A security engineer must ensure that all certificates imported into AWS Certificate Manager (ACM) in all AWS Regions, must be notified of expiry, 30 days before their actual expiry via a single notification to the security administrator. The notification along with the certificate information should be sent to the security administrator and the Security Hub for centralized management. Which steps must be taken to perform these tasks optimally?