xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
e15bc43e46
terraform.aws-baseline-infra/modules/ManagementGovernance/acm-cert-expiry-notice/README.md

82 lines
3.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

ACM sends daily expiration events for all active certificates (public, private and imported) starting 45 days prior to expiration [1].
This module sets up event rule and sns notification. Deliver email notifications for expiring certificates, useful for imported certificates.
[1] https://docs.aws.amazon.com/acm/latest/userguide/supported-events.html
## Notes
* DaysToExpiry cannot be greater than 45
```bash
aws acm put-account-configuration --idempotency-token abcd123456 --expiry-events DaysBeforeExpiry=46 --region=ap-east-1
An error occurred (ValidationException) when calling the PutAccountConfiguration operation: Days before expiry cannot be over 45.
```
## Sample Event bridge event
```json
{
"version": "0",
"id": "id",
"detail-type": "ACM Certificate Approaching Expiration",
"source": "aws.acm",
"account": "account",
"time": "2020-09-30T06:51:08Z",
"region": "region",
"resources": [
"arn:aws:acm:region:account:certificate/certificate_ID"
],
"detail": {
"DaysToExpiry": 31,
"CommonName": "example.com"
}
}
```
## Requirements
| Name | Version |
|------|---------|
| terraform | >= 1.3.0 |
| aws | >= 5.0 |
## Providers
| Name | Version |
|------|---------|
| aws | >= 5.0 |
| random | n/a |
## Modules
| Name | Source | Version |
|------|--------|---------|
| awscli | ../../util/terraform-aws-cli | n/a |
## Resources
| Name | Type |
|------|------|
| [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
| [aws_cloudwatch_event_target.sns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
| [aws_sns_topic.ssl-cert-expiry-notice](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
| [aws_sns_topic_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |
| [aws_sns_topic_subscription.ssl-cert-expiry-notice-sub](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.sns_topic_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-----------------------------------------------------|------|---------|:--------:|
| days-before-expiry | ACM DaysBeforeExpiry account configuration | `number` | `45` | no |
| email-addresses | Set of email addresses to receive SNS notifications | `set(string)` | n/a | yes |
| res-prefix | Resource name prefix | `string` | `"aws"` | no |
## Outputs
No outputs.
---
## Authorship
This module was developed by xpk.
Reference in New Issue View Git Blame Copy Permalink