PASSEDcloud / aws_acm

AWS: ACM Certificate Renewal Failed — DNS Validation

An AWS ACM certificate auto-renewal failed because the DNS validation CNAME record was removed. Certificate expires in 48 hours.

Pattern

AWS_CLOUD

Expected: AWS_CERT_RENEWAL

Severity

HIGH

Confidence

68%

Remediation

Auto-Heal

Test Results

Metric	Expected	Actual
Pattern Recognition	AWS_CERT_RENEWAL	AWS_CLOUD
Severity Assessment	CRITICAL	HIGH
Incident Correlation	N/A	None
Cascade Escalation	N/A	No
Remediation	—	Auto-Heal — Corax resolves autonomously

Scenario Conditions

AWS ACM certificate for *.company.com. Auto-renewal failed: DNS validation CNAME missing from Route 53. Certificate expires in 48 hours. Used by ALB and CloudFront.

Injected Error Messages (1)

AWS ACM renewal failure — certificate for *.company.com auto-renewal failed, DNS validation CNAME removed, expires in 48 hours, used by ALB and CloudFront distribution

Neural Engine Root Cause Analysis

AWS cloud infrastructure event detected — an EC2 instance may be unreachable or in a stopped state, an RDS database is experiencing issues, a load balancer has unhealthy targets, or a Lambda function is failing. AWS service disruptions can cascade across dependent resources and affect application availability.

Remediation Plan

1. Check the AWS Health Dashboard and Personal Health Dashboard for any active service events. 2. For EC2 issues, check instance status checks (system and instance), review CloudWatch metrics, and check VPC security group rules. 3. For RDS, verify database instance status, check storage and connection limits, and review slow query logs. 4. For ELB issues, check target group health checks and verify backend instances are responding. 5. For Lambda, review CloudWatch Logs for invocation errors and check IAM permissions and VPC connectivity.

Improvements Applied

Pattern classified as AWS_CLOUD (expected AWS_CERT_RENEWAL)
Severity: HIGH (expected CRITICAL)

Tested: 2026-04-02Monitors: 1 | Incidents: 1Test ID: cmnhnr8vc09c0lig72zhinl86