Domain SSL Certificate Expiry Notifications using Email
Updated: May 27, 2021
What all we need :
AWS SNS – Send an alert to channels like Email.
AWS Lambda – It runs your code without provisioning or managing servers. The Lambda console provides a code editor for non-compiled languages that lets you modify and test code quickly.
AWS Cloudwatch – Cloudwatch events are used to trigger Lambda functions at scheduled intervals.
We need to create a SNS topic and then we have to subscribe to email :
1) Click on " Create Topic"
Topic is successfully created:
Whenever we create a SNS topic , we will be provided a ARN , an endpoint using which we can communicate with other AWS Services.
Now we will create a subscription:
We will be alerted based on the configuration of Lambda function.
Click on "Create Subscription" :
Choose Email JSON ( will receive alerts in the JSON format) and type in your email address and then click create subscription.
Subscription is created successfully:
We need to approve the email id added in subscription
For that, we need to click on the link which has come to you mentioned email id
After approval, the status will get changed to "Confirmed"
2) Create a LAMBDA Function
Select Author from Scratch
Function Name : any name
Runtime : Python 2.7
Create a new role from AWS policy templates :
Role name : any name
Policy templates : Amazon SNS Publish policy
Set the handler to lambda_function.lambda_handler ( if not set by default)
Copy the SNS ARN and keep it handy
Copy past the python script and paste it in Source Code section:
What needs to be changed :
Change the domain name : f = ['thesubhasishsahu.com']
Update the TargetArn with your SNS topic ARN : TargetArn="arn:aws:sns:us-east-1:980624352078:SSL_Certificate_Expiry"
You can configured the script to send Warning on 20th day and less than 5th day as Critical.
Once everything is configured, Click Save.
Then click on Deploy
3) Create a CloudWatch Service
Choose Event Source as Scheduled or provide a cron expression as per your requirement.
In Targets, Choose the lambda function ,Then click on Configure details
How to Test it :
Small Change in Lambda Function to manually trigger the alert:
"Type" : "Notification",
"MessageId" : "dasdasdsa-4323423423",
"TopicArn" : "arn:aws:sns:us-east-1:980624352078:SSL_Certificate_Expiry",
"Subject" : "https://www.thesubhasishsahu.com/ SSL Certificate Expiry Warning alert",
"Message" : "https://www.thesubhasishsahu.com/ certificate will be expired in 30 days!! ",
View Logs in CloudWatch for successful trigger :
Logs for which the condition was not trigger :
Logs for which the condition was trigger ,after slight change in lambda function script:
You will receive a similar mail :