This message was deleted Pulumi Community #general

Join Slack

This message was deleted.

# general

sparse-intern-71089

06/20/2023, 9:08 AM

This message was deleted.

sticky-bear-14421

06/20/2023, 9:24 AM

Fun fact, setting the plain json document on the resource worked:

Copy code

new aws.s3.BucketPolicy("pulumi-infrastructure-bucket-policy", {
        bucket: bucket.bucket,
        policy: 
            `
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::infrastructure.pulumi.dev",
                "arn:aws:s3:::infrastructure.pulumi.dev"
            ],
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}`,
    });

echoing-dinner-19531

06/20/2023, 9:28 AM

Importing with

pulumi import

? Did you get the type token and id the right way round (pulumi import <type> <name> <id/arn>)

sticky-bear-14421

06/20/2023, 9:28 AM

Yes

sticky-bear-14421

06/20/2023, 9:28 AM

Copied the command from the docs and replaced the parts with my values

echoing-dinner-19531

06/20/2023, 9:34 AM

Shouldn't the policy arn differ from the bucket arn?

sticky-bear-14421

06/20/2023, 9:35 AM

I guess not, as the policy is part of the bucket permissions.

sticky-bear-14421

06/20/2023, 9:36 AM

Actually the policy editor in the web console mentions the bucket arn

sticky-bear-14421

06/20/2023, 9:37 AM

Uhhhhhhh, wait

sticky-bear-14421

06/20/2023, 9:38 AM

pulumi import aws:s3/bucketPolicy:BucketPolicy allow_access_from_another_account my-tf-test-bucket

I guess I was kind of over eager and replaced my-tf-test-bucket with the arn

sticky-bear-14421

06/20/2023, 9:38 AM

Let me check

echoing-dinner-19531

06/20/2023, 9:39 AM

I think for the import command you probably just need the name part of the arn

sticky-bear-14421

06/20/2023, 9:43 AM

New error .. life hates me today 😆

error: no name for resource urn:pulumi:dev::bootstrap::aws:s3/bucket:bucket::pulumi-infrastructure-bucket

sticky-bear-14421

06/20/2023, 9:44 AM

what puzzles me, pulumi-infrastructure-bucket isn’t the name I used for the import.

sticky-bear-14421

06/20/2023, 9:45 AM

That is the name of the bucket in the state

echoing-dinner-19531

06/20/2023, 9:53 AM

That is odd, import shouldn't care about any other resource except the one your importing

echoing-dinner-19531

06/20/2023, 9:54 AM

What exactly does your import command look like?

sticky-bear-14421

06/20/2023, 10:01 AM

Copy code

pulumi import aws:s3/bucketPolicy:BucketPolicy pulumi-infrastructure-bucket-policy infrastructure.pulumi.dev

sticky-bear-14421

06/20/2023, 10:04 AM

The actual name of the bucket is longer, I have shortened it

echoing-dinner-19531

06/20/2023, 10:04 AM

that looks reasonable, this probably needs an issue raising at https://github.com/pulumi/pulumi-aws/issues

echoing-dinner-19531

06/20/2023, 10:05 AM

Might be somethings not quite lined up because bucket policies are kinda not really their own resources but just a property on the bucket itself

sticky-bear-14421

06/20/2023, 10:06 AM

Sound reasonable

Open in Slack

Previous Next