it appears that aws auto renewing my rds certificate makes the associated aws-native rds resource non-updatable:

aws-native:rds:DbInstance (primaryRdsDatastore):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 3b208ea6-e286-4b75-9b45-22aba3b10214, api error ValidationException: Invalid patch update: readOnlyProperties [/properties/CertificateDetails, /properties/CertificateDetails/CAIdentifier, /properties/CertificateDetails/ValidTill] cannot be updated

naturally, my resource config doesn't reference anything relating to certificates.

Does

refresh

help?

no

So when you manually update, any chance to update cert?9

is that the recommended approach? that doesn't really work for me in production

I am also a user and will potentially have the same issue

fwiw @adamant-lawyer-19698 i ended up importing the existing RDS instance as a

@pulumi/aws

resource. it was very dicey but not a production db so i took the plunge

Oh, thank you for the updates. I am using python package

pulumi_aws.rds

, not native, I think. After your imports, will the error happen when RDS cert is updated again by AWS?

the error was specifically related to the aws cloud control api, which is what

aws-native

uses under the hood. so my hope is that the normal aws provider which we're now both using won't have the same issue. won't find out til next year though 😛

fair enough

Hey @shy-whale-9556, sorry to hear you're running into issues with aws-native. Could you please open an issue here and attach a repro of your problem so that the team can start looking into it? From an initial look, this sounds a lot like a bug in AWS Cloud Control or how

aws-native

integrates with that. I'm not aware of any similar bugs in

pulumi/aws

, so you should be fine with that 🤞