Hi all 👋 I have a Pulumi C# project that has a stack (

MyStack

) with AWS Resources (VPC, RDS…) in it. I can deploy these resources to AWS by running the Pulumi up command. And also, I have a C# Pulumi Automation project too. In that Automation project, I get the Endpoint, Master username, and password from the RDS created by above mentioned project and I create a DB connection string. Using that connection string I connect to the RDS instance (with the help of System.Data.SqlClient.SqlConnection in C#) and create a new database and database user with read-only access. Then I create a new connection string for that user. I want to store that connection string on AWS Secret Manager under the same stack (

MyStack

). So, I followed the below way to do that.

var stack = await LocalWorkspace.SelectStackAsync(new LocalProgramArgs(stackName, workingDir));
var connectionString = $"Data Source={endpoint},{port};User ID={userName};Password={password};";

var program = PulumiFn.Create(async () =>
{
    var secret = new Secret("MySecret", new SecretArgs
    {
        Name = "MySecret"
    });
    var secretVersion = new SecretVersion("MySecretVersion", new SecretVersionArgs
    {
        SecretId = secret.Id,
        SecretString = connectionString
    });
});

await stack.UpAsync(new UpOptions { Program = program });

But the problem is when I run stack.UpAsync() method, it deletes all previously created resources (VPC, Subnets, even RDS…) and only creates the new Secret and SecretVersion. Is there a way to store the secret in AWS secret manager while keeping previously created resources?