diff --git a/builtin/providers/aws/resource_aws_api_gateway_domain_name.go b/builtin/providers/aws/resource_aws_api_gateway_domain_name.go
index a3582ed889..103f7bed4e 100644
--- a/builtin/providers/aws/resource_aws_api_gateway_domain_name.go
+++ b/builtin/providers/aws/resource_aws_api_gateway_domain_name.go
@@ -25,26 +25,30 @@ func resourceAwsApiGatewayDomainName() *schema.Resource {
 			//to ApiGateway DomainNames. When this happens, we will be deprecating all certificate methods
 			//except certificate_arn. We are not quite sure when this will happen.
 			"certificate_body": {
-				Type:     schema.TypeString,
-				ForceNew: true,
-				Optional: true,
+				Type:          schema.TypeString,
+				ForceNew:      true,
+				Optional:      true,
+				ConflictsWith: []string{"certificate_arn"},
 			},
 
 			"certificate_chain": {
-				Type:     schema.TypeString,
-				ForceNew: true,
-				Optional: true,
+				Type:          schema.TypeString,
+				ForceNew:      true,
+				Optional:      true,
+				ConflictsWith: []string{"certificate_arn"},
 			},
 
 			"certificate_name": {
-				Type:     schema.TypeString,
-				Optional: true,
+				Type:          schema.TypeString,
+				Optional:      true,
+				ConflictsWith: []string{"certificate_arn"},
 			},
 
 			"certificate_private_key": {
-				Type:     schema.TypeString,
-				ForceNew: true,
-				Optional: true,
+				Type:          schema.TypeString,
+				ForceNew:      true,
+				Optional:      true,
+				ConflictsWith: []string{"certificate_arn"},
 			},
 
 			"domain_name": {
@@ -54,8 +58,9 @@ func resourceAwsApiGatewayDomainName() *schema.Resource {
 			},
 
 			"certificate_arn": {
-				Type:     schema.TypeString,
-				Optional: true,
+				Type:          schema.TypeString,
+				Optional:      true,
+				ConflictsWith: []string{"certificate_body", "certificate_chain", "certificate_name", "certificate_private_key"},
 			},
 
 			"cloudfront_domain_name": {
diff --git a/website/source/docs/providers/aws/r/api_gateway_domain_name.html.markdown b/website/source/docs/providers/aws/r/api_gateway_domain_name.html.markdown
index 72f6c28208..b58f4e6882 100644
--- a/website/source/docs/providers/aws/r/api_gateway_domain_name.html.markdown
+++ b/website/source/docs/providers/aws/r/api_gateway_domain_name.html.markdown
@@ -56,15 +56,15 @@ The following arguments are supported:
 
 * `domain_name` - (Required) The fully-qualified domain name to register
 * `certificate_name` - (Optional) The unique name to use when registering this
-  cert as an IAM server certificate
+  cert as an IAM server certificate. Conflicts with `certificate_arn`.
 * `certificate_body` - (Optional) The certificate issued for the domain name
-  being registered, in PEM format
+  being registered, in PEM format. Conflicts with `certificate_arn`.
 * `certificate_chain` - (Optional) The certificate for the CA that issued the
   certificate, along with any intermediate CA certificates required to
-  create an unbroken chain to a certificate trusted by the intended API clients.
+  create an unbroken chain to a certificate trusted by the intended API clients. Conflicts with `certificate_arn`.
 * `certificate_private_key` - (Optional) The private key associated with the
-  domain certificate given in `certificate_body`.
-* `certificate_arn` - (Optional) The ARN for an AWS-managed certificate.
+  domain certificate given in `certificate_body`. Conflicts with `certificate_arn`.
+* `certificate_arn` - (Optional) The ARN for an AWS-managed certificate. Conflicts with `certificate_name`, `certificate_body`, `certificate_chain` and `certificate_private_key`.
 
 ## Attributes Reference