[ElastiCache] ReplicationGroup can't resolve both securityGroupIdRefs and subnetGroupNameRef

[Scrumplex]

What happened?

I have created a ReplicationGroup CR where I reference a SubnetGroup and a SecurityGroup using subnetGroupNameRef and securityGroupIdRefs respectively.

When describing the ReplicationGroup I can only see one of securityGroupIds and subnetGroupName populated at a time. It seems to flip every few seconds.

A workaround is to define either securityGroupIds or subnetGroupName without referencing a Kubernetes resource.

How can we reproduce it?

---
apiVersion: ec2.aws.m.upbound.io/v1beta1
kind: SecurityGroup
metadata:
  name: app-dbs
spec:
  providerConfigRef:
    kind: ProviderConfig
    name: aws
  forProvider:
    region: eu-central-1
    name: app-dbs
    description: "Security group for App databases"
    vpcId: vpc-foobar
---
apiVersion: elasticache.aws.m.upbound.io/v1beta1
kind: SubnetGroup
metadata:
  name: cache
spec:
  providerConfigRef:
    kind: ProviderConfig
    name: aws
  forProvider:
    region: eu-central-1
    description: "Subnet group for Valkey"
---
apiVersion: elasticache.aws.m.upbound.io/v1beta1
kind: ReplicationGroup
metadata:
  name: cache
spec:
  providerConfigRef:
    kind: ProviderConfig
    name: aws
  forProvider:
    region: eu-central-1
    automaticFailoverEnabled: true
    atRestEncryptionEnabled: "true"
    authTokenSecretRef:
      name: elasticache-user # defined elsewhere
      key: password
    clusterMode: "disabled"  # Very important for our application!
    description: Valkey
    engine: valkey
    nodeType: cache.t4g.medium
    numCacheClusters: 2
    transitEncryptionEnabled: true
    multiAzEnabled: true
    securityGroupIdRefs:
      - name: app-dbs # defined above
    subnetGroupNameRef:
      name: cache # defined above
    userGroupIds:
      - cache # defined elsewhere, unrelated here

What environment did it happen in?

Crossplane version: 2.0.2
AWS Providers: 2.1.0 (all providers)

[github-actions]

Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as stale because it has had no activity in the last 90 days. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[Scrumplex]

/fresh

[github-actions]

Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as stale because it has had no activity in the last 90 days. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[Scrumplex]

/fresh