Customize notification settings in IAM Roles Anywhere
You can customize notification settings based on your public key infrastructure. These settings are attached to your trust anchor and allow you to define custom thresholds for a notification event. IAM Roles Anywhere will consume these settings while evaluating for a notification event to send metrics/events/notifications through their respective notification channels.
Topics
Notification events
-
CA certificate expiry: IAM Roles Anywhere sends notification when a certificate authority (CA) in your trust anchor is approaching expiry.
-
End-entity certificate expiry: IAM Roles Anywhere sends notification when your end-entity certificate used to vend temporary session credentials is expiring soon.
Notification channels
Note
Notification channel with a value of ALL
will apply the custom settings to all the channels listed below.
IAM Roles Anywhere default notification settings
Following are the default notification settings IAM Roles Anywhere has defined. These values are applied in the absense of custom notification settings.
Event | Channel | Threshold | Enabled |
---|---|---|---|
CA certificate expiry | CloudWatch, EventBridge and Amazon Health | 45 days before expiry | True |
End entity certificate expiry | EventBridge and Amazon Health | 45 days before expiry | True |
Notification evaluation criteria
Following are the evaluation criteria used to send notification events.
These criterias do not apply if your notification setting is in a disabled
state.
Event | Channel | Starts when | Ends at |
---|---|---|---|
CA certificate expiry | CloudWatch | Number of days until certificate expiry ≤ threshold | Day of certificate expiry |
CA certificate expiry | EventBridge and Amazon Health | Number of days until certificate expiry ≤ threshold | 14 days after certificate expires |
End-entity certificate expiry | EventBridge and Amazon Health | Number of days until certificate expiry ≤ threshold | Day of certificate expiry |
Configuring custom notification threshold (console)
-
Sign in to IAM Roles Anywhere console
. -
Scroll to find trust anchor table and choose the trust anchor to apply custom notification settings.
-
Within trust anchor detail page scroll towards Notification settings section and choose Manage settings.
-
Customize threshold for the notification event. IAM Roles Anywhere will start sending metrics/events/notifications when number of days until your X.509 certificate expires is less than or equal this threshold. See IAM Roles Anywhere notification evaluation criteria.
-
Choose Save changes to apply custom notification threshold.
Disabling a notification setting (console)
-
Sign in to IAM Roles Anywhere console
. -
Scroll to find trust anchor table and choose the trust anchor to apply custom notification settings.
-
Within trust anchor detail page scroll towards Notification settings section and choose Manage settings.
-
Choose the table cell from
Status
column for notification event name End entity certificate expiry. -
From the options displayed in the selection pane choose the Disable option.
-
Choose Save changes to apply to disable notification settings for end-entity certificate expiry event.