Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
l
lemon-machine-35564
04/16/2021, 5:15 PMHey all - I have a security group rule I’m creating and I want it to be deleted before it’s created:
new aws.ec2.SecurityGroupRule(
`bastion-rule-` + env,
{
type: 'ingress',
toPort: 0,
protocol: '-1',
fromPort: 0,
securityGroupId: vpc.vpc.defaultSecurityGroupId,
sourceSecurityGroupId: bastionSecGroup.id
},
{ deleteBeforeReplace: true }
);But that doesn’t seem to be happening because I get:
View Live: <https://app.pulumi.com/xxxx/xxx-xxx-vpc/development/updates/49>
Type Name Status Info
pulumi:pulumi:Stack xxx-foundations-vpc-development **failed** 1 error
+ └─ aws:ec2:SecurityGroupRule bastion-rule-2137 **creating failed** 1 error
Diagnostics:
aws:ec2:SecurityGroupRule (bastion-rule-2137):
error: 1 error occurred:
* [WARN] A duplicate Security Group rule was found on (sg-059e66fdf2c37c5ac). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error message: the specified rule "peer: sg-06987771897f711dd, ALL, ALLOW" already existsSo you can see it’s trying to create the rule before deleting it. Does
deleteBeforeReplaceb
billowy-army-68599
04/16/2021, 5:21 PMare they both defined inside Pulumi?
l
lemon-machine-35564
04/16/2021, 5:23 PMI’m just changing the name of it via
envSo the code is exactly the same,
envSo it tries to create the rule, but it’s already there and crashes. I was hoping
deleteBeforeReplaceb
billowy-army-68599
04/16/2021, 5:25 PMit should, yes, but your error message indicates there might be a security group rule defined outside Pulumi?
l
lemon-machine-35564
04/16/2021, 5:25 PMThere should not be, no
I’ll check though
Yeah no, it’s just that it’s trying to add the rule before it deletes the old one
The rules are the same, only the name of the resource is changing.
b
billowy-army-68599
04/16/2021, 5:33 PMcan you open an issue in pulumi-aws?
l
lemon-machine-35564
04/16/2021, 5:33 PMYeah no problem, thanks!