Having issues with AWS elasticache replicationGrou...
# aws
a
Having issues with AWS elasticache replicationGroup wanting to replace an imported resource even with no changes. I was able to manually change the object and code to eliminate any deltas but it still want to replace it. Not to mention it want to create and duplicate, which it cannot, before deleting so not sure what its thinking about as a replacement strategy. The same code works fine for a code created instance. Running python 3.12 with pulumi==3.133.0 pulumi_aws==6.53.0
Copy code
Previewing update (infra-helloworld):
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:infra-helloworld::app-platform::pulumi:pulumi:Stack::app-platform-infra-helloworld]
    +-aws:elasticache/replicationGroup:ReplicationGroup: (replace)
        [id=nfra-infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:elasticache/replicationGroup:ReplicationGroup::infra-helloworld-staging-cache0]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        atRestEncryptionEnabled  : true
        authTokenUpdateStrategy  : "SET"
        autoMinorVersionUpgrade  : false
        automaticFailoverEnabled : true
        clusterMode              : "disabled"
        description              : "infra-helloworld staging cacheredis cache0 replication group"
        engineVersion            : "6.2"
        ipDiscovery              : "ipv4"
        logDeliveryConfigurations: []
        maintenanceWindow        : "sun:00:00-sun:04:00"
        multiAzEnabled           : true
        networkType              : "ipv4"
        nodeType                 : "cache.t3.micro"
        numCacheClusters         : 2
        parameterGroupName       : "infra-helloworld-staging-cacheredis-cache0-pg"
        port                     : 6379
        replicationGroupId       : "nfra-infra-helloworld-staging"
        securityGroupIds         : [
            [0]: "sg-0307bcd79a836c2f7"
        ]
        snapshotRetentionLimit   : 5
        snapshotWindow           : "05:00-09:00"
        subnetGroupName          : "cachesubnetgroup"
        tags                     : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        tagsAll                  : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        transitEncryptionEnabled : true
        transitEncryptionMode    : "required"
    ~ kubernetes:core/v1:Service: (update)
        [id=datadog-monitoring-discovery/infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::kubernetes:core/v1:Service::infra-helloworld-staging]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:kubernetes::app_platform::ef683dd0-3b10-45e3-bc71-e7c56d0b40d0]
      ~ metadata: {
          + annotations: {
              + ad.datadoghq.com/service.checks: output<string>
            }
        }
    +-aws:secretsmanager/secretVersion:SecretVersion: (replace)
        [id=arn:aws:secretsmanager:us-east-2:929109338894:secret:/ApplicationPlatform/infra-helloworld/staging/Secrets-SYQw9r|terraform-20250121192629933500000001]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:secretsmanager/secretVersion:SecretVersion::/ApplicationPlatform/infra-helloworld/staging/Secrets]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
      ~ secretString: [secret] => [secret]
Resources:
    ~ 1 to update
    +-2 to replace
    3 changes. 14 unchanged
So I have the following questions: 1- Why is it trying to replace with not diffs? 2- Is there more flags to use with
preview
to actually see field comparison to determine what triggers update vs replace? 3- How does the replace ever with with it creating a replacement with same id?
Followup I upgraded to latest pulumi and aws provider with same result.
m
1. Perhaps this is related to what's described regarding maintenance windows in the first note here: https://www.pulumi.com/registry/packages/aws/api-docs/elasticache/replicationgroup/ 2. You could add a
--show-replacement-steps
to get more insight into the replacement process, but it should already show all the differences it detected. 3. In cases where the previous and new version of a resource cannot exist at the same time, the previous resource is deleted first and then the new one is created. (You can force this behavior with the
delete_before_replace
resource option in case a provider fails to detect such a conflict.)
a
Thanks for the followup I have the following updates. 1 - I looked at the note and eliminated all diffs for that purpose. As the output show I see no diff/changes. It just says replacement with no fields. 2 - I did that and it reiterates create first, update and delete last. See text below 3 - That is what I expected, but not what is happening. In cases where the name must be unique it should delete previous and create new instance.
