Having issues with AWS elasticache replicationGroup wanting Pulumi Community #aws

Having issues with AWS elasticache replicationGrou...

ambitious-school-30758

02/19/2025, 11:22 PM

Having issues with AWS elasticache replicationGroup wanting to replace an imported resource even with no changes. I was able to manually change the object and code to eliminate any deltas but it still want to replace it. Not to mention it want to create and duplicate, which it cannot, before deleting so not sure what its thinking about as a replacement strategy. The same code works fine for a code created instance. Running python 3.12 with pulumi==3.133.0 pulumi_aws==6.53.0

Copy code

Previewing update (infra-helloworld):
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:infra-helloworld::app-platform::pulumi:pulumi:Stack::app-platform-infra-helloworld]
    +-aws:elasticache/replicationGroup:ReplicationGroup: (replace)
        [id=nfra-infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:elasticache/replicationGroup:ReplicationGroup::infra-helloworld-staging-cache0]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        atRestEncryptionEnabled  : true
        authTokenUpdateStrategy  : "SET"
        autoMinorVersionUpgrade  : false
        automaticFailoverEnabled : true
        clusterMode              : "disabled"
        description              : "infra-helloworld staging cacheredis cache0 replication group"
        engineVersion            : "6.2"
        ipDiscovery              : "ipv4"
        logDeliveryConfigurations: []
        maintenanceWindow        : "sun:00:00-sun:04:00"
        multiAzEnabled           : true
        networkType              : "ipv4"
        nodeType                 : "cache.t3.micro"
        numCacheClusters         : 2
        parameterGroupName       : "infra-helloworld-staging-cacheredis-cache0-pg"
        port                     : 6379
        replicationGroupId       : "nfra-infra-helloworld-staging"
        securityGroupIds         : [
            [0]: "sg-0307bcd79a836c2f7"
        ]
        snapshotRetentionLimit   : 5
        snapshotWindow           : "05:00-09:00"
        subnetGroupName          : "cachesubnetgroup"
        tags                     : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        tagsAll                  : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        transitEncryptionEnabled : true
        transitEncryptionMode    : "required"
    ~ kubernetes:core/v1:Service: (update)
        [id=datadog-monitoring-discovery/infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::kubernetes:core/v1:Service::infra-helloworld-staging]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:kubernetes::app_platform::ef683dd0-3b10-45e3-bc71-e7c56d0b40d0]
      ~ metadata: {
          + annotations: {
              + ad.datadoghq.com/service.checks: output<string>
            }
        }
    +-aws:secretsmanager/secretVersion:SecretVersion: (replace)
        [id=arn:aws:secretsmanager:us-east-2:929109338894:secret:/ApplicationPlatform/infra-helloworld/staging/Secrets-SYQw9r|terraform-20250121192629933500000001]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:secretsmanager/secretVersion:SecretVersion::/ApplicationPlatform/infra-helloworld/staging/Secrets]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
      ~ secretString: [secret] => [secret]
Resources:
    ~ 1 to update
    +-2 to replace
    3 changes. 14 unchanged

So I have the following questions: 1- Why is it trying to replace with not diffs? 2- Is there more flags to use with

preview

to actually see field comparison to determine what triggers update vs replace? 3- How does the replace ever with with it creating a replacement with same id?

ambitious-school-30758

02/19/2025, 11:58 PM

Followup I upgraded to latest pulumi and aws provider with same result.

modern-zebra-45309

02/20/2025, 12:44 PM

1. Perhaps this is related to what's described regarding maintenance windows in the first note here: https://www.pulumi.com/registry/packages/aws/api-docs/elasticache/replicationgroup/ 2. You could add a

--show-replacement-steps

to get more insight into the replacement process, but it should already show all the differences it detected. 3. In cases where the previous and new version of a resource cannot exist at the same time, the previous resource is deleted first and then the new one is created. (You can force this behavior with the

delete_before_replace

resource option in case a provider fails to detect such a conflict.)

ambitious-school-30758

02/20/2025, 6:44 PM

Thanks for the followup I have the following updates. 1 - I looked at the note and eliminated all diffs for that purpose. As the output show I see no diff/changes. It just says replacement with no fields. 2 - I did that and it reiterates create first, update and delete last. See text below 3 - That is what I expected, but not what is happening. In cases where the name must be unique it should delete previous and create new instance.

