swift-whale-31925
11/16/2022, 8:04 PMconst amznAmi = aws.getAmiOutput({
filters: [{
name: "name",
values: ["amzn2-ami-kernel-*"],
}],
owners: ["137112412989"], // NOTE: this is Amazon's Owner ID for Official Amazon-managed AMIs
mostRecent: true,
});
/* snip */
const instance = new aws.ec2.Instance(customName, {
ami: pulumi.interpolate`${amznAmi.id}`,
instanceType: "t2.medium",
networkInterfaces: [{
networkInterfaceId: networkInterface.id,
deviceIndex: 0,
}],
userData: userData,
keyName: "some-key",
tags: {
Name: customName
},
rootBlockDevice: {
volumeSize: 400
}
},
This builds fine on initial stack buildouts, but whenever Amzn publishes a new Amzn Linux 2 AMI, I run into an issue where pulumi can't create the right update strategy. The AMI triggers a replacement of the EC2 Instance (see the entire preview below (with --show-replacement-steps on):
Type Name Plan Info
pulumi:pulumi:Stack infra-dev 1 warning
+- └─ aws:ec2:Instance instance replace [diff: ~ami]
But there are resources that helped build that instance (like networkInterface
) that don't get neatly detached:
aws:ec2:Instance (instance):
error: 1 error occurred:
* creating EC2 Instance: InvalidNetworkInterface.InUse: Interface: [eni-<snip>] in use.
status code: 400, request id: <snip>
My question is: how can I best tell Pulumi what my ideal update strategy is when a field that triggers replacement (e.g. ami
) on a resource inevitably is different? In particular with EC2, I would want Pulumi to stop the EC2 instance -> detach the NetworkInterface -> terminate the old instance -> create a new EC2 with the new AMI and current userData
-> re-attach the NetworkInterface.little-cartoon-10569
11/16/2022, 8:06 PMswift-whale-31925
11/16/2022, 8:09 PMdependsOn
, parent
, etc. Instead of handling that flow above, they offer this preview:
Type Name Plan Info
pulumi:pulumi:Stack infra-dev 1 warning
├─ aws:ec2:NetworkInterface networkInterface
+ │ └─ aws:ec2:Instance instance create
- └─ aws:ec2:Instance instance. delete
little-cartoon-10569
11/16/2022, 8:09 PMswift-whale-31925
11/16/2022, 8:10 PMlittle-cartoon-10569
11/16/2022, 8:11 PMswift-whale-31925
11/16/2022, 8:13 PMlittle-cartoon-10569
11/16/2022, 8:17 PMprivateIp
. If you don't need a specific IP address, don't provide one, let AWS pick one for you. This is much safer.swift-whale-31925
11/16/2022, 8:50 PM