https://pulumi.com logo
Title
w

worried-city-86458

09/03/2021, 4:13 AM
Not sure why I'm getting an error trying to create a couple of security group rules. Something like:
new SecurityGroupRule($"{awsEksPrefix}-1",
    new SecurityGroupRuleArgs
    {
        Type = "ingress",
        Protocol = "tcp",
        FromPort = 0,
        ToPort = 65535,
        SourceSecurityGroupId = internalSgId,
        SecurityGroupId = clusterSgId
    },
    new CustomResourceOptions { Provider = awsProvider });

new SecurityGroupRule($"{awsEksPrefix}-2",
    new SecurityGroupRuleArgs
    {
        Type = "ingress",
        Protocol = "tcp",
        FromPort = 0,
        ToPort = 65535,
        SourceSecurityGroupId = internetSgId,
        SecurityGroupId = clusterSgId
    },
    new CustomResourceOptions { Provider = awsProvider });
Fails with error:
Duplicate resource URN 'urn:pulumi:alpha::aws-eks::aws:ec2/securityGroupRule:SecurityGroupRule::alpha-aws-eks-2'; try giving it a unique name
But I am specifying unique names!?
b

bored-table-20691

09/03/2021, 4:22 AM
Does your state already have that name used elsewhere from a prior run or something?
w

worried-city-86458

09/03/2021, 4:35 AM
Nope. I just added them now. Comment them both out => no change. Uncomment just one of them => unique name error 😖
(I also checked the state and definitely not there)
b

bored-table-20691

09/03/2021, 4:56 AM
Interesting - that is frustrating.
w

worried-city-86458

09/04/2021, 5:54 AM
Yeah, feels like a bug.
b

bored-table-20691

09/04/2021, 5:56 AM
Do you have a repro that isn’t your full program?
or if not, willingness to show your full program?
w

worried-city-86458

09/08/2021, 10:39 PM
This is just bizarre. I tried a workaround with a cloudformation stack and get a similar error:
Duplicate resource URN 'urn:pulumi:alpha::aws-eks::aws:cloudformation/stack:Stack::alpha-aws-eks-sg-rules'; try giving it a unique name
@billowy-army-68599 any ideas?
// cluster security group rules for legacy ingress; work around duplicate resource urn issue
Logger.LogDebug("Creating eks cluster security group rules");
var clusterSgrTemplate = Output.Tuple(clusterSgId, eksNodeInternalElbSgId, eksNodePublicElbSgId)
    .Apply(((string ClusterSgId, string InternalSgId, string InternetSgId) tuple) =>
        RenderTemplate("EksSecurityGroupRules.yaml", ReadResource, new { tuple.ClusterSgId, tuple.InternalSgId, tuple.InternetSgId }));

new Pulumi.Aws.CloudFormation.Stack($"{awsEksPrefix}-sg-rules",
    new StackArgs { TemplateBody = clusterSgrTemplate },
    new CustomResourceOptions { Provider = awsProvider });
AWSTemplateFormatVersion: 2010-09-09
Resources:
  InternalIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: {{ clusterSgId }}
      IpProtocol: tcp
      FromPort: 0
      ToPort: 65535
      SourceSecurityGroupId: {{ internalSgId }}
  InternetIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: {{ clusterSgId }}
      IpProtocol: tcp
      FromPort: 0
      ToPort: 65535
      SourceSecurityGroupId: {{ internetSgId }}
It doesn't matter what's in the cf template as it fails with the cf template resource urn, which is definitely unique.
b

billowy-army-68599

09/08/2021, 11:43 PM
@worried-city-86458 are you creating the resources inside an apply?
w

worried-city-86458

09/08/2021, 11:44 PM
No
b

billowy-army-68599

09/08/2021, 11:45 PM
would you mind doing a
pulumi stack export
and/or sharing the full code with me so I can try repro? DM is okay