Copy code

Previewing update (infra-helloworld):
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:infra-helloworld::app-platform::pulumi:pulumi:Stack::app-platform-infra-helloworld]
    ~ pulumi:providers:aws: (update)
        [id=0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        [urn=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform]
      ~ version: "6.53.0" => "6.68.0"
    ++aws:elasticache/replicationGroup:ReplicationGroup: (create-replacement)
        [id=nfra-infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:elasticache/replicationGroup:ReplicationGroup::infra-helloworld-staging-cache0]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        atRestEncryptionEnabled  : true
        authTokenUpdateStrategy  : "SET"
        autoMinorVersionUpgrade  : false
        automaticFailoverEnabled : true
        clusterMode              : "disabled"
        description              : "infra-helloworld staging cacheredis cache0 replication group"
        engineVersion            : "6.2"
        ipDiscovery              : "ipv4"
        logDeliveryConfigurations: []
        maintenanceWindow        : "sun:00:00-sun:04:00"
        multiAzEnabled           : true
        networkType              : "ipv4"
        nodeType                 : "cache.t3.micro"
        numCacheClusters         : 2
        parameterGroupName       : "infra-helloworld-staging-cacheredis-cache0-pg"
        port                     : 6379
        replicationGroupId       : "nfra-infra-helloworld-staging"
        securityGroupIds         : [
            [0]: "sg-0307bcd79a836c2f7"
        ]
        snapshotRetentionLimit   : 5
        snapshotWindow           : "05:00-09:00"
        subnetGroupName          : "cachesubnetgroup"
        tags                     : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        tagsAll                  : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        transitEncryptionEnabled : true
        transitEncryptionMode    : "required"
    +-aws:elasticache/replicationGroup:ReplicationGroup: (replace)
        [id=nfra-infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:elasticache/replicationGroup:ReplicationGroup::infra-helloworld-staging-cache0]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        atRestEncryptionEnabled  : true
        authTokenUpdateStrategy  : "SET"
        autoMinorVersionUpgrade  : false
        automaticFailoverEnabled : true
        clusterMode              : "disabled"
        description              : "infra-helloworld staging cacheredis cache0 replication group"
        engineVersion            : "6.2"
        ipDiscovery              : "ipv4"
        logDeliveryConfigurations: []
        maintenanceWindow        : "sun:00:00-sun:04:00"
        multiAzEnabled           : true
        networkType              : "ipv4"
        nodeType                 : "cache.t3.micro"
        numCacheClusters         : 2
        parameterGroupName       : "infra-helloworld-staging-cacheredis-cache0-pg"
        port                     : 6379
        replicationGroupId       : "nfra-infra-helloworld-staging"
        securityGroupIds         : [
            [0]: "sg-0307bcd79a836c2f7"
        ]
        snapshotRetentionLimit   : 5
        snapshotWindow           : "05:00-09:00"
        subnetGroupName          : "cachesubnetgroup"
        tags                     : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        tagsAll                  : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        transitEncryptionEnabled : true
        transitEncryptionMode    : "required"
    ~ kubernetes:core/v1:Service: (update)
        [id=datadog-monitoring-discovery/infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::kubernetes:core/v1:Service::infra-helloworld-staging]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:kubernetes::app_platform::ef683dd0-3b10-45e3-bc71-e7c56d0b40d0]
      ~ metadata: {
          + annotations: {
              + <http://ad.datadoghq.com/service.checks|ad.datadoghq.com/service.checks>: output<string>
            }
        }
    ++aws:secretsmanager/secretVersion:SecretVersion: (create-replacement)
        [id=arn:aws:secretsmanager:us-east-2:929109338894:secret:/ApplicationPlatform/infra-helloworld/staging/Secrets-SYQw9r|terraform-20250121192629933500000001]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:secretsmanager/secretVersion:SecretVersion::/ApplicationPlatform/infra-helloworld/staging/Secrets]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
      ~ secretString: [secret] => [secret]
    +-aws:secretsmanager/secretVersion:SecretVersion: (replace)
        [id=arn:aws:secretsmanager:us-east-2:929109338894:secret:/ApplicationPlatform/infra-helloworld/staging/Secrets-SYQw9r|terraform-20250121192629933500000001]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:secretsmanager/secretVersion:SecretVersion::/ApplicationPlatform/infra-helloworld/staging/Secrets]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
      ~ secretString: [secret] => [secret]
    --aws:secretsmanager/secretVersion:SecretVersion: (delete-replaced)
        [id=arn:aws:secretsmanager:us-east-2:929109338894:secret:/ApplicationPlatform/infra-helloworld/staging/Secrets-SYQw9r|terraform-20250121192629933500000001]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:secretsmanager/secretVersion:SecretVersion::/ApplicationPlatform/infra-helloworld/staging/Secrets]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        secretId    : "arn:aws:secretsmanager:us-east-2:929109338894:secret:/ApplicationPlatform/infra-helloworld/staging/Secrets-SYQw9r"
        secretString: [secret]
    --aws:elasticache/replicationGroup:ReplicationGroup: (delete-replaced)
        [id=nfra-infra-helloworld-staging]
        [urn=urn:pulumi:infra-helloworld::app-platform::aws:elasticache/replicationGroup:ReplicationGroup::infra-helloworld-staging-cache0]
        [provider=urn:pulumi:infra-helloworld::app-platform::pulumi:providers:aws::app_platform::0b1237c0-d19c-4f21-81bd-c15e6ce00ba2]
        atRestEncryptionEnabled  : true
        authTokenUpdateStrategy  : "SET"
        autoMinorVersionUpgrade  : false
        automaticFailoverEnabled : true
        clusterMode              : "disabled"
        description              : "infra-helloworld staging cacheredis cache0 replication group"
        engineVersion            : "6.2"
        ipDiscovery              : "ipv4"
        logDeliveryConfigurations: []
        maintenanceWindow        : "sun:00:00-sun:04:00"
        multiAzEnabled           : true
        networkType              : "ipv4"
        nodeType                 : "cache.t3.micro"
        numCacheClusters         : 2
        parameterGroupName       : "infra-helloworld-staging-cacheredis-cache0-pg"
        port                     : 6379
        replicationGroupId       : "nfra-infra-helloworld-staging"
        securityGroupIds         : [
            [0]: "sg-0307bcd79a836c2f7"
        ]
        snapshotRetentionLimit   : 5
        snapshotWindow           : "05:00-09:00"
        subnetGroupName          : "cachesubnetgroup"
        tags                     : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        tagsAll                  : {
            environment    : "staging"
            repository     : "infra-helloworld"
            team_short_code: "nfrs"
        }
        transitEncryptionEnabled : true
        transitEncryptionMode    : "required"
Resources:
    ~ 2 to update
    +-2 to replace
    4 changes. 13 unchanged

ambitious-school-30758

02/25/2025, 10:13 PM

For future answers, in my case is I manually changes the tags/tagsAll so that no changes were detected it switched from replace to update. It seems that for whatever reason changes in tags we triggering the replace action.

5 Views

Open in Slack

Previous Next