        "info":
+          {
+            "title": "Simple API Overview",
+            "version": "1.0.0",
+            "contact": { "name": "contact", "email": "user@gmail.com" },
+          },
+        "components":
+          {
+            "securitySchemes":
+              {
+                "request_authorizer_single_stagevar":
+                  {
+                    "type": "apiKey",
+                    "name": "Unused",
+                    "in": "header",
+                    "x-amazon-apigateway-authtype": "custom",
+                  },
+              },
+          },
+      }
+    stage: production
+    cache_enabled: true
+    cache_size: "1.6"
+    tracing_enabled: true
+    endpoint_type: EDGE
+    state: present
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive2.yaml b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive2.yaml
new file mode 100644
index 00000000000..02bda10e03c
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive2.yaml
@@ -0,0 +1,8 @@
+- name: Setup AWS API Gateway setup on AWS and deploy API definition2
+  aws_api_gateway:
+    stage: production
+    cache_enabled: true
+    cache_size: "1.6"
+    tracing_enabled: true
+    endpoint_type: EDGE
+    state: present
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive3.yaml b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive3.yaml
new file mode 100644
index 00000000000..bbafe30800f
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive3.yaml
@@ -0,0 +1,9 @@
+- name: Setup AWS API Gateway setup on AWS and deploy API 222
+  aws_api_gateway:
+    swagger_file: swaggerFileWithoutAuthorizer.json
+    stage: production
+    cache_enabled: true
+    cache_size: "1.6"
+    tracing_enabled: true
+    endpoint_type: EDGE
+    state: present
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive4.yaml b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive4.yaml
new file mode 100644
index 00000000000..78b8705b6a3
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive4.yaml
@@ -0,0 +1,21 @@
+- name: Setup AWS API Gateway setup on AWS and deploy API 222
+  aws_api_gateway:
+    swagger_text: |
+      openapi: 3.0.0
+      info:
+        title: Sample API
+        description: Optional multiline or single-line description
+        version: 0.1.9
+      components:
+        ssecuritySchemes:
+          request_authorizer_single_stagevar:
+            type: apiKey
+            name: Unused
+            in: header
+            x-amazon-apigateway-authtype: custom
+    stage: production
+    cache_enabled: true
+    cache_size: "1.6"
+    tracing_enabled: true
+    endpoint_type: EDGE
+    state: present
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive_expected_result.json b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive_expected_result.json
new file mode 100644
index 00000000000..9be124eee7b
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/positive_expected_result.json
@@ -0,0 +1,26 @@
+[
+  {
+    "queryName": "API Gateway Without Configured Authorizer",
+    "severity": "MEDIUM",
+    "line": 3,
+    "fileName": "positive1.yaml"
+  },
+  {
+    "queryName": "API Gateway Without Configured Authorizer",
+    "severity": "MEDIUM",
+    "line": 2,
+    "fileName": "positive2.yaml"
+  },
+  {
+    "queryName": "API Gateway Without Configured Authorizer",
+    "severity": "MEDIUM",
+    "line": 3,
+    "fileName": "positive3.yaml"
+  },
+  {
+    "queryName": "API Gateway Without Configured Authorizer",
+    "severity": "MEDIUM",
+    "line": 3,
+    "fileName": "positive4.yaml"
+  }
+]
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFile.json b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFile.json
new file mode 100644
index 00000000000..14250814e2d
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFile.json
@@ -0,0 +1,28 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Simple API Overview",
+    "version": "1.0.0",
+    "contact": {
+      "name": "contact",
+      "email": "user@gmail.com"
+    }
+  },
+  "components": {
+    "securitySchemes": {
+      "request_authorizer_single_stagevar": {
+        "type": "apiKey",
+        "name": "Unused",
+        "in": "header",
+        "x-amazon-apigateway-authtype": "custom",
+        "x-amazon-apigateway-authorizer": {
+          "type": "request",
+          "identitySource": "stageVariables.stage",
+          "authorizerCredentials": "arn:aws:iam::123456789012:role/AWSepIntegTest-CS-LambdaRole",
+          "authorizerUri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789012:function:APIGateway-Request-Authorizer:vtwo/invocations",
+          "authorizerResultTtlInSeconds": 300
+        }
+      }
+    }
+  }
+}
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFile.yaml b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFile.yaml
