Channels
#aws
Title
b
best-lifeguard-91445
01/13/2021, 2:38 PMpulumi preview Copy code
+-aws:ecs/taskDefinition:TaskDefinition: (replace)
[id=use1-dev-registrar-api]
[urn=urn:pulumi:dev::aws::awsx:x:ecs:EC2TaskDefinition$aws:ecs/taskDefinition:TaskDefinition::use1-dev-registrar-api]
[provider=urn:pulumi:dev::aws::pulumi:providers:aws::default_3_21_0::10e8b33b-1a70-4ffc-bb0e-8c586673f58f]
~ containerDefinitions: "[secret]" => "[secret]"
> aws:autoscaling/group:Group: (read)
[id=ecs-use1-dev-edge-services-df916d8-Instances-OEURTU97PJME]
[urn=urn:pulumi:dev::aws::awsx:x:ecs:Cluster$awsx:x:autoscaling:AutoScalingGroup$aws:autoscaling/group:Group::ecs-use1-dev-edge-services]
[provider=urn:pulumi:dev::aws::pulumi:providers:aws::default_3_21_0::10e8b33b-1a70-4ffc-bb0e-8c586673f58f]
~ aws:ecs/service:Service: (update)
[id=arn:aws:ecs:us-east-1:REDACTED:service/ecs-use1-dev-edge-services-cluster-7f77f63/use1-dev-registrar-api-ff48eab]
[urn=urn:pulumi:dev::aws::awsx:x:ecs:EC2Service$aws:ecs/service:Service::use1-dev-registrar-api]
[provider=urn:pulumi:dev::aws::pulumi:providers:aws::default_3_21_0::10e8b33b-1a70-4ffc-bb0e-8c586673f58f]
~ taskDefinition: "arn:aws:ecs:us-east-1:REDACTED:task-definition/use1-dev-registrar-api:569" => output<string>a
acceptable-jackal-53536
01/13/2021, 3:46 PMi think pulumi is using the terraform aws provider underneath
what i've seen with terraform/aws is that with specific resources it can change the representation when it gets saved
in my case it was with ipv6 addresses
in my script it was
2400:cb00::/322400:cb00:0000:0000:0000:0000:0000:0000/32so when it compared the addresses, it saw it as different and an update would always run
solution was to take the format as it appeared in aws and update my script to be the same
b
best-lifeguard-91445
01/13/2021, 6:35 PMhm. thank you for the insight. However, I'm not sure what is expected, because it's converting from [secret] => [secret]
l
little-cartoon-10569
01/13/2021, 7:01 PMTry
pulumi stack export --file mine.json ; pulumi refresh ; pulumi stack export --file theirs.jsonb
best-lifeguard-91445
01/13/2021, 8:08 PMk, will do, give me 2 mins
@little-cartoon-10569 - sorry for the delayed response. There are thousands of differences.
The outputs.secretBinary.cipherText and outputs.secretString.cipherText for
aws:ecs/taskDefinition:TaskDefinitionaws:iam/role:Rolel
little-cartoon-10569
01/14/2021, 3:57 AMSome of those might have to be copied as per @acceptable-jackal-53536’s suggestion.. hard to tell which ones..
b
best-lifeguard-91445
01/14/2021, 3:58 AMTheirs
Copy code
"assumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"<http://sqs.amazonaws.com|sqs.amazonaws.com>\",\"<http://ecs-tasks.amazonaws.com|ecs-tasks.amazonaws.com>\",\"<http://ec2.amazonaws.com|ec2.amazonaws.com>\",\"<http://sns.amazonaws.com|sns.amazonaws.com>\"]},\"Action\":\"sts:AssumeRole\"}]}", Copy code
"assumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"<http://sns.amazonaws.com|sns.amazonaws.com>\",\"<http://ec2.amazonaws.com|ec2.amazonaws.com>\",\"<http://sqs.amazonaws.com|sqs.amazonaws.com>\",\"<http://ecs-tasks.amazonaws.com|ecs-tasks.amazonaws.com>\"]},\"Action\":\"sts:AssumeRole\"}]}",l
little-cartoon-10569
01/14/2021, 3:58 AMYep, I want through that exercise in a few policies. Took a few hours, but it's been solid ever since.
b
best-lifeguard-91445
01/14/2021, 3:59 AMokay cool. what about the secrets tho? it's encoded. I have no idea what it should be
l
little-cartoon-10569
01/14/2021, 4:00 AMGenerally you can ignore those, they won't be the problem. It'll be list-like things (orders change) or encoded JSON docs.
b
best-lifeguard-91445
01/14/2021, 4:00 AMokay cool
l
little-cartoon-10569
01/14/2021, 4:01 AMPulumi does quite well at detecting non-identical similarities. Just needs occasional help.
b
best-lifeguard-91445
01/14/2021, 4:01 AMThank you very much
👍 1
2 Views