No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello everyone.
I'm having problems with deploying `pulumi_aws.ssoadmin.CustomerManagedPolicyAttachment` . I have two `CustomerManagedPolicyAttachments` with one `PermissionSet` and when there are any changes to one of the policy attachments I get an error on pulumi up .

The error:
```creating SSO Customer Managed Policy Attachment (iam-get-role-policy-c4c5cc5,/,arn:aws:sso:::permissionSet/ssoins-69873ef126937df1/ps-449344b8cb6b7ec5,arn:aws:sso:::instance/ssoins-69873ef126937df1): error waiting for SSO Permission Set (arn:aws:sso:::permissionSet/ssoins-69873ef126937df1/ps-449344b8cb6b7ec5) to provision: unexpected state 'FAILED', wanted target 'SUCCEEDED'. last error: %!s(<nil>```
I think this might be related to this terraform bug: <https://github.com/hashicorp/terraform-provider-aws/issues/33337>

I already tried tweeking the `ResourceOptions` with `depends_on`, `delete_before_replace` and `replace_on_changes` , but to no effect. Sometimes it works on a rerun, but it's not really predictable.

Let me know if you need more information.
e: I was thinking about using the aws-native package, but introducing new dependencies (esepcially in preview) might not be possible.