https://pulumi.com logo
#general
Title
# general
a

alert-zebra-27114

03/28/2022, 11:49 AM
I need to make a change to an AWS LogGroup, that might exist and might not exist yet. How do you go about that? * If I use LogGroup(...), then it fails, if the group already exists * If I use LogGroup(..., opts=pulumi.ResourceOptions(import_='...')), then it fails, if the group does not exist yet Are there any create-if-needed option? Or a way to test if a group already exists? (I can live with the small timing-hole..., as I can "just" re-run the up command in case of errors)
e

echoing-dinner-19531

03/28/2022, 1:21 PM
There are some issues open around this but my search skills seem to be failing me today. I’ve found https://github.com/pulumi/pulumi/issues/3388 but I think theres some other related ones as well.
b

billowy-army-68599

03/28/2022, 3:08 PM
@alert-zebra-27114 you can use the AWS SDK to check for the existence, and then modify the
import
resource option, that's the only workaround I can think of. Ultimately, you'll need to
import
and take management of it
👍 1
a

alert-zebra-27114

03/29/2022, 7:51 AM
I will try to use boto3 to test the presence of the log group... Very good idea 🙂
Works perfectly. Thanks!
b

billowy-army-68599

03/29/2022, 1:35 PM
@alert-zebra-27114 would you mind sharing a sanitised version code? I've made this suggestion before and others haven't got it working, I meant to write an example but this will really help
a

alert-zebra-27114

03/30/2022, 6:19 AM
@billowy-army-68599 Here it is... (caveat - this code has not been tested, but should be exactly the same functionally as mine 🙂 ) Note that I run all the Pulumi code twice! First with import_phase as True and then a second time with import_phase as False. This is to make sure we can import existing resources before they are modified. We have used this in other cases - most notably with the CoreDNS ConfigMap. It works fine, even if it takes an extra 10-15 seconds to complete. Here is the code:
Copy code
import boto3
import pulumi
from pulumi_aws import cloudwatch


def set_cloudwatch_log_retention(profile: str, region: str, log_group_name: str, import_phase: bool) -> None:
    client = boto3.Session(profile_name=profile, region_name=region).client('logs')
    aws_log_groups = client.describe_log_groups(
        logGroupNamePrefix=log_group_name
    )
    existing_log_group_names = [lg['logGroupName'] for lg in aws_log_groups['logGroups']]

    rname = f'''loggroup.{log_group_name.replace('/', '-')}'''
    if import_phase and log_group_name not in existing_log_group_names:
        cloudwatch.LogGroup(
            rname,
            name=log_group_name,

            opts=pulumi.ResourceOptions(
                import_=log_group_name
            )
        )

    else:
        cloudwatch.LogGroup(
            rname,
            name=log_group_name,
            retention_in_days=30
        )
Ohh.... well. It failed this time 😞 The problem is that when the above code is run (in the plan phase) the loggroup might not exist, but later, then the Pulumi server is applying the plan, the loggroup might exist. This just happened to me, that there was a long time from the creation of an EKS cluster until the loggroup was handled. The loggroup did not exist before, but when the create resource action happened, it did... The good news.... I can just repeat the up operation and the rest is done...
b

billowy-army-68599

03/30/2022, 3:22 PM
@alert-zebra-27114 you can wrap the boto call in
pulumi.is_dry_run()
👍 1
a

alert-zebra-27114

03/31/2022, 7:26 AM
And I can see that an error got into the code... there should be no 'not' in the if statement:
Copy code
import boto3
import pulumi
from pulumi_aws import cloudwatch


def set_cloudwatch_log_retention(profile: str, region: str, log_group_name: str, import_phase: bool) -> None:
    client = boto3.Session(profile_name=profile, region_name=region).client('logs')
    aws_log_groups = client.describe_log_groups(
        logGroupNamePrefix=log_group_name
    )
    existing_log_group_names = [lg['logGroupName'] for lg in aws_log_groups['logGroups']]

    rname = f'''loggroup.{log_group_name.replace('/', '-')}'''
    if import_phase and log_group_name in existing_log_group_names:
        cloudwatch.LogGroup(
            rname,
            name=log_group_name,

            opts=pulumi.ResourceOptions(
                import_=log_group_name
            )
        )

    else:
        cloudwatch.LogGroup(
            rname,
            name=log_group_name,
            retention_in_days=30
        )
36 Views