No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Screenshot 2024-08-13 at 10.35.46.png

Hi Guys,

another one for you :sweat_smile:

I've noticed after creating my `aws:wafv2:WebAcl` , every update I make afterwards continues to update the resource even though there are no changes being made to the ACL itself. Are you able to confirm whether this might be an Implementation thing on my side or if it's something wrong with the package itself?

In the diff, it seems as though my second and third rule are being alternated in order of creation causing the update...

Can you show the relevant code snippet? How are you creating the rules and how are you passing them?

```const wafAcl = new aws.wafv2.WebAcl(generateName('waf-web-acl'), {
        scope: 'REGIONAL',
        defaultAction: {allow: {}},
        rules: [
            {
                name: ruleConfigurations.defaultRateLimit.name,
                priority: 1,
                action: {block: {}},
                statement: {
                    rateBasedStatement: {
                        limit: ruleConfigurations.defaultRateLimit.limit,
                        aggregateKeyType: 'IP',
                    },
                },
                visibilityConfig: {
                    cloudwatchMetricsEnabled: true,
                    metricName: 'DefaultRateLimit',
                    sampledRequestsEnabled: true,
                },
            },
            {
                name: ruleConfigurations.&lt;REDACTED&gt;.name,
                priority: 2,
                action: {block: {}},
                statement: {
                    rateBasedStatement: {
                        limit: ruleConfigurations.&lt;REDACTED&gt;.limit,
                        aggregateKeyType: 'IP',
                        scopeDownStatement: {
                            byteMatchStatement: {
                                searchString: '/api/webhooks/',
                                fieldToMatch: {uriPath: {}},
                                textTransformations: [{priority: 0, type: 'NONE'}],
                                positionalConstraint: 'CONTAINS',
                            },
                        },
                    },
                },
                visibilityConfig: {
                    cloudwatchMetricsEnabled: true,
                    metricName: ruleConfigurations.&lt;REDACTED&gt;.name,
                    sampledRequestsEnabled: true,
                },
            }
        ],
        visibilityConfig: {
            cloudwatchMetricsEnabled: true,
            metricName: 'webAcl',
            sampledRequestsEnabled: true,
        },
    });```

I believe this is a known issue for WebAcl. It certainly happens to me all the time. Check the issues in GitHub?

<@U012UJTT55M> I found that there was an update for this in a recent AWS plugin update.

I updated my package.json like so:  `"@pulumi/aws": "^6.49.0",`

Which resolved the issue :slightly_smiling_face:

What version did you upgrade from? I'm checking the changelog and haven't found anything likely, yet.

Ah it's on the next page, looks like it took 4 PRs! v6.36.0

Ah no, 1 PR, #3948. 4 issues resolved by it.