This message was deleted.
# awss
sparse-intern-71089
02/14/2024, 4:09 PMThis message was deleted.
m
millions-furniture-75402
02/14/2024, 4:38 PMThis is a feature called pseudo-deterministic naming.
Can you share your declaration?
millions-furniture-75402
02/14/2024, 4:40 PMI guess it's called auto-naming now https://www.pulumi.com/docs/concepts/resources/names/#autonaming
w
wonderful-toddler-75767
02/14/2024, 4:41 PMSure @millions-furniture-75402 (in Python)
Copy code
def create_ssm_role():
ec2_role = aws.iam.Role(
"managed-instance-role",
aws.iam.RoleArgs(
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {
"Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>",
},
"Action": "sts:AssumeRole",
},
})
),
name = "managed-instance-role",
tags = {'Name': 'managed-instance-role'}
)m
millions-furniture-75402
02/14/2024, 4:42 PMThe declaration looks correct.
and in aws it has the appended hash?
w
wonderful-toddler-75767
02/14/2024, 4:43 PMmanaged-instance-role-819d269
m
millions-furniture-75402
02/14/2024, 4:44 PMthough, your last 2 kwargs look odd, I wouldn't expect the spaces
w
wonderful-toddler-75767
02/14/2024, 4:44 PMYou think it's the spaces at issue? I can try it without them
m
millions-furniture-75402
02/14/2024, 4:44 PMI'm not sure if it is, but that's something that caught my eye.
Have you destroyed it completed by refreshing, deploying without it, and then deploying again with it?
w
wonderful-toddler-75767
02/14/2024, 4:45 PMWithout the spaces? No, but I can give that a go
m
millions-furniture-75402
02/14/2024, 4:46 PMI just meant the resource in general.
w
wonderful-toddler-75767
02/14/2024, 4:46 PMOh, well I need that particular resource for the stack
wonderful-toddler-75767
02/14/2024, 4:47 PMBut I can destroy the stack and then check the console to make sure nothing's lingering
wonderful-toddler-75767
02/14/2024, 4:47 PMYou think there's something hanging around and creating a name conflict?
m
millions-furniture-75402
02/14/2024, 4:48 PMIt's possible, it really depends on the changes you have made and whether or not deploys have failed and what state that left the stack's state in.
The first step is worth trying, refreshing the stack.
millions-furniture-75402
02/14/2024, 4:48 PMIf anything updates, that's indicating drift, and it could be related to a previously failed deployment or a change in the target environment.
w
wonderful-toddler-75767
02/14/2024, 4:49 PMIt's the sandbox account so it gets a lot of create/destroy activity
m
millions-furniture-75402
02/14/2024, 4:49 PMIf Pulumi's state has drifted, it cannot accurately calculate the difference in state that will inform it of the changes to apply to resources.
w
wonderful-toddler-75767
02/14/2024, 4:57 PMAha!
Copy code
Diagnostics:
aws:iam:Role (managed-instance-role):
error: deleting urn:pulumi:sandbox-vpc::aws-vpc::aws:iam/role:Role::managed-instance-role: 1 error occurred:
* deleting IAM Role (managed-instance-role-819d269): DeleteConflict: Cannot delete entity, must delete policies first.
status code: 409, request id: 48a0193c-c4b0-409e-bc4a-249e5ef9040d👍 1
m
millions-furniture-75402
02/14/2024, 4:58 PMIt was hanging on the delete of an older resource?
w
wonderful-toddler-75767
02/14/2024, 5:00 PMYeah, it did the other stuff but was ignoring it
wonderful-toddler-75767
02/14/2024, 5:00 PMWent in and manually removed, then re-ran my stack deletion
👍 1
wonderful-toddler-75767
02/14/2024, 5:02 PMHmmm no did it again
wonderful-toddler-75767
02/14/2024, 5:06 PMmanaged-instance-role-dddcc0c this time
wonderful-toddler-75767
02/14/2024, 5:11 PMI'm wondering if deleting the stack entirely would help
m
millions-furniture-75402
02/14/2024, 5:12 PMYou might have a dependency issue too. I also noticed you had that in a function.
g
great-zebra-31498
02/14/2024, 5:54 PMcan you try different version?
Copy code
ec2_role = aws.iam.Role(
"managed-instance-role",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {
"Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>",
},
"Action": "sts:AssumeRole",
},
}),
name = "managed-instance-role",
tags = {'Name': 'managed-instance-role'}
) Copy code
ec2_role = aws.iam.Role(
"managed-instance-role",
aws.iam.RoleArgs(
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {
"Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>",
},
"Action": "sts:AssumeRole",
},
}),
name = "managed-instance-role",
tags = {'Name': 'managed-instance-role'}
)
)great-zebra-31498
02/14/2024, 5:59 PMhttps://www.pulumi.com/registry/packages/aws/api-docs/iam/role/
there are 2 options how you can pass your parameters
w
wonderful-toddler-75767
02/14/2024, 7:28 PMGot it!
l
little-cartoon-10569
02/14/2024, 7:28 PMIf you want to use a specific well-known name for a resource, you need to set the name argument. This is different from the name parameter. In the RoleArgs object, set the name there too.
w
wonderful-toddler-75767
02/14/2024, 7:28 PMSo it was the "aws.iam.RoleArgs("
I removed it and now it's no longer appending the string to the resource name 🙂
l
little-cartoon-10569
02/14/2024, 7:30 PMAre you sure you need a specific name for the Role? Unless you have a good need for that, you should not remove the hash from the name. That hash allows Pulumi to gracefully replace the resource when necessary.
little-cartoon-10569
02/14/2024, 7:30 PMSometimes it's necessary to have a well-known name (e.g. long-lived hard-to-change unmanaged resources need to use it), but usually it's not.
w
wonderful-toddler-75767
02/14/2024, 7:38 PMI have a cross account permissions setup with another account so keeping the name consistent is helpful
l
little-cartoon-10569
02/14/2024, 9:33 PMIf you're setting them both up via Pulumi, that's not a problem. But if not, then you need a fixed name. Just use the name arg.
7 Views