Auto-renew AWS certificates with Slack approval workflow

Name: Auto-renew AWS certificates with Slack approval workflow
Availability: InStock
Rating: 4.5 (16 reviews)
Author: Trung Tran

$20/month : Unlimited workflows

2500 executions/month

Try free

THE #1 IN WEB SCRAPING

Scrape any website without limits

Try free

HOSTINGER 🎉 Early Black Friday Deal
DISCOUNT 20%

Self-hosted n8n

Unlimited workflows - from $4.99/mo

Try free

#1 hub for scraping, AI & automation

6000+ actors - $5 credits/mo

Try free

AWS Certificate Manager (ACM) Auto-Renew with Slack notify & approval

Who’s it for

SRE/DevOps teams managing many ACM certs.
Cloud ops who want hands-off renewals with an approval step in Slack.
MSPs that need auditable reminders and renewals on schedule.

How it works / What it does

Schedule Trigger – runs daily (or your cadence).
Get many certificates – fetches ACM certs (paginate if needed).
Filter: expiring in next 7 days – keeps items where:
- NotAfter before today + 7d
- NotBefore before today (already valid)
Send message and wait for response (Slack) – posts a certificate summary and pauses until Approve/Reject.
Renew a certificate – on Approve, calls the renew action for the item.

How to set up

Credentials
- AWS in n8n with permissions to list/read/renew certs.
- Slack OAuth (bot in the target channel).
Schedule Trigger
- Set to run once per day (e.g., 09:00 local).
Get many certificates
- Region: your ACM region(s).
- If you have several regions, loop regions or run multiple branches.
Filter (IF / Filter node)
- Add these two conditions (AND):
  - {{ $json.NotAfter.toDateTime('s') }} is before {{ $today.plus(7,'days') }}
  - {{ $json.NotBefore.toDateTime('s') }} is before {{ $today }}

Slack → Send & Wait

Message (text input):

:warning: *ACM Certificate Expiry Alert* :warning:

*Domain:* {{ $json.DomainName }}
*SANs:* {{ $json.SubjectAlternativeNameSummaries }}
*ARN:* {{ $json.CertificateArn }}
*Algo:* {{ $json.KeyAlgorithm }}
*Status:* {{ $json.Status }}
*Issued:* {{ $json.IssuedAt | toDate | formatDate("YYYY-MM-DD HH:mm") }}
*Expires:* {{ $json.NotAfter | toDate | formatDate("YYYY-MM-DD HH:mm") }}

Approve to start renewal.

Add two buttons: Approve / Reject (the node will output which was clicked).

Renew a certificate
- Map the CertificateArn from the Slack Approved branch.

Requirements

n8n (current version with Slack Send & Wait).
AWS IAM permissions (read + renew ACM), e.g.:
- acm:ListCertificates, acm:DescribeCertificate, acm:RenewCertificate (plus region access).
Slack bot with permission to post & use interactivity in the target channel.

How to customize the workflow

Window size: change 7 to 14 or 30 days in the filter.
Catch expired: add an OR path {{ $json.NotAfter.toDateTime('s') }} is before {{ $today }} → send a red Slack alert.
Auto-renew w/o approval: bypass Slack and renew directly for low-risk domains.
Multiple regions/accounts: iterate over a list of regions or assume roles per account.
Logging: add a Google Sheet/DB append after Slack click with user, time, result.
Escalation: if no Slack response after N hours, ping @oncall or open a ticket.

Notes

The Slack node pauses execution until a button is clicked—perfect for change control.
Time conversions above assume NotAfter/IssuedAt are Unix seconds ('s'). Adjust if your data differs.

Trung Tran

0 workflows

Nodes

set gmail telegram agent google-gemini

Complexity

intermediate

Published 17 Aug 2025

Likes 0

View on n8n.io Download Workflow

✨

Share Your Workflow

Have a great workflow to share? Join the n8n Creator Hub and help the community!

