Hello, I am trying to set up Security Group in VPC. I use following code to do this:

import * as aws from "@pulumi/aws";

// Create VPC
const vpc = new aws.ec2.Vpc("test-security-group-vcp", {
  cidrBlock: "10.1.0.0/16",
  tags: {
    Name: "test-security-group-vcp",
  },
});

// Create security group
const securityGroup = new aws.ec2.SecurityGroup("test-security-group", {
  name: "test-security-group",
  description: "Allow some traffic",
  vpcId: vpc.id,
  ingress: [
    {
      protocol: "tcp",
      fromPort: 2000,
      toPort: 2000,
      cidrBlocks: ["10.2.0.0/16"],
    },
    {
      protocol: "tcp",
      fromPort: 2000,
      toPort: 2000,
      cidrBlocks: ["10.3.0.0/16"],
    },
    {
      protocol: "tcp",
      fromPort: 2000,
      toPort: 2000,
      self: true,
    },
  ],
});

When I run (or

pulumi up

) first time, VPC and security group is set up properly. But when I run this second time even though there's no change in source code,

pulumi up

detects change in security group. Is there any way to avoid change detection under this situation? I found similar issue https://github.com/pulumi/pulumi-aws/issues/2947 but it is closed without resolution. I appreciate any advise. Thanks, in advance.

This is due to the behavior of terraform ( pulmi uses it) with inline rules. You can switch to using dedicated rules and then attach to the sg.

@hallowed-horse-57635 Thank you for the advise. I will do that way.