Hello I have a Pulumi project for managing my AWS Organizati Pulumi Community #aws

Hello, I have a Pulumi project for managing my AWS...

clean-machine-8609

11/19/2024, 10:11 AM

Hello, I have a Pulumi project for managing my AWS Organization and SSO (IAM Identity Center). Everything was working perfectly two months ago. Before implementing new changes, I decided to run a

pulumi up

to ensure everything was still in order. However, during the preview, Pulumi is attempting to delete and recreate the Organization, and of course replace all my OUs and update all my Accounts. This behavior seems unusual, and I’m unable to understand why it’s happening. It's unclear why Pulumi wants to delete and recreate my organization. Could you help me troubleshoot this issue? Thank you in advance for your assistance!

clean-machine-8609

11/19/2024, 10:12 AM

Here is the log

Copy code

> pulumi up --stack management

Previewing update (management)

View in Browser (Ctrl+O): <https://app.pulumi.com/xxxx/aws-organizations/management/previews/xxxx-xxxx-xxxx-xxxx-xxxx>

     Type                                     Name                                                        Plan        Info
     pulumi:pulumi:Stack                      aws-organizations-management                                            
 +   ├─ aws:organizations:Organization        my-management-org                                           create      
 +-  ├─ aws:organizations:OrganizationalUnit  ou-security                                                 replace     [diff: ~parentId]
 +-  ├─ aws:organizations:OrganizationalUnit  training-ou                                                 replace     [diff: ~parentId]
 +-  ├─ aws:organizations:OrganizationalUnit  ou-workloads-dev                                            replace     [diff: ~parentId]
 +-  ├─ aws:organizations:OrganizationalUnit  ou-workloads                                                replace     [diff: ~parentId]
 +-  ├─ aws:organizations:PolicyAttachment    orgroot-denyallexceptallowedinstancetype-policy-attachment  replace     [diff: ~targetId]
 +-  ├─ aws:organizations:PolicyAttachment    orgroot-denyleaveorganizationpolicy-policy-attachment       replace     [diff: ~targetId]
 +-  ├─ aws:organizations:PolicyAttachment    orgroot-denyrootaccesspolicy-policy-attachment              replace     [diff: ~targetId]
 +-  ├─ aws:organizations:OrganizationalUnit  ou-infrastructure                                           replace     [diff: ~parentId]
 +-  ├─ aws:organizations:PolicyAttachment    orgroot-denyalloutsideallowedregions-policy-attachment      replace     [diff: ~targetId]
 ~   ├─ aws:organizations:Account             account-dev-xxxxxxxx                                        update      [diff: ~parentId]
 ~   ├─ aws:organizations:Account             account-dev-xxxxxxxx                                        update      [diff: ~parentId]
 ~   ├─ aws:organizations:Account             account-dev-xxxxxxxx                                        update      [diff: ~parentId]
 ~   ├─ aws:organizations:Account             account-dev-xxxxxxxx                                        update      [diff: ~parentId]
 ~   ├─ aws:organizations:Account             account-dev-xxxxxxxx                                        update      [diff: ~parentId]
 ~   ├─ aws:organizations:Account             account-dev-xxxxxxxx                                        update      [diff: ~parentId]
 -   └─ aws:organizations:Organization        my-management-org                                       delete      

Resources:
    + 1 to create
    ~ 6 to update
    - 1 to delete
    +-9 to replace
    17 changes. 16 unchanged

Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:management::aws-organizations::pulumi:pulumi:Stack::aws-organizations-management]
    + aws:organizations/organization:Organization: (create)
        [urn=urn:pulumi:management::aws-organizations::aws:organizations/organization:Organization::my-management-org]
        [provider=urn:pulumi:management::aws-organizations::pulumi:providers:aws::default_6_52_0::136959e9-efbc-466a-8d47-b9ab2ef5824a]
        awsServiceAccessPrincipals: [
            [0]: "<http://sso.amazonaws.com|sso.amazonaws.com>"
        ]
        enabledPolicyTypes        : [
            [0]: "SERVICE_CONTROL_POLICY"
        ]
        featureSet                : "ALL"


    - aws:organizations/organization:Organization: (delete)
        [id=o-4dl11o6o8f]
        [urn=urn:pulumi:management::aws-organizations::aws:organizations/organization:Organization::my-management-org]
        [provider=urn:pulumi:management::aws-organizations::pulumi:providers:aws::default_6_52_0::136959e9-efbc-466a-8d47-b9ab2ef5824a]

clean-machine-8609

11/19/2024, 10:15 AM

I haven't worked on this project for two months, but in the meantime, I updated Pulumi and its providers. I reverted to the initial AWS version of Pulumi, but without success. I'm hesitant to proceed with this update because I'm unsure of the potential impacts it might have.

clean-machine-8609

11/19/2024, 2:17 PM

Got it, the unique name of the resource has changed... A previous commit that I was not aware of.

190 Views

Open in Slack

Previous Next