https://pulumi.com logo
Join Slack
Powered by
hey, don't suppose anyone has experience using the...
# aws
g
hey, don't suppose anyone has experience using the 
pulumi import
command with was resources? i'm trying to import an aws vpc but getting resource doesn't exist so think i might be missing something..
m
The command syntax is here -- are you using the VPC ID for the lookup?
g
Yeah so this is the exact command I'm running: 
pulumi import 'aws:ec2/vpc:Vpc' existing-vpc {vpc-id}]
but i get the resource not found. i have a feeling it's because the VPC is in a different region, but I couldn't see a way to inject/override that on the 
pulumi import
command
m
Are you sure you're using the right -- yeah, I was about to say, you need to make sure you're using the right account credentials and region (if region is necessary) to be able to access the resource you're trying to import. Have you tried using the AWS environment variables? I'd suggest trying something like 
AWS_REGION=us-west-2 pulumi import...
g
yeah so i tried this too 
AWS_REGION=eu-west-1 pulumi import aws:ec2/vpc:Vpc "existing-vpc" "vpc-07db480a0387735f0"
and that didnt work
in my stack.yaml, ive got entries for the aws config and profile when i run 
pulumi config get aws:profile
it confirms that im using the right profile that has access
m
Ah, I actually don't know how the precedence rules are applied here. So in your stack config, you're setting 
aws:profile
and that's it for the AWS configuration?
g
yup exactly
yeah it's a strange one
feel like im missing something obvious but not sure
m
What happens if you do 
AWS_PROFILE=your_profile pulumi import..
g
yeah i tried that too earlier and no luck
m
What is the error text you get back from the import command (as much as you can share of it at least)?
g
image.png
m
Hm, yeah it seems like either the VPC is in a different account than the ones in your currently selected profile or the VPC doesn't actually exist.
Do you see the VPC listed when you run the AWS CLI with something like 
aws ec2 describe-vpcs
?
g
yeah when i ran it earlier with the profile passed in at runtime
it showed the vpc
i think pulumi is overriding it somewhere
or not correctly registering it
m
Does your Pulumi program declare an AWS provider (like with 
new aws.Provider()
, or just use the "ambient" (default) one?
It doesn't sound like that would matter, though, since we're not actually using the program code to do this. šŸ¤”
I guess it's worth asking -- you only have one stack, right? Or the stack with the profile you're trying to use is the currently selected one?
Yeah, the only way I'm able to reproduce this error with a VPC I know exists is when the selected profile doesn't have access to the VPC resource. For example, my 
Pulumi.dev.yaml
file (the whole thing):
Copy code
config:
  aws:profile: nunciato
Made sure no ambient AWS credentials:
Copy code
$ env | grep AWS                                         
$
Using the CLI to list VPCs with a different profile:
Copy code
$ AWS_PROFILE=pulumibook aws ec2 describe-vpcs | grep vpc-4de78c35
    "VpcId": "vpc-4de78c35",
Attempting to import that VPC with 
pulumi import
(fails with "does not exist", because the profile in the config file is 
nunciato
):
Copy code
$ pulumi import "aws:ec2/vpc:Vpc" "my-vpc" "vpc-4de78c35"
...
Diagnostics:
  pulumi:pulumi:Stack (aws-typescript-8042d86-dev):
    error: preview failed

  aws:ec2:Vpc (my-vpc):
    error: Preview failed: resource 'vpc-4de78c35' does not exist
After changing the 
aws:profile
in 
Pulumi.dev.yaml
to `pulumibook`:
Copy code
$ pulumi import "aws:ec2/vpc:Vpc" "my-vpc" "vpc-4de78c35"
...
āžœ  aws-typescript-8042d86 pulumi import "aws:ec2/vpc:Vpc" "my-vpc" "vpc-4de78c35"
Previewing import (dev)

     Type                 Name                        Plan       
 +   pulumi:pulumi:Stack  aws-typescript-8042d86-dev  create     
 =   ā””ā”€ aws:ec2:Vpc       my-vpc                      import     

Resources:
    + 1 to create
    = 1 to import
    2 changes

Do you want to perform this import?  [Use arrows to move, type to filter]
  yes
> no
  details
The only other way I've gotten the "does not exist" error so far is by overriding the credentials under 
[pulumibook]
in 
~/.aws/credentials
using credentials for a different account -- i.e., known-good creds, just not the creds that correspond with the account the VPC lives in. Even when I set 
AWS_*
environment variables, it still works, which tells me 
aws:profile
is taking precedence.
Oh! Now I see that when I change the profile's region from 
us-west-2
to something else, I do indeed get the "does not exist":
Copy code
[profile pulumibook]
region = us-east-1
output = json
Ok yeah, and when I set that back to 
us-west-2
and then run 
AWS_REGION=us-east-1 pulumi import...
, I get "does not exist" as well. So I think you may be right that the region is the issue here.
I'd make sure you haven't `export`ed 
AWS_REGION
as an environment variable. That seems like the most likely culprit right now.
g
This is interesting, just read through So I've got a single stack for this where all the files are in a 
shared
directory: shared: ā€¢ resources ā—¦ ecr ā€¢ Pulumi.yaml ā€¢ Pulumi.shared.yaml fyi I've just put {} placeholders to omit the values
Copy code
# pulumi.yaml

name: shared
runtime: nodejs
description: Shared infrastructure that can be used in other stacks
organization: {}
backend:
  url: {s3-state}
config:
  aws:profile: {pulumi-profile}
  aws:region: eu-west-1
And then
Copy code
# pulumi.shared.yaml

encryptionsalt: {salt}
I've confirmed that when I run 
pulumi config get aws:region
and 
pulumi config get aws:profile
, it gives me the values in 
Pulumi.yaml
and when I run 
env | grep AWS
, there's no region set there ive double checked the 
~/.aws/credentials
and i have the profile
Copy code
# ~/.aws/credentials

[pulumi-profile]

[livelink-ai-pulumi-infra]
region = eu-west-1
aws_access_key_id = {}
aws_secret_access_key = {}
so even in the profile ive specified the desired region, but yeah based on your testing, 
aws:profile
overrides so in theory that shouldn't make a difference
this is bizarre
okay i found a solution. turns out the state still had orphaned references to the old region. so i exported it, changed and then import it back in with the new region and that worked
Open in Slack
PreviousNext
Powered by