Copy code
Previewing update (infra-helloworld):
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:infra-helloworld::app-platform::pulumi:pulumi:Stack::app-platform-infra-helloworld]
    ~ pulumi:providers:aws: (update)
        [id=0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        [urn=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform]
      ~ version: "6.53.0" => "6.68.0"
    ++aws:elasticache/replicationGroup:ReplicationGroup: (create-replacement)
        [id=nfra-infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:elasticache/replicationGroup:ReplicationGroup::infra-helloworld-staging-cache0]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        atRestEncryptionEnabled  : true
        authTokenUpdateStrategy  : "SET"
        autoMinorVersionUpgrade  : false
        automaticFailoverEnabled : true
        clusterMode              : "disabled"
        description              : "infra-helloworld staging cacheredis cache0 replication group"
        engineVersion            : "6.2"
        ipDiscovery              : "ipv4"
        logDeliveryConfigurations: []
        maintenanceWindow        : "sun:00:00-sun:04:00"
        multiAzEnabled           : true
        networkType              : "ipv4"
        nodeType                 : "cache.t3.micro"
        numCacheClusters         : 2
        parameterGroupName       : "infra-helloworld-staging-cacheredis-cache0-pg"
        port                     : 6379
        replicationGroupId       : "nfra-infra-helloworld-staging"
        securityGroupIds         : [
            [0]: "sg-0307bcd79a836c2f7"
        ]
        snapshotRetentionLimit   : 5
        snapshotWindow           : "05:00-09:00"
        subnetGroupName          : "cachesubnetgroup"
        tags                     : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        tagsAll                  : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        transitEncryptionEnabled : true
        transitEncryptionMode    : "required"
    +-aws:elasticache/replicationGroup:ReplicationGroup: (replace)
        [id=nfra-infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:elasticache/replicationGroup:ReplicationGroup::infra-helloworld-staging-cache0]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        atRestEncryptionEnabled  : true
        authTokenUpdateStrategy  : "SET"
        autoMinorVersionUpgrade  : false
        automaticFailoverEnabled : true
        clusterMode              : "disabled"
        description              : "infra-helloworld staging cacheredis cache0 replication group"
        engineVersion            : "6.2"
        ipDiscovery              : "ipv4"
        logDeliveryConfigurations: []
        maintenanceWindow        : "sun:00:00-sun:04:00"
        multiAzEnabled           : true
        networkType              : "ipv4"
        nodeType                 : "cache.t3.micro"
        numCacheClusters         : 2
        parameterGroupName       : "infra-helloworld-staging-cacheredis-cache0-pg"
        port                     : 6379
        replicationGroupId       : "nfra-infra-helloworld-staging"
        securityGroupIds         : [
            [0]: "sg-0307bcd79a836c2f7"
        ]
        snapshotRetentionLimit   : 5
        snapshotWindow           : "05:00-09:00"
        subnetGroupName          : "cachesubnetgroup"
        tags                     : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        tagsAll                  : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        transitEncryptionEnabled : true
        transitEncryptionMode    : "required"
    ~ kubernetes:core/v1:Service: (update)
        [id=datadog-monitoring-discovery/infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::kubernetes:core/v1:Service::infra-helloworld-staging]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:kubernetes::app_platform::ef683dd0-3b10-45e3-bc71-e7c56d0b40d0]
      ~ metadata: {
          + annotations: {
              + <http://ad.datadoghq.com/service.checks|ad.datadoghq.com/service.checks>: output<string>
            }
        }
    ++aws:secretsmanager/secretVersion:SecretVersion: (create-replacement)
        [id=arn:aws:secretsmanager:us-east-2:929109338894:secret:/ApplicationPlatform/infra-helloworld/staging/Secrets-SYQw9r|terraform-20250121192629933500000001]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:secretsmanager/secretVersion:SecretVersion::/ApplicationPlatform/infra-helloworld/staging/Secrets]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
      ~ secretString: [secret] => [secret]
    +-aws:secretsmanager/secretVersion:SecretVersion: (replace)
        [id=arn:aws:secretsmanager:us-east-2:929109338894:secret:/ApplicationPlatform/infra-helloworld/staging/Secrets-SYQw9r|terraform-20250121192629933500000001]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:secretsmanager/secretVersion:SecretVersion::/ApplicationPlatform/infra-helloworld/staging/Secrets]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
      ~ secretString: [secret] => [secret]
    --aws:secretsmanager/secretVersion:SecretVersion: (delete-replaced)
        [id=arn:aws:secretsmanager:us-east-2:929109338894:secret:/ApplicationPlatform/infra-helloworld/staging/Secrets-SYQw9r|terraform-20250121192629933500000001]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:secretsmanager/secretVersion:SecretVersion::/ApplicationPlatform/infra-helloworld/staging/Secrets]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        secretId    : "arn:aws:secretsmanager:us-east-2:929109338894:secret:/ApplicationPlatform/infra-helloworld/staging/Secrets-SYQw9r"
        secretString: [secret]
    --aws:elasticache/replicationGroup:ReplicationGroup: (delete-replaced)
        [id=nfra-infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:elasticache/replicationGroup:ReplicationGroup::infra-helloworld-staging-cache0]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        atRestEncryptionEnabled  : true
        authTokenUpdateStrategy  : "SET"
        autoMinorVersionUpgrade  : false
        automaticFailoverEnabled : true
        clusterMode              : "disabled"
        description              : "infra-helloworld staging cacheredis cache0 replication group"
        engineVersion            : "6.2"
        ipDiscovery              : "ipv4"
        logDeliveryConfigurations: []
        maintenanceWindow        : "sun:00:00-sun:04:00"
        multiAzEnabled           : true
        networkType              : "ipv4"
        nodeType                 : "cache.t3.micro"
        numCacheClusters         : 2
        parameterGroupName       : "infra-helloworld-staging-cacheredis-cache0-pg"
        port                     : 6379
        replicationGroupId       : "nfra-infra-helloworld-staging"
        securityGroupIds         : [
            [0]: "sg-0307bcd79a836c2f7"
        ]
        snapshotRetentionLimit   : 5
        snapshotWindow           : "05:00-09:00"
        subnetGroupName          : "cachesubnetgroup"
        tags                     : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        tagsAll                  : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        transitEncryptionEnabled : true
        transitEncryptionMode    : "required"
Resources:
    ~ 2 to update
    +-2 to replace
    4 changes. 13 unchanged
For future answers, in my case is I manually changes the tags/tagsAll so that no changes were detected it switched from replace to update. It seems that for whatever reason changes in tags we triggering the replace action.