Hello is there a more effective way to test for errors like duplicate rules before doing "pulumi up" . I see such errors only when I do "up", most probably due to edit of the security groups names which shows in replace. Is there a way to debug before I actually run. "pulumi preview" would not foresee any such errors.

rror: 1 error occurred:
[Step 5/7] 	* [WARN] A duplicate Security Group rule was found on (sg-XXXXXXXXXX). This may be
[18:51:37]
[Step 5/7] a side effect of a now-fixed Terraform issue causing two security groups with
[18:51:37]
[Step 5/7] identical attributes but different source_security_group_ids to overwrite each
[18:51:37]
[Step 5/7] other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
[18:51:37]
[Step 5/7] information and instructions for recovery. Error message: the specified rule "peer: XX.XX.XX.XX/XX, UDP, from port: X, to port: XXXX, ALLOW" already exists

I'm not aware of a test or policy that exists that does that, but there's nothing stopping you from doing that. A policy would be very appropriate, but a unit test might be easier. And it would pick things up sooner, since the policy doesn't get applied until

up

.

hi @little-cartoon-10569 , thanks for your suggestion, I was trying out with Policies here, I could see they tend to fail if conditions are not met in pulumi preview, do you think that will not always work? I was more keen in policies as I am looking to make sure the new state would not break before deploying by doing pulumi up.

You can run policies on up only, or on certain stacks only. Some features of policies are only for certain Pulumi paid plans, but I think you can get protection from breaking custom rules in certain stacks on

pulumi up

.