https://pulumi.com logo
Title
e

elegant-architect-38580

01/05/2023, 2:07 PM
Is it possible to import awsx resources to a pulumi state? I get this when trying:
awsx:x:ec2:SecurityGroup:x:ec2:IngressSecurityGroupRule:ec2/securityGroupRule:SecurityGroupRule (<resource name>):
    error: Preview failed: provider does not support importing resources; please try updating the 'awsx' plugin
awsx version is 0.32
b

billowy-army-68599

01/05/2023, 5:59 PM
@elegant-architect-38580 awsx is a component resource, so you can’t import it that way. you need to import it as an
aws.ec2.SecurityGroup
e

elegant-architect-38580

01/05/2023, 6:08 PM
I tried that but pulumi up still wants to create the resource
did this:
pulumi import aws:ec2/securityGroupRule:SecurityGroupRule <name_of resource_set_by_pulumi_program> <import_statement>
b

billowy-army-68599

01/05/2023, 6:16 PM
okay so you’ve defined a security group with awsx but also imported it as an awsx resource. That won’t work. You’ll need to remove the awsx resource or set it as the parent during the import, which is not a well trodden path
e

elegant-architect-38580

01/05/2023, 6:19 PM
security group is defined as awsx and ingress rules are defined on the security groups resource like this:
const natGatewayPublicIps = getConfigSection<string[]>('natGatewayPublicIps');

        natGatewayPublicIps.forEach((publicIp: string, index: number) => {
            this.securityGroup.createIngressRule(`${this._serviceName}-nat-gateway-ingress-${index}`, {
                fromPort: 443,
                toPort: 443,
                protocol: 'tcp',
                cidrBlocks: [`${publicIp}/32`],
            });
        });
    }
I need to import some additional IP's to the list which was click-opsed on the security group
b

billowy-army-68599

01/05/2023, 6:21 PM
it’s not clear how you’ll get from where you are to where you want to be to me, I’d probably just delete the clickops security group rule or not bother with the awsx implementation
e

elegant-architect-38580

01/05/2023, 6:23 PM
it's production so we need to avoid downtime. My solution is to change it regular aws.ec2.SecurityGroupRule so I can import all rules to it in the state
Is this a general limitation with component resources?
b

billowy-army-68599

01/05/2023, 6:24 PM
it’s not, you can import with the
--parent
flag but with awsx before v1 and what you’re doing it’s a not easy to explain over slack
e

elegant-architect-38580

01/05/2023, 6:24 PM
hehe, okay. Thanks for the help:)
I've imported all the rules to aws.ec2.SecurityGroupRule resources, but I am unable to delete the old awsx resources. get this error:
error: No such resource "urn:pulumi:production::<stackname>::awsx:x:ec2:SecurityGroup:x:ec2:IngressSecurityGroupRule::<pulumi name of resource>" exists in the current state
Is this also because of the parent dependies? Doesn't look like pulumi state delete supports defining parents
I do see these old resources listed in the state
b

billowy-army-68599

01/05/2023, 7:56 PM
that’s a shell escaping problem, there should be a
$
in there
do
pulumi state delete '<urn>'
with
'
instead of `"`”
e

elegant-architect-38580

01/05/2023, 8:40 PM
i actually did not use
"
but added
'
which fixed it for me