RDS planned lifecycle event cert renewal

0

We recently upgraded our RDS certs but we see a duplicate of 'RDS planned lifecycle event' with one status of 'Completed' and one of 'Ongoing'. I have checked the entities and they are all the same and the 'Certificate authority date' is updated as per the renewal process.

Is this safe to ignore?

1 Answer
1

The appearance of a duplicate "RDS planned lifecycle event" with one status marked as "Completed" and another as "Ongoing" after renewing your RDS certificates could be a result of overlapping or incomplete processing of the lifecycle events by AWS. Given that the certificate authority date is updated as expected and there are no apparent issues with your RDS instances, this situation might be safe to ignore. However, it's essential to take the following

steps to ensure everything is in order:

Review Event Details: Check the detailed logs of both events. Compare the timestamps, entities involved, and any messages or warnings associated with them. This will help you understand if the ongoing event is just a delayed or redundant entry.

**Check RDS Functionality: ** Verify that your RDS instances are operating normally, with no connectivity issues or errors related to SSL/TLS connections. If everything is functioning correctly, it's a positive sign that the duplicate event may not have an impact.

AWS Support: To be absolutely certain, consider opening a support ticket with AWS. Provide them with the details of both events, including timestamps and affected resources. They can confirm whether the ongoing event is a benign artifact or something that requires intervention.

Monitoring: Keep an eye on the ongoing event for any changes or updates. AWS might automatically resolve it, or it might require manual intervention if it remains in the "Ongoing" status for an extended period.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html

EXPERT
answered a month ago
profile picture
EXPERT
Sandeep
reviewed a month ago
  • Thanks Thanniru, we will look into this further.

    Also, is there a way we get notifications in the future for these cert renewals? We have multiple accounts associated to different emails but we only got a notification for one of them.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions