Hi . I'm trying to work out how to setup and use https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/working-with-staging-distribution-continuous-deployment-policy.html with Pulumi. I followed the example at https://www.pulumi.com/registry/packages/aws/api-docs/cloudfront/continuousdeploymentpolicy/ and added a staging dist/policy to an exisiting production distribution. But confused about if the rest of the flow is supported. If I update the staging dist with for example:

restrictions={
        "geo_restriction": {
            "restriction_type": "whitelist",
            "locations": [
                "US",
                "CA",
                "GB",
                "DE",
            ],
        },
    },

it fails with

pulumi:pulumi:Stack (dev):

error: update failed

aws:cloudfront:Distribution (dev-dist-stg):

error:   sdk-v2/provider2.go:520: sdk.helper_schema: updating CloudFront Distribution (E1QPMEPKHHUCF5): operation error CloudFront: UpdateDistribution, https response error StatusCode: 400, RequestID: b137b9cd-244d-436c-ae1b-04dacee9d0c3, IllegalUpdate: You cannot update Origin or CallerReference.: provider=aws@6.56.1

error: 1 error occurred:

* updating CloudFront Distribution (BLAH): operation error CloudFront: UpdateDistribution, https response error StatusCode: 400, RequestID: b137b9cd-244d-436c-ae1b-04dacee9d0c3, IllegalUpdate: You cannot update Origin or CallerReference.

If I comment out the staging dist and deployment policy code, pulumi up says

error: deleting CloudFront Continuous Deployment Policy (0b015db6-ba15-4087-8d2b-28ca60653981): operation error CloudFront: DeleteContinuousDeploymentPolicy, https response error StatusCode: 409, RequestID: 9046f0fb-f47a-4ffe-82d4-2b637109f683, ContinuousDeploymentPolicyInUse: The specified continuous deployment policy is currently associated with a distribution.

If I set the

continuous_deployment_policy_id=None,

in the primary distribution , nothing happens , Pulumi doesn't flag an update. Help please? Thanks!