No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I don't think I've come across functionality like that yet. Closest I can think of would be to import it and use the option `protect: true` on it, so that Pulumi can only modify it and not delete it.

Though you could write a resource transformation for the subnets that removes all changes except ones to tag.. that wouldn't be too hard.

Hey Kraig :wave:

As tenwit points out, in one update you can `import` the sg and `protect` it, and use <https://www.pulumi.com/docs/intro/concepts/programming-model/#transformations|transformations> on the sg to ignore changes to the sg `tags` .
Then on a proceeding update, you can control and configure the tags map to what you need. You’ll want to include all existing tags in addition to the new one.

Here’s a similar <https://github.com/metral/modify-default-eks-sg/blob/master/index.ts|example> that imports and modifies a sg that could help you.

well, the downside of this is that i cant delete my stack now. i guess i’ll just need to edit the state to remove the protected resources. unfortunately this isnt really a viable solution for managing the tags though