What s the best way to determine why Pulumi via `pulumi prev

Question

What s the best way to determine why Pulumi via `pulumi preview` is saying a resource must be replaced

incalculable-angle-91273 · Answer

Sometimes I run a `pulumi up` select `details` when it asks me Do you want to perform this update to help figure that out

incalculable-angle-91273 · Answer

if that doesn t help I ve ran these commands in the past that were helpful ```pulumi preview logtostderr v=9 2 gt out txt grep replaces= out txt``` It s super verbose but it might help you determine what s going on

gentle-diamond-70147 · Answer

`pulumi preview diff`

salmon-account-74572 · Answer

OK so it looks like the replacement of the EC2 instance is somehow related to the security group assigned to the instance which is not changing or being modified in any way

salmon-account-74572 · Answer

Is this a known behavior or is there something I m doing wrong here

gentle-diamond-70147 · Answer

I think I know what s happening

gentle-diamond-70147 · Answer

Are you using the `securityGroups` argument to specify your security groups If so you should use `vpcSecurityGroupIds` instead

gentle-diamond-70147 · Answer

`securityGroups` is a legacy AWS argument from the EC2 Classic days before they had VPC support It s an immutable property of EC2 instances Whereas `vpcSecurityGroupIds` allows changes

salmon-account-74572 · Answer

Ah I see Thanks for the clarification I will update my code accordingly

gentle-diamond-70147 · Answer

We have an open issue to deprecate `securityGroups` fwiw