new file mode 100644
index 00000000000..3b39968fb2d
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFile.yaml
@@ -0,0 +1,20 @@
+openapi: 3.0.0
+info:
+  title: Simple API Overview
+  version: 1.0.0
+  contact:
+    name: contact
+    email: user@gmail.com
+components:
+  securitySchemes:
+    request_authorizer_single_stagevar:
+      type: apiKey
+      name: Unused
+      in: header
+      x-amazon-apigateway-authtype: custom
+      x-amazon-apigateway-authorizer:
+        type: request
+        identitySource: stageVariables.stage
+        authorizerCredentials: arn:aws:iam::123456789012:role/AWSepIntegTest-CS-LambdaRole
+        authorizerUri: arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789012:function:APIGateway-Request-Authorizer:vtwo/invocations
+        authorizerResultTtlInSeconds: 300
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFileWithoutAuthorizer.json b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFileWithoutAuthorizer.json
new file mode 100644
index 00000000000..53ff6fafe27
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFileWithoutAuthorizer.json
@@ -0,0 +1,21 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Simple API Overview",
+    "version": "1.0.0",
+    "contact": {
+      "name": "contact",
+      "email": "user@gmail.com"
+    }
+  },
+  "components": {
+    "securitySchemes": {
+      "request_authorizer_single_stagevar": {
+        "type": "apiKey",
+        "name": "Unused",
+        "in": "header",
+        "x-amazon-apigateway-authtype": "custom"
+      }
+    }
+  }
+}
diff --git a/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFileWithoutAuthorizer.yaml b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFileWithoutAuthorizer.yaml
new file mode 100644
index 00000000000..bad729ab3a4
--- /dev/null
+++ b/assets/queries/ansible/aws/api_gateway_without_configured_authorizer/test/swaggerFileWithoutAuthorizer.yaml
@@ -0,0 +1,14 @@
+openapi: 3.0.0
+info:
+  title: Simple API Overview
+  version: 1.0.0
+  contact:
+    name: contact
+    email: user@gmail.com
+components:
+  securitySchemes:
+    request_authorizer_single_stagevar:
+      type: apiKey
+      name: Unused
+      in: header
+      x-amazon-apigateway-authtype: custom
diff --git a/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/metadata.json b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/metadata.json
new file mode 100644
index 00000000000..75458eb863a
--- /dev/null
+++ b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/metadata.json
@@ -0,0 +1,9 @@
+{
+  "id": "d5ec2080-340a-4259-b885-f833c4ea6a31",
+  "queryName": "Certificate RSA Key Bytes Lower Than 128",
+  "severity": "MEDIUM",
+  "category": "Insecure Configurations",
+  "descriptionText": "The certificate should use a RSA key with length higher than 128 bytes",
+  "descriptionUrl": "https://docs.ansible.com/ansible/2.10/collections/community/aws/aws_acm_module.html",
+  "platform": "Ansible"
+}
diff --git a/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/query.rego b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/query.rego
new file mode 100644
index 00000000000..1ba1252bcad
--- /dev/null
+++ b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/query.rego
@@ -0,0 +1,20 @@
+package Cx
+
+import data.generic.ansible as ansLib
+
+CxPolicy[result] {
+	task := ansLib.tasks[id][t]
+
+	acm := task["community.aws.aws_acm"]
+	ansLib.checkState(acm)
+
+	acm.certificate.rsa_key_bytes <= 128
+
+	result := {
+		"documentId": id,
+		"searchKey": sprintf("name={{%s}}.community.aws.aws_acm.certificate", [task.name]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": "'community.aws.aws_acm.certificate' uses a RSA key with length higher than 128 bytes",
+		"keyActualValue": "'community.aws.aws_acm.certificate' does not use a RSA key with length higher than 128 bytes",
+	}
+}
diff --git a/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/negative.yaml b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/negative.yaml
new file mode 100644
index 00000000000..362aa36b09d
--- /dev/null
+++ b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/negative.yaml
@@ -0,0 +1,6 @@
+- name: upload a self-signed certificate2
+  community.aws.aws_acm:
+    certificate: "{{ lookup('file', 'rsa4096.pem' ) }}"
+    privateKey: "{{ lookup('file', 'key.pem' ) }}"
+    name_tag: my_cert
+    region: ap-southeast-2
diff --git a/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/positive.yaml b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/positive.yaml
new file mode 100644
index 00000000000..69f4a0951d2
--- /dev/null
+++ b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/positive.yaml
@@ -0,0 +1,6 @@
+- name: upload a self-signed certificate
+  community.aws.aws_acm:
