No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Pulumi is desired state configuration. If you change the state, Pulumi will change it back (if it detects the change). This is intentional and correct. If you have a different use-case, you can un-manage a resource (kick if out of Pulumi state), or (preferred) make the change in Pulumi and re-deploy.

Generally, the recommendation is to use code (version controlled, audited, backed-up, etc.) as your single point of truth, and to forbid all non-code changes to managed resources. The best way to do this is to ensure that no one has access to your managed resources: delete all users, etc.

<@U01UH6RC1TR> in case you never worked out why some out of band modifications got reconciled by pulumi and some didn't, it's possible you just happened to change something that isn't monitored by pulumi. There are a few properties which either the AWS api or pulumi don't include yet, could be that you by chance stumbled on one of them. Therefore since Pulumi doesn't know about the particular attribute you changed, it wouldn't change it back.

Another possible explanation could be you mistakenly modified a resource that wasn't a Pulumi managed resource, therefore the change wasn't noticed by Pulumi. I've done this before by deploying to one region, then changing to another region and without noticing and making some changes, then wondering why Pulumi didn't notice