pulumi-community #aws

full-dress-10026

05/22/2020, 8:25 PM

I'm curious if anyone has an idea why AWS Trusted Advisor sets their "low EC2 utilization" check to look for:

the daily CPU utilization was 10% or less and network I/O was 5 MB or less on 4 or more days

Specifically, why would they have network I/O 5mb or less on 4 or more days? Why not the whole duration they look over (2 weeks)? Why not 2 days? Do instances typically run some sort of small update every 5 days or something?

astonishing-gpu-37274

05/25/2020, 8:23 AM

Here's the entire log of an example stack update I attempt creating a lambda

out.txt

acceptable-stone-35112

05/25/2020, 5:23 PM

I get this error after I added a variable to api gateway deployment that forces to redeploy it. Any ideas?

Copy code

running panic: fatal: An assertion has failed: Expected diff to not require deletion or replacement during Update of urn:pulumi:dev::my-stack::aws:apigateway/deployment:Deployment::

salmon-ghost-86211

05/27/2020, 2:42 PM

I have been unable to use the

Example Usage

code at

<https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/route53/#getZone>

when the hosted zone name does not exist. I can't even trap it with a try...catch statement (I'm using typescript). Error messages are like

Copy code

error: Running program '/home/bbaker/dev/infrastructure/eks/Pulumi' failed with an unhandled exception:
Error: invocation of aws:route53/getZone:getZone returned an error: invoking aws:route53/getZone:getZone: no matching Route53Zone found
    at /home/bbaker/dev/infrastructure/eks/Pulumi/node_modules/@pulumi/pulumi/runtime/invoke.js:136:33
    at Http2CallStream.<anonymous> (/home/bbaker/dev/infrastructure/eks/Pulumi/node_modules/@grpc/grpc-js/src/client.ts:155:9)
    at Http2CallStream.emit (events.js:322:22)
    at Http2CallStream.EventEmitter.emit (domain.js:482:12)
    at /home/bbaker/dev/infrastructure/eks/Pulumi/node_modules/@grpc/grpc-js/src/call-stream.ts:186:14
    at processTicksAndRejections (internal/process/task_queues.js:79:11)

How do I check if a hosted zone exists?

delightful-controller-26409

05/27/2020, 3:41 PM

Hi there, I'm having difficulty moving some AWS resources from one stack to another. Might anyone have any tips? We have a Typescript stack that sets up resources, chiefly S3 buckets. We've rewritten some of it in Python, and want to make this part (not the whole thing) into a separate stack - without disrupting the existing buckets or their contents. The Python code creates identical resources to the old Typescript code. When I try to run

Pulumi up

with the new code on a new stack, I get:

Error creating S3 bucket: BucketAlreadyOwnedByYou: Your previous request to create the named bucket succeeded and you already own it

Which makes sense - the bucket does already exist. I don't want to destroy and recreate anything - I just want to have these existing resources be managed by this new code and stack. I'd then like to be able to remove the creation of these resources from the old Typescript code. Is the answer something to do with

pulumi stack import

best-receptionist-98400

05/27/2020, 6:16 PM

How would one get the latest of a SpotInstanceRequest? Are there any examples out there? I'm trying to do something like:

Copy code

var spotOutput = Pulumi.Aws.Ec2.SpotInstanceRequest.Get(spotRequest.GetResourceName(), spotRequest.Id, null, new CustomResourceOptions
                {
                    DependsOn = spotRequest
                });

But it keeps giving me an error: of

Copy code

aws:ec2:SpotInstanceRequest (dev-request-1):
    error: resource 'urn:pulumi:dev::aws-spot::aws:ec2/spotInstanceRequest:SpotInstanceRequest::dev-request-1' registered twice (create and read)
    error: resource 'urn:pulumi:dev::aws-spot::aws:ec2/spotInstanceRequest:SpotInstanceRequest::dev-request-1' registered twice (create and read)

best-receptionist-98400

05/27/2020, 6:18 PM

Note: I'm running this later in the stack where I initially create the spotInstanceRequest.

