Certificate used by Elastic Load Balancers in an unrecognized AWS account?

Hello,

You cannot delete an ACM certificate that is being used by another AWS service. To delete a certificate that is in use, you must first remove the certificate association. This is done using the console or CLI for the associated service. Open the ACM console at https://console.aws.amazon.com/acm/

Link- https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-delete.html

Similarly, defining a custom endpoint for your domain in Amazon ElasticSearch Service (Amazon ES) creates an Application Load Balancer. The Application Load Balancer is owned by the ElasticSearch service, not by your account. The ACM certificate provided with creating the custom endpoint is associated with the Application Load Balancer.

The below link will help you locate the certificate: https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-resources/

Gathering details about the specific certificate might also be of use, and that can be done by following this link: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-describe.html

Hope this helps. Thanks for reaching out.

Upon further research, the ARNs are Gateway API regional endpoints using AWS system accounts, for example: arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-626/b90fa9e7c54b1b67

My Gateway APIs in that region do NOT use this cert for custom domains.

How can I determine if these are references to deleted or extant APIs? The cert expires soon, so I want to avoid things breaking when it does.

If they do reference deleted APIs, how can I remove the cert?

Thanks, Sean