https://pulumi.com logo
#general
Title
# general
c

calm-quill-21760

02/27/2020, 7:45 PM
Since resource creation is deferred with Pulumi, what's the process for updating an item before it gets created? Specifically, I've created two AWS SecurityGroup objects and want some of the egress rules in one to reference the other. The reason I'm breaking this up is that I don't want to manually define the order in which the groups get created. Creating each and maintaining a reference back seemed like a solution. However, when I pull up the object to modify it, I find the object seems to want a "resolved" value:
Copy code
let thisGroup = createdSecGroups.get(thisGroupName);
                    if (item.allowed_other_sec_grps && item.allowed_other_sec_grps.length > 0) {
                        for (let allowed of item.allowed_other_sec_grps) {
                            let theOtherSecGrp = createdSecGroups.get(allowed + "_" + vpc);
                            if (theOtherSecGrp && thisGroup) {
                                thisGroup.egress.get().forEach(entry => {
                                    entry.securityGroups = theOtherSecGrp!.id;
                                });
                            }
                        }
                    }
This line is invalid:
Copy code
entry.securityGroups = theOtherSecGrp!.id;
It looks like securityGroups wants a resolved string[] value. I'm guessing this is another case where I'm thinking about this all wrong... Suggestions are appreciated!
w

white-balloon-205

02/27/2020, 7:51 PM
This is generally why you use the
SecurityGroupRule
resource instead of specifying the rules inline in the
SecurityGroup
. See notes on https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/ec2/#SecurityGroupRule.
c

calm-quill-21760

02/27/2020, 8:38 PM
If I'm reading the documentation right, it says SecurityGroupRules work with "external" Security Groups. So if I'm creating security groups with Pulumi, that doesn't seem to work?
Puzzling through, it looks like I can omit the ingress/egress inline and then attach the SecurityGroupRules to the security group id.
w

white-balloon-205

02/27/2020, 9:55 PM
That's right - the latter is the "right" way to do this in Pulumi and Terraform for maximum flexibility.