https://pulumi.com logo
#aws
Title
# aws
n

nice-butcher-64302

08/09/2023, 10:43 AM
Hello, I've a questiopn related to the pulumi cli. I'm right now facing the issue of updating some AWS S3 BucketPolicies, and I basically need to replace the existing policy with a new one. The problem I have is that the
pulumi up
command unfortunately first create the new policy, then delete the old one but since the bucket can have only one policy attached to it, what really happens is that at the end the bucket policy is actually removed. The temporary solution I've found to this problem is to perform the pulumi up, then perform a pulumi refresh and after that another pulumi up. What istead I think could be useful at least in this case is to have a
deleteBeforeCreate
flag for the cli to perform the delete operation before the create operation. A note on this, I tried with the flag
deleteBeforeCreate
on the resource, but since I'm actually creating a new resource with a different ID, this is not solving the issue.
b

billowy-army-68599

08/09/2023, 1:09 PM
Delete before replace is the answer here, what didn’t work about that?
n

nice-butcher-64302

08/09/2023, 1:15 PM
That works only if you update the same policy, in this case I was generating a new policy (with a new id) to attach to the same bucket. When doing the
pulumi up
command, first pulumi create the new BucketPolicy (and I suppose attach it to the bucket) and then remove the old one. But working this way, the bucket results with no policy at all.
In order to reapply the correct policy, I need to perform a
pulumi refresh
- Pulumi recognize this way the new policy I wanted to apply has been actually deleted in the
pulumi up
operation - and then re-do the
pulumi up
command
b

billowy-army-68599

08/09/2023, 1:21 PM
Why wouldn’t you just modify the existing policy? Is there a reason you need to define and entirely new policy for this?
n

nice-butcher-64302

08/09/2023, 1:43 PM
yeah, the reason was a wrong configuration. We were applying two policies to some buckets instead of working with multiple statements within the same policy, Pulumi created the two policies correctly, but the latest policy was the only one actually applied to the bucket. Therefore I had to fix the bug by creating a new policy with multiple statements inside. But this generated the issue above.
b

billowy-army-68599

08/09/2023, 2:43 PM
hrm, maube I’m not quite following what’s happening here, do you have a code example I can look at?
n

nice-butcher-64302

08/10/2023, 9:56 AM
I can recreate the scenario somehow, but I can't share the actual code unfortunately. Gimme me a bit of time
@billowy-army-68599 Here the code, both the before and after, with some comments