+    certificate: "{{ lookup('file', 'rsa1024.pem' ) }}"
+    privateKey: "{{ lookup('file', 'key.pem' ) }}"
+    name_tag: my_cert
+    region: ap-southeast-2
diff --git a/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/positive_expected_result.json b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/positive_expected_result.json
new file mode 100644
index 00000000000..ed87502888b
--- /dev/null
+++ b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/positive_expected_result.json
@@ -0,0 +1,7 @@
+[
+  {
+    "queryName": "Certificate RSA Key Bytes Lower Than 128",
+    "severity": "MEDIUM",
+    "line": 3
+  }
+]
diff --git a/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa1024.pem b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa1024.pem
new file mode 100644
index 00000000000..c9a7d7130a7
--- /dev/null
+++ b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAWYCCQDK5QPVVgU3jzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJV
+UzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU2FuIE1hdGVvMQswCQYD
+VQQKEwJTTDAeFw0xNDAxMzExODQzNTFaFw0xNDAzMDIxODQzNTFaMEMxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTYW4gTWF0ZW8x
+CzAJBgNVBAoTAlNMMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+kN7aXyge
+Op2/bB+GrER7AiTQuizpwK19whemmFTtsu79JgWSADkdUfhPeJrmBPHJnhGWskLU
+oWyqLYM1GCfDNAyojmyW9ZFwCCiLaUuHn+Usg7+vdcKIGV8MKWrjojtlQatsLa2K
+01v9CWbaJz9p0VNLUw1l9yh5TZQCroo87QIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
+AKAEe950tCwT7ysq6KvlEDLrYu9wqjgd/VaXub6TX/HOT5n5naxoOJJpDDuTfUhX
+KmBl3hpm6zvSDCr4X40LIZJVIoKvLmJwkVZ8Ywk10v6qRRRx9djycB2AYPBmXUIX
+IaVfh2k2z6Kg191s7BKZREw0xRQh4giNKls9FsiZeM8E
+-----END CERTIFICATE-----
diff --git a/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa4096.pem b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa4096.pem
new file mode 100644
index 00000000000..b933f0af2fb
--- /dev/null
+++ b/assets/queries/ansible/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa4096.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGATCCA+mgAwIBAgIUb+H4vxoPrTBNHrxhUNBE0kyE0r4wDQYJKoZIhvcNAQEL
+BQAwgY8xCzAJBgNVBAYTAlBUMQ4wDAYDVQQIDAVCUkFHQTEOMAwGA1UEBwwFQlJB
+R0ExEjAQBgNVBAoMCUNoZWNrbWFyeDENMAsGA1UECwwEU0FTVDEQMA4GA1UEAwwH
+UmFmYWVsYTErMCkGCSqGSIb3DQEJARYccmFmYWVsYS5zb2FyZXNAY2hlY2ttYXJ4
+LmNvbTAeFw0yMTAzMjcxMzU3MjJaFw0yMjAzMjcxMzU3MjJaMIGPMQswCQYDVQQG
+EwJQVDEOMAwGA1UECAwFQlJBR0ExDjAMBgNVBAcMBUJSQUdBMRIwEAYDVQQKDAlD
+aGVja21hcngxDTALBgNVBAsMBFNBU1QxEDAOBgNVBAMMB1JhZmFlbGExKzApBgkq
+hkiG9w0BCQEWHHJhZmFlbGEuc29hcmVzQGNoZWNrbWFyeC5jb20wggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQDD7P/FAvEi5vkA7CJdZrlCvNPDxmOUkAsZ
+foxcxtiJcjyN8CVIC2QMrnsn6aW1DQRGCq8BufhrE7NxsoZ9eLTXJjzra1ceWaIf
+hT8RcWZ9uphCDsPTEddJWhwROWzXUOZXABYRHoi/d+yXkX/GlYin+ioO4OIMTvtq
+/s/kr/R/7kKIclcY9fDzAGuql/IvhtTq5SQuPKfuR6xL5CTqZ5k6M5p6jlxgLEro
+xH5TtWhR7MBtpBWNM13JlfHg8rQ3Q9KyzIwH1rUPSraCOHK6xEupCU4jQV9kowME
+TY7vi6o5ozhQUYMdxpYCRDQh+9V6LYHNiGvWnGckA+aJb3mZ7oVv4skjuVlrKxg1
+2O+QxlNKMzJfEybb4Hnehrhgol+LbbyqJ5NwQo1BS5bKzEYeli2azxt8NbOFvCX3
+h+EDQzCaXChUbqoOLOXCMYdYmbv/pMr1EoZy+H7OUO4CzUOG070Hz7yyXu78YMRu
+DWR+9yUw/JBsxN/I+yI054Qk5jy4/dgGdFPkZQTGfIdt3LpqXEMQAgKUO8uqHzKP
+Tnkpz9PMCmL7ew69dWdJvg+Af4uo8JsosTGsAxK0u1c6attX4XMCBohtgnSvS/we
+kc7v2iOVnhTF7thuiKgz4n7CTlrGI9wqH54BaW1QoNEpJhQFXER2qv32a+OJ2zjg
+zmHeOwgeVwIDAQABo1MwUTAdBgNVHQ4EFgQUaH9p5gXeST//dYggU1u25At5kzMw
+HwYDVR0jBBgwFoAUaH9p5gXeST//dYggU1u25At5kzMwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAgEAUWMl402fIXS+l67cD3PSoT+75QNnG3rnHCRr
+KNo4tR/7ePujWujdsfSk3BAl/jueSU903EtLI87Y8AV9AK/WF6ZtP51vGyc9fHbK
+FjavZ3Vxqzr2Cq9c/AAnybhQpoQ/4ksXTw/QaNYBKttVSmoAK3bJI748lM6vqU4N
+53pYZu4i4Znt6EqvHoWX+Zx3Vj+xVzvZOd6+T+/eAkeSQQF9aUXVZs/emGVgSCSd
+eT4RETMm21cQqNSkjVA+kkGCOfkAxESfTyp47UVKVY/OLERg1E8y7RihnpFIdMHc
+tow2S/DHJzIdILw4dTvK4oCKyZ9bkQvrWWqyGR+TYtnqOgExKbXRUi5JjsYPuVp+
+XDC2NdFwIlo2oG6xlfaXRegyx5xwF8Yv8N5gD7IepN7RQrQq8Go+eO7PW9sDdni1
+EQEvJJ6CrnPQq9y2PTCO+D9CsQYBJp+fw075upi6yqty/jTqvov/oYqlsiOH9B47
+g9MKsgUeihfhJElTttAm7rMZRIX/pSE7i+2/aismp7mK7zMz0TbS+6oJEcRzUs9u
+V3CzIce6cV02dB91okjhXWtDpvfCg8rfHpWqk5kTLKnp5rqXYFqkgy2m4KaynCNN
+iCqYgdedrTmiNMoUCmf8XOfEZkxO7d0XS3NF89uwhrWwGeu+oFu9N7hX8f8QMq3m
+By4xx50=
+-----END CERTIFICATE-----
diff --git a/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/metadata.json b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/metadata.json
new file mode 100644
index 00000000000..5ac4b80b23d
--- /dev/null
+++ b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/metadata.json
@@ -0,0 +1,9 @@
+{
+  "id": "874d68a3-bfbe-4a4b-aaa0-9e74d7da634b",
+  "queryName": "Certificate RSA Key Bytes Lower Than 128",
+  "severity": "MEDIUM",
+  "category": "Insecure Configurations",
+  "descriptionText": "The certificate should use a RSA key with length higher than 128 bytes",
+  "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api",
