https://pulumi.com logo
Join Slack
Powered by
Hello, I've a questiopn related to the pulumi cli....
# aws
n
Hello, I've a questiopn related to the pulumi cli. I'm right now facing the issue of updating some AWS S3 BucketPolicies, and I basically need to replace the existing policy with a new one. The problem I have is that the 
pulumi up
command unfortunately first create the new policy, then delete the old one but since the bucket can have only one policy attached to it, what really happens is that at the end the bucket policy is actually removed. The temporary solution I've found to this problem is to perform the pulumi up, then perform a pulumi refresh and after that another pulumi up. What istead I think could be useful at least in this case is to have a 
deleteBeforeCreate
flag for the cli to perform the delete operation before the create operation. A note on this, I tried with the flag 
deleteBeforeCreate
on the resource, but since I'm actually creating a new resource with a different ID, this is not solving the issue.
b
Delete before replace is the answer here, what didn’t work about that?
n
That works only if you update the same policy, in this case I was generating a new policy (with a new id) to attach to the same bucket. When doing the 
pulumi up
command, first pulumi create the new BucketPolicy (and I suppose attach it to the bucket) and then remove the old one. But working this way, the bucket results with no policy at all.
In order to reapply the correct policy, I need to perform a 
pulumi refresh
- Pulumi recognize this way the new policy I wanted to apply has been actually deleted in the 
pulumi up
operation - and then re-do the 
pulumi up
command
b
Why wouldn’t you just modify the existing policy? Is there a reason you need to define and entirely new policy for this?
n
yeah, the reason was a wrong configuration. We were applying two policies to some buckets instead of working with multiple statements within the same policy, Pulumi created the two policies correctly, but the latest policy was the only one actually applied to the bucket. Therefore I had to fix the bug by creating a new policy with multiple statements inside. But this generated the issue above.
b
hrm, maube I’m not quite following what’s happening here, do you have a code example I can look at?
n
I can recreate the scenario somehow, but I can't share the actual code unfortunately. Gimme me a bit of time
@billowy-army-68599 Here the code, both the before and after, with some comments
BucketPolicyChanges_js.js
Open in Slack
PreviousNext
Powered by