Hey there, I’m trying to set up Imagebuilder, and after editing component setup I’m getting:

error: deleting urn:pulumi:dev-workflow-development-us-east-1-shared::dev-workflow-service::aws:imagebuilder/component:Component::dev_env: 1 error occurred:
    	* error deleting Image Builder Component (arn:aws:imagebuilder:us-east-1:824464961347:component/dev-env-e243ad8/1.0.1/1): ResourceDependencyException: Resource dependency error: The resource ARN 'arn:aws:imagebuilder:us-east-1:824464961347:component/dev-env-e243ad8/1.0.1/1' has other resources depended on it.

Here is my setup in TS:

const componentSetup = readFileSync('./dev-env/component-setup.yml', 'utf-8');

const VERSION = `1.0.3`;

export const devEnvComponent = new imagebuilder.Component('dev-env', {
  data: componentSetup,
  description: 'This component include all required installs for dev env',
  platform: "Linux",
  version: VERSION,
});

const devEnvImageBuilderRole = new iam.Role("dev-env-image-builder", {
  assumeRolePolicy: {
      Version: "2012-10-17",
      Statement: [{
          Action: "sts:AssumeRole",
          Principal: {
              Service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
          },
          Effect: "Allow",
          Sid: "",
      }]
  },
});

 new iam.RolePolicyAttachment("dev-env-image-builder-ssn", {
  role: devEnvImageBuilderRole,
  policyArn: 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore',
});

new iam.RolePolicyAttachment("dev-env-image-builder-ec2-ecr", {
  role: devEnvImageBuilderRole,
  policyArn: 'arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds',
});

new iam.RolePolicyAttachment("dev-env-image-builder-ec2", {
  role: devEnvImageBuilderRole,
  policyArn: 'arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder',
});

const profile = new iam.InstanceProfile("dev-env-instance-profile", { role: devEnvImageBuilderRole });

export const devEnvInfrastructureConfiguration = new imagebuilder.InfrastructureConfiguration("dev-env", {
  instanceProfileName: profile.name,
});

export const devEnvImgRecipe = new imagebuilder.ImageRecipe("dev-env", {
  blockDeviceMappings: [{
      deviceName: "/dev/xvda",
      ebs: {
          volumeSize: 100,
          volumeType: "gp2",
      },
  }],
  components: [{
      componentArn:  devEnvComponent.arn,
  }],
  parentImage: "arn:aws:imagebuilder:us-east-1:<aws:image/amazon-linux-2-ecs-optimized-x86/x.x.x>",
  version: VERSION,
});

const weeklyCron = 'cron(0 9 ? * mon)';
export const devEnvImagePipeline = new imagebuilder.ImagePipeline("dev-env", {
  imageRecipeArn: devEnvImgRecipe.arn,
  infrastructureConfigurationArn: devEnvInfrastructureConfiguration.arn,
  schedule: {
      scheduleExpression: weeklyCron,
  },
});

Anyone can advice what I’m doing wrong?

You're not doing anything wrong 🙂 AWS has created a resource that Pulumi doesn't know about (e.g. a new version of the component) and when you edit the component, Pulumi tries to delete-then-create, but the delete is being blocked by AWS.

@little-cartoon-10569 thanks for your reply, I’m wonder why pulumi can not delete the old component, You are completely right about the reason (existing dependency), but there is no any dependency that pulumi not aware of - component, imagepipeline, image recipe - all of them created via pulumi, so we can no just to delete it? I’m new to pulumi, and trying to understand if this is expected behaviour or not

If Pulumi knows about it, then it will delete it. Maybe it doesn't know that one resource has to be deleted before another? That does happen. There's a dependsOn opt that can be used if that's the problem.