Hello I m struggling to import an aws IAM role created exter

Question

Hello I m struggling to import an aws IAM role created externally into my pulumi stack I ran the pulumi import command and added the code snippet it gave me to my script but pulumi keeps trying to delete and replace the role still Pointers would be appreciated

bored-table-20691 · Answer

Can you share the example and the Pulumi output

echoing-dinner-19531 · Answer

That would be helpful I m working on imports at the moment so examples of where it s not working are really useful

some-continent-1577 · Answer

Thanks for the replies Here s some source code terminal output and versions of mine It s manually whittled down from a bigger stack I d rather not share here I think I got the whittling right but also working on a more minimal example

some-continent-1577 · Answer

some-continent-1577 · Answer

Hmm I created a small 1 resource stack with just the role then imported then ran pulumi up and that worked fine Maybe some action I took between the import and the pulumi up in the big stack messed up the state there somehow I m not sure what that action that would have been though unfortunately there were many I ll retry with the big stack

bored-table-20691 · Answer

Does your big stack use a special provider implicitly or explicitly

bored-table-20691 · Answer

I ve had that happen before

bored-table-20691 · Answer

bored-table-20691 · Answer

<https www pulumi com docs intro concepts resources options import > I d look to see if you can possibly use this rather than `pulumi import `

some-continent-1577 · Answer

I was using stack provider config Pulumi myenv yaml aws assumeRole to assume a certain role in another account where the iam role and other resources are Not clear to me what explicit implicit non default provider I have no provider= overrides in my pulumi python code just aws probider config settings in my stack config And that did access the different account role correctly

some-continent-1577 · Answer

After retrying with my big stack it did work this time Not sure what happened before

some-continent-1577 · Answer

And thanks for the pointer to the import resource option I m not quite clear on the advantages after reading the doc I guess it can make the history of the import having been done more clear and can maybe avoid doubling the code required for multiple stacks where a resource may or may not be required In my case the existing iam role I want to use doesn t exactly match the role that my pulumi code will otherwise create And I just want Maybe if I could somehow combine the import together with ignore changes= root I think root means all properties and only apply that to cases where the resource was imported and not created by pulumi I think that s what I d want But I have a decent way forward now using the cli import

echoing-dinner-19531 · Answer

gt ignore changes= root I think root means all properties `ignore changes= ` should be all properties