Hi,
I am using Pulumi AWS WAFv2 in our setup. (Pu...
# awsb
bored-bird-56147
11/29/2021, 6:10 AMHi,
I am using Pulumi AWS WAFv2 in our setup. (Pulumi v3.18.1 on macbook pro) I am able to create a WebACL with rules in it, however after creating one, whenever I try to run ‘pulumi up’ (with no changes made), I am consistently seeing the same differences (with rules) shown and asks me to update. Ideally, there should be NO updates. (I don’t see this happen with other Pulumi AWS features).
I was wondering if anyone has seen this issue, and how did you resolve it.
I see this behavior with the example given in the doc (https://www.pulumi.com/registry/packages/aws/api-docs/wafv2/webacl/#example-usage)
Here’s a snap from my terminal runs of ‘pulumi up’
Copy code
#1. Creating the WebAcl with a single rule
Previewing update (my-test):
Type Name Plan
+ pulumi:pulumi:Stack test-my-test create
+ └─ aws:wafv2:WebAcl example create
Resources:
+ 2 to create
Do you want to perform this update? details
+ pulumi:pulumi:Stack: (create)
[urn=urn:pulumi:my-test::test::pulumi:pulumi:Stack::test-my-test]
+ aws:wafv2/webAcl:WebAcl: (create)
[urn=urn:pulumi:my-test::test::aws:wafv2/webAcl:WebAcl::example]
[provider=urn:pulumi:my-test::test::pulumi:providers:aws::default_4_14_0::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
defaultAction : {
block : {
}
}
description : "Example of a rate based statement."
name : "example-3d63aac"
rules : [
[0]: {
action : {
count : {
}
}
name : "rule-1"
priority : 1
statement : {
rateBasedStatement: {
aggregateKeyType : "IP"
limit : 10000
scopeDownStatement: {
geoMatchStatement: {
countryCodes: [
[0]: "US"
[1]: "NL"
]
}
}
}
}
visibilityConfig: {
cloudwatchMetricsEnabled: false
metricName : "friendly-rule-metric-name"
sampledRequestsEnabled : false
}
}
]
scope : "REGIONAL"
tags : {
Tag1 : "Value1"
Tag2 : "Value2"
}
visibilityConfig: {
cloudwatchMetricsEnabled: false
metricName : "friendly-metric-name"
sampledRequestsEnabled : false
}
Do you want to perform this update? yes
Updating (my-test):
Type Name Status
+ pulumi:pulumi:Stack test-my-test created
+ └─ aws:wafv2:WebAcl example created
Resources:
+ 2 created
Duration: 6s Copy code
#2. Running pulumi up with NO updates to code
Previewing update (my-test):
Type Name Plan Info
pulumi:pulumi:Stack test-my-test
~ └─ aws:wafv2:WebAcl example update [diff: ~rules]
Resources:
~ 1 to update
1 unchanged
Do you want to perform this update? details
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:my-test::test::pulumi:pulumi:Stack::test-my-test]
~ aws:wafv2/webAcl:WebAcl: (update)
[id=68b9d3ca-a861-4444-a0dc-f8e1bc1087ab]
[urn=urn:pulumi:my-test::test::aws:wafv2/webAcl:WebAcl::example]
[provider=urn:pulumi:my-test::test::pulumi:providers:aws::default_4_14_0::1ccfdc6b-98c8-4b5c-a404-0c2def7f8b96]
~ rules: [
~ [0]: {
+ name : "rule-1"
+ priority : 1
~ statement : {
~ rateBasedStatement: {
+ aggregateKeyType : "IP"
+ limit : 10000
~ scopeDownStatement: {
~ geoMatchStatement: {
~ countryCodes: [
+ [0]: "US"
+ [1]: "NL"
]
}
}
}
}
~ visibilityConfig: {
+ cloudwatchMetricsEnabled: false
+ metricName : "friendly-rule-metric-name"
+ sampledRequestsEnabled : false
}
}
]
Do you want to perform this update? no
confirmation declined, not proceeding with the update