https://pulumi.com logo
#aws
Title
# aws
b

brave-nightfall-19158

11/22/2021, 9:27 AM
Hey team. Having a problem deleting a security group that was built with Cloudformation - I've deleted the CF stack with the SG deletion policy set as "retain". I've imported the SG in Pulumi and have now done an operation that requires a replacement of the SG. "Pulumi up" now fails and timesouts with no reason. When I try and delete the SG manually via console I get an error as attached. I would have thought that Pulumi should handle this gracefully and provide AWS API error?
l

little-cartoon-10569

11/22/2021, 7:39 PM
In this case, Pulumi sends the delete API request which succeeds. AWS then spends 5 minutes failing to delete the SG. There's not much that Pulumi can do, unfortunately...
If you import the ENI and associate them correctly, then Pulumi will know that the deletion will fail and tell you before even sending the API request.
b

brave-nightfall-19158

11/22/2021, 11:30 PM
Yeah that’s correct.. AWS spends time trying to do stuff it can’t do. Ha. Except in console when trying to delete the SG it is an immediate response, so assumed the cli or however pulumi does it would also get the same error response and not keep trying?
l

little-cartoon-10569

11/23/2021, 12:09 AM
Don't know about that. I know Pulumi (or maybe the TF bridge?) handles similar situations better, so there may be something Pulumi can do to make it better. Maybe you could raise an issue in GitHub about it?
5 Views