Hi everyone! In my solution I have 2 stacks, shared and compute, compute depended on shared one. Shared one create NSG group in Azure and compute one adds some rules in NSG that was created by shared stack. The problem is that if I try to run pulumi up on shared stack it will remove NSG rules that were defined by compute stack. Does Pulumi have some mechanism that I can use to mark some resources as created by other stack, so shared doesn’t delete those resources?

For the shared NSG, are you using the

SecurityRule

resource, or the

securityRules

input on the NSG itself?

In shared stack I am creating

NetworkSecurityGroup

and inside of it I am specifying list of

SecurityRuleArgs

that relevant at that point in time. In compute stack I am creating

SecurityRule

with reference to NSQ that was created in Shared stack. If I get you correctly you suggest separate creating NSQ and rules for it in shared stack?

just needs a change in the

shared

stack so that instead of using

SecurityRuleArgs

inline, you specify them the same way as your

compute

stack with

SecurityRule

resources. Specifying them inline makes it "authoritative", so clobbers any rules specified externally

That make sense, thank you for nice advice👍