Submit Your Template How to Submit

Related Workflows

Detect multi-source transaction fraud and reconcile finances with OpenAI, Nvidia NIM, Gmail, Slack and Google Sheets

## How It Works This workflow automates financial transaction surveillance by monitoring multiple payment systems, analyzing transaction patterns with AI, and triggering instant fraud alerts. Designed for finance teams, compliance officers, and fintech operations, it solves the challenge of real-time fraud detection across high-volume transaction streams without manual oversight. The system continuously fetches transactions from banking APIs and payment gateways via scheduled triggers or webhooks. Each transaction flows through validation layers checking for irregular amounts, velocity patterns, and geolocation anomalies. AI models analyze transaction metadata against historical patterns to calculate fraud risk scores. High-risk transactions trigger immediate alerts to designated teams via Gmail and Slack, while audit trails are logged to Google Sheets for compliance documentation. Approved transactions proceed to reconciliation, aggregating financial reports automatically. This eliminates delayed fraud discovery, reduces false positives through intelligent scoring, and ensures regulatory compliance through comprehensive audit logging. ## Setup Steps 1. Configure banking API credentials for transaction access 2. Set up webhook endpoints for real-time transaction notifications 3. Add OpenAI API key for fraud pattern analysis and risk scoring 4. Configure NVIDIA NIM API for advanced anomaly detection models 5. Set Gmail OAuth credentials for automated fraud alert delivery 6. Connect Slack workspace and specify alert channels for urgent notifications 7. Link Google Sheets for transaction logging and compliance audit trails ## Prerequisites Active accounts for payment processors (Stripe, PayPal) or banking APIs (Plaid) ## Use Cases Real-time credit card transaction monitoring with instant fraud blocks ## Customization Adjust fraud risk scoring thresholds based on business risk tolerance ## Benefits Reduces fraud detection time from hours to seconds through real-time monitoring.

View

Monitor SSL certificate expiry with Google Sheets and SMTP email alerts

## Who is this for? DevOps engineers, sysadmins, and website owners who manage multiple domains and need proactive SSL certificate expiration monitoring without manual checks. ## What it does Automatically monitors SSL certificates across multiple domains, tracks expiration status in a Google Sheet dashboard, and sends beautifully formatted HTML email alerts before certificates expire. **✅ No API rate limits** — Uses direct OpenSSL commands, so you can scan unlimited domains with zero API costs or restrictions. ## How it works - Triggers on schedule (every 3 days at 10AM) - Reads domain list from your Google Sheet - Checks each domain's SSL certificate using OpenSSL commands - Parses expiration dates, issuer info, and calculates days remaining - Updates Google Sheet with current status for all domains - Sends styled email alerts only when certificates are expiring soon ## Set up steps - Connect your Google Sheets OAuth2 credentials - Create a Google Sheet with these columns: **Domain**, **Expiry Date**, **Days Left**, **Status**, **Issuer**, **Last Checked** (the workflow matches on the Domain column to update results) - Add your domains to scan in the **Domain** column - Update the Sheet ID in the **Read Domain List from Google Sheets** and **Update Google Sheet with Results** nodes - Connect SMTP credentials in the **Send Alert Email via SMTP** node - Optionally adjust `ALERT_THRESHOLD_DAYS` in two nodes: **Prepare Domain List and Set Threshold** and **Parse SSL Results and Identify Expiring Certs** (default: 20 days) Setup time: ~10 minutes

View

Monitor GitHub repo access and push events with GitHub and Slack alerts

## Monitor GitHub Repositories for Unauthorized Actions ### How it works: This workflow monitors GitHub for high-risk activities to ensure that only authorized users can modify the repository. It periodically polls GitHub for events such as PushEvent, MemberEvent, and PublicEvent. For each event, the workflow extracts the username of actor and looks it up in the it_whitelist data table to determine the user’s role. A Switch node then routes the event to the appropriate validation logic. • Member & Public events: Only users with the admin role are allowed. Any non-admin action such as adding a repository member or changing a private repository to public triggers an alert. • Push events: The user must exist in the whitelist. If no role is found, the user is treated as unknown and flagged. All unauthorized actions are reported to Slack, including the event type, actor name, and repository details. ### Setup steps: Credentials: Connect your GitHub Personal Access Token and Slack Bot Token. Create a Data Table named it_whitelist with columns github_username and role. Add your GitHub username with the role admin to prevent self-alerts. Accordingly, add other developers and members in your organization with appropriate roles to white list them. Switch Configuration: Use the expression {{ $item.json.type }} in 'Rules' mode to route events. Logic: Configure the PushEvent IF node to flag users whose role is empty or missing. Configure the Member and Public IF nodes to flag users whose role is not admin. ![image.png](fileId:3885)

View

👨‍💻

Need Custom Automation?

N8N Automation Expert

Specialized in N8N automation, I design custom workflows that connect your tools and automate your processes.