dazzling-sundown-39670

05/27/2020, 8:45 PM

I've created a Role that I want for my

external-dns

pods but I'm not sure how I can allow it. Currently I'm getting this error:

AccessDenied: User: arn:aws:sts::503405380068:assumed-role/k8s-pulumi-instanceRole-role-683d5cc/i-0a89701e04130e505 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::503405380068:role/update-route53-4397bfb

I guess I need to attach it to my cluster somehow? I've tried serviceRole and instanceRole but the diff shows too many affected resources

dazzling-sundown-39670

05/27/2020, 9:04 PM

I've also looked at this: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#ServiceRole but there doesn't seem to be an exported member called

serviceRole

@pulumi/eks

glamorous-printer-14057

05/28/2020, 2:46 AM

hey all, I think I might be hitting some version of this https://github.com/pulumi/pulumi-aws/issues/814 -

pulumi up

is now stuck hanging for me, and I’m not quite sure what changed. is there some way to get out of this state?

little-cartoon-10569

05/28/2020, 5:06 AM

Is there any example code / configuration using an S3 backend and/or the AWS SDK at the same time as Pulumi? I'm getting

error: error listing stacks: could not list bucket: blob (code=Unknown): MissingRegion: could not find region configuration

and don't know how to start diagnosing.

wonderful-dog-9045

05/28/2020, 6:17 PM

how do i find the import id of existing ebs volume ? https://www.pulumi.com/blog/adopting-existing-cloud-resources-into-pulumi/ is very vague about this.

little-cartoon-10569

05/28/2020, 9:52 PM

Looks like there's no Pulumi way to find DirectoryService directories. I can get one using aws.directoryservice.getDirectory, but it requires the directory id which I don't have. I'm going to look it up using the AWS SDK. Is there an intention to implement this in Pulumi?

dazzling-sundown-39670

05/30/2020, 11:27 PM

Anyone setup external-dns and would like to share some pointers? Can't get my nodes to assume the role

icy-napkin-56528

06/01/2020, 9:40 AM

I'm running into issues with EKS and nginx ingress, creating the k8s ingress service I get the hostname of the ELB back thats created, however I need to create route 53 alias entries but I cant just get them as pulumi will fail on startup as it doesnt exist

icy-napkin-56528

06/01/2020, 9:43 AM

ie is there a way of being able to load resources indirectly created by pulumi in a way that wont break the first time its run

sparse-state-34229

06/01/2020, 4:50 PM

resource options dependencies should resolve that, I think

victorious-country-25661

06/01/2020, 10:19 PM

Hi everyone. I'm running into the following issue: missing required configuration key "aws:region": The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc. Set a value using the command
pulumi config set aws:region <value>
. I've configured the aws:region through pulumi config set aws:region value but I'm still blocked by this error.

sparse-state-34229

06/01/2020, 10:21 PM

and

pulumi config get aws:region

victorious-country-25661

06/01/2020, 10:22 PM

Returning the region I've configured

sparse-state-34229

06/01/2020, 10:22 PM

head -3 <your stack.yaml>

sparse-state-34229

06/01/2020, 10:22 PM

third line should be that key?

victorious-country-25661

06/01/2020, 10:23 PM

Yup, is set as well

sparse-state-34229

06/01/2020, 10:23 PM

can you gist the full command and output?

dazzling-sundown-39670

06/02/2020, 7:06 AM

Is adding user/db to a aurora cluster possible?

calm-greece-42329

06/04/2020, 12:06 AM

if i provision a fargate profile for eks, i need to have a tag on the subnets that the group uses. the problem i am trying to solve is that those subnets already exist and i do not want to import them as managed resources in pulumi, i just want to ensure my tag is added. is there some way to only manage the tags on a resource?

