06/15/2020, 4:24 PM
So far, the examples off the pulumi website all feature essentially static configurations. How does one make the
file more dynamic? I'm trying to modify an SG in runtime--make a permissive one, then bring up the instance and allow it to update packages, and then (hopefully) make the SG more restrictive. Does plumi + typescript allow that in some fashion?


06/16/2020, 8:37 PM
As I understand it, an
changes an actual state into a desired in as close to a single action as is feasible. If I were to attempt what you're describing, I'd look at calling pulumi twice: first create the permissive SG and instance, then change the project to reflect the real desired state.
It would be easy to write a program that calls out to pulumi twice, but I probably would prefer not to, since then I'd need two projects with contradictory desired states. `up`ping one would effectively damage the other.
Is it feasible to build your instance image so that it starts off in its updated state, before it is brought up? You can use image bulider to build the right image, and make your instance dependent on the built image.
Maybe that would allow you to never have a permissive security group?