AWS Private Certificate Authority (AWS Private CA) now publishes certificate authority (CA) utilization metrics to Amazon CloudWatch, providing visibility into your CA usage. AWS Private CA enforces service quota limits on the number of certificates a CA can issue and the number of CAs you can create per Region. The new metrics track the number of certificates issued by each CA and the total number of CAs in each Region, enabling you to monitor usage against these quotas and proactively manage CA lifecycle to maintain high availability.
With these metrics, you can configure CloudWatch alarms to prevent quota-related service disruptions. For example, you can set alarms to trigger automation that replaces a CA approaching its certificate issuance quota and transitions certificate issuance to a new CA. This is particularly important when using AWS services that rely on AWS Private CA certificates, such as Amazon EKS, Amazon ECS Service Connect, and Amazon WorkSpaces.
The utilization metrics are available in all AWS Regions where AWS Private CA is available. To learn more about AWS Private CA metrics, see the AWS Private CA User Guide.
Categories: general:products/aws-private-certificate-authority,marketing:marchitecture/security-identity-and-compliance
Source: Amazon Web Services