acceptable-stone-35112

06/05/2020, 10:14 AM

I would expect CallbackFunction policies to accept Input<string>[] rather than string[] to avoid extra wrapping around freshly created policies

hundreds-musician-51496

06/06/2020, 5:56 PM

Why would pulumi appear to upload a file to S3 (as part of updating a stack), and the file is 4MB on disk, but the S3 object has 0 bytes?

plain-park-4925

06/08/2020, 2:41 AM

Hi everyone. I'm very new to Pulumi. I've been banging my head at this for about a day and a half already. Hoping anyone might have some insight and can help. Any help will be greatly appreciated. I'm just wanting to demo out using Pulumi to create an S3 bucket against my LocalStack AWS environment.. I've created an IAM user with an access key/secret key then associated those creds with a new AWS CLI profile. I set the default Pulumi profile to use to be that newly created one. I can't figure out how to properly overwrite the AWS S3 endpoint to be

<http://localhost:4566>

so that it hits my LocalStack environment. I think I might have kind of got it to work but now I receive this error..

Copy code

pulumi up
Enter your passphrase to protect config/secrets: 
Re-enter your passphrase to confirm: 
Previewing update (pulumi-localstack-test):
     Type                     Name                                        Plan       Info
 +   pulumi:pulumi:Stack      s3bucket-localstack-pulumi-localstack-test  create     
 +   ├─ pulumi:providers:aws  provider                                    create     
 +   ├─ aws:s3:Bucket         jon-pulumi-localstack-bucket           create     
     └─ aws:s3:BucketObject   index.html                                             1 error
 
Diagnostics:
  aws:s3:BucketObject (index.html):
    error: could not validate provider configuration: 1 error occurred:
    	* : invalid or unknown key: endpoint_url

cold-coat-35200

06/08/2020, 5:50 AM

Hi, We have a ComponentResource, which creates loadbalancer, target group, auto scaling group etc The auto scaling creation code looks like this:

Copy code

const autoScalingGroup = new aws.autoscaling.Group(
      `${name}-autoScalingGroup`,
      {
        desiredCapacity: args.minSize,
        launchConfiguration: nodeLaunchConfiguration,
        minSize: args.minSize,
        maxSize: args.maxSize,
        vpcZoneIdentifiers: args.subnetIds,
        tags: tags,
        targetGroupArns: args.targetGroupArns,
        loadBalancers: args.classicLoadBalancerNames,
      },
      { parent: this, ignoreChanges: ['desiredCapacity'] }
    )

args.targetGroupArns

defined as

Copy code

readonly targetGroupArns?: pulumi.Input<pulumi.Input<string>[]>

Same as on the original pulumi aws resource. Called this way:

Copy code

const transcoderAzWorkerNodes = new eks.WorkerNodeGroup(`${stack}-transcoder-wg-1.14`, {
    amiID: workerConfig.amiID,
    subnetIds: vpcDliverOutput.vpc.publicIpSubnetIds,
    clusterName: cluster.name,
    clusterEndPoint: cluster.endpoint,
    clusterCertificateAuthority: cluster.certificateAuthority,
    clusterInstanceRole: cluster.sharedWorkerInstanceRole,
    minSize: workerConfig.transcoder.minSize,
    maxSize: workerConfig.transcoder.maxSize,
    instanceType: workerConfig.transcoder.instanceType,
    nodeSecurityGroupID: vpcDliverOutput.securityGroup.worker.rtmpTranscoder.id,
    nodeRootVolumeSize: 25,
    nodePublicKeyName: workerSSHKey.keyName,
    kubeletExtraArgs: '--node-labels <http://dliver.com/stack=transcoder|dliver.com/stack=transcoder>',
    targetGroupArns: [groupRtmp.targetGroupArn]
  })

The problem is that when we deleted

targetGroupArns: [groupRtmp.targetGroupArn]

from the calling code, pulumi does not update the resource, did not show any updates. If we change to this

targetGroupArns: []

instead of deleting, then works as expected. Is this a normal behavior? I assume not, pulumi should recognize the change in both cases.