By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Verify alert email associated with expiring TLS certificates in ACM

1

We have had some outages due to expired TLS certificates. My understanding is that AWS auto-renews these certificates, and if there is a problem with the auto-renewal then an email alert is sent. My question, is there a way to check which email is receiving these alerts? In our case, the application teams have apparently not received these alerts, and we would like to ensure the appropriate personnel receive alerts for expiring certificates so that they can be renewed before an outage occurs. Any information on other ways to be alerted would be greatly appreciated.

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
joeyp
asked 10 months ago270 views
1 Answer
1
Accepted Answer

It would be better to set up alerts in the manner described in this document.
This setting allows for alert notifications in a set number of days before the expiration date.
https://repost.aws/knowledge-center/acm-certificate-expiration

Alternatively, since ACM publishes metrics to CloudWatch, it is possible to create an alarm with "DaysToExpiry" to be aware of expiry dates.
https://docs.aws.amazon.com/acm/latest/userguide/cloudwatch-metrics.html

profile picture
EXPERT
Riku_Kobayashi
answered 10 months ago
profile picture
EXPERT
Sedat Salman
reviewed 10 months ago
  • joeyp
    10 months ago

    Thank you for the answer! Does this solution work for AWS issued certificates or only imported certificates?

  • Riku_Kobayashi EXPERT
    4 months ago

    Both of the ones above are also supported. The "DaysToExpiry" metric supports both imported and AWS-issued certificates.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content