From e9abb2d0a6fb4ec9b85bfa92a1cea7a8c39f97a3 Mon Sep 17 00:00:00 2001
From: Jacob Doetsch <jacob.doetsch@getbuilt.com>
Date: Mon, 11 Mar 2024 17:02:42 -0700
Subject: [PATCH 1/2] Prevent read-only ActiveEncryptionCertificate property
 from being used in ProviderDetails for UpdateIdentityProvider call

---
 internal/service/cognitoidp/identity_provider.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/service/cognitoidp/identity_provider.go b/internal/service/cognitoidp/identity_provider.go
index 2c055c76ab8..76e87cdc8b4 100644
--- a/internal/service/cognitoidp/identity_provider.go
+++ b/internal/service/cognitoidp/identity_provider.go
@@ -201,7 +201,9 @@ func resourceIdentityProviderUpdate(ctx context.Context, d *schema.ResourceData,
 	}
 
 	if d.HasChange("provider_details") {
-		params.ProviderDetails = flex.ExpandStringMap(d.Get("provider_details").(map[string]interface{}))
+		providerDetailsForUpdate := flex.ExpandStringMap(d.Get("provider_details").(map[string]interface{}))
+		delete(providerDetailsForUpdate, "ActiveEncryptionCertificate")
+		params.ProviderDetails = providerDetailsForUpdate
 	}
 
 	if d.HasChange("idp_identifiers") {

From 85c09da5b3787ddd817a8e01ea02fc0ab83a2203 Mon Sep 17 00:00:00 2001
From: Jacob Doetsch <jacob.doetsch@getbuilt.com>
Date: Tue, 12 Mar 2024 09:53:51 -0700
Subject: [PATCH 2/2] Add changelog file

---
 .changelog/36311.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/36311.txt

diff --git a/.changelog/36311.txt b/.changelog/36311.txt
new file mode 100644
index 00000000000..bd8f59571b1
--- /dev/null
+++ b/.changelog/36311.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_cognito_identity_provider: Ensure read-only property ActiveEncryptionCertificate is not used in UpdateIdentityProvider request
+```
\ No newline at end of file