I have code that needs to create a new Cognito User Pool and User Pool Client if they don’t already exist. If they do already exist, they need to be imported. I have this working for the User Pool however, importing the User Pool Client deletes it. I just cannot figure out what’s going on and I’m starting to wonder if it’s a Pulumi bug. This is the code:

const _cognitoUserPool = new aws.cognito.UserPool(`${$app.stage}-cognitoUserPool`, {}, {});
const userPoolClientName = process.env.EXISTING_USERPOOL_CLIENT_NAME ?? undefined;

const baseUserPoolClientArgs: aws.cognito.UserPoolClientArgs = {
  userPoolId: _cognitoUserPool.id,
  tokenValidityUnits: undefined,
  name: userPoolClientName,
  generateSecret: false,
  readAttributes: ['email', 'email_verified', 'phone_number_verified'],
  writeAttributes: ['email'],
  supportedIdentityProviders: ['COGNITO'],
  explicitAuthFlows: ['ALLOW_USER_SRP_AUTH', 'ALLOW_REFRESH_TOKEN_AUTH'],
  enablePropagateAdditionalUserContextData: false,
  enableTokenRevocation: true,
  authSessionValidity: 3,
};

let _cognitoUserPoolClient: aws.cognito.UserPoolClient;

const dependsOn = [_cognitoUserPool];

if (process.env.EXISTING_USERPOOL_CLIENT_ID) {
  console.log('Creating cognitoUserPoolClient with import');
  _cognitoUserPoolClient = new aws.cognito.UserPoolClient(
    `${$app.stage}-cognitoUserPoolClient`,
    {
      ...baseUserPoolClientArgs,
      name: userPoolClientName,
      userPoolId: `${process.env.EXISTING_USERPOOL_ID}`,
    },
    {
      dependsOn,
      ignoreChanges: ['generateSecret'],
      import: `${process.env.EXISTING_USERPOOL_ID}/${process.env.EXISTING_USERPOOL_CLIENT_ID}`,
    },
  );
} else {
  _cognitoUserPoolClient = new aws.cognito.UserPoolClient(`${$app.stage}-cognitoUserPoolClient`, baseUserPoolClientArgs, {
    dependsOn,
  });
}

export { _cognitoUserPool, _cognitoUserPoolClient };

Any thoughts greatly appreciated!