[Bug]: MultiRegionAccessPoint constantly throw CannotUpdateExternalResource warning

[oliabent]

Is there an existing issue for this?

• [X] I have searched the existing issues

Affected Resource(s)

xpkg.upbound.io/upbound/provider-aws-s3control:v1.6.0

Resource MRs required to reproduce the bug

apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: name: provider-aws-s3control spec: package: xpkg.upbound.io/upbound/provider-aws-s3control:v1.6.0

---

apiVersion: s3control.aws.upbound.io/v1beta1 kind: MultiRegionAccessPoint metadata: name: {{ $multiRegionAccessPointName }} annotations: gotemplating.fn.crossplane.io/composition-resource-name: multiregionaccesspoint spec: forProvider: details:

• name: {{ $multiRegionAccessPointName }} region: {{- range $bucket := $multiRegionAccessPointBucketNames }}
• bucketRef: name: {{ $bucket }} {{- end }} region: {{ $multiRegionAccessPointRegion }} providerConfigRef: name: {{ $providerConfigName }}

Steps to Reproduce

create MultiRegionAccessPoint

What happened?

After creation MultiRegionAccessPoint resource status shows SYNCED-False and constantly throw CannotUpdateExternalResource warnings:

Relevant Error Output Snippet

Warning  CannotUpdateExternalResource  9m28s (x2 over 9m49s)  managed/s3control.aws.upbound.io/v1beta1, kind=multiregionaccesspoint  async update failed: refuse to update the externa │
│ l resource because the following update requires replacing it: cannot change the value of the argument "details.0.region.192892551.bucket_account_id" from "" to ""                      │
│   Warning  CannotUpdateExternalResource  8m18s (x4 over 9m49s)  managed/s3control.aws.upbound.io/v1beta1, kind=multiregionaccesspoint  async update failed: refuse to update the externa │
│ l resource because the following update requires replacing it: cannot change the value of the argument "details.0.region.1736406010.bucket" from "ssp-ochursinova-pae-s3-bucket1" to ""  │

Crossplane Version

v1.14.3

Provider Version

v1.6.0

Kubernetes Version

v1.29.4

Kubernetes Distribution

EKS

Additional Info

No response

[mbbush]

I can reproduce the issue running uptest. Terraform is producing a diff that wants to delete the two elements from the region list and recreate identical ones.

I have a vague recollection that we have a good way to resolve this category of issue, but I'm forgetting exactly what it is. Something about a CustomizeDiff function and a hash function maybe? @turkenf do you remember?

[xsvil]

I receive a similar error but with an EC2 instance when trying to update the userData. Error looks similar. Is this related so it is not able to update and replace the content?

update failed: async update failed: refuse to update the external resource because the following update requires replacing it: cannot change the value of the argument "user_data" from "AAA" to "BBB"