Ensure AWS ACM certificate enables Create before Destroy

Error: AWS ACM certificate does not enable Create before Destroy

Bridgecrew Policy ID: BC_AWS_NETWORKING_69
Checkov Check ID: CKV_AWS_233
Severity: LOW

AWS ACM certificate does not enable Create before Destroy

Description

It is recommended to enable create_before_destroy argument inside the resource lifecycle configuration block to avoid a possible outage when the certificate needs to be recreated during an update.

Fix - Buildtime

CloudFormation

CloudFormation creates a new certificate first and then will delete the old one automatically.

Terraform

resource "aws_acm_certificate" "example" {
  domain_name       = "example.com"
  validation_method = "DNS"

+ lifecycle {
+   create_before_destroy = true
+ }
}

Did this page help you?