Does the ARN of an AWS Managed Certificate change when it is renewed?

Question

I have a simple question, but I'm having trouble finding an answer.

When using AWS Certificate Manager, does the certificate ARN change when the certificate is renewed?

Some context:

I have a Cloudformation template that creates an autoscaling group + ELB. I use IAM certificates for HTTPS. This is a pain, because when the certificate expires, the ARN in the template needs to be changed to point to the new certificate.

My understanding is, if I switch to AWS Certificate Manager, I can use the ACM certificate ARN in my template, and the certificate can then be replaced/renewed behind the scenes, without me having to change the ARN in my template. I'm essentially abstracted from the underlying changes.

Is that a correct assumption?

Answer 1

Those who looking for answers for imported certificates, I want to point that renewal of imported certificate by reimporting will not change its ARN. I found this from documentation.

To renew an imported certificate, you can obtain a new certificate from your certificate issuer and then manually reimport it into ACM. This action preserves the certificate's association and its Amazon Resource name (ARN).

So renewal of imported certificate by reimporting will not change ARN of certificate.

I tested it with dummy certificate I created with easyrsa. Created a certificate with 10 days life(?) to expiration date and imported it to ACM. Then recreated same certificate with 30 days life(?) to expiration date. Then I renewed existing 10 days left certificate by reimporting with 30 days left certificate using aws acm import-certificate command with --certificate-arn option. After reimporting(renewal), certificate ARN didn't change.