+  "platform": "Terraform"
+}
diff --git a/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/query.rego b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/query.rego
new file mode 100644
index 00000000000..1f2af7a969b
--- /dev/null
+++ b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/query.rego
@@ -0,0 +1,19 @@
+package Cx
+
+CxPolicy[result] {
+	resource := input.document[i].resource[resourceType]
+
+	services := {"aws_api_gateway_domain_name", "aws_iam_server_certificate", "aws_acm_certificate"}
+
+	resourceType == services[_]
+
+	resource[name].certificate_body.rsa_key_bytes <= 128
+
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": sprintf("%s[%s].certificate_body", [resourceType, name]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": sprintf("%s[%s].certificate_body uses a RSA key with length higher than 128 bytes", [resourceType, name]),
+		"keyActualValue": sprintf("%s[%s].certificate_body does not use a RSA key with length higher than 128 bytes", [resourceType, name]),
+	}
+}
diff --git a/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/negative1.tf b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/negative1.tf
new file mode 100644
index 00000000000..7b6bb0f0217
--- /dev/null
+++ b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/negative1.tf
@@ -0,0 +1,4 @@
+resource "aws_api_gateway_domain_name" "example3" {
+  certificate_body = file("./rsa4096.pem")
+  domain_name     = "api.example.com"
+}
diff --git a/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/negative2.tf b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/negative2.tf
new file mode 100644
index 00000000000..902e0ee3fa6
--- /dev/null
+++ b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/negative2.tf
@@ -0,0 +1,10 @@
+resource "aws_iam_server_certificate" "test_cert22" {
+  name             = "some_test_cert"
+  certificate_body = file("./rsa4096.pem")
+  private_key      = <<EOF
+-----BEGIN RSA PRIVATE KEY-----
+[......] # cert contents
+-----END RSA PRIVATE KEY-----
+EOF
+}
+
diff --git a/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/positive1.tf b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/positive1.tf
new file mode 100644
index 00000000000..fc77f52029c
--- /dev/null
+++ b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/positive1.tf
@@ -0,0 +1,4 @@
+resource "aws_api_gateway_domain_name" "example" {
+  certificate_body = file("./rsa1024.pem")
+  domain_name     = "api.example.com"
+}
diff --git a/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/positive2.tf b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/positive2.tf
new file mode 100644
index 00000000000..05d6cc6f657
--- /dev/null
+++ b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/positive2.tf
@@ -0,0 +1,9 @@
+resource "aws_iam_server_certificate" "test_cert2" {
+  name             = "some_test_cert"
+  certificate_body = file("./rsa1024.pem")
+  private_key      = <<EOF
+-----BEGIN RSA PRIVATE KEY-----
+[......] # cert contents
+-----END RSA PRIVATE KEY-----
+EOF
+}
diff --git a/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/positive_expected_result.json b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/positive_expected_result.json
new file mode 100644
index 00000000000..c363ae27559
--- /dev/null
+++ b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/positive_expected_result.json
@@ -0,0 +1,14 @@
+[
+  {
+    "queryName": "Certificate RSA Key Bytes Lower Than 128",
+    "severity": "MEDIUM",
+    "line": 2,
+    "fileName": "positive1.tf"
+  },
+  {
+    "queryName": "Certificate RSA Key Bytes Lower Than 128",
+    "severity": "MEDIUM",
+    "line": 3,
+    "fileName": "positive2.tf"
+  }
+]
diff --git a/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa1024.pem b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa1024.pem
new file mode 100644
index 00000000000..c9a7d7130a7
--- /dev/null
+++ b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAWYCCQDK5QPVVgU3jzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJV
+UzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU2FuIE1hdGVvMQswCQYD
+VQQKEwJTTDAeFw0xNDAxMzExODQzNTFaFw0xNDAzMDIxODQzNTFaMEMxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTYW4gTWF0ZW8x
+CzAJBgNVBAoTAlNMMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+kN7aXyge
+Op2/bB+GrER7AiTQuizpwK19whemmFTtsu79JgWSADkdUfhPeJrmBPHJnhGWskLU
+oWyqLYM1GCfDNAyojmyW9ZFwCCiLaUuHn+Usg7+vdcKIGV8MKWrjojtlQatsLa2K
+01v9CWbaJz9p0VNLUw1l9yh5TZQCroo87QIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
+AKAEe950tCwT7ysq6KvlEDLrYu9wqjgd/VaXub6TX/HOT5n5naxoOJJpDDuTfUhX
+KmBl3hpm6zvSDCr4X40LIZJVIoKvLmJwkVZ8Ywk10v6qRRRx9djycB2AYPBmXUIX
+IaVfh2k2z6Kg191s7BKZREw0xRQh4giNKls9FsiZeM8E
+-----END CERTIFICATE-----
