AWS ACM PCA Certificate

This page shows how to write Terraform for ACM PCA Certificate and write them securely.

aws_acm_certificate (Terraform)

The Certificate in ACM PCA can be configured in Terraform with the resource name aws_acm_certificate. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub
resource "aws_acm_certificate" "blog_carterjones_info" {
  provider          = aws.useast1
  domain_name       = ""
  validation_method = "DNS"
resource "aws_acm_certificate" "haxe-org" {
  domain_name               = ""
  subject_alternative_names = ["*"]
  validation_method         = "DNS"
  lifecycle {
    create_before_destroy = true
resource "aws_acm_certificate" "adventar_org" {
  provider    =
  domain_name = ""

  lifecycle {
    create_before_destroy = true
resource "aws_acm_certificate" "skoleapp_com" {
  domain_name       = ""
  validation_method = "DNS"

  subject_alternative_names = ["*"]
resource "aws_acm_certificate" "ridibooks-com" {
  provider    = aws.virginia
  domain_name = "*"
  subject_alternative_names = [

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


Explanation in Terraform Registry

The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager. It deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a aws_acm_certificate_validation resource for this. Most commonly, this resource is used together with aws_route53_record and aws_acm_certificate_validation to request a DNS validated certificate, deploy the required validation records and wait for validation to complete. Domain validation through email is also supported but should be avoided as it requires a manual step outside of Terraform. It's recommended to specify create_before_destroy = true in a [lifecycle][1] block to replace a certificate which is currently in use (eg, by aws_lb_listener).

CloudFormation Example

CloudFormation code does not have the related resource.

Frequently asked questions

What is AWS ACM PCA Certificate?

AWS ACM PCA Certificate is a resource for ACM PCA of Amazon Web Service. Settings can be wrote in Terraform.

Where can I find the example code for the AWS ACM PCA Certificate?

For Terraform, the carterjones/infrastructure, HaxeFoundation/haxe-terraform and adventar/adventar source code examples are useful. See the Terraform Example section for further details.


Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.