Hello, Forgive my limited experience with Pulumi. Also, let me know if this should have been asked in the #aws channel as I am fairly new to your Slack. We had to recently employ a CloudFormation based solution largely from [1] for IAM Access Key rotation. I'm trying to go back and fix up our existing Pulumi golang code my team inherited to play nicely with these IAM Access Key rotation facilities until we can get it re-implemented using Pulumi. I have tried using either

pulumi.Import(pulumi.ID(accessKey.AccessKeyId))

or building an

ignoreList []string

and filling it with these key ids and feeding this list into

pulumi.IgnoreChanges(ignoreList)

but neither prevents things from showing Pulumi is going to delete IAM keys that it had previously created. The existing code was always doing an

iam.NewAccessKey(...)

and now I'm not doing this if a key is found by querying

iam.GetAccessKeys(...)

. I'm guessing this is related but the documentation I found around importing resources and coexistence didn't lead me beyond what I mention above. Any thoughts our suggestions would be greatly appreciated. [1] https://github.com/aws-samples/aws-iam-access-key-auto-rotation