I have a security group defined like this:
```
let...
# generalf
full-dress-10026
12/11/2018, 11:59 PMI have a security group defined like this:
Copy code
let lbSecurityGroup = new aws.ec2.SecurityGroup("fib-lb-sg", {
namePrefix: "fib-lb-sg",
ingress: [{
protocol: "tcp",
fromPort: 80,
toPort: 80,
cidrBlocks: ["0.0.0.0/0"]
}],
egress: [{
protocol: "-1",
fromPort: 0,
toPort: 0,
cidrBlocks: ["0.0.0.0/0"]
}],
vpcId: network.vpcId
});pulumi up Copy code
updating urn:pulumi:fibonacci-dev::fibonacci::aws:ec2/securityGroup:SecurityGroup::fib-lb-sg: from_port (80) and to_port (80) must both be 0 to use the 'ALL' "-1" protocol!m
microscopic-florist-22719
12/12/2018, 12:00 AM
was the update modifying an existing security group?
f
full-dress-10026
12/12/2018, 12:00 AMYes. I changed the ingress rule.
m
microscopic-florist-22719
12/12/2018, 12:01 AM
Did it use "-1" as its protocol before?
f
full-dress-10026
12/12/2018, 12:01 AMYes
m
microscopic-florist-22719
12/12/2018, 12:01 AM
kk, let me see if I can repro this
microscopic-florist-22719
12/12/2018, 12:02 AM
possible that we're pulling that in as a default for some reason
microscopic-florist-22719
12/12/2018, 12:03 AM
do you also have
aws.ec2.SecurityGroupRuleaws.ec2.SecurityGroupf
full-dress-10026
12/12/2018, 12:03 AMAll rules inline.
m
microscopic-florist-22719
12/12/2018, 12:03 AM
just for kicks, can you try "TCP" instead of "tcp"?
f
full-dress-10026
12/12/2018, 12:03 AMAdded the ingress rule via AWS console then running
pulumi refreshpulumi updatefull-dress-10026
12/12/2018, 12:04 AMLemme see if I can get into that state again.
m
microscopic-florist-22719
12/12/2018, 12:04 AM
That would be great. So far I've been unable to repro that as well.
microscopic-florist-22719
12/12/2018, 12:04 AM
Which versions of the packages are you working with?
f
full-dress-10026
12/12/2018, 12:04 AM Copy code
"dependencies": {
"@pulumi/pulumi": "0.16.6",
"@pulumi/aws": "0.16.2",
"@pulumi/aws-infra": "0.16.2",
"@pulumi/cloud-aws": "0.16.0",
"@pulumi/cloud": "0.16.0"
}full-dress-10026
12/12/2018, 12:05 AMSimply changing from tcp to -1 to tcp does not do it.
m
microscopic-florist-22719
12/12/2018, 12:05 AM
Hm. That's quite odd.
f
full-dress-10026
12/12/2018, 12:07 AMI think I got it. Go from
Copy code
{
protocol: "tcp",
fromPort: 80,
toPort: 80,
cidrBlocks: ["0.0.0.0/0"]
} Copy code
{
protocol: "-1",
fromPort: 80,
toPort: 80,
cidrBlocks: ["0.0.0.0/0"]
} Copy code
{
protocol: "-1",
fromPort: 0,
toPort: 0,
cidrBlocks: ["0.0.0.0/0"]
}m
microscopic-florist-22719
12/12/2018, 12:10 AM
That second configuration should not be allowed
microscopic-florist-22719
12/12/2018, 12:10 AM
Are you able to successfully run a
pulumi updatemicroscopic-florist-22719
12/12/2018, 12:10 AM
Copy code
{
protocol: "-1",
fromPort: 80,
toPort: 80,
cidrBlocks: ["0.0.0.0/0"]
}microscopic-florist-22719
12/12/2018, 12:10 AM
?
f
full-dress-10026
12/12/2018, 12:10 AMRight. It failed deployment. But then going from the second to third resulted in the above exception.
m
microscopic-florist-22719
12/12/2018, 12:12 AM
okay, I can repro this
microscopic-florist-22719
12/12/2018, 12:13 AM
hoo boy, that is weird
microscopic-florist-22719
12/12/2018, 12:13 AM
can you file an issue in pulumi-aws?
microscopic-florist-22719
12/12/2018, 12:13 AM
my guess is that there's some bad interaction with terraform here
microscopic-florist-22719
12/12/2018, 12:13 AM
good to know that a
refreshf
full-dress-10026
12/12/2018, 12:14 AMI've somehow managed to hit this multiple times. Some combo of refresh and/or stack export | import usually fixes things.
m
microscopic-florist-22719
12/12/2018, 12:15 AM
cc @stocky-spoon-28903
f
full-dress-10026
12/12/2018, 12:19 AM