Hello, I’m struggling to import an aws IAM role cr...
# general
Hello, I’m struggling to import an aws IAM role created externally into my pulumi stack; I ran the pulumi import command and added the code snippet it gave me to my script, but pulumi keeps trying to delete and replace the role still. Pointers would be appreciated
Can you share the example and the Pulumi output?
That would be helpful, I'm working on imports at the moment so examples of where it's not working are really useful
Thanks for the replies. Here’s some source code, terminal output, and versions of mine. It’s manually whittled down from a bigger stack I’d rather not share here. I think I got the whittling right, but also working on a more minimal example
Hmm, I created a small 1-resource stack with just the role, then imported, then ran pulumi up--and that worked fine. Maybe some action I took between the import and the pulumi up in the big stack messed up the state there somehow. I’m not sure what that action that would have been though unfortunately (there were many). I’ll retry with the big stack…
Does your big stack use a special provider (implicitly or explicitly)?
I’ve had that happen before
https://www.pulumi.com/docs/intro/concepts/resources/options/import/ - I’d look to see if you can possibly use this rather than
pulumi import …
I was using stack provider config (Pulumi.myenv.yaml aws:assumeRole) to assume a certain role in another account where the iam role and other resources are. Not clear to me what explicit/implicit non-default provider. I have no provider=* overrides in my pulumi python code, just aws probider config settings in my stack config. And that did access the different account/role correctly.
After retrying with my big stack, it did work this time. Not sure what happened before.
And thanks for the pointer to the import resource option. I’m not quite clear on the advantages after reading the doc - I guess it can make the history of the import having been done more clear, and can maybe avoid doubling the code required for multiple stacks where a resource may or may not be required? In my case the existing iam role I want to use doesn’t exactly match the role that my pulumi code will otherwise create. And I just want . Maybe if I could somehow combine the import together with ignore_changes=[‘root’] (I think ‘root’ means all properties?), and only apply that to cases where the resource was imported and not created by pulumi - I think that’s what I’d want. But I have a decent way forward now using the cli import
ignore_changes=[‘root’] (I think ‘root’ means all properties?)
should be all properties