set the channel description: Using AWS with Pulumi

hey, got a problem here. After updating parameters passed to

eks.createManagedNodeGroup()

pulumi wants to replace resource and fails with error "ResourceInUseException: NodeGroup already exists with name ...". I guess correct way for this should be generating unique node group name during deploy/replacement, but currently https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#createManagedNodeGroup requires

nodeGroupName

to be specified

I am thinking to use randomString from

@pulumi/random

as suffix, but not sure how can I make pulumi to regenerate it each time managednodegroup wants new resource

So when using cloudformation templates, there’s special variable I can use to refer to the account id and/or the template is being deployed into. does a similar thing exist in pulumi? For example I’m creating a

aws.iam.RolePolicy

and I want to refer to resources in the same AWS account that Pulumi won’t be aware of. for example, i want to do something like this

const taskPolicy = new aws.iam.RolePolicy("flow-log-service-policy", {
    role: taskRole.id,
    policy: {
        Version: "2012-10-17",
        Statement: [
            {
                Effect: "Allow",
                Action: [
                    "logs:CreateLogStream",
                    "logs:PutLogEvents"
                ],
                Resource: `arn:aws:logs:${pulumi.getAwsRegion}:${pulumi.getAwsAccountId}:log-group:my-log-group:*`
            }
        ]
    }
});

Has anyone successfully managed to integrate AWS Amplify framework with Pulumi ? Theoretically speaking, Amplify supports multiple infrastructure-as-code providers (CloudFormation being the default): https://aws-amplify.github.io/docs/cli-toolchain/usage#--providers Is it even in the Pulumi roadmap to eventually support AWS Amplify ?

Hey can someone help me with awsx, trying to create an SecurityGroupRule using another security group as location

SecurityGroupRule.ingress("http", 
                          appsg, 
                          lbsg,
                          new awsx.ec2.TcpPorts(80));

I'm getting "Type 'SecurityGroup' has no properties in common with type 'SecurityGroupRuleLocation'."

Does anyone know how to work with multiple managed hosts on Route53? I have one already with our domain, and I want to create a new one for different stacks but working with the same domain. The alternative is referencing existing Route53 resource on AWS and just work against that one using

getZone()

I’m creating an

awsx.ec2.Vpc

with 4 different subnet groups (private, public, db, redis). In order for them to show in the console as sensible name you can include

tags: { Name: "db" }

for each subnet, however unfortunately that results in a subnet group’s subnets having the same name regardless of what az they are in. Instead I’d like to have their names follow the format

example-name-az

or

example-name-number

, eg

example-db-us-west-2

or

example-db-2

. How can I achieve this without needing to specify each az subnet one at a time?

maybe https://github.com/terraform-providers/terraform-provider-aws/issues/9434 ?

AWS had a CloudFront API issue today, which happened to strike while I was deploying. My deploy created a CloudFront distribution, but their API reported an error ("error: error creating CloudFront Distribution: DistributionAlreadyExists: The caller reference that you are using to create a distribution is associated with another distribution.").

Does Pulumi allow upgrading RDS/Aurora instance types? I am a bit worried about doing that and deleting data.

@white-balloon-205 Does pulumi support changing instance types of a RDS/Aurora cluster without deleting anything by just changing the string for the instance class and not redefining a new db cluster?

How can I

get()

a resource that is in another region than the one I’m working in? Example: My region is set to eu-west-1:

aws:region: eu-west-1

. I’m trying to

import pulumi
from pulumi_aws import s3

s3.Bucket.get("my-bucket", "my-bucket", region="eu-central-1")

and I get

Bucket (my-bucket): BucketRegionError: incorrect region, the bucket is not in 'eu-west-1' region at endpoint ''
        status code: 301, request id: , host id:

It makes no difference whether I’m specifying the

region

argument or not, the result is the same. Is this a bug, or am I missing something again?

From Google it seems to be a limitation of terraform and they have a kind of workaround for it, but I have no idea how to do it in Pulumi

@orange-australia-91292 Create a provider for a specific region and use that provider?

It's possible in Pulumi? I'll Google it

@orange-australia-91292 https://www.pulumi.com/docs/intro/cloud-providers/aws/#configuration

I rather do that than rely on hidden configs, as it’s much clearer since you just need to read the code.

thank you, I’ll look into it

I see the provider can be passed as a resource option. got it

@white-balloon-205 Can I generate an access_key and secret for a list of specific and unspecific AWS resources? Say I create a S3Bucket and a cloudfront distrubtion and I want to let my application code have access to those + CloudWatch. Is there a way Pulumi could create the AWS resources and generate access_key and secret (not temporary)?

Ah this showed how https://github.com/pulumi/examples/tree/master/aws-ts-assume-role

An amazing feature for awsx would be the ability to combine a bunch of Pulumi resources and generate the keys without doing everything else.

I guess what I really want is to create a user/tokens with limited access to only everything pulimi creates.

Hello all, I'm playing around with the ts static website sample and everything seems to work so far but the uploaded files are all empty and I don't really understand why. I'm on a Mac and the source files are of course correct. The rest seems to work when I upload all the file via aws s3 sync or manually but this is not the idea 😕

I have a handful of lambdas whose "code" property is getting updated everytime i

pulumi up

— is this new behavior?

Anyone know how to set extra python libs for a glue job?

@white-balloon-205 Does Pulimi expose the arn of created resources Like could I get

arn:aws:dynamodb:us-east-2:123456789012:table/Books

somehow? When creating a dynamodb for creating a Policy to give access to a group?

We need to spin up a bunch of resources. Then create policies for accessing them to a group consisting of 0 Users (users will be added via the AWS console)