https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
l
If you add a dependsOn from the policyAttachments to the lambdas, would that require that Pulumi deletes the attachments first?
g
not sure, The lambdas are defined through awsx.API routes and all that was defined for them were path, method, and eventHandler. Doesn't seem like a route defintion accepts dependsOn And seems kind of chicken / egg to declare the .API depends on the lambdas it's supposed to be declaring.
l
dependsOn is in the 
opt
parameter, not the 
args
.
In my experience, it's only the policyAttachment that present problems.. not sure I've done this with lambdas though. I'll check if it can be sorted that way.
I don't see policies in the lambda docs... just Permissions.... 🤔
g
hmm.
Copy code
deleting urn:pulumi:company1::myCompany-pulumi::aws:apigateway:x:API$aws:iam/policy:Policy::hello-only-imported927f543c-LambdaFullAccess: 1 error occurred:
        * Error deleting IAM policy arn:aws:iam::863178862591:policy/hello-only-imported927f543c-LambdaFullAccess-e34ce24: DeleteConflict: Cannot delete a policy attached to entities.
        status code: 409, request id: 80183c5f-327d-42d6-9c27-1ab4b499fab9
guess its the IAM
and i guess what i meant is i can't use dependsOn because the lambdas are just functions, not resources that are defined yet since they don't get defined until 
awsx.apigateway.API
actually builds the routes.
ie.
Copy code
eventHandler: routes.helloHandler,

        }
    ],
},
    { dependsOn: [routes.helloHandler] }
^ the depeondsOn is complaining here
l
Ah, you're using API gateway from awsx? Then I'd say this is a bug.. if it's creating things with a clear deletion order that awsx should know about, but aws can't know about, then it should add the 
dependsOn
opt for you...
g
right yea. Okay i'll get it working manually and then see if i can get it boiled down to be reproducible.
l
I see several issues about this sort of thing in AWSX, but relating to VPCs and subnets...
You may find that migrating your code to vanilla aws.apigateway(v2?) will be the only in-code solution.. in the short term, 
pulumi state delete
and manually deleting things might have to be the way to go...
g
yea i'm still very new to pulumi but so far awsx has caused some headaches. It seems to work fine on fresh deployments but once i start trying to shuffle what region the entire gateway is in or even just shuffling around the lambdas and what routes they're on it starts getting shaky.
l
That's pretty much my experience too. Great time-saver when getting started, but eventually you'll have to migrate away from it once you need to do complicated stuff.
g
gotcha, well hopefully i can get it repeatable and get an issue opened, thanks for the help!
👍 1
weird i wonder if it's a difference on the aws api.
I went directly to iam roles and dropped the roles and they went away just fine... no complaints about disconnecting policies or entities or anything.
l
Or maybe a race condition? Pulumi may have deleted something in parallel but without a 
dependsOn
. If there had been a 
dependsOn
, it would have deleted them sequentially (= correctly).
g
Right, seems likely. From what i could tell everything it wanted to delete was there and i had to remove it manually and then use state to destroy those resources until it was able to remove the rest.
l
Well if there was a race condition and the "blocking" resource got deleted anyway, then simply running the same command should finish the job safely...
g
could also be the difference of not giving .API any opts at all and then trying to force it to move regions by handing it an opts with a provider in a different region.
that's what i'm going to do to see if i can reproduce the issue
ah, then it must not have been a race, i tried destroying a good 3-5 times
l
hmm ¯\_(ツ)_/¯
g
lol agreed
8 Views
Open in Slack
PreviousNext
Powered by