worried-engineer-33884
07/22/2020, 4:04 PMbillowy-army-68599
worried-engineer-33884
07/22/2020, 4:08 PMdescription
is updated β pulumi attempts a βreplaceβ which gets the AWS error I mentioned.billowy-army-68599
PATCH
operation for the description, so it has to do a destroy -> recreate.UpdateSecurityGroup
, only update the rulesworried-engineer-33884
07/22/2020, 4:17 PMbillowy-army-68599
worried-engineer-33884
07/22/2020, 4:19 PMbillowy-army-68599
worried-engineer-33884
07/22/2020, 4:25 PMbillowy-army-68599
Previewing update (production):
Type Name Plan Info
pulumi:pulumi:Stack alb.go-production
+- ββ aws:ec2:SecurityGroup web replace [diff: ~description]
~ ββ aws:lb:LoadBalancer web update [diff: ~securityGroups]
+- ββ aws:lb:Listener http replace [diff: ~loadBalancerArn]
+- ββ aws:lb:Listener https replace [diff: ~loadBalancerArn]
Outputs:
~ arn : "arn:aws:elasticloadbalancing:us-west-2:616138583583:loadbalancer/app/web-d3c3708/174d37cd98d1a211" => output<string>
~ dnsName : "<http://web-d3c3708-2004262507.us-west-2.elb.amazonaws.com|web-d3c3708-2004262507.us-west-2.elb.amazonaws.com>" => output<string>
~ httpListenerArn : "arn:aws:elasticloadbalancing:us-west-2:616138583583:listener/app/web-d3c3708/174d37cd98d1a211/ea06334532a1400e" => output<string>
~ httpsListenerArn: "arn:aws:elasticloadbalancing:us-west-2:616138583583:listener/app/web-d3c3708/174d37cd98d1a211/d8a76ae6ce07a486" => output<string>
Resources:
~ 1 to update
+-3 to replace
4 changes. 1 unchanged
Do you want to perform this update? yes
Updating (production):
Type Name Status Info
pulumi:pulumi:Stack alb.go-production
+- ββ aws:ec2:SecurityGroup web replaced [diff: ~description]
~ ββ aws:lb:LoadBalancer web updated [diff: ~securityGroups]
Outputs:
arn : "arn:aws:elasticloadbalancing:us-west-2:616138583583:loadbalancer/app/web-d3c3708/174d37cd98d1a211"
dnsName : "<http://web-d3c3708-2004262507.us-west-2.elb.amazonaws.com|web-d3c3708-2004262507.us-west-2.elb.amazonaws.com>"
httpListenerArn : "arn:aws:elasticloadbalancing:us-west-2:616138583583:listener/app/web-d3c3708/174d37cd98d1a211/ea06334532a1400e"
httpsListenerArn: "arn:aws:elasticloadbalancing:us-west-2:616138583583:listener/app/web-d3c3708/174d37cd98d1a211/d8a76ae6ce07a486"
Resources:
~ 1 updated
+-1 replaced
2 changes. 3 unchanged
worried-engineer-33884
07/22/2020, 4:32 PMdazzling-memory-8548
07/22/2020, 4:42 PMMySecurityGroup
attempt a recreation which fails due to the ecs association. The stack continues to try to replay the delete until we manually intervene.
new aws.ecs.Service("service", {
cluster: cluster.id,
desiredCount: 1,
launchType: "FARGATE",
networkConfiguration: {
assignPublicIp: false,
securityGroups: [MySecurityGroup.id],
subnets: [privateSubnets["az0"].id, privateSubnets["az1"].id],
},
taskDefinition: myTaskDefinition.arn,
}),
billowy-army-68599
dazzling-memory-8548
07/22/2020, 4:44 PMbillowy-army-68599
Do you want to perform this update? yes
Updating (production):
Type Name Status Info
pulumi:pulumi:Stack grafana.go-production
+- ββ aws:ec2:SecurityGroup grafana replaced [diff: ~description]
~ ββ aws:ecs:Service grafana updated [diff: ~networkConfiguration]
Outputs:
address: "grafana.aws.briggs.work"
Resources:
~ 1 updated
+-1 replaced
2 changes. 6 unchanged
Duration: 7m36s
dazzling-memory-8548
07/22/2020, 6:27 PMError deleting security group: DependencyViolation: resource sg-XXXXXX has a dependent object status code: 400
on pulumi v2.6.1 + \@pulumi/aws 2.13.0. However, I'm testing now in a fresh env with ecs, and I'm unable to reproduce there or with an alb. It must be some unrelated factor. Sorry to waste your time; I'll update with additional detail if I see it happen again. I appreciate the help.billowy-army-68599