terraform, aws,

Terraform aws_acm_certificate resource forces constant replacement

May 04, 2022 · 1 min read · Post a comment

Take a look at the following Terraform code block:

resource "aws_acm_certificate" "devcoops" {
  domain_name               = "devcoops.com"
  subject_alternative_names = ["devcoops.com", "www.devcoops.com"]
  validation_method         = "DNS"

  tags = {
    Environment = "prod"

  lifecycle {
    create_before_destroy = true

So, you might be thinking what’s wrong with it? Obviously, at first sight it seems fine, but if you run terraform plan / apply, you will get prompted every single time for a resource recreation. For instance:

   ~ subject_alternative_names = [ # forces replacement
       + "devcoops.com",

And there are two ways to handle it.


  • Terraform


Solution no. 1

Never add the domain_name value as part of the subject_alternative_names list.

resource "aws_acm_certificate" "devcoops" {
  domain_name               = "devcoops.com"
  subject_alternative_names = ["www.devcoops.com"]

Solution no. 2

Since subject_alternative_names is an optional argument, either remove it or leave it empty.

resource "aws_acm_certificate" "devcoops" {
  domain_name               = "devcoops.com"
  subject_alternative_names = []


As always, if you can think of any alternative solution, feel free to write a comment below. On a side note, follow our official channel on Telegram.