AWS API deployments do not enable Create before Destroy
Description
It is recommended to enable create_before_destroy argument inside the resource lifecycle configuration block to avoid possible return errors such as `BadRequestException: Active stages pointing to this deployment must be moved or deleted` on recreation.
Code Example
go
resource "aws_api_gateway_deployment" "example" {
rest_api_id = aws_api_gateway_rest_api.example.id
stage_name = "example"
+ lifecycle {
+ create_before_destroy = true
+ }
}Remediation
CloudFormation
CloudFormation creates a new deployment first and then will delete the old one automatically.
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0265 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AWS_217 |