ACM sends daily expiration events for all active certificates (public, private and imported) starting 45 days prior to expiration [1].
This module sets up event rule and sns notification. Deliver email notifications for expiring certificates, useful for imported certificates.

[1] https://docs.aws.amazon.com/acm/latest/userguide/supported-events.html

## Notes
* DaysToExpiry cannot be greater than 45

```bash
❯ aws acm put-account-configuration --idempotency-token abcd123456 --expiry-events DaysBeforeExpiry=46 --region=ap-east-1

An error occurred (ValidationException) when calling the PutAccountConfiguration operation: Days before expiry cannot be over 45.
```

## Sample Event bridge event
```json
{
  "version": "0",
  "id": "id",
  "detail-type": "ACM Certificate Approaching Expiration",
  "source": "aws.acm",
  "account": "account",
  "time": "2020-09-30T06:51:08Z",
  "region": "region",
  "resources": [
    "arn:aws:acm:region:account:certificate/certificate_ID"
  ],
  "detail": {
    "DaysToExpiry": 31,
    "CommonName": "example.com"
  }
}
```

## Requirements

| Name | Version |
|------|---------|
| terraform | >= 1.3.0 |
| aws | >= 5.0 |

## Providers

| Name | Version |
|------|---------|
| aws | >= 5.0 |
| random | n/a |

## Modules

| Name | Source | Version |
|------|--------|---------|
| awscli | ../../util/terraform-aws-cli | n/a |

## Resources

| Name | Type |
|------|------|
| [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
| [aws_cloudwatch_event_target.sns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
| [aws_sns_topic.ssl-cert-expiry-notice](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
| [aws_sns_topic_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |
| [aws_sns_topic_subscription.ssl-cert-expiry-notice-sub](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.sns_topic_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

## Inputs

| Name | Description                                                                      | Type | Default | Required |
|------|----------------------------------------------------------------------------------|------|---------|:--------:|
| days-before-expiry | ACM DaysBeforeExpiry account configuration                                       | `number` | `45` | no |
| email-addresses | Set of email addresses to receive SNS notifications                              | `set(string)` | n/a | yes |
| res-prefix | Resource name prefix                                                             | `string` | `"aws"` | no |
| sns-kms-key-arn | ARN of KMS key used for SNS encryption. This key must allow events.amazonaws.com | `string` | `null` | no |

## Outputs

No outputs.
 
---
## Authorship
This module was developed by UPDATE_THIS.