diff --git a/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa4096.pem b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa4096.pem
new file mode 100644
index 00000000000..b933f0af2fb
--- /dev/null
+++ b/assets/queries/terraform/aws/certificate_rsa_key_bytes_lower_than_128/test/rsa4096.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGATCCA+mgAwIBAgIUb+H4vxoPrTBNHrxhUNBE0kyE0r4wDQYJKoZIhvcNAQEL
+BQAwgY8xCzAJBgNVBAYTAlBUMQ4wDAYDVQQIDAVCUkFHQTEOMAwGA1UEBwwFQlJB
+R0ExEjAQBgNVBAoMCUNoZWNrbWFyeDENMAsGA1UECwwEU0FTVDEQMA4GA1UEAwwH
+UmFmYWVsYTErMCkGCSqGSIb3DQEJARYccmFmYWVsYS5zb2FyZXNAY2hlY2ttYXJ4
+LmNvbTAeFw0yMTAzMjcxMzU3MjJaFw0yMjAzMjcxMzU3MjJaMIGPMQswCQYDVQQG
+EwJQVDEOMAwGA1UECAwFQlJBR0ExDjAMBgNVBAcMBUJSQUdBMRIwEAYDVQQKDAlD
+aGVja21hcngxDTALBgNVBAsMBFNBU1QxEDAOBgNVBAMMB1JhZmFlbGExKzApBgkq
+hkiG9w0BCQEWHHJhZmFlbGEuc29hcmVzQGNoZWNrbWFyeC5jb20wggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQDD7P/FAvEi5vkA7CJdZrlCvNPDxmOUkAsZ
+foxcxtiJcjyN8CVIC2QMrnsn6aW1DQRGCq8BufhrE7NxsoZ9eLTXJjzra1ceWaIf
+hT8RcWZ9uphCDsPTEddJWhwROWzXUOZXABYRHoi/d+yXkX/GlYin+ioO4OIMTvtq
+/s/kr/R/7kKIclcY9fDzAGuql/IvhtTq5SQuPKfuR6xL5CTqZ5k6M5p6jlxgLEro
+xH5TtWhR7MBtpBWNM13JlfHg8rQ3Q9KyzIwH1rUPSraCOHK6xEupCU4jQV9kowME
+TY7vi6o5ozhQUYMdxpYCRDQh+9V6LYHNiGvWnGckA+aJb3mZ7oVv4skjuVlrKxg1
+2O+QxlNKMzJfEybb4Hnehrhgol+LbbyqJ5NwQo1BS5bKzEYeli2azxt8NbOFvCX3
+h+EDQzCaXChUbqoOLOXCMYdYmbv/pMr1EoZy+H7OUO4CzUOG070Hz7yyXu78YMRu
+DWR+9yUw/JBsxN/I+yI054Qk5jy4/dgGdFPkZQTGfIdt3LpqXEMQAgKUO8uqHzKP
+Tnkpz9PMCmL7ew69dWdJvg+Af4uo8JsosTGsAxK0u1c6attX4XMCBohtgnSvS/we
+kc7v2iOVnhTF7thuiKgz4n7CTlrGI9wqH54BaW1QoNEpJhQFXER2qv32a+OJ2zjg
+zmHeOwgeVwIDAQABo1MwUTAdBgNVHQ4EFgQUaH9p5gXeST//dYggU1u25At5kzMw
+HwYDVR0jBBgwFoAUaH9p5gXeST//dYggU1u25At5kzMwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAgEAUWMl402fIXS+l67cD3PSoT+75QNnG3rnHCRr
+KNo4tR/7ePujWujdsfSk3BAl/jueSU903EtLI87Y8AV9AK/WF6ZtP51vGyc9fHbK
+FjavZ3Vxqzr2Cq9c/AAnybhQpoQ/4ksXTw/QaNYBKttVSmoAK3bJI748lM6vqU4N
+53pYZu4i4Znt6EqvHoWX+Zx3Vj+xVzvZOd6+T+/eAkeSQQF9aUXVZs/emGVgSCSd
+eT4RETMm21cQqNSkjVA+kkGCOfkAxESfTyp47UVKVY/OLERg1E8y7RihnpFIdMHc
+tow2S/DHJzIdILw4dTvK4oCKyZ9bkQvrWWqyGR+TYtnqOgExKbXRUi5JjsYPuVp+
+XDC2NdFwIlo2oG6xlfaXRegyx5xwF8Yv8N5gD7IepN7RQrQq8Go+eO7PW9sDdni1
+EQEvJJ6CrnPQq9y2PTCO+D9CsQYBJp+fw075upi6yqty/jTqvov/oYqlsiOH9B47
+g9MKsgUeihfhJElTttAm7rMZRIX/pSE7i+2/aismp7mK7zMz0TbS+6oJEcRzUs9u
+V3CzIce6cV02dB91okjhXWtDpvfCg8rfHpWqk5kTLKnp5rqXYFqkgy2m4KaynCNN
+iCqYgdedrTmiNMoUCmf8XOfEZkxO7d0XS3NF89uwhrWwGeu+oFu9N7hX8f8QMq3m
+By4xx50=
+-----END CERTIFICATE-----
diff --git a/pkg/parser/terraform/terraform.go b/pkg/parser/terraform/terraform.go
index 3498da989dd..d91b1de2e45 100644
--- a/pkg/parser/terraform/terraform.go
+++ b/pkg/parser/terraform/terraform.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/Checkmarx/kics/pkg/model"
 	"github.com/Checkmarx/kics/pkg/parser/terraform/converter"
+	"github.com/Checkmarx/kics/pkg/parser/utils"
 	"github.com/hashicorp/hcl/v2"
 	"github.com/hashicorp/hcl/v2/hclsyntax"
 	"github.com/pkg/errors"
@@ -36,6 +37,49 @@ func (p *Parser) Resolve(fileContent []byte, filename string) (*[]byte, error) {
 	return &fileContent, nil
 }
 
+func processContent(elements model.Document, content, path string) {
+	var certInfo map[string]interface{}
+	if content != "" {
+		certInfo = utils.AddCertificateInfo(path, content)
+		if certInfo != nil {
+			elements["certificate_body"] = certInfo
+		}
+	}
+}
+
+func processElements(elements model.Document, path string) {
+	for k, v3 := range elements { // resource elements
+		if !(k == "certificate_body") {
+			continue
+		}
+		content := utils.CheckCertificate(v3.(string))
+		processContent(elements, content, path)
+	}
+}
+
+func processResources(doc model.Document, path string) {
+	var resourcesElements model.Document
+	var elements model.Document
+
+	for _, resources := range doc { // iterate over resources
+		resourcesElements = resources.(model.Document)
+		for _, v2 := range resourcesElements { // resource name
+			elements = v2.(model.Document)
+			processElements(elements, path)
+		}
+	}
+}
+
+func addExtraInfo(json []model.Document, path string) []model.Document {
+	for _, documents := range json { // iterate over documents
+		if documents["resource"] != nil {
+			processResources(documents["resource"].(model.Document), path)
+		}
+	}
+
+	return json
+}
+
 // Parse execute parser for the content in a file
 func (p *Parser) Parse(path string, content []byte) ([]model.Document, error) {
 	file, diagnostics := hclsyntax.ParseConfig(content, filepath.Base(path), hcl.Pos{Byte: 0, Line: 1, Column: 1})
@@ -47,7 +91,7 @@ func (p *Parser) Parse(path string, content []byte) ([]model.Document, error) {
 
 	fc, parseErr := p.convertFunc(file, inputVariableMap)
 
-	return []model.Document{fc}, errors.Wrap(parseErr, "failed terraform parse")
