AWS Security ChangesHomeSearch

AWS acm documentation change

Service: acm · 2026-02-22 · Documentation low

File: acm/latest/userguide/supported-events.md

Summary

Differentiated event timing for public (30 days) vs private/imported (45 days) certificates and updated expiration values

Security assessment

Operational adjustment to event notification schedules. Updated DaysToExpiry value reflects new certificate lifetime but doesn't address security vulnerabilities.

Diff

diff --git a/acm/latest/userguide/supported-events.md b/acm/latest/userguide/supported-events.md
index 0bb1da15f..444d19373 100644
--- a//acm/latest/userguide/supported-events.md
+++ b//acm/latest/userguide/supported-events.md
@@ -13 +13 @@ This topic lists and describes the ACM related events supported by Amazon EventB
-ACM sends daily expiration events for all active certificates (public, private and imported) starting 45 days prior to expiration. This timing can be changed using the [PutAccountConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_PutAccountConfiguration.html) action of the ACM API.
+ACM sends daily expiration events for all active certificates (public, private and imported) starting 45 days prior to expiration for private/imported certificates and 30 days prior to expiration for public certificates. This timing can be changed using the [PutAccountConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_PutAccountConfiguration.html) action of the ACM API.
@@ -96 +96 @@ _ACM Certificate Available_ events have the following structure.
-           "DaysToExpiry" : 395,
+           "DaysToExpiry" : 198,
@@ -108 +108 @@ Certificate Renewal Action Required events aren't available for [imported certif
-Customers can listen on this event to be alerted when a customer action must be taken before a certificate can be renewed. For instance, if a customer adds CAA records that prevent ACM from renewing a certificate, ACM publishes this event when automatic renewal fails at 45 days before expiration. If no customer action is taken, ACM makes further renewal attempts at 30 days, 15 days, 3 days, and 1 day, or until customer action is taken, the certificate expires, or the certificate is no longer eligible for renewal. An event is published for each of these renewal attempts.
+Customers can listen on this event to be alerted when a customer action must be taken before a certificate can be renewed. For instance, if a customer adds CAA records that prevent ACM from renewing a certificate, ACM publishes this event when automatic renewal fails at 45 days before expiration for private certificates and 30 days before expiration for public certificates. If no customer action is taken, ACM makes further renewal attempts at 30 days (for private only), 15 days, 3 days, and 1 day, or until customer action is taken, the certificate expires, or the certificate is no longer eligible for renewal. An event is published for each of these renewal attempts.