https://pulumi.com logo
#getting-started
Title
# getting-started
b

bored-car-93231

01/03/2024, 8:05 PM
When I try to redeploy my infra with new changes, there's an attempt to delete the pre-existing bucket and object files. Not sure what the fix here is. Can someone advise?
import pulumi
import pulumi_aws as aws
import pulumi_awsx as awsx
# Create an AWS S3 Bucket
bucket = aws.s3.Bucket('demo-bucket')
# Building the JSON policy for public-read
public_read_policy = {
'Version': '2012-10-17',
'Statement': [
{
'Effect': 'Allow',
'Principal': '*',
'Action': 's3:GetObject',
'Resource': pulumi.Output.concat('arn:aws:s3:::', bucket.id, '/*'),
}
],
}
# Attach the public read policy to the bucket
bucket_policy = aws.s3.BucketPolicy('demo-bucket-policy',
bucket=bucket.id,
policy=public_read_policy)
# Configure the bucket to use an indefinite Object Lock retention policy
# By setting 'mode' to 'COMPLIANCE' and not specifying a 'days' or 'years' argument
# Configure Object Lock on the bucket
object_lock_config = aws.s3.BucketObjectLockConfigurationV2(
"demo-bucket-lock",
bucket=bucket.id,
# Enable Object Lock
object_lock_enabled='Enabled',
rule=aws.s3.BucketObjectLockConfigurationV2RuleArgs(
default_retention=aws.s3.BucketObjectLockConfigurationRuleDefaultRetentionArgs(
# Compliance mode to prevent object version deletions
mode="COMPLIANCE",
)
)
)
m

miniature-musician-31262

01/03/2024, 8:16 PM
Have any of the bucket properties changed?
(For example, the resource name? That's the first argument,
demo-bucket
in your code.)
If so, that would cause the bucket to be deleted and replaced.
b

bored-car-93231

01/03/2024, 8:27 PM
Here's the output, I think I may have fixed the bucket from deletion but the files are still attempting to be deleted + ├─ awsxecsFargateService service create + │ ├─ awsxecsFargateTaskDefinition service create + │ │ ├─ awscloudwatchLogGroup service create + │ │ ├─ awsiamRole service-execution create + │ │ ├─ awsiamRole service-task create + │ │ ├─ awsiamRolePolicyAttachment service-execution-9a42f520 create + │ │ └─ awsecsTaskDefinition service create + │ └─ awsecsService service create - ├─ awss3BucketObject file-1 delete - ├─ awss3BucketObject file-2 delete - └─ awss3BucketObject file-3 delete
m

miniature-musician-31262

01/03/2024, 8:31 PM
I don't see any cod for the bucket objects themselves in your example. What created them? Was there code there previously that created them that's no longer in the program? If so, that would cause Pulumi to want to remove them as well. (Removing resource declarations from the code, like renaming them, is is like telling Pulumi "I don't want these anymore".)
You can "retain" them, however, if you want to be able to remove them from the code but not delete them: https://www.pulumi.com/docs/concepts/options/retainondelete/
... but to do that, you need to update them first to add the
retain_on_delete
option
b

bored-car-93231

01/03/2024, 11:07 PM
yes the original lines were removed that added the files from the local directory, given it seemed a bit excessive after they were already uploaded. Can this be used on the s3?
retain_on_delete
m

miniature-musician-31262

01/03/2024, 11:11 PM
It's available on all Pulumi resources, yep