sparse-intern-71089
08/25/2021, 6:40 AMlittle-cartoon-10569
08/25/2021, 6:48 AMlittle-cartoon-10569
08/25/2021, 6:50 AMlittle-cartoon-10569
08/25/2021, 6:51 AMInstance.get()
then you'd be out of luck, but since you imported it, you can just add a new security group ID to the constructor, and Pulumi will take care of the rest.big-london-74366
08/25/2021, 7:04 AMpulumi import
command which emit some code that I can copy paste. The problem with 'change' is that I had to replace them. So, if I already have securityGroup1
and I just want to add securityGroup2
, I can't because I need to read the value first, but the code that was given is more like 'declaration'. There's no way for me to read first.
Sorry for the confusing details lol. I'll read more on the Association
and Instance.get
to see if I can move forward with those infobig-london-74366
08/25/2021, 7:07 AMInstance.get()
may help me with getting the values first, I thinklittle-cartoon-10569
08/25/2021, 7:32 AMInstance.get()
isn't what you want. The emitted source code, which you have now put in your Pulumi program, is the correct thing to edit.little-cartoon-10569
08/25/2021, 7:32 AMlittle-cartoon-10569
08/25/2021, 7:33 AMlittle-cartoon-10569
08/25/2021, 7:35 AMpulumi import
, the resource became Pulumi-managed.little-cartoon-10569
08/25/2021, 7:39 AMSo, if I already have securityGroup1 and I just want to add securityGroup2 , I can't because I need to read the value firstThis is not correct. You don't need to read the value first. The value was read during
pulumi import
, and again every time you do a pulumi up
. It is maintained in your Pulumi state. You just need to add securityGroup2 (to the constructor) and run pulumi up
. Pulumi works its magic and AWS is updated.big-london-74366
08/25/2021, 7:42 AMbig-london-74366
08/25/2021, 2:04 PM// default security group
const defaultSg = new aws.ec2.SecurityGroup("defaultSg", {
description: "default VPC security group",
name: "default",
revokeRulesOnDelete: false,
}, {
protect: true,
})
// cluster security group
const appSecurityGroups = app.cluster.securityGroups;
const rds = new aws.rds.Instance("blog", {
autoMinorVersionUpgrade: true,
copyTagsToSnapshot: true,
deleteAutomatedBackups: true,
deletionProtection: true,
identifier: "blog",
instanceClass: "db.t3.micro",
monitoringInterval: 0,
performanceInsightsEnabled: false,
publiclyAccessible: false,
skipFinalSnapshot: true,
storageEncrypted: true,
vpcSecurityGroupIds: [defaultSg.id, appSecurityGroups[0].id]
}, {
protect: true,
});
When I import the RDS for the first time, the vpcSecurityGroupIds
are not there. So, if I add a new security group, it'll remove the previous config. So, I figured, just read the security group and assign them together like that. That will ensure it won't remove the original security group.
Obviously not really a good solution as I need to get all security group first before I declare the RDS rather than merging what security group the RDS has with the new onelittle-cartoon-10569
08/25/2021, 9:49 PMpulumi import
look like? That's the only thing you need to edit.
Also, when adding more than a few lines of source, you can use the "Create a Text Snippet" feature in the lightning menu (left side of text entry field) to make a collapsible code field. Much easier to read.big-london-74366
08/26/2021, 1:26 AMvpcSecurityIds
line in rds
is the only thing that I added there. It wasn't there, which is why I had to get the current security group id and add the new one in so that it won't remove the previous config.
Noted on the Text Snippetbig-london-74366
08/26/2021, 1:27 AMlittle-cartoon-10569
08/26/2021, 3:01 AMlittle-cartoon-10569
08/26/2021, 3:03 AMbig-london-74366
08/26/2021, 7:22 AMvpcSecurityGroupIds
rather than just adding the one. Which is also why I imported the existing security group. Is this the 'right' way to do it?little-cartoon-10569
08/26/2021, 8:06 AMbig-london-74366
08/26/2021, 8:30 AM