https://pulumi.com logo
s

salmon-account-74572

02/11/2020, 9:51 PM
What's the best way to determine why Pulumi (via
pulumi preview
) is saying a resource must be replaced?
i

incalculable-angle-91273

02/11/2020, 9:57 PM
Sometimes I run a
pulumi up
select
details
when it asks me “Do you want to perform this update?” to help figure that out
if that doesn’t help I’ve ran these commands in the past that were helpful:
Copy code
pulumi preview --logtostderr -v=9 2> out.txt

grep replaces= out.txt
It’s super verbose but it might help you determine what’s going on
g

gentle-diamond-70147

02/11/2020, 9:59 PM
pulumi preview --diff
☝️ 1
s

salmon-account-74572

02/11/2020, 10:17 PM
OK, so it looks like the replacement of the EC2 instance is somehow related to the security group assigned to the instance (which is not changing or being modified in any way).
Is this a known behavior, or is there something I'm doing wrong here?
g

gentle-diamond-70147

02/11/2020, 10:50 PM
I think I know what's happening
Are you using the
securityGroups
argument to specify your security groups? If so, you should use
vpcSecurityGroupIds
instead.
securityGroups
is a "legacy" AWS argument from the EC2-Classic days before they had VPC support. It's an immutable property of EC2 instances. Whereas
vpcSecurityGroupIds
allows changes.
s

salmon-account-74572

02/11/2020, 11:20 PM
Ah, I see! Thanks for the clarification. I will update my code accordingly!
g

gentle-diamond-70147

02/11/2020, 11:38 PM
We have an open issue to deprecate
securityGroups
, fwiw.
👍🏻 1
2 Views