Amazon EventBridge support for ACM - AWS Certificate Manager

Amazon EventBridge support for ACM

This topic lists and describes the ACM related events supported by Amazon EventBridge.

AWS health events

AWS health events are generated for ACM certificates that are eligible for renewal. For information about renewal eligibility, see Managed renewal for ACM certificates.

Health events are generated in two scenarios:

  • On successful renewal of a public or private certificate.

  • When a customer must take action for a renewal to occur. This may mean clicking a link in an email message (for email-validated certificates), or resolving an error. One of the following event codes is included with each event. The codes are exposed as variables that you can use for filtering.

    • AWS_ACM_RENEWAL_STATE_CHANGE (the certificate has been renewed, has expired, or is due to expire)

    • CAA_CHECK_FAILURE (CAA check failed)

    • AWS_ACM_RENEWAL_FAILURE (for certificates signed by a private CA)

Health events have the following structure. In this example, an AWS_ACM_RENEWAL_STATE_CHANGE event has been generated.

{ "source":[ "" ], "detail-type":[ "AWS Health Event" ], "detail":{ "service":[ "ACM" ], "eventTypeCategory":[ "scheduledChange" ], "eventTypeCode":[ "AWS_ACM_RENEWAL_STATE_CHANGE" ] } }

ACM expiration events

ACM sends daily expiration events for all certificates (public, private and imported) starting 45 days prior to expiration. This timing can be changed using the PutAccountConfiguration action of the ACM API.

ACM automatically initiates renewal of eligible certificates that it issued, but imported certificates need to be re-issued and re-imported prior to expiration to avoid outages. For more information, see Reimporting a certificate. You can use expiration events to set up automation to reimport certificates into ACM. For an example of automation using AWS Lambda, see Triggering actions with CloudWatch Events in ACM.

Expiration events have the following structure.

{ "version": "0", "id": "9c95e8e4-96a4-ef3f-b739-b6aa5b193afb", "detail-type": "ACM Certificate Approaching Expiration", "source": "aws.acm", "account": "123456789012", "time": "2020-09-30T06:51:08Z", "region": "us-east-1", "resources": [ "arn:aws:acm:us-east-1:123456789012:certificate/61f50cd4-45b9-4259-b049-d0a53682fa4b" ], "detail": { "DaysToExpiry": 31, "CommonName": "My Awesome Service" } }