Ensure AWS ACM certificate enables Create before Destroy
Error: AWS ACM certificate does not enable Create before Destroy
Bridgecrew Policy ID: BC_AWS_NETWORKING_69
Checkov Check ID: CKV_AWS_233
Severity: LOW
AWS ACM certificate does not enable Create before Destroy
Description
It is recommended to enable create_before_destroy argument inside the resource lifecycle configuration block to avoid a possible outage when the certificate needs to be recreated during an update.
Fix - Buildtime
CloudFormation
CloudFormation creates a new certificate first and then will delete the old one automatically.
Terraform
resource "aws_acm_certificate" "example" {
domain_name = "example.com"
validation_method = "DNS"
+ lifecycle {
+ create_before_destroy = true
+ }
}
Updated about 1 year ago