aws-rfdk icon indicating copy to clipboard operation
aws-rfdk copied to clipboard

Published 20 hours ago verified publisher icon aws

feat(deadline): add X509 certificate expiration alarms

Open kozlove-aws opened this issue 2 years ago • 0 comments

Problem

Certificates created in RFDK has expiration date but does not have procedure for rotation. By default certificates will expire after 3 years, but there is still possibility that it expire and we need to have mechanism to warn customer that certificate have to be rotated.

Solution

Was added a Lambda function for each certificate that checks secret with certificate every day and fill Metric with data how many days left before certificate will expire. Alarm will be raised when certificate has only 15 days left to be valid. Customer can provide an email and message about this alarm will be send in this case.

Testing

Deployed example and validated:

  • Lambda is created for each certificate
  • Lambda is running every day
  • Metric for secrets are created and values are filled
  • Alarm is raised when value in metric became less than 15 days
  • SNS topic is created and email about alarm was sent.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

kozlove-aws avatar Nov 17 '21 00:11 kozlove-aws