Anyone have a convention for using pulumi CLI to force a new ECS deployment (for example, after a Secret is changed)?

I will do that through ECS CLI, deploy with --force flag I think from Pulumi perspective, changing a secret doesn’t mean it should redeploy

Yeah, thanks. Might be cool for Pulumi to add management command support to their CLI, just to trigger custom scripts. But managing correctly-deployed resources might simply be out-of-scope for the CLI. Maybe the automation API could be used for something like this? Haven't looked into that yet.

You could add a flag or something to the Pulumi config file to force new deployments (there is a parameter to force new deployment): https://www.pulumi.com/docs/reference/pkg/aws/ecs/service/

Thanks, that's a cool idea

I think if you add the secret resource to the depends_on parameter it would also redeploy

i'm updating secret values manually in the AWS console (equivalent to creating https://www.pulumi.com/docs/reference/pkg/aws/secretsmanager/secretversion/), so Pulumi state wouldn't know about the change, i think, since each new version isn't tracked in Pulumi state.