Hello I ve a questiopn related to the pulumi cli I m right n

Question

Hello I ve a questiopn related to the pulumi cli I m right now facing the issue of updating some AWS S3 BucketPolicies and I basically need to replace the existing policy with a new one The problem I have is that the `pulumi up` command unfortunately first create the new policy then delete the old one but since the bucket can have only one policy attached to it what really happens is that at the end the bucket policy is actually removed The temporary solution I ve found to this problem is to perform the pulumi up then perform a pulumi refresh and after that another pulumi up What istead I think could be useful at least in this case is to have a `deleteBeforeCreate` flag for the cli to perform the delete operation before the create operation A note on this I tried with the flag `deleteBeforeCreate` on the resource but since I m actually creating a new resource with a different ID this is not solving the issue

billowy-army-68599 · Answer

Delete before replace is the answer here what didn t work about that

nice-butcher-64302 · Answer

That works only if you update the same policy in this case I was generating a new policy with a new id to attach to the same bucket When doing the `pulumi up` command first pulumi create the new BucketPolicy and I suppose attach it to the bucket and then remove the old one But working this way the bucket results with no policy at all

nice-butcher-64302 · Answer

In order to reapply the correct policy I need to perform a `pulumi refresh` Pulumi recognize this way the new policy I wanted to apply has been actually deleted in the `pulumi up` operation and then re do the `pulumi up` command

billowy-army-68599 · Answer

Why wouldn t you just modify the existing policy Is there a reason you need to define and entirely new policy for this

nice-butcher-64302 · Answer

yeah the reason was a wrong configuration We were applying two policies to some buckets instead of working with multiple statements within the same policy Pulumi created the two policies correctly but the latest policy was the only one actually applied to the bucket Therefore I had to fix the bug by creating a new policy with multiple statements inside But this generated the issue above

billowy-army-68599 · Answer

hrm maube I m not quite following what s happening here do you have a code example I can look at

nice-butcher-64302 · Answer

I can recreate the scenario somehow but I can t share the actual code unfortunately Gimme me a bit of time

nice-butcher-64302 · Answer

< billowy army 68599> Here the code both the before and after with some comments