Is it just me or is shockingly difficult to get a ...
# awsb
better-baker-47643
02/03/2022, 8:48 PMIs it just me or is shockingly difficult to get a simple ECS-fargate / RDS / lambda web app deployed?
m
millions-furniture-75402
02/03/2022, 8:53 PMWhat has been your approach so far?
b
better-baker-47643
02/03/2022, 9:03 PMbasically combining the various tutorials
better-baker-47643
02/03/2022, 9:04 PMbetter-baker-47643
02/03/2022, 9:06 PMthis error is classic:
Copy code
* [WARN] A duplicate Security Group rule was found on (sg-0a0f3c5fc91f75c92). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, TCP, from port: 443, to port: 443, ALLOW" already exists
status code: 400, request id: 5db2e46f-244c-4009-b179-46ae45b85150l
little-cartoon-10569
02/03/2022, 9:30 PMThat's not specific to any of the techs you mentioned initially. That problem generally occurs (for me) when I change the Pulumi name of a security group rule.
šÆ 1
little-cartoon-10569
02/03/2022, 9:30 PMChanging the name of a rule means it's a new rule in Pulumi's eyes. It will delete the old rule and create the new one. Unfortunately, it creates the new rule first, which causes it to conflict with the old rule.
little-cartoon-10569
02/03/2022, 9:31 PMThe way I usually fix this is to comment out the rule that is having its name changed, and run
pulumi uppulumi uplittle-cartoon-10569
02/03/2022, 9:32 PMTry to avoid renaming SG rules (and NACL rules, and probably a few other similar entities), as the process is annoying.
b
better-baker-47643
02/03/2022, 9:43 PMthanks. Iāve worked through this one. I guess my point is that it just seems like there is a huge lack of sensible defaults. what iām doing is pretty standard, it āsmells wrongā that it takes a few hundred lines of configuration
better-baker-47643
02/03/2022, 9:44 PMthen your trapped with a security group that Pulumi requires you to delete but RDS wont let you delete
l
little-cartoon-10569
02/03/2022, 10:09 PMRDS is a bit of a pain when it comes to configuration. We have a multi-AZ SQL server instance, and our playbooks list which properties we must change when it's up, which must be changed when it's stopped, and which require turning off multi-AZ in order to change... š
b
better-baker-47643
02/03/2022, 10:19 PMi wonder if some of these issues would go away if i migrated to the awsnative provider off of classic
l
little-cartoon-10569
02/03/2022, 10:23 PMGood question. The closer you are to the AWS SDKs, the less likely some unassuming convenience code sneaks up and hits you in the back of the head.
b
better-baker-47643
02/04/2022, 1:57 PMso AWS AppRunner was what I was looking for.. would have saved two days of fighting with fargate if i found it monday š¤·
p
powerful-furniture-83753
02/04/2022, 5:01 PMdoing literally the same stuff in our stack, and what i will say is this isn't really on pulumi. Renaming security groups and any of the nitty gritty inside VPCs is tricky. Even in AWS. If it's still in your test stack, just tear it down and recreate it, it's much easier. Plus, when you ask nicely here, people are generally really helpful!
2 Views