https://pulumi.com logo
#aws
Title
# aws
g

gorgeous-pharmacist-71907

03/12/2024, 5:22 PM
hey, don't suppose anyone has experience using the
pulumi import
command with was resources? i'm trying to import an aws vpc but getting resource doesn't exist so think i might be missing something..
m

miniature-musician-31262

03/12/2024, 5:24 PM
The command syntax is here -- are you using the VPC ID for the lookup?
g

gorgeous-pharmacist-71907

03/12/2024, 5:27 PM
Yeah so this is the exact command I'm running:
pulumi import 'aws:ec2/vpc:Vpc' existing-vpc {vpc-id}]
but i get the resource not found. i have a feeling it's because the VPC is in a different region, but I couldn't see a way to inject/override that on the
pulumi import
command
m

miniature-musician-31262

03/12/2024, 5:30 PM
Are you sure you're using the right -- yeah, I was about to say, you need to make sure you're using the right account credentials and region (if region is necessary) to be able to access the resource you're trying to import. Have you tried using the AWS environment variables? I'd suggest trying something like
AWS_REGION=us-west-2 pulumi import...
g

gorgeous-pharmacist-71907

03/12/2024, 5:31 PM
yeah so i tried this too
AWS_REGION=eu-west-1 pulumi import aws:ec2/vpc:Vpc "existing-vpc" "vpc-07db480a0387735f0"
and that didnt work
in my stack.yaml, ive got entries for the aws config and profile when i run
pulumi config get aws:profile
it confirms that im using the right profile that has access
m

miniature-musician-31262

03/12/2024, 5:36 PM
Ah, I actually don't know how the precedence rules are applied here. So in your stack config, you're setting
aws:profile
and that's it for the AWS configuration?
g

gorgeous-pharmacist-71907

03/12/2024, 5:38 PM
yup exactly
yeah it's a strange one
feel like im missing something obvious but not sure
m

miniature-musician-31262

03/12/2024, 5:39 PM
What happens if you do
AWS_PROFILE=your_profile pulumi import..
g

gorgeous-pharmacist-71907

03/12/2024, 5:42 PM
yeah i tried that too earlier and no luck
m

miniature-musician-31262

03/12/2024, 5:43 PM
What is the error text you get back from the import command (as much as you can share of it at least)?
g

gorgeous-pharmacist-71907

03/12/2024, 5:52 PM
image.png
m

miniature-musician-31262

03/12/2024, 5:57 PM
Hm, yeah it seems like either the VPC is in a different account than the ones in your currently selected profile or the VPC doesn't actually exist.
Do you see the VPC listed when you run the AWS CLI with something like
aws ec2 describe-vpcs
?
g

gorgeous-pharmacist-71907

03/12/2024, 5:59 PM
yeah when i ran it earlier with the profile passed in at runtime
it showed the vpc
i think pulumi is overriding it somewhere
or not correctly registering it
m

miniature-musician-31262

03/12/2024, 6:57 PM
Does your Pulumi program declare an AWS provider (like with
new aws.Provider()
, or just use the "ambient" (default) one?
It doesn't sound like that would matter, though, since we're not actually using the program code to do this. šŸ¤”
I guess it's worth asking -- you only have one stack, right? Or the stack with the profile you're trying to use is the currently selected one?
Yeah, the only way I'm able to reproduce this error with a VPC I know exists is when the selected profile doesn't have access to the VPC resource. For example, my
Pulumi.dev.yaml
file (the whole thing):
Copy code
config:
  aws:profile: nunciato
Made sure no ambient AWS credentials:
Copy code
$ env | grep AWS                                         
$
Using the CLI to list VPCs with a different profile:
Copy code
$ AWS_PROFILE=pulumibook aws ec2 describe-vpcs | grep vpc-4de78c35
    "VpcId": "vpc-4de78c35",
Attempting to import that VPC with
pulumi import
(fails with "does not exist", because the profile in the config file is
nunciato
):
Copy code
$ pulumi import "aws:ec2/vpc:Vpc" "my-vpc" "vpc-4de78c35"
...
Diagnostics:
  pulumi:pulumi:Stack (aws-typescript-8042d86-dev):
    error: preview failed

  aws:ec2:Vpc (my-vpc):
    error: Preview failed: resource 'vpc-4de78c35' does not exist
After changing the
aws:profile
in
Pulumi.dev.yaml
to `pulumibook`:
Copy code
$ pulumi import "aws:ec2/vpc:Vpc" "my-vpc" "vpc-4de78c35"
...
āžœ  aws-typescript-8042d86 pulumi import "aws:ec2/vpc:Vpc" "my-vpc" "vpc-4de78c35"
Previewing import (dev)

     Type                 Name                        Plan       
 +   pulumi:pulumi:Stack  aws-typescript-8042d86-dev  create     
 =   ā””ā”€ aws:ec2:Vpc       my-vpc                      import     

Resources:
    + 1 to create
    = 1 to import
    2 changes

Do you want to perform this import?  [Use arrows to move, type to filter]
  yes
> no
  details
The only other way I've gotten the "does not exist" error so far is by overriding the credentials under
[pulumibook]
in
~/.aws/credentials
using credentials for a different account -- i.e., known-good creds, just not the creds that correspond with the account the VPC lives in. Even when I set
AWS_*
environment variables, it still works, which tells me
aws:profile
is taking precedence.
Oh! Now I see that when I change the profile's region from
us-west-2
to something else, I do indeed get the "does not exist":
Copy code
[profile pulumibook]
region = us-east-1
output = json
Ok yeah, and when I set that back to
us-west-2
and then run
AWS_REGION=us-east-1 pulumi import...
, I get "does not exist" as well. So I think you may be right that the region is the issue here.
I'd make sure you haven't `export`ed
AWS_REGION
as an environment variable. That seems like the most likely culprit right now.
g

gorgeous-pharmacist-71907

03/12/2024, 9:35 PM
This is interesting, just read through So I've got a single stack for this where all the files are in a
shared
directory: shared: ā€¢ resources ā—¦ ecr ā€¢ Pulumi.yaml ā€¢ Pulumi.shared.yaml fyi I've just put {} placeholders to omit the values
Copy code
# pulumi.yaml

name: shared
runtime: nodejs
description: Shared infrastructure that can be used in other stacks
organization: {}
backend:
  url: {s3-state}
config:
  aws:profile: {pulumi-profile}
  aws:region: eu-west-1
And then
Copy code
# pulumi.shared.yaml

encryptionsalt: {salt}
I've confirmed that when I run
pulumi config get aws:region
and
pulumi config get aws:profile
, it gives me the values in
Pulumi.yaml
and when I run
env | grep AWS
, there's no region set there ive double checked the
~/.aws/credentials
and i have the profile
Copy code
# ~/.aws/credentials

[pulumi-profile]

[livelink-ai-pulumi-infra]
region = eu-west-1
aws_access_key_id = {}
aws_secret_access_key = {}
so even in the profile ive specified the desired region, but yeah based on your testing,
aws:profile
overrides so in theory that shouldn't make a difference
this is bizarre
okay i found a solution. turns out the state still had orphaned references to the old region. so i exported it, changed and then import it back in with the new region and that worked