Is this a reliable pattern for conditional resources that may already exist in AWS but not in pulumi and if not then create it?

def conditional_role_not_exists():
    try:
        result = aws.iam.get_role("conditional_role_not_exists")
        if result.id:
            return
    except:
        pass
    # create if it does not exist
    aws.iam.Role("conditional_role_not_exists", args=aws.iam.RoleArgs(assume_role_policy="{}"))

conditional_role_not_exists()

Oh I'm sure someone else had commented on this correctly.... This will confuse the engine as the resource flip-flops between get_role and new Role. There's an issue tracking support for this at https://github.com/pulumi/pulumi/issues/3388, and some comments at https://github.com/pulumi/pulumi/issues/3364#issuecomment-1267034580 explaining why a tryGet style doesn't work

I shall assume that it is not safe to rely on. I noticed another case where I used this feature in similar manner to get rds instance or cluster

try:
    existing_db = rds.get_cluster(
        cluster_identifier=db_params.apply(lambda x: x["db"]["identifier"]),
        opts=pulumi.InvokeOptions(provider=ec1_provider),
    )
except Exception as exc:
    if "DBClusterNotFoundFault" not in str(exc):
        raise exc
    existing_db = rds.get_instance(
        db_instance_identifier=db_params.apply(lambda x: x["db"]["identifier"]),
        opts=pulumi.InvokeOptions(provider=ec1_provider),
    )

After updating pulumi to 5.28.0 underlying SDK exception

DBClusterNotFoundFault

is no longer present in the message

oh that's a different use case to what we've seen before

oh that's great. Any ETA on tryGet? I assume it may be 6 months or more

We we had assumed it was useless and weren't going to do it because everyone seemed to be using it as a "try get or create" test and it doesn't work for that. Sounds like we might want to reopen https://github.com/pulumi/pulumi/issues/3364 to cover this

sure