millions-umbrella-34765
10/20/2021, 9:19 PMpulumi up
to create a bunch of GuardDuty members and it created them. But I immediatly ran pulumi preview
with no code changes and it says it's going to replace a member. Why would that be?little-cartoon-10569
10/20/2021, 9:28 PMmillions-umbrella-34765
10/20/2021, 9:37 PMpulumi up
again and it does the replace....but if I do pulumi preview
again it shows the same diff...rinse and repeat.little-cartoon-10569
10/20/2021, 9:40 PMmillions-umbrella-34765
10/20/2021, 9:41 PMinvite: false
?little-cartoon-10569
10/20/2021, 9:42 PMpulumi up
won't be updating it. And if the value in AWS doesn't match the value in the state, then the preview will show a diff.millions-umbrella-34765
10/20/2021, 9:43 PMinvite:false
didn't help.little-cartoon-10569
10/20/2021, 9:44 PMmillions-umbrella-34765
10/20/2021, 9:45 PM// loop over the accounts to add the GD member
accounts.map(
account =>
new aws.guardduty.Member(account.name, {
detectorId: primaryDetectorId,
accountId: account.accountId,
email: account.email,
invite: false
})
);
little-cartoon-10569
10/20/2021, 9:46 PMmillions-umbrella-34765
10/20/2021, 9:51 PMlittle-cartoon-10569
10/20/2021, 9:58 PMmillions-umbrella-34765
10/20/2021, 10:01 PMlittle-cartoon-10569
10/20/2021, 10:01 PMmillions-umbrella-34765
10/20/2021, 10:14 PMpulumi up
and it "deleted" the account. I use quotes because Pulumi says it deleted yet, I still see that member in AWS console. Now whene I do pulumi preview
(or up
) I see no changes as expected. I think this must have something to do with when the master AWS org account creates the GD master account, it must add itself as a member at that point.ignoreChanges
...." So I changed the code to
// loop over the accounts to add the GD member
accounts.map(
account =>
new aws.guardduty.Member(account.name, {
detectorId: primaryDetector.id,
accountId: account.accountId,
email: account.email,
invite: false
},{ignoreChanges: ["email","invite"]})
);
and I no longer get diffs.