ACM sends daily expiration events for all active certificates (public, private and imported) starting 45 days prior to expiration [1].
This module sets up event rule and sns notification. Deliver email notifications for expiring certificates, useful for imported certificates.
[1] https://docs.aws.amazon.com/acm/latest/userguide/supported-events.html
Notes
- DaysToExpiry cannot be greater than 45
❯ aws acm put-account-configuration --idempotency-token abcd123456 --expiry-events DaysBeforeExpiry=46 --region=ap-east-1
An error occurred (ValidationException) when calling the PutAccountConfiguration operation: Days before expiry cannot be over 45.
Sample Event bridge event
{
"version": "0",
"id": "id",
"detail-type": "ACM Certificate Approaching Expiration",
"source": "aws.acm",
"account": "account",
"time": "2020-09-30T06:51:08Z",
"region": "region",
"resources": [
"arn:aws:acm:region:account:certificate/certificate_ID"
],
"detail": {
"DaysToExpiry": 31,
"CommonName": "example.com"
}
}
Requirements
| Name |
Version |
| terraform |
>= 1.3.0 |
| aws |
>= 5.0 |
Providers
| Name |
Version |
| aws |
>= 5.0 |
| random |
n/a |
Modules
| Name |
Source |
Version |
| awscli |
../../util/terraform-aws-cli |
n/a |
Resources
Inputs
| Name |
Description |
Type |
Default |
Required |
| days-before-expiry |
ACM DaysBeforeExpiry account configuration |
number |
45 |
no |
| email-addresses |
Set of email addresses to receive SNS notifications |
set(string) |
n/a |
yes |
| res-prefix |
Resource name prefix |
string |
"aws" |
no |
| sns-kms-key-arn |
ARN of KMS key used for SNS encryption. This key must allow events.amazonaws.com |
string |
null |
no |
Outputs
No outputs.
Authorship
This module was developed by UPDATE_THIS.
