Feature Request: Account for PendingModifiedValues for RDS instances

[sfc-gh-jlangefeld]

With have RDS instances that have maintenance windows once a week.
We don't use Pulumi deployments, but rather our own deployment, that periodically checks for drifts across a wide range of infrastructure (not just RDS instances) using pulumi previews.

This combination gets us into the following predicament: When we make a change in config to an RDS instance outside a maintenance window, AWS accepts that change request and stores it in PendingModifiedValues. Here an example for updating the EngineVersion (output of aws rds describe-db-instances --db-instance-identifier <instance-id>):

            "PendingModifiedValues": {
                "EngineVersion": "16.3"
            },
            "EngineVersion": "12.19",

The aws console displays this as the following:

The pulumi up to set the EngineVersion to 16.3 goes through successfully without error. But then the next pulumi preview before the maintenance window opening sees a diff again, because it only compares that EngineVersion field and doesn't look at PendingModifiedValues to see that this desired change was already applied, but just didn't go through yet due to the maintenance window that's not currently active.

I think ideally the diff comparison in the pulumi preview could also look at the PendingModifiedValues and don't report a diff if the desired change is already captured there.

This often blocks our hands-off automation as we get reports that a desired change couldn't be achieved.

My question is specific to RDS instances but I could imagine also other resources have maintenance windows with the same behavior.

[t0yv0]

Thank you for this suggestion @sfc-gh-jlangefeld !

At a quick glance Terraform provider is handling PendingModifiedValues.EngineVersion specially:

https://github.com/hashicorp/terraform-provider-aws/blob/ec6555ce8d44ce5661811b3877f10fe9e379bccd/internal/service/rds/instance.go#L2705

It would be interesting to see if pulumi up --refresh behaves as expected in your scenario.

One difference between Pulumi and Terraform is that Terraform refreshes by default during terraform apply and Pulumi does not. Refreshing makes the engine aware of drift - any out of band changes that may have been done to the cloud. This difference may be pertinent here.

If pulumi up --refresh does not work possibly there is a bug or something is missing. If you have concrete Pulumi code with a minimal repro it could help us investigate further.

[sfc-gh-jlangefeld]

Thanks for your reply! I was under the impression that we run pulumi refresh for all our infrastructure, but just noticed that it wasn't enabled for AWS. This is worth a try and we'll report back if that doesn't work.