I tried to delete my ACM certificate but received an error that it is in use with other AWS resources

Last updated: 2019-06-24

I tried to delete an AWS Certificate Manager (ACM) certificate, but I received an error similar to "The certificate is in use (associated with other AWS resources) and cannot be deleted. Disassociate the certificate from each resource in the list and try again."

Short Description

Deploying an edge-optimized API endpoint creates an Amazon CloudFront distribution by Amazon API Gateway. Deploying a Regional API endpoint creates an Application Load Balancer (ALB) by API Gateway. The CloudFront distribution or ALB is owned by API Gateway, not your account. The ACM certificate provided to deploy API Gateway is associated with the CloudFront distribution or ALB.

Similarly, adding a custom domain to your Amazon Cognito user pool creates a CloudFront distribution. The CloudFront distribution is owned by the Amazon Cognito service, not by your account. The ACM certificate provided creating the custom domain is associated with the CloudFront distribution.

Note: You can check the resource that the ACM certificate is associated with by running the describe-certificate command with AWS Command Line Interface (AWS CLI).

Resolution

To remove the association of the ACM certificate with the CloudFront distribution or ALB, you must replace the ACM certificate associated with the custom domain, or delete the custom domain.

To remove the association of the ACM certificate, do one of the following:

Then, delete the ACM Certificate.


Did this article help you?

Anything we could improve?


Need more help?