fierce-cpu-94517
07/29/2019, 1:52 PMUpdating (mystack):
Type Name Status Info
pulumi:pulumi:Stack private-cloud-mystack **failed** 1 error
└─ awsx:x:elasticloadbalancingv2:ApplicationLoadBalancer web
+ ├─ awsx:x:elasticloadbalancingv2:ApplicationTargetGroup web created
+ │ └─ aws:elasticloadbalancingv2:TargetGroup web created
+ ├─ awsx:x:elasticloadbalancingv2:ApplicationListener web-listener created
+ │ ├─ awsx:x:ec2:IngressSecurityGroupRule web-listener-external-0-ingress created
+ │ │ └─ aws:ec2:SecurityGroupRule web-listener-external-0-ingress **creating failed** 1 error
+ │ └─ awsx:x:ec2:EgressSecurityGroupRule web-listener-external-0-egress created
+ │ └─ aws:ec2:SecurityGroupRule web-listener-external-0-egress created
+ └─ aws:elasticloadbalancingv2:LoadBalancer web **creating failed** 1 error
Diagnostics:
aws:ec2:SecurityGroupRule (web-listener-external-0-ingress):
error: Plan apply failed: [WARN] A duplicate Security Group rule was found on (sg-0d4db747a736ac640). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error message: the specified rule "peer: 0.0.0.0/0, TCP, from port: 443, to port: 443, ALLOW" already exists
const vpc = new awsx.ec2.Vpc("vpc", {
numberOfAvailabilityZones: 3,
})
const sgLoadBalancer = new awsx.ec2.SecurityGroup("load-balancer", {
vpc: vpc,
egress: [{
protocol: "all",
fromPort: 0,
toPort: 65535,
cidrBlocks: ["0.0.0.0/0"],
}],
ingress: [{
protocol: "tcp",
fromPort: 443,
toPort: 443,
cidrBlocks: ["0.0.0.0/0"],
ipv6CidrBlocks: ["::/0"],
}],
})
const alb = new awsx.elasticloadbalancingv2.ApplicationLoadBalancer("web", {
accessLogs: {
bucket: s3AccessLogsBucketName,
enabled: true,
prefix: "load-balancer",
},
enableDeletionProtection: true,
external: true,
securityGroups: [sgLoadBalancer],
subnets: vpc.publicSubnetIds,
vpc: vpc,
})
const webTargetGroup = alb.createTargetGroup("web", {
port: 8001,
protocol: "HTTP",
healthCheck: {
path: "/health",
},
})
const listener = alb.createListener("web-listener", {
protocol: "HTTPS",
sslPolicy: "ELBSecurityPolicy-TLS-1-2-2017-01",
certificateArn: acm.acmSSLCert.arn,
defaultActions: [{
type: "forward",
targetGroupArn: webTargetGroup.targetGroup.arn,
}]
})
gentle-diamond-70147
07/29/2019, 4:48 PMup
or after making additional changes?fierce-cpu-94517
07/29/2019, 9:28 PMup
since the alb definitions were added. I since then gave up and resorted to use regular @pulumi/aws
alb resources, which works.gentle-diamond-70147
07/29/2019, 9:35 PMfierce-cpu-94517
07/29/2019, 9:38 PMgentle-diamond-70147
07/29/2019, 9:39 PMfierce-cpu-94517
07/29/2019, 9:43 PMgentle-diamond-70147
07/29/2019, 10:37 PMfierce-cpu-94517
07/30/2019, 8:11 AM