I have CDK project where I'm creating AppRunner service, and that app is trying to connect with RDS instance, so everything is in private VPC. AppRunner service I need VPC connector to be in same private VPC, and in first attempt it worked perfectly fine, but when I tried to add new tags to VPC connector I'm getting an issue below:
The security groups combination provided in the request already exists on existing vpc connector.
Existing VPC connector arn: arn:aws:apprunner:eu-west-1:XXXXXXXXXXXX:vpcconnector/myarvpcconnector/1/<ID>, Security Groups: [sg-XXXXXXX]
In my understanding, CDK is restricted to update the existing resource (not on all but few of the services) and instead need to recreate new one. The same restriction is also on opensearchserverless connection resource, CDK is not updating the resource it will try to recreate it.
That's why I don't like CDK, but unfortunately, I have to use it.
Any workaround?
Thanks
I tried to change the name of the resource, but it's creating a new one first and then deleting the existing one, that's not working.
You cannot update the tags on a VPC connector - this is a CloudFormation limitation.
From the docs:
A VpcConnector is immutable, so you cannot update its tags. To change the tags, replace the resource. To replace a VpcConnector, you must provide a new combination of security groups.