diff --git a/internal/pkg/cli/deploy/env.go b/internal/pkg/cli/deploy/env.go
index 9c34706be7d..ffaf6d21d10 100644
--- a/internal/pkg/cli/deploy/env.go
+++ b/internal/pkg/cli/deploy/env.go
@@ -184,7 +184,9 @@ func (d *envDeployer) validateALBWorkloadsDontRedirect() error {
 	if err != nil {
 		return fmt.Errorf("get env params: %w", err)
 	}
-
+	if params[cfnstack.EnvParamALBWorkloadsKey] == "" {
+		return nil
+	}
 	services := strings.Split(params[cfnstack.EnvParamALBWorkloadsKey], ",")
 	g, ctx := errgroup.WithContext(context.Background())
 
diff --git a/internal/pkg/cli/deploy/env_test.go b/internal/pkg/cli/deploy/env_test.go
index 599e2d0df9e..fe2c73fc3a6 100644
--- a/internal/pkg/cli/deploy/env_test.go
+++ b/internal/pkg/cli/deploy/env_test.go
@@ -485,6 +485,17 @@ func TestEnvDeployer_Validate(t *testing.T) {
 			},
 			expected: "enable TLS termination on CDN: get env params: some error",
 		},
+		"cdn tls termination enabled, skip if no services deployed": {
+			app: &config.Application{},
+			mft: mftCDNTerminateTLSAndHTTPCert,
+			setUpMocks: func(m *envDeployerMocks, ctrl *gomock.Controller) {
+				m.stackDescribers = map[string]*mocks.MockstackDescriber{
+					"svc1": mocks.NewMockstackDescriber(ctrl),
+				}
+
+				m.envDescriber.EXPECT().Params().Return(map[string]string{}, nil)
+			},
+		},
 		"cdn tls termination enabled, fail to get service resources": {
 			app: &config.Application{},
 			mft: mftCDNTerminateTLSAndHTTPCert,
diff --git a/internal/pkg/manifest/validate_env.go b/internal/pkg/manifest/validate_env.go
index 465d258dbfd..2534596ff95 100644
--- a/internal/pkg/manifest/validate_env.go
+++ b/internal/pkg/manifest/validate_env.go
@@ -364,12 +364,6 @@ func (i RestrictiveIngress) validate() error {
 // validate returns nil if advancedCDNConfig is configured correctly.
 func (cfg AdvancedCDNConfig) validate() error {
 	if cfg.Certificate == nil {
-		if aws.BoolValue(cfg.TerminateTLS) {
-			return &errFieldMustBeSpecified{
-				missingField:      "certificate",
-				conditionalFields: []string{"terminate_tls"},
-			}
-		}
 		return nil
 	}
 	certARN, err := arn.Parse(*cfg.Certificate)
diff --git a/internal/pkg/manifest/validate_env_test.go b/internal/pkg/manifest/validate_env_test.go
index 8f24b8e67a7..f8160d24e6a 100644
--- a/internal/pkg/manifest/validate_env_test.go
+++ b/internal/pkg/manifest/validate_env_test.go
@@ -777,14 +777,6 @@ func TestCDNConfiguration_validate(t *testing.T) {
 			},
 			wantedError: errors.New("cdn certificate must be in region us-east-1"),
 		},
-		"error if terminate tls set without cert": {
-			in: EnvironmentCDNConfig{
-				Config: AdvancedCDNConfig{
-					TerminateTLS: aws.Bool(true),
-				},
-			},
-			wantedError: errors.New(`"certificate" must be specified if "terminate_tls" is specified`),
-		},
 		"success with cert and terminate tls": {
 			in: EnvironmentCDNConfig{
 				Config: AdvancedCDNConfig{