pulumi-aws
pulumi-aws copied to clipboard
pulumi
EventBusPolicy updates fail
What happened?
When making any change to an existing cloudwatch.EventBusPolicy, the policy just disappears in AWS (it still exists in Pulumi state).
This happens even when the delete_before_replace option is used (which should probably just be set to True by default, since inherantly within AWS only 1 of these can exist per EventBus at a time)
Steps to reproduce
sample code from docs should work just fine https://www.pulumi.com/registry/packages/aws/api-docs/cloudwatch/eventbuspolicy/
import pulumi_aws as aws
test_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
sid="DevAccountAccess",
effect="Allow",
actions=["events:PutEvents"],
resources=["arn:aws:events:eu-west-1:123456789012:event-bus/default"],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="AWS",
identifiers=["123456789012"],
)],
)])
test_event_bus_policy = aws.cloudwatch.EventBusPolicy("testEventBusPolicy",
policy=test_policy_document.json,
event_bus_name='default',
opts=ResourceOptions(
delete_before_replace=True,
)
)
run an up, then make any change (such as testEventBusPolicy->testEventBusPolicy2) and run up again
Expected Behavior
policy within AWS still exists
Actual Behavior
the policy completely disappears within AWS. presumably because of a bug where delete_before_replace is not actually operating correctly
Output of pulumi about
CLI
Version 3.38.0
Go Version go1.19
Go Compiler gc
Host
OS debian
Version 10.12
Arch x86_64
NAME KIND VERSION SIZE INSTALLED LAST USED
aws resource 5.13.0 412 MB 1 week ago 1 week ago
aws-native resource 0.22.0 84 MB 1 week ago 1 week ago
command resource 0.4.1 24 MB 1 week ago 1 week ago
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
