Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
b
better-baker-47643
02/03/2022, 8:48 PMIs it just me or is shockingly difficult to get a simple ECS-fargate / RDS / lambda web app deployed?
m
millions-furniture-75402
02/03/2022, 8:53 PMWhat has been your approach so far?
b
better-baker-47643
02/03/2022, 9:03 PMbasically combining the various tutorials
this error is classic:
* [WARN] A duplicate Security Group rule was found on (sg-0a0f3c5fc91f75c92). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, TCP, from port: 443, to port: 443, ALLOW" already exists
status code: 400, request id: 5db2e46f-244c-4009-b179-46ae45b85150l
little-cartoon-10569
02/03/2022, 9:30 PMThat's not specific to any of the techs you mentioned initially. That problem generally occurs (for me) when I change the Pulumi name of a security group rule.
šÆ 1
Changing the name of a rule means it's a new rule in Pulumi's eyes. It will delete the old rule and create the new one. Unfortunately, it creates the new rule first, which causes it to conflict with the old rule.
The way I usually fix this is to comment out the rule that is having its name changed, and run
pulumi uppulumi upTry to avoid renaming SG rules (and NACL rules, and probably a few other similar entities), as the process is annoying.
b
better-baker-47643
02/03/2022, 9:43 PMthanks. Iāve worked through this one. I guess my point is that it just seems like there is a huge lack of sensible defaults. what iām doing is pretty standard, it āsmells wrongā that it takes a few hundred lines of configuration
then your trapped with a security group that Pulumi requires you to delete but RDS wont let you delete
l
little-cartoon-10569
02/03/2022, 10:09 PMRDS is a bit of a pain when it comes to configuration. We have a multi-AZ SQL server instance, and our playbooks list which properties we must change when it's up, which must be changed when it's stopped, and which require turning off multi-AZ in order to change... š
b
better-baker-47643
02/03/2022, 10:19 PMi wonder if some of these issues would go away if i migrated to the awsnative provider off of classic
l
little-cartoon-10569
02/03/2022, 10:23 PMGood question. The closer you are to the AWS SDKs, the less likely some unassuming convenience code sneaks up and hits you in the back of the head.
b
better-baker-47643
02/04/2022, 1:57 PMso AWS AppRunner was what I was looking for.. would have saved two days of fighting with fargate if i found it monday š¤·
p
powerful-furniture-83753
02/04/2022, 5:01 PMdoing literally the same stuff in our stack, and what i will say is this isn't really on pulumi. Renaming security groups and any of the nitty gritty inside VPCs is tricky. Even in AWS. If it's still in your test stack, just tear it down and recreate it, it's much easier. Plus, when you ask nicely here, people are generally really helpful!