https://pulumi.com logo
#aws
Title
q

quiet-leather-94755

09/08/2020, 3:35 PM
Humm, is there a way to update a security group rather than replace it when modifying ingress / egress rules? I've got a group that I imported, and I want to modify it, but it's not acceptable to have some in-between state where the EC2 instances don't have any security group applied. The instances are unfortunately not in Pulumi's control, and probably shouldn't be either (as they are created by a lambda deployed via a CF template by a vendor).
g

gentle-diamond-70147

09/08/2020, 6:26 PM
Can you elaborate on this -"where the EC2 instances don't have any security group applied"? In general, a SecurityGroup should not need to be replaced when modifying ingress or egress rules. Can you share the output of
pulumi preview --diff
?
q

quiet-leather-94755

09/08/2020, 7:41 PM
Ah, I just realized the issue.. I tried to change the description of the security group. If I don't, then it looks fine.