I'm building an EC2 which creates a network interface and attaches to the instance as a primary eni. I've set the 

deleteOnTermination

 to false (as I want to keep the eni on deletion of the ec2. To do with an app license). But running 

pulumi destroy

 removes the eni. If I terminate through the console, the eni remains. Is there a way I can remove everything apart from the eni? (

protect

prevents deletion of the whole stack).

You'll probably need to create the ENI separately and attach it to the instance https://www.pulumi.com/registry/packages/aws/api-docs/ec2/networkinterface/

I've done this within a component resource. Create the eni and attach it to the EC2 instance.

The destroy command tells AWS to remove everything as well, so if you're running destroy AWS is going to remove the ENI. My advise is to work out a way to be able to terminate the instance. This is good general "cloud" advise anyway where an EC2 instance might have to move hosts at any time and therefore it might be deleted

I have, can you see the code I uploaded?

What's your use case here? Why do you need to keep the network interface around?

It is todo with licensing an application. It requires the mac address to be licensed. If we can keep the eni then it can be reattached to a new instance in the event of a problem.

If you're running destroy, Pulumi doesn't just terminate what's there, it deletes. If this is something you need to stick around, you'll need it in a new project/stack, one that doesn't get destroyed

OK, thanks Piers.

Not sure I understand. Do you mean if you have the interface resource in a different stack but attach it to an EC2 interface and try to run destroy it'll fail?

Yes...

I don't know, but since you can create a network interface resource without an ec2 instance I suspect that it'll be possible

just following up here, you're defining the ENI in code too?

I was, not now.