https://pulumi.com logo
Title
g

gray-whale-15826

04/29/2021, 11:13 AM
Hey there, I’m trying to set up Imagebuilder, and after editing component setup I’m getting:
error: deleting urn:pulumi:dev-workflow-development-us-east-1-shared::dev-workflow-service::aws:imagebuilder/component:Component::dev_env: 1 error occurred:
    	* error deleting Image Builder Component (arn:aws:imagebuilder:us-east-1:824464961347:component/dev-env-e243ad8/1.0.1/1): ResourceDependencyException: Resource dependency error: The resource ARN 'arn:aws:imagebuilder:us-east-1:824464961347:component/dev-env-e243ad8/1.0.1/1' has other resources depended on it.
Here is my setup in TS:
const componentSetup = readFileSync('./dev-env/component-setup.yml', 'utf-8');

const VERSION = `1.0.3`;

export const devEnvComponent = new imagebuilder.Component('dev-env', {
  data: componentSetup,
  description: 'This component include all required installs for dev env',
  platform: "Linux",
  version: VERSION,
});

const devEnvImageBuilderRole = new iam.Role("dev-env-image-builder", {
  assumeRolePolicy: {
      Version: "2012-10-17",
      Statement: [{
          Action: "sts:AssumeRole",
          Principal: {
              Service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
          },
          Effect: "Allow",
          Sid: "",
      }]
  },
});

 new iam.RolePolicyAttachment("dev-env-image-builder-ssn", {
  role: devEnvImageBuilderRole,
  policyArn: 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore',
});

new iam.RolePolicyAttachment("dev-env-image-builder-ec2-ecr", {
  role: devEnvImageBuilderRole,
  policyArn: 'arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds',
});

new iam.RolePolicyAttachment("dev-env-image-builder-ec2", {
  role: devEnvImageBuilderRole,
  policyArn: 'arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder',
});

const profile = new iam.InstanceProfile("dev-env-instance-profile", { role: devEnvImageBuilderRole });

export const devEnvInfrastructureConfiguration = new imagebuilder.InfrastructureConfiguration("dev-env", {
  instanceProfileName: profile.name,
});

export const devEnvImgRecipe = new imagebuilder.ImageRecipe("dev-env", {
  blockDeviceMappings: [{
      deviceName: "/dev/xvda",
      ebs: {
          volumeSize: 100,
          volumeType: "gp2",
      },
  }],
  components: [{
      componentArn:  devEnvComponent.arn,
  }],
  parentImage: "arn:aws:imagebuilder:us-east-1:<aws:image/amazon-linux-2-ecs-optimized-x86/x.x.x>",
  version: VERSION,
});

const weeklyCron = 'cron(0 9 ? * mon)';
export const devEnvImagePipeline = new imagebuilder.ImagePipeline("dev-env", {
  imageRecipeArn: devEnvImgRecipe.arn,
  infrastructureConfigurationArn: devEnvInfrastructureConfiguration.arn,
  schedule: {
      scheduleExpression: weeklyCron,
  },
});
Anyone can advice what I’m doing wrong?
l

little-cartoon-10569

04/29/2021, 9:00 PM
You're not doing anything wrong 🙂 AWS has created a resource that Pulumi doesn't know about (e.g. a new version of the component) and when you edit the component, Pulumi tries to delete-then-create, but the delete is being blocked by AWS.
Your options are to find and delete the mystery resource (I find that using the console to attempt to delete the known resource usually produces a more useful error message); or change the way you manage component versions to not delete old versions, just add new ones.
(Aside: when adding large blocks of text or code, the Text Snippet tool in the lightning menu is great: it collapses nicely for a better reader/scroller experience.)
g

gray-whale-15826

04/30/2021, 4:58 PM
@little-cartoon-10569 thanks for your reply, I’m wonder why pulumi can not delete the old component, You are completely right about the reason (existing dependency), but there is no any dependency that pulumi not aware of - component, imagepipeline, image recipe - all of them created via pulumi, so we can no just to delete it? I’m new to pulumi, and trying to understand if this is expected behaviour or not
l

little-cartoon-10569

05/02/2021, 8:55 PM
If Pulumi knows about it, then it will delete it. Maybe it doesn't know that one resource has to be deleted before another? That does happen. There's a dependsOn opt that can be used if that's the problem.