No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

My code is:
```const readReplica = new aws.rds.Instance('read-replica', {
  engine: 'postgres',
  engineVersion: '13',
  instanceClass: instanceClass,
  allocatedStorage: 5,
  dbSubnetGroupName: dbSubnetGroup.id,
  vpcSecurityGroupIds: [dbSecurityGroup.id],
  name: dbName,
  username: dbUsername,
  password: dbPassword,
  allowMajorVersionUpgrade: false,
  autoMinorVersionUpgrade: true,
  storageEncrypted: true,
  maxAllocatedStorage: 500,
  deletionProtection: true,
  performanceInsightsEnabled: true,
  backupRetentionPeriod: 30,
  replicateSourceDb: db.arn,
});```

it looks like the dbpassword isn't the same as your master instance?

That's almost exactly the same code that generates my main instance, so I don't know how that would happen

```username: dbUsername,
  password: dbPassword,```

I don't think you need to set the master password and username on replicas, try removing those params

yeah, looking at <https://github.com/terraform-aws-modules/terraform-aws-rds/issues/103> I was just about to try that

Hm, but oddly, if I run `pulumi up` a second time, it wants to change it again.

I created a read replica and it looks fine

but the second time I run pulumi up, I get `└─ aws:rds:Instance  read-replica  update     [diff: ~replicateSourceDb]`

and I believe that will fail if I run it again

Yep,
```  aws:rds:Instance (read-replica):
    error: 1 error occurred:
        * updating urn:pulumi:dev::core::aws:rds/instance:Instance::read-replica: 1 error occurred:
        * cannot elect new source database for replication```

you'll need to see `ignoreChanges` perhaps?

huh, nifty.  I've never used that before.

But adding `{ ignoreChanges: ['replicateSourceDb']  }`