https://pulumi.com logo
#aws
Title
# aws
f

fancy-account-81543

03/04/2024, 12:29 AM
Hi, Can you provide an answer to this issue? https://github.com/pulumi/pulumi-cloud-requests/issues/363
l

little-cartoon-10569

03/04/2024, 12:38 AM
Have you cleared the sslPolicy property?
That GitHub project is for issues about the Pulumi app / service (https://app.pulumi.com). This Slack is a better place for questions about whether or not something is a bug with the AWS provider.
It's pretty hard to know what all those GitHub repos are for, Pulumi has a lot of them. But issues generally aren't for questions, they're for things that actually need to be fixed.
f

fancy-account-81543

03/04/2024, 12:47 AM
An error occurred during the process of rollback the configuration from TLS to TCP after configuring it on NLB. When creating a listener with aws.lb.Listener(), the ssl_policy parameter was not set. According to CloudTrail, the previous ssl_policy is still applied.
l

little-cartoon-10569

03/04/2024, 12:49 AM
ssl_policy must be unset when protocol is TCP. So you just need to remove that property from your constructor. Or maybe explicitly set it to undefined or whatever the equivalent is in your preferred language.
f

fancy-account-81543

03/04/2024, 12:52 AM
I have configured it this way, but Pulumi is trying to create a listener using the previous ssl_policy.
Copy code
vpce_execute_api_external_listener = aws.lb.Listener(
    "external-nlb-listener",
    default_actions=[aws.lb.ListenerDefaultActionArgs(type="forward", target_group_arn=api_external_nlb_tg.arn)],
    load_balancer_arn=lunar_api_external_nlb.arn,
    port=443,
    protocol="TCP"
)
l

little-cartoon-10569

03/04/2024, 2:13 AM
Can you explicitly set the ssl_policy to be undefined / null?
f

fancy-account-81543

03/04/2024, 2:14 AM
Yes, I will give it a try.
Even if I add ssl_policy=None explicitly, the same error message still occurs.
Copy code
vpce_execute_api_external_listener = aws.lb.Listener(
    "external-nlb-listener",
    default_actions=[aws.lb.ListenerDefaultActionArgs(type="forward", target_group_arn=api_external_nlb_tg.arn)],
    load_balancer_arn=lunar_api_external_nlb.arn,
    port=443,
    protocol="TCP",
    ssl_policy=None
)
1. Delete the target group and listener. 2. Add the target group and listener again, this time set to TCP. I successfully deployed it in two stages.
l

little-cartoon-10569

03/04/2024, 6:35 PM
Great that it's solved but it shouldn't have to be like that. Pulumi can mark the ssl_policy as delete-replace, if necessary.