https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • s

    some-chef-79525

    06/08/2020, 7:54 AM
    Hi all, I've got an old manually created EIP that I'm making use of in my Pulumi code. When I try associate it with a different instance, I get the following and I just want to confirm that this isn't going to delete the actual EIP:
  • s

    sparse-state-34229

    06/08/2020, 8:28 AM
    are you importing it? https://www.pulumi.com/docs/guides/adopting/import/
  • s

    some-chef-79525

    06/08/2020, 8:57 AM
    Hmm, no I'm not. I've created an EipAssociation and am grabbing it by its allocation ID.
  • s

    some-chef-79525

    06/08/2020, 8:58 AM
    I'll give that doc a read and see where I'm going wrong.
  • g

    gifted-city-99717

    06/08/2020, 8:26 PM
    Hi, I’m getting an error trying to create an elastic search cluster with pulumi (golang).
    Diagnostics:
    [ yments/ci-telemetry/datastores ]   aws:iam:ServiceLinkedRole (insights-ci-es-dev-linked-role):
    [ yments/ci-telemetry/datastores ]     error: Error creating service-linked role with name <http://es.amazonaws.com|es.amazonaws.com>: InvalidInput: Service role name AWSServiceRoleForAmazonElasticsearchService has been taken in this account, please try a different suffix.
    [ yments/ci-telemetry/datastores ]     	status code: 400, request id: a5add6a6-3215-463a-80d8-19509d7d0e21
    If I try a
    CustomSuffix
    in the DomainArgs struct, I’m told suffixs aren’t support with ES. can I only have 1 cluster per account?
  • g

    gifted-city-99717

    06/08/2020, 8:38 PM
    Hmm, it appears the role can’t be deleted as it thinks a domain still exists..
  • g

    gifted-city-99717

    06/08/2020, 8:46 PM
    ok. Nevermind. I was able to delete the role manually in the console… Maybe there’s a update lag between IAM and ES
  • p

    plain-park-4925

    06/08/2020, 10:05 PM
    I'm trying to get Pulumi to deploy to my LocalStack AWS environment but can't seem to get it to work.. I can successfully deploy to one of my actual AWS accounts specified in my default profile but I keep getting a 403 forbidden. I've tried to create an IAM user with admin access and generated an access/secret key in my LocalStack AWS environment. 403 Forbidden. I've tried to manually use AWS CLI pointed at my LocalStack environment to get STS credentials and still another 403 Forbidden when I try to use those to deploy. There must be something I didn't set correctly with my LocalStack environment because it works in one of my actual AWS accounts... Any ideas?
    g
    f
    q
    • 4
    • 16
  • b

    best-receptionist-98400

    06/10/2020, 2:01 PM
    Is there a way to accomplish the following scenario: • Create new version of launch template • Update ASG to use latest version of launch template • Force all old instances created w/ old launch template out to bring in the new instances w/ new launch template? Steps 1 and 2 are fine, but I am having trouble with step 3. There's "TerminationPolicy" but I think that only applies when the instances are told to spin down?
    p
    b
    • 3
    • 7
  • b

    bitter-zebra-93800

    06/10/2020, 4:09 PM
    Hi all, I have been using the following line in calls to new aws.ec2.Instance(
    subnetId: vpc.publicSubnetIds[0], // use the subnet(s) from awsx.ec2.Vpc
    It works fine in 3 of my stacks with identical vpcs but on a new on it gives this error
    Element implicitly has an 'any' type because expression of type '0' can't be used to index type 'Promise<Output<string>[]>'.
      Property '0' does not exist on type 'Promise<Output<string>[]>'.
    I am baffled by it, if I copy index.ts to a new name it does not show the error. Any help greatly appreciated.
    g
    • 2
    • 4
  • m

    millions-furniture-75402

    06/10/2020, 4:22 PM
    Has anyone had issues with
    pulumi logs -f
    not aggregating cloudwatch logs recently? They are in cloudwatch, but the logs command isn’t displaying anything.
  • g