+	return addExtraInfo([]model.Document{fc}, path), errors.Wrap(parseErr, "failed terraform parse")
 }
 
 // SupportedExtensions returns Terraform extensions
diff --git a/pkg/parser/utils/certificate_utils.go b/pkg/parser/utils/certificate_utils.go
new file mode 100644
index 00000000000..4c7b73f6949
--- /dev/null
+++ b/pkg/parser/utils/certificate_utils.go
@@ -0,0 +1,90 @@
+package utils
+
+import (
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"os"
+	"path/filepath"
+	"regexp"
+
+	"github.com/rs/zerolog/log"
+)
+
+type certInfo struct {
+	date        [3]int
+	rsaKeyBytes int
+}
+
+// CheckCertificate verifies if the attribute 'certificate_body' refers a file
+func CheckCertificate(content string) string {
+	var re = regexp.MustCompile(`[0-9a-zA-Z-/\\_.]+\.pem`)
+
+	match := re.FindString(content)
+
+	return match
+}
+
+func getCertificateInfo(filePath string) (certInfo, error) {
+	certPEM, err := os.ReadFile(filePath)
+
+	if err != nil {
+		return certInfo{}, err
+	}
+
+	block, _ := pem.Decode(certPEM)
+	if block == nil {
+		return certInfo{}, errors.New("failed to parse the certificate PEM")
+	}
+	cert, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return certInfo{}, err
+	}
+
+	var certDate [3]int
+	certDate[0] = cert.NotAfter.Year()
+	certDate[1] = int(cert.NotAfter.Month())
+	certDate[2] = cert.NotAfter.Day()
+
+	var rsaBytes int
+
+	switch t := cert.PublicKey.(type) {
+	case *rsa.PublicKey:
+		_ = t
+		rsaBytes = cert.PublicKey.(*rsa.PublicKey).Size()
+	default:
+		rsaBytes = -1
+	}
+
+	return certInfo{date: certDate, rsaKeyBytes: rsaBytes}, nil
+}
+
+// AddCertificateInfo gets and adds certificate information of a certificate file
+func AddCertificateInfo(path, content string) map[string]interface{} {
+	var filePath string
+
+	if _, err := os.Stat(content); err != nil { // content is not a full valid path or is an incomplete path
+		filePath = filepath.Join(filepath.Dir(path), content)
+	} else { // content is a full valid path
+		filePath = content
+	}
+
+	date, err := getCertificateInfo(filePath)
+
+	if err == nil {
+		attributes := make(map[string]interface{})
+		attributes["file"] = filePath
+		attributes["expiration_date"] = date.date
+
+		if date.rsaKeyBytes != -1 {
+			attributes["rsa_key_bytes"] = date.rsaKeyBytes
+		}
+
+		return attributes
+	}
+
+	log.Error().Msgf("Failed to get certificate path %s: %s", filePath, err)
+
+	return nil
+}
diff --git a/pkg/parser/utils/certificate_utils_test.go b/pkg/parser/utils/certificate_utils_test.go
new file mode 100644
index 00000000000..34f42d2d9e3
--- /dev/null
+++ b/pkg/parser/utils/certificate_utils_test.go
@@ -0,0 +1,35 @@
+package utils
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestAddCertificateInfo(t *testing.T) {
+	path := filepath.Join("..", "..", "..", "test", "fixtures", "test_certificate", "positive.tf")
+	certificatePath := "certificate.pem"
+
+	info := AddCertificateInfo(path, certificatePath)
+
+	require.NotEmpty(t, info)
+}
+
+func TestGetCertificateInfo(t *testing.T) {
+	filePath := filepath.Join("..", "..", "..", "test", "fixtures", "test_certificate", "certificate.pem")
+
+	date, err := getCertificateInfo(filePath)
+
+	require.NoError(t, err)
+	require.NotEmpty(t, date)
+	require.Equal(t, ".pem", filepath.Ext(filePath))
+}
+
+func TestCheckCertificateBody(t *testing.T) {
+	content := "${file(certificate.pem)}"
+
+	pem := CheckCertificate(content)
+
+	require.NotEmpty(t, pem)
+}
diff --git a/pkg/parser/utils/file_utils.go b/pkg/parser/utils/file_utils.go
new file mode 100644
index 00000000000..6ae3273eb5e
--- /dev/null
+++ b/pkg/parser/utils/file_utils.go
@@ -0,0 +1,54 @@
+package utils
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/rs/zerolog/log"
+	"gopkg.in/yaml.v3"
+)
+
+func convert(m map[interface{}]interface{}) map[string]interface{} {
+	res := map[string]interface{}{}
+	for k, v := range m {
+		switch v2 := v.(type) {
+		case map[interface{}]interface{}:
+			res[fmt.Sprint(k)] = convert(v2)
+		default:
+			res[fmt.Sprint(k)] = v
+		}
+	}
+	return res
+}
+
+func readFile(filePath string) (map[string]interface{}, error) {
+	var result map[string]interface{}
+
+	content, err := os.ReadFile(filePath)
+	if err != nil {
+		log.Error().Msgf("Failed to read %s", filePath)
+		return nil, err
+	}
+
+	fileExtension := filepath.Ext(filePath)
+
+	if fileExtension == ".json" {
+		err := json.Unmarshal(content, &result)
+		if err != nil {
+			log.Error().Msgf("Failed to unmarshal '%s'", filePath)
+			return nil, err
+		}
+	} else if fileExtension == ".yaml" || fileExtension == ".yml" {
+		var resultYaml map[interface{}]interface{}
+		err := yaml.Unmarshal(content, &resultYaml)
+		if err != nil {
+			log.Error().Msgf("Failed to unmarshal '%s'", filePath)
+			return nil, err
+		}
+		result = convert(resultYaml)
+	}
+
+	return result, nil
