This message was deleted.

@adamant-dress-73325 are you trying to import existing resources into a Pulumi stack? Or is this a

pulumi preview/up

on an existing Pulumi setup?

On an existing setup

@adamant-dress-73325 what are the changes to your pulumi code compared to the previous

pulumi up

?

I added new VPC Peering resources, while keeping the code for ec2 instance creation constant between runs.

const blahInstance = new aws.ec2.Instance("blah-qa", {
  ami: "ami-blah",
  instanceType: aws.ec2.InstanceTypes.T3_XLarge,
  subnetId: vpcPrivateSubnetIds[0],
  securityGroups: [blahSg.id],
  keyName: "blah",
  associatePublicIpAddress: false,
  tags: {
    Name: "blah"
  }
});

What I usually do is comment out all my changes and add my changes again one by one up to the point where this behaviour happens.

I recall the issue here is that

securityGroups

is actually the wrong property to use here - you need to use

vpcSecurityGroupIds

if you are working with a VPC (which it looks like you are). I believe the confusion you are seeing comes from some strange behaviour where in this case your

securityGroups

wasn't really being applied in the first place, and so it looks like it's constantly trying to reapply it? I think there have been some previous conversations on this topic in the channel here - such as https://pulumi-community.slack.com/archives/C84L4E3N1/p1562426255155500.

Ok, that seems to work, no longer tries to replace, doc comment on that property would be great

Indeed, bitten by that too back in my Terraform days.

@adamant-dress-73325 sorry, securityGroups is actually for EC2 classic 😞 we may need to make this clearer

No worries, rename for that property to classicSecurityGroups could work now that aliases are a thing and avoid the foot gun