Hi all! It seems i am unable to set enabledClusterLogTypes on an EKS cluster after provisioning without some weirdness. Btw, this is my first attempt with pulumi, so there is a change I am doing things the wrong way. Would love if you could correct me. This is my code:

const cluster = new aws.eks.Cluster(environment.name, {
        name: environment.name,
        vpcConfig: {
            subnetIds: subnets.map(s => s.id),
            endpointPublicAccess: false,
            endpointPrivateAccess: true,
            securityGroupIds: [clusterSecurityGroup.id]
        },
        //enabledClusterLogTypes: ["api","audit","authenticator","controllerManager","scheduler"], // Uncomment and cluster.vpcConfig.clusterSecurityGroupId becomes undefined
        roleArn: clusterRole.arn,
        version: environment.clusterKubernetesVersion ? environment.clusterKubernetesVersion : "1.17"
    })

    // Patch the cluster security group
    environment.extraClusterIngressSecurityGroupIds?.forEach((id, i) => {
        console.log(id, i, cluster.vpcConfig.clusterSecurityGroupId)
        new aws.ec2.SecurityGroupRule(`extra-cluster-ingress-rules-${i}`, {
            securityGroupId: cluster.vpcConfig.clusterSecurityGroupId,
            type: "ingress",
            fromPort: 0,
            toPort: 0,
            protocol: "-1",
            sourceSecurityGroupId: id,
        })
    })

I provisioned the cluster before I added

enabledClusterLogTypes

. I made a change that sets

enabledClusterLogTypes

, and now, when running

pulumi up

,

cluster.vpcConfig.clusterSecurityGroupId

is undefined. If I comment out the block that uses the undefined value, I can successfully add the cluster log types. This has the consequence of removing my security group rules. Afterwards, i can uncomment the block again and this work. Is what i am trying to do actually possible? I also tried using

dependsOn

as well as wrapping the for loop in

cluster.vpcConfig.apply()

to no avail.