+}
diff --git a/pkg/parser/utils/file_utils_test.go b/pkg/parser/utils/file_utils_test.go
new file mode 100644
index 00000000000..5c72e01b176
--- /dev/null
+++ b/pkg/parser/utils/file_utils_test.go
@@ -0,0 +1,41 @@
+package utils
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/rs/zerolog/log"
+	"github.com/stretchr/testify/require"
+	"gopkg.in/yaml.v3"
+)
+
+var extensions = []string{".json", ".yaml", ".yml"}
+
+var fileSwaggerPathTest = filepath.Join("..", "..", "..", "test", "fixtures", "test_swagger", "swaggerFileWithoutAuthorizer.yaml")
+
+func TestReadFile(t *testing.T) {
+	content, err := readFile(fileSwaggerPathTest)
+
+	require.NoError(t, err)
+	require.NotNil(t, content)
+	require.Contains(t, extensions, filepath.Ext(fileSwaggerPathTest))
+}
+
+func TestConvert(t *testing.T) {
+	content, err := os.ReadFile(fileSwaggerPathTest)
+	if err != nil {
+		log.Error().Msgf("Failed to read %s", fileSwaggerPathTest)
+	}
+
+	var resultYaml map[interface{}]interface{}
+
+	err2 := yaml.Unmarshal(content, &resultYaml)
+	if err2 != nil {
+		log.Error().Msgf("Failed to unmarshal '%s'", fileSwaggerPathTest)
+	}
+
+	mapConverted := convert(resultYaml)
+
+	require.NotEmpty(t, mapConverted)
+}
diff --git a/pkg/parser/utils/swagger_utils.go b/pkg/parser/utils/swagger_utils.go
new file mode 100644
index 00000000000..3b22518d142
--- /dev/null
+++ b/pkg/parser/utils/swagger_utils.go
@@ -0,0 +1,28 @@
+package utils
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// AddSwaggerInfo gets and adds the content of a swagger file
+func AddSwaggerInfo(path, swaggerPath string) map[string]interface{} {
+	var filePath string
+
+	if _, err := os.Stat(swaggerPath); err != nil { // content is not a full valid path or is an incomplete path
+		filePath = filepath.Join(filepath.Dir(path), swaggerPath)
+	} else { // content is a full valid path
+		filePath = swaggerPath
+	}
+
+	swaggerContent, err := readFile(filePath)
+
+	if err == nil {
+		attributes := make(map[string]interface{})
+		attributes["file"] = filePath
+		attributes["content"] = swaggerContent
+		return attributes
+	}
+
+	return nil
+}
diff --git a/pkg/parser/utils/swagger_utils_test.go b/pkg/parser/utils/swagger_utils_test.go
new file mode 100644
index 00000000000..5844690f2a1
--- /dev/null
+++ b/pkg/parser/utils/swagger_utils_test.go
@@ -0,0 +1,17 @@
+package utils
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestAddSwaggerInfo(t *testing.T) {
+	path := filepath.Join("..", "..", "..", "test", "fixtures", "test_swagger", "positive3.yaml")
+	swaggerPath := "swaggerFileWithoutAuthorizer.yaml"
+
+	info := AddSwaggerInfo(path, swaggerPath)
+
+	require.NotNil(t, info)
+}
diff --git a/pkg/parser/yaml/parser.go b/pkg/parser/yaml/parser.go
index 8beb432bff9..69946056d32 100644
--- a/pkg/parser/yaml/parser.go
+++ b/pkg/parser/yaml/parser.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 
 	"github.com/Checkmarx/kics/pkg/model"
+	"github.com/Checkmarx/kics/pkg/parser/utils"
 	"github.com/pkg/errors"
 	"gopkg.in/yaml.v3"
 )
@@ -24,7 +25,7 @@ func (p *Parser) Resolve(fileContent []byte, filename string) (*[]byte, error) {
 }
 
 // Parse parses yaml/yml file and returns it as a Document
-func (p *Parser) Parse(_ string, fileContent []byte) ([]model.Document, error) {
+func (p *Parser) Parse(filePath string, fileContent []byte) ([]model.Document, error) {
 	var documents []model.Document
 	dec := yaml.NewDecoder(bytes.NewReader(fileContent))
 
@@ -38,7 +39,7 @@ func (p *Parser) Parse(_ string, fileContent []byte) ([]model.Document, error) {
 
 	if documents == nil {
 		var err error
-		documents, err = playbookParser(fileContent)
+		documents, err = playbookParser(filePath, fileContent)
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to Parse YAML")
 		}
@@ -65,7 +66,48 @@ func (p *Parser) GetKind() model.FileKind {
 	return model.KindYAML
 }
 
-func playbookParser(fileContent []byte) ([]model.Document, error) {
+func processSwaggerContent(elements map[string]interface{}, filePath string) {
+	swaggerInfo := utils.AddSwaggerInfo(filePath, elements["swagger_file"].(string))
+	if swaggerInfo != nil {
+		elements["swagger_file"] = swaggerInfo
+	}
+}
+
+func processCertContent(elements map[string]interface{}, content, filePath string) {
+	var certInfo map[string]interface{}
+	if content != "" {
+		certInfo = utils.AddCertificateInfo(filePath, content)
+		if certInfo != nil {
+			elements["certificate"] = certInfo
+		}
+	}
+}
+
+func processElements(elements map[string]interface{}, filePath string) {
+	if elements["certificate"] != nil {
+		processCertContent(elements, utils.CheckCertificate(elements["certificate"].(string)), filePath)
+	}
+	if elements["swagger_file"] != nil {
+		processSwaggerContent(elements, filePath)
+	}
+}
+
