Amazon Certificate Manager Integration

AWS Certificate Manager (ACM) enables you to handle the complexity of creating and managing public SSL/TLS certificates for your AWS-based websites and applications. With Site24x7's integration, you can track and be alerted on the certificate age and expiry based on minutes, hours, or days.

Setup and configuration

1. If you haven't already, enable access to your AWS resources between your AWS account and Site24x7's AWS account by either:

• Creating Site24x7 as an IAM user
• Creating a cross-account IAM role. Learn more

2. On the Integrate AWS Account page, check the appropriate box for Certificate Manager. Learn more

Policy and permissions

Site24x7 uses various ACM service APIs to collect information about your certificates. Assign the AWS Managed policy ReadOnlyAccess to the Site24x7 entity (IAM user or IAM role) to help Site24x7 collect metrics and metadata. If you want to assign a custom policy, please make sure the following read-level actions are present in the policy JSON. Learn more

• "acm:ListCertificates",
• "acm:ListTagsForCertificate",
• "acm:DescribeCertificate",
• "acm:GetCertificate"

Polling Frequency

Site24x7 collects metric data for your customer-managed ACMs as per the poll frequency set, ranging from one minute up to one day. Learn more

Licensing

Each customer-managed ACM is considered a basic monitor. Learn more

Supported metrics

Site24x7's ACM Monitoring UI pages

Summary

Recieve an overview of the certificate age and the validity of a certificate, along with details like certificate issue date, expiry date, and the number of days remaining for certificate expiry. This section also contains the certificate chain information, updates (if any), and outage history.

Monitored Resources

The list of resources that have their SSL certificates managed are shown in this tab. This includes Elastic Load Balancing, CloudFront, AWS Elastic Beanstalk, and API Gateway services. You can also set thresholds and be notified when any of these services fail by clicking the pencil icon under Action.

Certificate Details

The Certificates Details tab contains the configuration information, such as associated services of a certificate, if the certificate is currently in use or not, public key information, renewal eligibility, and the status of the certificate. This tab also provides a time series chart with an overview of the certificate age, the number of days until certificate expiry, hours until expiry, and minutes until expiry.

Topology View

The Topology View tab delivers a live, resource-centric dependency map. It dynamically traces how your ACM resource is connected to its surrounding AWS infrastructure in real time, enabling faster root cause isolation when alerts fire. If any connected component is in a Critical state, it is marked accordingly within the topology view, along with the outage reason, so you can pinpoint the exact failure point without needing to navigate away from the monitor page. Unlike account-wide topology views, this tab scopes visualization to a single resource, answering the precise question: What does this ACM resource connect to, and what breaks if it does?You can trace the full dependency chain from the individual resource up through its primary parent entities to the Service type, Region, and AWS account levels.

Outages

A list of down, trouble, critical, or maintenance history is displayed in the Outages tab. Details on start time to end time of an outage, duration, and comments (if any) are provided in this section.

Inventory

The configuration details of the threshold for each certificate are set here. The various threshold parameters that can be set include certificate age, and the number of hours, minutes, or days until certificate expiry. The polling frequency and the notification profile can be set according to the user and viewed here.

Log Report

A consolidated report of the log status of various certificates available can be downloaded from this tab in CSV format.