https://pulumi.com logo
#general
Title
# general
b

billowy-laptop-45963

02/25/2020, 10:30 PM
I have an aws / ts stack that I last updated a month ago and now it wants to do delete a bunch of my role attachments. Was anything changed that might've caused this? I have a decent amount of .apply / .then programming going on so I'm wondering if something changed in a way which makes that invalid...
w

white-balloon-205

02/25/2020, 10:45 PM
Did you update any dependencies in particular? I am not aware of anything that would cause this - though there are many potential changes you might have made that could lead to this. Unless you are creating resources inside
.apply
calls, I ould not expect the preview results to be misleading.
c

calm-parrot-72437

02/26/2020, 6:39 PM
I'm having a similar problem, most likely related to my flubbing of the outputs but confusing nevertheless. The preview/up details show the instance recreated because of a security group change, i.e, ++awsec2/instanceInstance: (create-replacement) [id=i-06f95703bc4a27bf2] [urn=urnpulumistage:houdini license serverawsec2/instanceInstance:houdini-license-server-stage] [provider=urnpulumistage:houdini license serverpulumiprovidersawsdefault 1 23 0:2a501aeb-bced-4003-8379-c1113d368079] ~ securityGroups: [ + [0]: "sg-0f0edc067620a7763" ] +-awsec2/instanceInstance: (replace) [id=i-06f95703bc4a27bf2] [urn=urnpulumistage:houdini license serverawsec2/instanceInstance:houdini-license-server-stage] [provider=urnpulumistage:houdini license serverpulumiprovidersawsdefault 1 23 0:2a501aeb-bced-4003-8379-c1113d368079] ~ securityGroups: [ + [0]: "sg-0f0edc067620a7763" ]
security group is coming from another stack via export const securityGroupIds = [cluster.nodeSecurityGroup.id];
i do the import from a config file and in the instance creation i just access like this: securityGroups: config.securityGroupIds
anyone have ideas why pulumi thinks there's an update here?
w

white-balloon-205

02/28/2020, 7:59 PM
Does the underlying instance actually have these security groups applied? Note that I believe that
vpcSecurityGroupIds
is safer to use for VPC-based instances (i.e. if you are not in the default VPC). But not clear from context so far exactly what you instance is actually configured to do - and what change you are in practice making to its configuration.
c

calm-parrot-72437

02/28/2020, 8:13 PM
yeah, not in the default vpc, i'll try using that. I'm not changing its configuration at all 😞
changing to vpcSecurityGroupIds fixed it! Thanks, @white-balloon-205
👍 1