Hi Can you provide an answer to this issue <https github com Pulumi Community #aws

Join Slack

Hi, Can you provide an answer to this issue? <http...

# aws

fancy-account-81543

03/04/2024, 12:29 AM

Hi, Can you provide an answer to this issue? https://github.com/pulumi/pulumi-cloud-requests/issues/363

little-cartoon-10569

03/04/2024, 12:38 AM

Have you cleared the sslPolicy property?

little-cartoon-10569

03/04/2024, 12:39 AM

That GitHub project is for issues about the Pulumi app / service (https://app.pulumi.com). This Slack is a better place for questions about whether or not something is a bug with the AWS provider.

little-cartoon-10569

03/04/2024, 12:40 AM

It's pretty hard to know what all those GitHub repos are for, Pulumi has a lot of them. But issues generally aren't for questions, they're for things that actually need to be fixed.

fancy-account-81543

03/04/2024, 12:47 AM

An error occurred during the process of rollback the configuration from TLS to TCP after configuring it on NLB. When creating a listener with aws.lb.Listener(), the ssl_policy parameter was not set. According to CloudTrail, the previous ssl_policy is still applied.

little-cartoon-10569

03/04/2024, 12:49 AM

ssl_policy must be unset when protocol is TCP. So you just need to remove that property from your constructor. Or maybe explicitly set it to undefined or whatever the equivalent is in your preferred language.

fancy-account-81543

03/04/2024, 12:52 AM

I have configured it this way, but Pulumi is trying to create a listener using the previous ssl_policy.

Copy code

vpce_execute_api_external_listener = aws.lb.Listener(
    "external-nlb-listener",
    default_actions=[aws.lb.ListenerDefaultActionArgs(type="forward", target_group_arn=api_external_nlb_tg.arn)],
    load_balancer_arn=lunar_api_external_nlb.arn,
    port=443,
    protocol="TCP"
)

little-cartoon-10569

03/04/2024, 2:13 AM

Can you explicitly set the ssl_policy to be undefined / null?

fancy-account-81543

03/04/2024, 2:14 AM

Yes, I will give it a try.

fancy-account-81543

03/04/2024, 5:00 AM

Even if I add ssl_policy=None explicitly, the same error message still occurs.

Copy code

vpce_execute_api_external_listener = aws.lb.Listener(
    "external-nlb-listener",
    default_actions=[aws.lb.ListenerDefaultActionArgs(type="forward", target_group_arn=api_external_nlb_tg.arn)],
    load_balancer_arn=lunar_api_external_nlb.arn,
    port=443,
    protocol="TCP",
    ssl_policy=None
)

fancy-account-81543

03/04/2024, 7:46 AM

1. Delete the target group and listener. 2. Add the target group and listener again, this time set to TCP. I successfully deployed it in two stages.

little-cartoon-10569

03/04/2024, 6:35 PM

Great that it's solved but it shouldn't have to be like that. Pulumi can mark the ssl_policy as delete-replace, if necessary.

Open in Slack

Previous Next