Amazon Certificate Manager Integration
AWS Certificate Manager (ACM) enables you to handle the complexity of creating and managing public SSL/TLS certificates for your AWS-based websites and applications. With Site24x7's integration, you can track and be alerted on the certificate age and expiry based on minutes, hours, or days.
Setup and configuration
1. If you haven't already, enable access to your AWS resources between your AWS account and Site24x7's AWS account by either:
- Creating Site24x7 as an IAM user
- Creating a cross-account IAM role. Learn more
2. On the Integrate AWS Account page, check the appropriate box for Certificate Manager. Learn more
Policy and permissions
Site24x7 uses various ACM service APIs to collect information about your certificates. Assign the AWS Managed policy ReadOnlyAccess to the Site24x7 entity (IAM user or IAM role) to help Site24x7 collect metrics and metadata. If you want to assign a custom policy, please make sure the following read-level actions are present in the policy JSON. Learn more
- "acm:ListCertificates",
- "acm:ListTagsForCertificate",
- "acm:DescribeCertificate",
- "acm:GetCertificate"
Polling Frequency
Site24x7 collects metric data for your customer-managed ACMs as per the poll frequency set, ranging from one minute up to one day. Learn more
Licensing
Each customer-managed ACM is considered a basic monitor. Learn more
Supported metrics
| Attribute | Description |
|---|---|
| Certificate Age | Number of days from creation date. |
| Days until expiry | Number of days until certificate expiry date. |
| Hours until expiry | Number of hours until certificate expiry date. |
| Minutes until expiry | Number of minutes until certificate expiry date. |
Site24x7's ACM Monitoring UI pages
Summary
Recieve an overview of the certificate age and the validity of a certificate, along with details like certificate issue date, expiry date, and the number of days remaining for certificate expiry. This section also contains the certificate chain information, updates (if any), and outage history.
Monitored Resources
The list of resources that have their SSL certificates managed are shown in this tab. This includes Elastic Load Balancing, CloudFront, AWS Elastic Beanstalk, and API Gateway services. You can also set thresholds and be notified when any of these services fail by clicking the pencil icon under Action.
Certificate Details
The Certificates Details tab contains the configuration information, such as associated services of a certificate, if the certificate is currently in use or not, public key information, renewal eligibility, and the status of the certificate. This tab also provides a time series chart with an overview of the certificate age, the number of days until certificate expiry, hours until expiry, and minutes until expiry.
Outages
A list of down, trouble, critical, or maintenance history is displayed in the Outages tab. Details on start time to end time of an outage, duration, and comments (if any) are provided in this section.
Inventory
The configuration details of the threshold for each certificate are set here. The various threshold parameters that can be set include certificate age, and the number of hours, minutes, or days until certificate expiry. The polling frequency and the notification profile can be set according to the user and viewed here.
Log Report
A consolidated report of the log status of various certificates available can be downloaded from this tab in CSV format.