FlowLogs creation/state check doesn't work

[manca-disc]

Hi there,

We're seeing another problem with FlowLogs after upgrading to latest Go Pulumi AWS Plugin.

This is the error we get when we run pulumi up:

  aws:ec2:FlowLog (dev-project-flow-logs):
    error: 1 error occurred:
        * Error creating Flow Log for (vpc-xxx), error: FlowLogAlreadyExists: Error. There is an existing Flow Log with the same configuration and log destination.
        status code: 400, request id: b51abc3d-ff24-4972-95b5-a574b44121fd

This used to work without problems before. They way we create the flow log is simple as:

ec2.NewFlowLog(ctx, name, &ec2.FlowLogArgs{
        IamRoleArn:     iamRoleArn,
        LogDestination: logGrpArn,
        TrafficType:    pulumi.String("ALL"),
        VpcId:          vpcId,
    })

Let me know if you can assist with this issue.

[stack72]

Hi @manca-disc

Are you sure there is no FlowLog with that config already existing? It's like you've dropped the resource from the state and Pulumi is trying to recreate it

Paul

[manca-disc]

Nothing changed in the stack since the upgrade. This specific flow log is there, but for some reason Pulumi still tries to recreate it. Why's that?

[stack72]

Pulumi will only try and recreate it if it can't find it in its state file.

Have you logged into the same "backend" as you previously used? If you run the command

Pulumi stack export > mystack.json

Then you will be able to see what resources exist in your state file

Alternatively you can run

Pulumi whoami -v

And Pulumi will tell you the backend you are logged into

If it's the right backend and the resource is not in your state file then that's why it's trying to recreate

One last ditch debug idea, I'm not sure of your setup, but maybe another of the developers had pushed Pulumi code to the same region and this named something the same?

Paul

[manca-disc]

pulumi refresh helped. Something caused Pulumi state to drop the flowlogs resource...

[stack72]

Glad to hear it is working for you!