+func addExtraInfo(documents []model.Document, filePath string) []model.Document {
+	for _, documentPlaybooks := range documents { // iterate over documents
+		for _, resources := range documentPlaybooks["playbooks"].([]interface{}) { // iterate over playbooks
+			for _, v := range resources.(map[string]interface{}) {
+				_, ok := v.(map[string]interface{})
+				if ok {
+					processElements(v.(map[string]interface{}), filePath)
+				}
+			}
+		}
+	}
+
+	return documents
+}
+
+func playbookParser(filePath string, fileContent []byte) ([]model.Document, error) {
 	doc := &model.Document{}
 	dec := yaml.NewDecoder(bytes.NewReader(fileContent))
 	arr := make([]map[string]interface{}, 0)
@@ -88,5 +130,5 @@ func playbookParser(fileContent []byte) ([]model.Document, error) {
 		arr = make([]map[string]interface{}, 0)
 	}
 
-	return documents, nil
+	return addExtraInfo(documents, filePath), nil
 }
diff --git a/test/fixtures/test_certificate/certificate.pem b/test/fixtures/test_certificate/certificate.pem
new file mode 100644
index 00000000000..b933f0af2fb
--- /dev/null
+++ b/test/fixtures/test_certificate/certificate.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGATCCA+mgAwIBAgIUb+H4vxoPrTBNHrxhUNBE0kyE0r4wDQYJKoZIhvcNAQEL
+BQAwgY8xCzAJBgNVBAYTAlBUMQ4wDAYDVQQIDAVCUkFHQTEOMAwGA1UEBwwFQlJB
+R0ExEjAQBgNVBAoMCUNoZWNrbWFyeDENMAsGA1UECwwEU0FTVDEQMA4GA1UEAwwH
+UmFmYWVsYTErMCkGCSqGSIb3DQEJARYccmFmYWVsYS5zb2FyZXNAY2hlY2ttYXJ4
+LmNvbTAeFw0yMTAzMjcxMzU3MjJaFw0yMjAzMjcxMzU3MjJaMIGPMQswCQYDVQQG
+EwJQVDEOMAwGA1UECAwFQlJBR0ExDjAMBgNVBAcMBUJSQUdBMRIwEAYDVQQKDAlD
+aGVja21hcngxDTALBgNVBAsMBFNBU1QxEDAOBgNVBAMMB1JhZmFlbGExKzApBgkq
+hkiG9w0BCQEWHHJhZmFlbGEuc29hcmVzQGNoZWNrbWFyeC5jb20wggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQDD7P/FAvEi5vkA7CJdZrlCvNPDxmOUkAsZ
+foxcxtiJcjyN8CVIC2QMrnsn6aW1DQRGCq8BufhrE7NxsoZ9eLTXJjzra1ceWaIf
+hT8RcWZ9uphCDsPTEddJWhwROWzXUOZXABYRHoi/d+yXkX/GlYin+ioO4OIMTvtq
+/s/kr/R/7kKIclcY9fDzAGuql/IvhtTq5SQuPKfuR6xL5CTqZ5k6M5p6jlxgLEro
+xH5TtWhR7MBtpBWNM13JlfHg8rQ3Q9KyzIwH1rUPSraCOHK6xEupCU4jQV9kowME
+TY7vi6o5ozhQUYMdxpYCRDQh+9V6LYHNiGvWnGckA+aJb3mZ7oVv4skjuVlrKxg1
+2O+QxlNKMzJfEybb4Hnehrhgol+LbbyqJ5NwQo1BS5bKzEYeli2azxt8NbOFvCX3
+h+EDQzCaXChUbqoOLOXCMYdYmbv/pMr1EoZy+H7OUO4CzUOG070Hz7yyXu78YMRu
+DWR+9yUw/JBsxN/I+yI054Qk5jy4/dgGdFPkZQTGfIdt3LpqXEMQAgKUO8uqHzKP
+Tnkpz9PMCmL7ew69dWdJvg+Af4uo8JsosTGsAxK0u1c6attX4XMCBohtgnSvS/we
+kc7v2iOVnhTF7thuiKgz4n7CTlrGI9wqH54BaW1QoNEpJhQFXER2qv32a+OJ2zjg
+zmHeOwgeVwIDAQABo1MwUTAdBgNVHQ4EFgQUaH9p5gXeST//dYggU1u25At5kzMw
+HwYDVR0jBBgwFoAUaH9p5gXeST//dYggU1u25At5kzMwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAgEAUWMl402fIXS+l67cD3PSoT+75QNnG3rnHCRr
+KNo4tR/7ePujWujdsfSk3BAl/jueSU903EtLI87Y8AV9AK/WF6ZtP51vGyc9fHbK
+FjavZ3Vxqzr2Cq9c/AAnybhQpoQ/4ksXTw/QaNYBKttVSmoAK3bJI748lM6vqU4N
+53pYZu4i4Znt6EqvHoWX+Zx3Vj+xVzvZOd6+T+/eAkeSQQF9aUXVZs/emGVgSCSd
+eT4RETMm21cQqNSkjVA+kkGCOfkAxESfTyp47UVKVY/OLERg1E8y7RihnpFIdMHc
+tow2S/DHJzIdILw4dTvK4oCKyZ9bkQvrWWqyGR+TYtnqOgExKbXRUi5JjsYPuVp+
+XDC2NdFwIlo2oG6xlfaXRegyx5xwF8Yv8N5gD7IepN7RQrQq8Go+eO7PW9sDdni1
+EQEvJJ6CrnPQq9y2PTCO+D9CsQYBJp+fw075upi6yqty/jTqvov/oYqlsiOH9B47
+g9MKsgUeihfhJElTttAm7rMZRIX/pSE7i+2/aismp7mK7zMz0TbS+6oJEcRzUs9u
+V3CzIce6cV02dB91okjhXWtDpvfCg8rfHpWqk5kTLKnp5rqXYFqkgy2m4KaynCNN
+iCqYgdedrTmiNMoUCmf8XOfEZkxO7d0XS3NF89uwhrWwGeu+oFu9N7hX8f8QMq3m
+By4xx50=
+-----END CERTIFICATE-----
diff --git a/test/fixtures/test_certificate/positive.tf b/test/fixtures/test_certificate/positive.tf
new file mode 100644
index 00000000000..063bc532e7e
--- /dev/null
+++ b/test/fixtures/test_certificate/positive.tf
@@ -0,0 +1,5 @@
+resource "aws_api_gateway_domain_name" "example2" {
+  certificate_body = file("certificate.pem")
+  domain_name     = "api.example.com"
+}
+
diff --git a/test/fixtures/test_swagger/positive3.yaml b/test/fixtures/test_swagger/positive3.yaml
new file mode 100644
index 00000000000..e18a536376f
--- /dev/null
+++ b/test/fixtures/test_swagger/positive3.yaml
@@ -0,0 +1,9 @@
+- name: Setup AWS API Gateway setup on AWS and deploy API 222
+  aws_api_gateway:
+    swagger_file: swaggerFileWithoutAuthorizer.yaml
+    stage: production
+    cache_enabled: true
+    cache_size: "1.6"
+    tracing_enabled: true
+    endpoint_type: EDGE
+    state: present
diff --git a/test/fixtures/test_swagger/swaggerFileWithoutAuthorizer.yaml b/test/fixtures/test_swagger/swaggerFileWithoutAuthorizer.yaml
new file mode 100644
index 00000000000..890cbc36aee
--- /dev/null
+++ b/test/fixtures/test_swagger/swaggerFileWithoutAuthorizer.yaml
@@ -0,0 +1,14 @@
+openapi: 3.0.0
+info:
+  title: Simple API Overview
+  version: 1.0.0
+  contact:
+    name: contact
+    email: user@gmail.com
+components:
+  securityDefinitions:
+    request_authorizer_single_stagevar:
+      type: apiKey
+      name: Unused
+      in: header
+      x-amazon-apigateway-authtype: custom