diff --git a/terraform-modules/aws/msk/main.tf b/terraform-modules/aws/msk/main.tf
index 5b7b1a2fc..195f23eb5 100644
--- a/terraform-modules/aws/msk/main.tf
+++ b/terraform-modules/aws/msk/main.tf
@@ -103,9 +103,7 @@ resource "aws_acmpca_certificate_authority" "this" {
   revocation_configuration {
     crl_configuration {
       custom_cname       = "crl.${var.common_name}"
-      # Disabling the CRL b/c the S3 bucket requirements are weird.  When creating the CA resource
-      # it keeps on complaining about the S3 bucket permissions is not set correctly.
-      enabled            = false
+      enabled            = true
       expiration_in_days = var.expiration_in_days
       s3_bucket_name     = aws_s3_bucket.this.id
     }