Active EFS replication (REPLICATING) is not correctly handled by this provider #6041
Description
Describe what happened
(Reported by a customer)
When creating an EFS that's replicated to a 2nd region, after the initial deployment, replica EFS state changes.
The property protection.replicationOverwrite is forcefully changed to REPLICATING.
It's worth noting that the resource declaration only accepts ENABLED and DISABLED (docs).
On the subsequent deployment, when running pulumi up --refresh, the provider throws the following error and prevents furher updates.
Setting ignoreChanges has no effects.
Sample program
Steps to reproducce
- Create a new stack
- Deploy the Pulumi app below ✅
- Run
pulumi up --refresh❌
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const awsConfig = new pulumi.Config("aws");
export = async() => {
const efsName = "aureq-efs";
const srcRegion = awsConfig.require("region"); // default: sydney
const srcProvider = new aws.Provider("srcProvider", {
region: srcRegion,
});
const dstRegion = "ap-southeast-4"; // melbourne
const dstProvider = new aws.Provider("dstProvider", {
region: dstRegion,
});
const efs = new aws.efs.FileSystem(`${efsName}-aws-src`, {
performanceMode: 'generalPurpose',
throughputMode: 'elastic',
encrypted: true,
}, { provider: srcProvider, parent: srcProvider });
new aws.efs.BackupPolicy(`${efsName}-aws-backup-policy-src`, {
fileSystemId: efs.id,
backupPolicy: {
status: 'ENABLED',
},
}, { parent: efs });
const efsDr = new aws.efs.FileSystem(`${efsName}-aws-dr`, {
performanceMode: 'generalPurpose',
throughputMode: 'elastic',
encrypted: true,
protection: {
replicationOverwrite: 'DISABLED',
},
},{ provider: dstProvider, parent: dstProvider, ignoreChanges: ["protection", "protection.replicationOverwrite", "protection[*].replicationOverwrite" ]});
new aws.efs.BackupPolicy(`${efsName}-aws-backup-policy-dr`, {
fileSystemId: efsDr.id,
backupPolicy: {
status: 'ENABLED',
},
}, { parent: efsDr, provider: dstProvider });
new aws.efs.ReplicationConfiguration(`${efsName}-aws-replication`, {
sourceFileSystemId: efs.id,
region: srcRegion,
destination: {
fileSystemId: efsDr.id,
region: dstRegion,
},
}, { parent: efsDr, provider: dstProvider });
return {
message: "Hello, Pulumi!",
awsEfsId: efs.id,
awsEfsDrId: efsDr.id,
};
}Log output
Previewing update (menfin/0046)
View in Browser (Ctrl+O): https://app.pulumi.com/menfin/zendesk/0046/previews/a79e9bcc-0868-4348-8308-166cc360a887
Type Name Plan Info
pulumi:pulumi:Stack zendesk-0046
├─ pulumi:providers:aws srcProvider
│ └─ aws:efs:FileSystem aureq-efs-aws-src
~ │ └─ aws:efs:BackupPolicy aureq-efs-aws-backup-policy-src refresh
└─ pulumi:providers:aws dstProvider
~ └─ aws:efs:FileSystem aureq-efs-aws-dr refresh 1 error
~ ├─ aws:efs:BackupPolicy aureq-efs-aws-backup-policy-dr refresh
~ └─ aws:efs:ReplicationConfiguration aureq-efs-aws-replication refresh
Diagnostics:
aws:efs:FileSystem (aureq-efs-aws-dr):
error: aws:efs/fileSystem:FileSystem resource 'aureq-efs-aws-dr' has a problem: expected protection.0.replication_overwrite to be one of ["ENABLED" "DISABLED"], got REPLICATING. Examine values at 'aureq-efs-aws-dr.protection.replicationOverwrite'.
Resources:
4 unchanged
1 errored
Affected Resource(s)
No response
Output of pulumi about
CLI
Version 3.207.0
Go Version go1.25.4
Go Compiler gc
Plugins
KIND NAME VERSION
resource aws 7.13.0
resource aws-native 1.39.1
language nodejs 3.207.0
Host
OS debian
Version 13.1
Arch x86_64
This project is written in nodejs: executable='/usr/local/bin/node' version='v22.21.0'
Current Stack: menfin/zendesk/0046
TYPE URN
pulumi:pulumi:Stack urn:pulumi:0046::zendesk::pulumi:pulumi:Stack::zendesk-0046
pulumi:providers:aws urn:pulumi:0046::zendesk::pulumi:providers:aws::dstProvider
pulumi:providers:aws urn:pulumi:0046::zendesk::pulumi:providers:aws::srcProvider
aws:efs/fileSystem:FileSystem urn:pulumi:0046::zendesk::pulumi:providers:aws$aws:efs/fileSystem:FileSystem::aureq-efs-aws-dr
aws:efs/fileSystem:FileSystem urn:pulumi:0046::zendesk::pulumi:providers:aws$aws:efs/fileSystem:FileSystem::aureq-efs-aws-src
aws:efs/backupPolicy:BackupPolicy urn:pulumi:0046::zendesk::pulumi:providers:aws$aws:efs/fileSystem:FileSystem$aws:efs/backupPolicy:BackupPolicy::aureq-efs-aws-backup-policy-dr
aws:efs/backupPolicy:BackupPolicy urn:pulumi:0046::zendesk::pulumi:providers:aws$aws:efs/fileSystem:FileSystem$aws:efs/backupPolicy:BackupPolicy::aureq-efs-aws-backup-policy-src
aws:efs/replicationConfiguration:ReplicationConfiguration urn:pulumi:0046::zendesk::pulumi:providers:aws$aws:efs/fileSystem:FileSystem$aws:efs/replicationConfiguration:ReplicationConfiguration::aureq-efs-aws-replication
Found no pending operations associated with menfin/0046
Backend
Name pulumi.com
URL https://app.pulumi.com/aureq
User aureq
Organizations aureq, team-ce, menfin-demo, pequod, menfin, menfin-team, demo
Token type personal
Dependencies:
NAME VERSION
@pulumi/aws-native 1.39.1
@pulumi/aws 7.13.0
@pulumi/pulumi 3.210.0
@types/netmask 2.0.6
@types/node 18.19.130
netmask 2.0.2
typescript 5.9.3
Pulumi locates its logs in /tmp by default
Additional context
This issue could be related to hashicorp/terraform-provider-aws#36811
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).