I have a problem with AWS Secret manager secret, the problem is that when I do

pulumi down,

it will delete the secret, however in reality, it will not delete as Amazon schedule that for delete in 7 days, Now, the next time, I want to do

pulumi up

, I got this error:

creating Secrets Manager Secret: ResourceExistsException: The operation failed because the secret *******  already exists.

what is the best solution, I do not want to use the random prefex for secret name, i want to make it static name

perhaps a dumb idea: try

pulumi up --refresh

on your subsequent update? and another equally bad idea: https://www.pulumi.com/docs/concepts/resources/dynamic-providers/ 🙂 to help you craft the logic around your underlying conditions that Pulumi isn't aware of

Also I do not wan to use recoveryWindowInDays: 0 as it is unsafe

Is it going to be a common occurrence where a secret gets deleted, or just a side effect of refactoring? Probably best to clean it up by hand through the console/cli

now, it is common as by default the AWS secret go to schedule mode for 7 days, however I got an idea : check if the secret exist before, use that, otherwise create a new one> however I do not know how can I check if that Item exists before in typescript I am using the getSecretOutput with such secret name, but how can I check if that ix exist. here is the sample code https://gist.github.com/atazangene/f026e187ed163079fcfd1c0ee17e8c7e

are you expecting the secret to be deleted at some point?

no, I expect it will not delete

then there's no real need to try and handle it 🙂

so I should use

protect

option to avoid delete on

pulumi down

?

you're doing

pulumi down

then

pulumi up

; for infrastructure testing?

yes, exactly

Then you probably want to set the recovery window to 0, as you don't care about the secret. You can make it conditional for your UAT stack

perfect, I see