This message was deleted Pulumi Community #aws

Join Slack

This message was deleted.

# aws

sparse-intern-71089

01/05/2023, 2:07 PM

This message was deleted.

elegant-architect-38580

01/05/2023, 2:28 PM

awsx version is 0.32

billowy-army-68599

01/05/2023, 5:59 PM

@elegant-architect-38580 awsx is a component resource, so you can’t import it that way. you need to import it as an

aws.ec2.SecurityGroup

elegant-architect-38580

01/05/2023, 6:08 PM

I tried that but pulumi up still wants to create the resource

elegant-architect-38580

01/05/2023, 6:13 PM

did this:

pulumi import aws:ec2/securityGroupRule:SecurityGroupRule <name_of resource_set_by_pulumi_program> <import_resource_reference>

billowy-army-68599

01/05/2023, 6:16 PM

okay so you’ve defined a security group with awsx but also imported it as an awsx resource. That won’t work. You’ll need to remove the awsx resource or set it as the parent during the import, which is not a well trodden path

elegant-architect-38580

01/05/2023, 6:19 PM

security group is defined as awsx and ingress rules are defined on the security group resource like this:

Copy code

const natGatewayPublicIps = getConfigSection<string[]>('natGatewayPublicIps');

        natGatewayPublicIps.forEach((publicIp: string, index: number) => {
            this.securityGroup.createIngressRule(`${this._serviceName}-nat-gateway-ingress-${index}`, {
                fromPort: 443,
                toPort: 443,
                protocol: 'tcp',
                cidrBlocks: [`${publicIp}/32`],
            });
        });
    }

I need to import some additional IP's to the list which was click-opsed on the security group

billowy-army-68599

01/05/2023, 6:21 PM

it’s not clear how you’ll get from where you are to where you want to be to me, I’d probably just delete the clickops security group rule or not bother with the awsx implementation

elegant-architect-38580

01/05/2023, 6:23 PM

it's production so we need to avoid downtime. My solution is to change it regular aws.ec2.SecurityGroupRule so I can import all rules to it in the state

elegant-architect-38580

01/05/2023, 6:23 PM

Is this a general limitation with component resources?

billowy-army-68599

01/05/2023, 6:24 PM

it’s not, you can import with the

--parent

flag but with awsx before v1 and what you’re doing it’s a not easy to explain over slack

elegant-architect-38580

01/05/2023, 6:24 PM

hehe, okay. Thanks for the help:)

elegant-architect-38580

01/05/2023, 7:28 PM

I've imported all the rules to aws.ec2.SecurityGroupRule resources, but I am unable to delete the old awsx resources from state using

pulumi state delete

. get this error:

Copy code

error: No such resource "urn:pulumi:production::<stackname>::awsx:x:ec2:SecurityGroup:x:ec2:IngressSecurityGroupRule::<pulumi name of resource>" exists in the current state

Is this also because of the parent dependies? Doesn't look like pulumi state delete supports defining parents

elegant-architect-38580

01/05/2023, 7:29 PM

I do see these old awsx resources listed in the state

billowy-army-68599

01/05/2023, 7:56 PM

that’s a shell escaping problem, there should be a

in there

billowy-army-68599

01/05/2023, 7:56 PM

pulumi state delete '<urn>'

billowy-army-68599

01/05/2023, 7:56 PM

with

instead of `"`”

🙌 1

elegant-architect-38580

01/05/2023, 8:40 PM

i actually did not use

but added

which fixed it for me

🎉 1

Open in Slack

Previous Next