Hey all I have a security group rule I m creating and I want Pulumi Community #aws

Hey all - I have a security group rule I’m creatin...

lemon-machine-35564

04/16/2021, 5:15 PM

Hey all - I have a security group rule I’m creating and I want it to be deleted before it’s created:

Copy code

new aws.ec2.SecurityGroupRule(
  `bastion-rule-` + env,
  {
    type: 'ingress',
    toPort: 0,
    protocol: '-1',
    fromPort: 0,
    securityGroupId: vpc.vpc.defaultSecurityGroupId,
    sourceSecurityGroupId: bastionSecGroup.id
  },
  { deleteBeforeReplace: true }
);

lemon-machine-35564

04/16/2021, 5:15 PM

But that doesn’t seem to be happening because I get:

Copy code

View Live: <https://app.pulumi.com/xxxx/xxx-xxx-vpc/development/updates/49>

     Type                          Name                                 Status                  Info
     pulumi:pulumi:Stack           xxx-foundations-vpc-development  **failed**              1 error
 +   └─ aws:ec2:SecurityGroupRule  bastion-rule-2137                    **creating failed**     1 error
 
Diagnostics:
  aws:ec2:SecurityGroupRule (bastion-rule-2137):
    error: 1 error occurred:
    	* [WARN] A duplicate Security Group rule was found on (sg-059e66fdf2c37c5ac). This may be
    a side effect of a now-fixed Terraform issue causing two security groups with
    identical attributes but different source_security_group_ids to overwrite each
    other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
    information and instructions for recovery. Error message: the specified rule "peer: sg-06987771897f711dd, ALL, ALLOW" already exists

lemon-machine-35564

04/16/2021, 5:16 PM

So you can see it’s trying to create the rule before deleting it. Does

deleteBeforeReplace

not work in some places?

billowy-army-68599

04/16/2021, 5:21 PM

are they both defined inside Pulumi?

lemon-machine-35564

04/16/2021, 5:23 PM

I’m just changing the name of it via

env

lemon-machine-35564

04/16/2021, 5:23 PM

So the code is exactly the same,

env

just changed

lemon-machine-35564

04/16/2021, 5:23 PM

So it tries to create the rule, but it’s already there and crashes. I was hoping

deleteBeforeReplace

would delete the rule first and then re-add it

billowy-army-68599

04/16/2021, 5:25 PM

it should, yes, but your error message indicates there might be a security group rule defined outside Pulumi?

lemon-machine-35564

04/16/2021, 5:25 PM

There should not be, no

lemon-machine-35564

04/16/2021, 5:25 PM

I’ll check though

lemon-machine-35564

04/16/2021, 5:27 PM

Yeah no, it’s just that it’s trying to add the rule before it deletes the old one

lemon-machine-35564

04/16/2021, 5:28 PM

The rules are the same, only the name of the resource is changing.

billowy-army-68599

04/16/2021, 5:33 PM

can you open an issue in pulumi-aws?

lemon-machine-35564

04/16/2021, 5:33 PM

Yeah no problem, thanks!

lemon-machine-35564

04/16/2021, 5:38 PM

https://github.com/pulumi/pulumi-aws/issues/1451

Open in Slack

Previous Next