provider-aws: DBInstance update request without change (causes instance to restart in loop)

What happened?

• Deployed a DBInstance along with DBParameterGroup, DBSubnetGroup and SecurityGroup
• Sync is ok for DBParameterGroup, DBSubnetGroup and SecurityGroup (External resource is up to date)
• However, some change is detected in DBInstance (Successfully requested update of external resource) forcing an apply and restart of the instance (it goes on forever until provider-aws-controller is shut down)

How can we reproduce it?

spec:
  deletionPolicy: Delete
  forProvider:
    allocatedStorage: 10
    autoMinorVersionUpgrade: true
    autogeneratePassword: true
    availabilityZone: us-east-1a
    backupRetentionPeriod: 1
    copyTagsToSnapshot: true
    dbInstanceClass: db.t2.small
    dbParameterGroupName: <name_here>
    dbSubnetGroupName: <name_here>
    deletionProtection: false
    enableIAMDatabaseAuthentication: true
    enablePerformanceInsights: false
    engine: mysql
    engineVersion: 8.0.28
    finalDBSnapshotIdentifier: <name_here>
    kmsKeyID: >-
      arn:aws:kms:us-east-1:...:key/...
    licenseModel: general-public-license
    masterUserPasswordSecretRef:
      key: master-user-password
      name: <name_here>-dbinstance-master-user-password
      namespace: <namespace_here>
    masterUsername: admin
    maxAllocatedStorage: 100
    multiAZ: false
    port: 3306
    preferredBackupWindow: 04:00-04:59
    preferredMaintenanceWindow: mon:05:00-mon:06:59
    publiclyAccessible: false
    region: us-east-1
    storageEncrypted: true
    storageType: gp2
    tags:
      - key: Name
        value: <name_here>
      - key: env
        value: ...
      - key: appName
        value: ...
      - key: businessUnit
        value: ...
      - key: contact
        value: ...
      - key: product
        value: ...
      - key: role
        value: ...
      - key: service
        value: ...
    vpcSecurityGroupIDRefs:
      - name: <name_here>
    vpcSecurityGroupIDs:
      - sg-...
  providerConfigRef:
    name: aws-provider
  writeConnectionSecretToRef:
    name: <name_here>-dbinstance-conn-string
    namespace: <namespace_here>

Subsequent request as seen in CloudTrail:

 "requestParameters": {
                "dBInstanceIdentifier": "<name_here>",
                "allocatedStorage": 10,
                "dBInstanceClass": "db.t2.small",
                "applyImmediately": false,
                "dBParameterGroupName": "<name_here>",
                "backupRetentionPeriod": 1,
                "preferredBackupWindow": "04:00-04:59",
                "preferredMaintenanceWindow": "mon:05:00-mon:06:59",
                "multiAZ": false,
                "engineVersion": "8.0.28",
                "allowMajorVersionUpgrade": false,
                "autoMinorVersionUpgrade": true,
                "licenseModel": "general-public-license",
                "storageType": "gp2",
                "cACertificateIdentifier": "rds-ca-2019",
                "copyTagsToSnapshot": true,
                "publiclyAccessible": false,
                "enableIAMDatabaseAuthentication": true,
                "enablePerformanceInsights": false,
                "deletionProtection": false,
                "maxAllocatedStorage": 100
            },

What environment did it happen in?

Crossplane version: 1.5.1 Provider-aws-controller: v0.27.0 (also reproduced with v0.26.1 and master at v0.28.0-rc.0.37.g9e1ce166)

• Cloud provider: AWS
• Kubernetes version (use kubectl version): 1.20.11
• Kubernetes distribution (e.g. Tectonic, GKE, OpenShift): EKS

Extra Notes:

Looks closely related to https://github.com/crossplane-contrib/provider-aws/issues/960… Seems like not all the possible bools have been fixed…