From e9abb2d0a6fb4ec9b85bfa92a1cea7a8c39f97a3 Mon Sep 17 00:00:00 2001
From: Jacob Doetsch <jacob.doetsch@getbuilt.com>
Date: Mon, 11 Mar 2024 17:02:42 -0700
Subject: [PATCH] Prevent read-only ActiveEncryptionCertificate property from
 being used in ProviderDetails for UpdateIdentityProvider call

---
 internal/service/cognitoidp/identity_provider.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/service/cognitoidp/identity_provider.go b/internal/service/cognitoidp/identity_provider.go
index 2c055c76ab8..76e87cdc8b4 100644
--- a/internal/service/cognitoidp/identity_provider.go
+++ b/internal/service/cognitoidp/identity_provider.go
@@ -201,7 +201,9 @@ func resourceIdentityProviderUpdate(ctx context.Context, d *schema.ResourceData,
 	}
 
 	if d.HasChange("provider_details") {
-		params.ProviderDetails = flex.ExpandStringMap(d.Get("provider_details").(map[string]interface{}))
+		providerDetailsForUpdate := flex.ExpandStringMap(d.Get("provider_details").(map[string]interface{}))
+		delete(providerDetailsForUpdate, "ActiveEncryptionCertificate")
+		params.ProviderDetails = providerDetailsForUpdate
 	}
 
 	if d.HasChange("idp_identifiers") {