    gifted-city-99717

    06/10/2020, 7:09 PM
    Hi all. I’m experiencing a problem trying to set up a bucket notification but am seeing the following:
    [ ts/ci-telemetry/notifying-sink ] Updating (p-it-loptaploca-notifying--d6912a43):
    [ ts/ci-telemetry/notifying-sink ]
    [ ts/ci-telemetry/notifying-sink ]     pulumi:pulumi:Stack corelight-notifying-sink-p-it-loptaploca-notifying--d6912a43 running
    [ ts/ci-telemetry/notifying-sink ]     citelemetry:notifyingsink:S3SinkBucket ci-telemetry-test
    [ ts/ci-telemetry/notifying-sink ]     aws:iam:Role task-exec-role
    [ ts/ci-telemetry/notifying-sink ]     aws:s3:Bucket ci-telemetry-test
    [ ts/ci-telemetry/notifying-sink ]     aws:lambda:Function s3Handler
    [ ts/ci-telemetry/notifying-sink ]     aws:sns:Topic ci-telemetry-test-sns-topic
    [ ts/ci-telemetry/notifying-sink ]     aws:lambda:Permission lambda-permission
    [ ts/ci-telemetry/notifying-sink ]  +  aws:s3:BucketNotification ci-telemetry-test-notification creating
    [ ts/ci-telemetry/notifying-sink ]     aws:sns:TopicSubscription topic-subscription
    [ ts/ci-telemetry/notifying-sink ]  +  aws:s3:BucketNotification ci-telemetry-test-notification creating error: Error putting S3 notification configuration: InvalidARNError: invalid ARN
    [ ts/ci-telemetry/notifying-sink ]  +  aws:s3:BucketNotification ci-telemetry-test-notification **creating failed** error: Error putting S3 notification configuration: InvalidARNError: invalid ARN
    [ ts/ci-telemetry/notifying-sink ]     pulumi:pulumi:Stack corelight-notifying-sink-p-it-loptaploca-notifying--d6912a43 running error: update failed
    [ ts/ci-telemetry/notifying-sink ]     pulumi:pulumi:Stack corelight-notifying-sink-p-it-loptaploca-notifying--d6912a43 **failed** 1 error
    [ ts/ci-telemetry/notifying-sink ]     citelemetry:notifyingsink:S3SinkBucket ci-telemetry-test
    [ ts/ci-telemetry/notifying-sink ]
    the code looks like
    resource.Bucket, err = s3.NewBucket(ctx, name, &s3.BucketArgs{
    		Bucket: pulumi.String(name),
    	}, pulumi.Parent(&resource))
    	if err != nil {
    		return nil, err
    	}
    
    	resource.Topic, err = sns.NewTopic(ctx, name+"-sns-topic", &sns.TopicArgs{
    		Policy: pulumi.Sprintf(`{
    			"Version":"2012-10-17",
    			"Statement":[{
    				"Effect": "Allow",
    				"Principal": { "AWS": "*" },
    				"Action": "SNS:Publish",
    				"Resource": "arn:aws:sns:*:*:s3-event-notification-topic",
    				"Condition":{
    					"ArnLike":{"aws:SourceArn": "%s"}
    				}
    			}]
    		}`, resource.Bucket.Arn),
    	}, pulumi.Parent(&resource))
    	if err != nil {
    		return nil, err
    	}
    
    	// I think this is causing the 'Invalid ARN'
    	resource.S3Notification, err = s3.NewBucketNotification(ctx, name+"-notification", &s3.BucketNotificationArgs{
    		Bucket: resource.Bucket.Arn,
    		Topics: s3.BucketNotificationTopicArray{
    			s3.BucketNotificationTopicArgs{
    				Events:   toPulumiStringArray("s3:ObjectCreated:*"),
    				TopicArn: resource.Topic.Arn,
    			},
    		},
    	}, pulumi.Parent(&resource), pulumi.DependsOn([]pulumi.Resource{resource.Bucket, resource.Topic}))
    	if err != nil {
    		return nil, err
    	}
    Has anyone seen anything like this before? Or maybe there’s an example of a bucketnotification?
    a
    • 2
    • 3
  • l

    little-cartoon-10569

    06/10/2020, 9:41 PM
    I'm having issues using the EC2 SDK from a lambda that Pulumi has created via
    aws.cloudwatch.onSchedule()
    . I can run
    console.log
    inside the eventhandler code and I can see the output in my cloudwatch log. But the
    console.log
    code I have inside my
    ec2Client.describeInstances()
    callback is not appearing in cloudwatch; I don't know if it's because the callback isn't being called, or if there's insufficient permissions. How should I investigate? Where would (for example) permission errors show up?
    • 1
    • 3
  • w

    worried-engineer-33884

    06/12/2020, 11:42 PM
    How do I use crosswalk to set up an api that targets a step functions state machine?
  • b

    bitter-zebra-93800

    06/14/2020, 10:29 PM
    Would the code below cause a “pulumi up” to replace servers every time debian updates the AMI? If so is it easy to pin it after the fact since that is not the behavior I want.
    // Get latest Debian Buster AMI
    const busterId = aws.getAmi({
        owners: ["136693071363"],
        mostRecent: true,
        filters: [{
            name: "name",
            values: ["debian-10-amd64-*"],
        }],
    }, { async: true }).then(ami => ami.id);
    b
    g
    • 3
    • 8
  • h

    hundreds-portugal-17080

    06/16/2020, 7:27 PM
    With latest sdk's, creation of cluster is failing. Is this known issue?
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    import * as eks from "@pulumi/eks";
    
