https://pulumi.com logo
Join Slack
Powered by
pulumi is convinced that it needs to add 2 securit...
# general
b
pulumi is convinced that it needs to add 2 security groups to my ec2 instance, but when i view the instance in the console, both of the SGs it wants to add are already there
Copy code
(plos-pulumi) 01-17|13:51:04|thatguy:~/repos/plos/plos-pulumi/apps/talend_poc > pulumi preview --diff
Previewing update (PLOS/dev):                                                                                                                                                                                                 pulumi:pulumi:Stack: (same)      
    [urn=urn:pulumi:dev::talend_poc::pulumi:pulumi:Stack::talend_poc-dev]
    > pulumi:pulumi:StackReference: (read)
        [id=PLOS/iam/dev]
        [urn=urn:pulumi:dev::talend_poc::pulumi:pulumi:StackReference::PLOS/iam/dev]
        name: "PLOS/iam/dev"                                                                                                                                                                                            ~ aws:iam/policyAttachment:PolicyAttachment: (update)
        [id=talend_poc_xml_policy_attachment-cc1c659]
        [urn=urn:pulumi:dev::talend_poc::aws:iam/policyAttachment:PolicyAttachment::talend_poc_xml_policy_attachment]
        [provider: urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_8_0::90aafd96-3c4a-4649-9def-fb795391f334 => urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_18_0::output<string>]
      - roles: [
      -     [0]: "talend_poc_role"
        ]
    --outputs:--
  + talend-output-bucket-name    : "talend-output-59615b1"
    +-aws:ec2/instance:Instance: (replace)
        [id=i-0b024d1ad4cb75dba]
        [urn=urn:pulumi:dev::talend_poc::aws:ec2/instance:Instance::talend_poc_instance]
        [provider: urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_8_0::90aafd96-3c4a-4649-9def-fb795391f334 => urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_18_0::output<string>]
      ~ securityGroups: [
          + [0]: "sg-078d2ef15a737ac03"
          + [1]: "sg-095e0af0371379410"
        ]
Resources:
    ~ 1 to update
    +-1 to replace
    2 changes. 15 unchanged
g
If you run a 
pulumi refresh
, does it show that it's going to add the two security groups to your instance?
b
i think that’s what this means?
Copy code
├─ aws:ec2:SecurityGroup         talend_poc_sg                                          [diff: +tags~egress,ingress]
so i proceeded with the refresh
which completed successfully
but it still thinks there are missing sgs.
g
so the refresh didn't show any 
securityGroups
change?
b
just the output i pasted above, the 
~egress,ingress
is vaguely suggestive of a security group, but nothing that’s called out as such
nothing on the ec2 instance
g
So... this won't explain the issue, but 
securityGroups
is a "legacy" setting. You should use 
vpcSecurityGroupIds
instead.
b
ah good to know
maybe this is an obscure edge case then
g
Maybe. I opened https://github.com/pulumi/pulumi-aws/issues/852 to deprecate that argument.
b
well do you feel that there’s more we should do to try to diagnose the root cause, here? or should i just leave the SGs commented out on my instance for now and move on? this is just a temporary instance for a proof of concept so it’s nothing mission critical.
g
Oh, I do have an idea to try... can you reverse the order of the security groups as you've defined them on your instance? I wonder if it's an ordering issue.
So if you have:
Copy code
securityGroups: [
    sg1.id,
    sg2.id,
]
change it to
Copy code
securityGroups: [
    sg2.id,
    sg1.id,
]
b
ok this is weird
now i’m having the same issue i did yesterday
where suddenly my session seems to have expired and i can’t log in
it was around this time of day too, as i recall
g
Hmm, maybe a token or cookie expiring after 24 hours.
b
perhaps, it’s certainly a problem i hope not to have every day
g
I see some errors in our logs, chatting with one of our engineers.
👍 1
I’ll dm you.
👍 1
Open in Slack
PreviousNext
Powered by