Hello community, I'm fairly new to pulumi I mostly worked with TF. I have some key vaults in azure which are not managed by pulumi (manual creation). My pulumi program which is in python fetches name+id of existing key vaults (arrays) this works fine so far. Now I'm trying to configure network ACLS. It seems that it doesn't work because pulumi tries to create them and then tries to configure ACLS. Is there any way to just configure ACLS instead of creating the resource? I thought about importing them into stack and then do the configuration. Is that approach correct or can I do it in a different way without importing? The thing is people could always create new key vaults that's why it needs to somehow be dynamic instead of manual imports into stack. Thanks in advance

Yes you need to import resources into the stack for pulumi to know about them and configure them instead of create them. As far as people creating new key vaults manually, imo that goes against IaC best practices. If you have IaC, then the process for creating new resources should primarily go through your code. You can implement a process for requesting resources be created this way.

Thanks for your reply would you recommend the manual way with import command or with resourceOpts (not protected)? As I understood if I use manual import from cli I need to do it once and of course I have to declare it in my code. But I would avoid that if possible. Do you have any resources regarding the process? I wasn't able to get information on that

In your original message, are key vaults in azure related to ACLs? You mention them both, but they don't seem related.

ACLs are not the access policies/RBAC it's to restrict access from specific IP addresses in firewall settings https://learn.microsoft.com/en-us/azure/key-vault/general/network-security