Unexpected Behavior from AWS CLI SecretsManager --force-delete-without-recovery

Question

I am trying to delete a secret in AWS Secrets Manager. I can use the --secret-id or the ARN, but either way the secret is still there in the console and later CLI calls to --force-delete. The ARNs and DeletionDates change, and in the console it is shown as "deleted on" this date, but the option to cancel deletion is still there, as well. What is going on?

>>> aws secretsmanager delete-secret --secret-id 202112030312-dev-rds-pw --force-delete-without-recovery --region us-west-2 --profile=development
{
    "ARN": "arn:aws:secretsmanager:us-west-2:99999999999:secret:202112030312-dev-rds-pw-Cf10KE",
    "Name": "202112030312-dev-rds-pw",
    "DeletionDate": "2021-12-02T20:15:28.129000-07:00"
}

>>> aws secretsmanager delete-secret --secret-id 202112030312-dev-rds-pw --force-delete-without-recovery --region us-west-2 --profile=development
{
    "ARN": "arn:aws:secretsmanager:us-west-2:99999999999:secret:202112030312-dev-rds-pw-srMuPx",
    "Name": "202112030312-dev-rds-pw",
    "DeletionDate": "2021-12-02T20:15:40.226000-07:00"
}

>>> # NOTE THE SUFFIX ON THE ARN...
>>> aws secretsmanager delete-secret --secret-id arn:aws:secretsmanager:us-west-2:99999999999:secret:202112030312-dev-rds-pw-srMuPx --force-delete-without-recovery --region us-west-2 --profile=development
{
    "ARN": "arn:aws:secretsmanager:us-west-2:99999999999:secret:202112030312-dev-rds-pw-oz8kB2",
    "Name": "202112030312-dev-rds-pw",
    "DeletionDate": "2021-12-02T20:17:36.631000-07:00"
}

Answer 1

If you include --force-delete-without-recovery, the delete-secret does not check if secret exists or not. It will still "work" as if the secret existed. From docs:

If you use this parameter and include a previously deleted or nonexistent secret, the operation does not return the error ResourceNotFoundException in order to correctly handle retries.