When I try to redeploy my infra with new changes there s an Pulumi Community #getting-started

When I try to redeploy my infra with new changes, ...

bored-car-93231

01/03/2024, 8:05 PM

When I try to redeploy my infra with new changes, there's an attempt to delete the pre-existing bucket and object files. Not sure what the fix here is. Can someone advise?

import pulumi

import pulumi_aws as aws

import pulumi_awsx as awsx

# Create an AWS S3 Bucket

bucket = aws.s3.Bucket('demo-bucket')

# Building the JSON policy for public-read

public_read_policy = {

'Version': '2012-10-17',

'Statement': [

'Effect': 'Allow',

'Principal': '*',

'Action': 's3:GetObject',

'Resource': pulumi.Output.concat('arn:aws:s3:::', bucket.id, '/*'),

],

# Attach the public read policy to the bucket

bucket_policy = aws.s3.BucketPolicy('demo-bucket-policy',

bucket=bucket.id,

policy=public_read_policy)

# Configure the bucket to use an indefinite Object Lock retention policy

# By setting 'mode' to 'COMPLIANCE' and not specifying a 'days' or 'years' argument

# Configure Object Lock on the bucket

object_lock_config = aws.s3.BucketObjectLockConfigurationV2(

"demo-bucket-lock",

bucket=bucket.id,

# Enable Object Lock

object_lock_enabled='Enabled',

rule=aws.s3.BucketObjectLockConfigurationV2RuleArgs(

default_retention=aws.s3.BucketObjectLockConfigurationRuleDefaultRetentionArgs(

# Compliance mode to prevent object version deletions

mode="COMPLIANCE",

miniature-musician-31262

01/03/2024, 8:16 PM

Have any of the bucket properties changed?

miniature-musician-31262

01/03/2024, 8:17 PM

(For example, the resource name? That's the first argument,

demo-bucket

in your code.)

miniature-musician-31262

01/03/2024, 8:17 PM

If so, that would cause the bucket to be deleted and replaced.

bored-car-93231

01/03/2024, 8:27 PM

Here's the output, I think I may have fixed the bucket from deletion but the files are still attempting to be deleted + ├─ awsxecsFargateService service create + │ ├─ awsxecsFargateTaskDefinition service create + │ │ ├─ awscloudwatchLogGroup service create + │ │ ├─ awsiamRole service-execution create + │ │ ├─ awsiamRole service-task create + │ │ ├─ awsiamRolePolicyAttachment service-execution-9a42f520 create + │ │ └─ awsecsTaskDefinition service create + │ └─ awsecsService service create - ├─ awss3BucketObject file-1 delete - ├─ awss3BucketObject file-2 delete - └─ awss3BucketObject file-3 delete

bored-car-93231

01/03/2024, 8:27 PM

https://app.pulumi.com/Luca-Blight/infra/demo/previews/585d6d61-fafb-4eed-a258-5b6ac5d034e4

miniature-musician-31262

01/03/2024, 8:31 PM

I don't see any cod for the bucket objects themselves in your example. What created them? Was there code there previously that created them that's no longer in the program? If so, that would cause Pulumi to want to remove them as well. (Removing resource declarations from the code, like renaming them, is is like telling Pulumi "I don't want these anymore".)

miniature-musician-31262

01/03/2024, 8:33 PM

You can "retain" them, however, if you want to be able to remove them from the code but not delete them: https://www.pulumi.com/docs/concepts/options/retainondelete/

miniature-musician-31262

01/03/2024, 8:33 PM

... but to do that, you need to update them first to add the

retain_on_delete

option

bored-car-93231

01/03/2024, 11:07 PM

yes the original lines were removed that added the files from the local directory, given it seemed a bit excessive after they were already uploaded. Can this be used on the s3?

retain_on_delete

miniature-musician-31262

01/03/2024, 11:11 PM

It's available on all Pulumi resources, yep

Open in Slack

Previous Next