https://pulumi.com logo
Title
b

bored-bird-56147

11/29/2021, 6:10 AM
Hi, I am using Pulumi AWS WAFv2 in our setup. (Pulumi v3.18.1 on macbook pro) I am able to create a WebACL with rules in it, however after creating one, whenever I try to run ‘pulumi up’ (with no changes made), I am consistently seeing the same differences (with rules) shown and asks me to update. Ideally, there should be NO updates. (I don’t see this happen with other Pulumi AWS features). I was wondering if anyone has seen this issue, and how did you resolve it. I see this behavior with the example given in the doc (https://www.pulumi.com/registry/packages/aws/api-docs/wafv2/webacl/#example-usage) Here’s a snap from my terminal runs of ‘pulumi up’
#1. Creating the WebAcl with a single rule

Previewing update (my-test):
     Type                 Name            Plan
 +   pulumi:pulumi:Stack  test-my-test  create
 +   └─ aws:wafv2:WebAcl  example         create

Resources:
    + 2 to create

Do you want to perform this update? details
+ pulumi:pulumi:Stack: (create)
    [urn=urn:pulumi:my-test::test::pulumi:pulumi:Stack::test-my-test]
    + aws:wafv2/webAcl:WebAcl: (create)
        [urn=urn:pulumi:my-test::test::aws:wafv2/webAcl:WebAcl::example]
        [provider=urn:pulumi:my-test::test::pulumi:providers:aws::default_4_14_0::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
        defaultAction   : {
            block     : {
            }
        }
        description     : "Example of a rate based statement."
        name            : "example-3d63aac"
        rules           : [
            [0]: {
                action          : {
                    count     : {
                    }
                }
                name            : "rule-1"
                priority        : 1
                statement       : {
                    rateBasedStatement: {
                        aggregateKeyType  : "IP"
                        limit             : 10000
                        scopeDownStatement: {
                            geoMatchStatement: {
                                countryCodes: [
                                    [0]: "US"
                                    [1]: "NL"
                                ]
                            }
                        }
                    }
                }
                visibilityConfig: {
                    cloudwatchMetricsEnabled: false
                    metricName              : "friendly-rule-metric-name"
                    sampledRequestsEnabled  : false
                }
            }
        ]
        scope           : "REGIONAL"
        tags            : {
            Tag1      : "Value1"
            Tag2      : "Value2"
        }
        visibilityConfig: {
            cloudwatchMetricsEnabled: false
            metricName              : "friendly-metric-name"
            sampledRequestsEnabled  : false
        }

Do you want to perform this update? yes
Updating (my-test):
     Type                 Name            Status
 +   pulumi:pulumi:Stack  test-my-test  created
 +   └─ aws:wafv2:WebAcl  example         created

Resources:
    + 2 created

Duration: 6s
#2. Running pulumi up with NO updates to code

Previewing update (my-test):
     Type                 Name            Plan       Info
     pulumi:pulumi:Stack  test-my-test
 ~   └─ aws:wafv2:WebAcl  example         update     [diff: ~rules]

Resources:
    ~ 1 to update
    1 unchanged

Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:my-test::test::pulumi:pulumi:Stack::test-my-test]
    ~ aws:wafv2/webAcl:WebAcl: (update)
        [id=68b9d3ca-a861-4444-a0dc-f8e1bc1087ab]
        [urn=urn:pulumi:my-test::test::aws:wafv2/webAcl:WebAcl::example]
        [provider=urn:pulumi:my-test::test::pulumi:providers:aws::default_4_14_0::1ccfdc6b-98c8-4b5c-a404-0c2def7f8b96]
      ~ rules: [
          ~ [0]: {
                  + name            : "rule-1"
                  + priority        : 1
                  ~ statement       : {
                      ~ rateBasedStatement: {
                          + aggregateKeyType  : "IP"
                          + limit             : 10000
                          ~ scopeDownStatement: {
                              ~ geoMatchStatement: {
                                  ~ countryCodes: [
                                      + [0]: "US"
                                      + [1]: "NL"
                                    ]
                                }
                            }
                        }
                    }
                  ~ visibilityConfig: {
                      + cloudwatchMetricsEnabled: false
                      + metricName              : "friendly-rule-metric-name"
                      + sampledRequestsEnabled  : false
                    }
                }
        ]

Do you want to perform this update? no
confirmation declined, not proceeding with the update