```Hello, I am building out a/n AWS VPC with Pulum...
# pythonc
chilly-hairdresser-56259
05/13/2020, 8:01 PM Copy code
Hello, I am building out a/n AWS VPC with Pulumi and am seeing a strange issue with how pulumi "thinks" Network Acl Rules need to be replaced, specifically it states that the change is in the Rule action, however the Rule Actions are statically assigned. An example would be the following.
acl_rules = [
{
"resource_name": "privateInboundDynamic",
"egress": "True",
"from_port": "1024",
"to_port":"65535",
"protocol": "6",
"cidr_block": "0.0.0.0/0",
"rule_number": "10",
"network_acl_id": privateACL.id,
"rule_action": "Allow"
},
{
"resource_name": "privateOutboundUdpDns",
"egress": "True",
"from_port": "53",
"to_port":"53",
"protocol": "17",
"cidr_block": "0.0.0.0/0",
"network_acl_id": privateACL.id,
"rule_number": "20",
"rule_action": "Allow"
}
]
for x in range(0, len(acl_rules)):
print("[INFO] DEBUG -> %s" % str(acl_rules[x]))
aws.ec2.NetworkAclRule(
resource_name=acl_rules[x]['resource_name'],
cidr_block=acl_rules[x]['cidr_block'],
egress=acl_rules[x]['egress'],
from_port=acl_rules[x]['from_port'],
network_acl_id=acl_rules[x]['network_acl_id'],
protocol=acl_rules[x]['protocol'],
rule_action=acl_rules[x]['rule_action'],
rule_number=acl_rules[x]['rule_number'],
to_port=acl_rules[x]['to_port']
)
Review Of changes with plum preview:
+- ├─ aws:ec2:NetworkAclRule publicOutboundDynamic replace [diff: ~ruleAction]g
gentle-diamond-70147
05/13/2020, 8:03 PMCan you provide the output of
preview --diffc
chilly-hairdresser-56259
05/13/2020, 8:06 PMWonder if its a bug, weird
chilly-hairdresser-56259
05/13/2020, 8:06 PM Copy code
+-aws:ec2/networkAclRule:NetworkAclRule: (replace)
[id=nacl-2910404550]
[urn=urn:pulumi:test::vpc::aws:ec2/networkAclRule:NetworkAclRule::publicInboundhynamic]
[provider=urn:pulumi:test::vpc::pulumi:providers:aws::default_2_4_0::ba753d41-a0a7-4bca-928c-6fb400dd76b7]
~ ruleAction: "allow" => "Allow"
+-aws:ec2/networkAclRule:NetworkAclRule: (replace)
[id=nacl-2833746520]
[urn=urn:pulumi:test::vpc::aws:ec2/networkAclRule:NetworkAclRule::public_self_egress0]
[provider=urn:pulumi:test::vpc::pulumi:providers:aws::default_2_4_0::ba753d41-a0a7-4bca-928c-6fb400dd76b7]
~ ruleAction: "allow" => "Allow"chilly-hairdresser-56259
05/13/2020, 8:07 PMStating changing lowercase allow to Uppercase Allow
chilly-hairdresser-56259
05/13/2020, 8:08 PMg
gentle-diamond-70147
05/13/2020, 8:13 PMIf you change your code to all lowercase
"allow"👍 1
c
chilly-hairdresser-56259
05/13/2020, 8:14 PM@gentle-diamond-70147 that worked.
chilly-hairdresser-56259
05/13/2020, 8:15 PMAh specifically in the docs it states lowercase "allow", rather than "Allow"
chilly-hairdresser-56259
05/14/2020, 3:56 PMI am trying to think of a clean way to add NetworkAclRules, however really haven't thought of a better solution yet. Currently the solution takes in a variable of List(Dict[]), then calculates the length and iterators over it. Within the List(Dict[]) I have defined all the various parameters required.