https://pulumi.com logo
#python
Title
# python
b

bright-magician-13023

01/30/2024, 12:54 PM
Hi all I'm coming across an error an aws error... I have one custom resource instantiating a security group and another instantiating another security group and adding an ingress rule to allow traffic from the former; the security group id of the former is passed to the second resource by creating a dataclass the
pulumi up
spints out this error:
Copy code
Diagnostics:
  pulumi:pulumi:Stack (mystack-dev):
    error: update failed

  aws:vpc:SecurityGroupIngressRule (mystack-sg-alb):
    error: creating VPC Security Group Rule: InvalidGroup.NotFound: The security group 'sg-XXXXXXXXX' does not exist  
        status code: 400, request id: 5226661c-0000-0000-0000-88ab245d4355

Resources:
    41 unchanged

Duration: 13s
I can see the resource available and even subsequent
pulumi up
commands lead to the same issue I looked into cloudtrail and i can see the request contains what appear to be a user id for this request, the other requests to add ingress tules don't have it...
Copy code
"requestParameters": {
        "groupId": "sg-XXXXXX",
        "ipPermissions": {
            "items": [
                {
                    "ipProtocol": "tcp",
                    "fromPort": 0,
                    "toPort": 65535,
                    "groups": {
                        "items": [
                            {
                                "userId": "arn:aws:ec2:eu-west-1:12345678:security-group",
                                "groupId": "sg-XXXXXXXX"
                            }
                        ]
                    },
                    "ipRanges": {},
                    "ipv6Ranges": {},
                    "prefixListIds": {}
                }
            ]
        }
    },
can anyone provide any input as to what may be going wrong?? I'm using python and pulumi version
v3.102.0
a

adventurous-butcher-54166

01/30/2024, 7:49 PM
Can you share relevant snippets of the code you're using?
a

ambitious-father-68746

01/31/2024, 10:07 AM
Are you sure you're targetting the same region?
b

bright-magician-13023

01/31/2024, 10:14 AM
hi both, thank you for coming back to me! no, i was passing the arn of the security group instead of the id... i have several other security groups and that was the only one where i made that mistake so didn't spot it for hours... thanks tho! FYI: it is very weird that the cloudtrail seem to receive this missformed user id in the payload...