    // Create an EKS cluster with the default configuration.
    const cluster = new eks.Cluster("my-cluster");
    
    // Export the cluster's kubeconfig.
    export const kubeconfig = cluster.kubeconfig
    b
    b
    b
    • 4
    • 10
  • n

    nice-airport-15607

    06/16/2020, 8:55 PM
    having a huge problem trying to get an sns topic, and then set the topic & topic arn for creating a subscription, has anyone else dealt with SNS topics & subscriptions?
    f
    • 2
    • 3
  • f

    full-window-21515

    06/17/2020, 5:13 AM
    When deploying an EC2 instance, does
    pulumi up
    command wait for the user_data scripts to complete before returning?
    b
    • 2
    • 2
  • p

    powerful-pharmacist-31524

    06/18/2020, 12:58 PM
    Having an issue with pulumi_docker and environment variables. This works fine:
    mock_image = docker.Image('mock-server-image',
                              build=docker.DockerBuild(context='../',
                                                       dockerfile=f'../Dockerfile'),
                              image_name=f'{repo.repository_url}',
                              registry=registry)
    But as soon as I add an environment variable …
    mock_image = docker.Image('mock-server-image',
                              build=docker.DockerBuild(context='../',
                                                       dockerfile=f'../Dockerfile',
                                                       env={'MOCK_PORT': '80'}),
                              image_name=f'{repo.repository_url}',
                              registry=registry)
    I get an error:
    FileNotFoundError: [Errno 2] No such file or directory: 'docker': 'docker'
  • i

    important-appointment-55126

    06/18/2020, 2:17 PM
    guessing that supplying
    env
    like that replaces the entire environment, including likes like
    PATH
    - you’d probably want to fetch the existing environment and add your
    MOCK_PORT
    entry to it, and then pass that to
    env
  • d

    dazzling-sundown-39670

    06/22/2020, 3:08 PM
    Hello, can anyone help me with this error?
    error: aws:cloudfront/distribution:Distribution resource 'cdn' has a problem: "origin.0.domain_name": required field is not set
    I have it specified here: https://gist.github.com/benjick/c356bf1776ae5da21cb42baf24eb3563#file-docs-s3-pulumi-ts-L21 I was following this tutorial: https://www.pulumi.com/blog/serving-a-static-website-on-aws-with-pulumi/
    f
    • 2
    • 3
  • s

    salmon-ghost-86211

    06/22/2020, 3:59 PM
    How would I enable group metrics collection for a K8s node group autoscaling group in AWS? Group metrics are not collected by default and when I check the Monitoring tab on the ASG it has a link 
    Enable Group Metrics Collection
    . I want it enabled when it is created. I am using the 
    eks
     APIs and calling 
    eks.Cluster
     and then 
    cluster.createNodeGroup
    . I have been able to retrieve from the nodeGroup properties the actual ASG name, but I am not sure how to either update an ASG to have the metrics enabled or to enable metrics on nodeGroup creation.
  • c

    calm-parrot-72437

    06/22/2020, 10:59 PM
    I created an eks cluster a while ago. Right now I'm using assumerole to auth with kubernetes (i.e., aws-iam-authenticator with role). When anyone else tries to do certain things in aws using the same role, they get error message: 'error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials' I'm able to reproduce this with a test aws account and setting up ~/.aws/credentials to point to these new credentials. The new user has the same access level I do, so should be able to assume the role. I do see what appears to be some discussion of this in https://github.com/pulumi/pulumi-eks/pull/205 but unclear what I should do on my end to fix this. Any ideas?
  • a

    astonishing-quill-88807

    06/23/2020, 7:58 PM
    I'm trying to build an RDS instance and passing the vpc_security_group_ids, but it's throwing an error regardless of how I pass in the parameter. Does anyone have experience of doing this in Python?
  • a

    astonishing-quill-88807

    06/23/2020, 8:20 PM
    Nevermind, I figured it out.
  • a

    astonishing-quill-88807

    06/23/2020, 8:21 PM
    My problem is that I was trying to pass an RDS security group instead of an EC2 one... 🤦‍♂️
    👍 1
  • f

    faint-motherboard-95438

    06/25/2020, 4:12 PM
    Hi there, I notice I can’t delete a VPC when I
    pulumi destroy
    my stack with an eks cluster and its dedicated VPC (created with
    new awsx.ec2.Vpc()
    ). It hangs and ultimately fails to delete this VPC (while everything else from the stack has been properly destroyed). If I try to delete it manually with AWS console or CLI, everything’s fine, no error and it’s instantly deleted. I’m using the same AWS profile both for pulumi, the CLI or the console in order to exclude any permissions side effects.
    error: deleting urn:pulumi:integration::platform::platform:Cluster$awsx:x:ec2:Vpc$aws:ec2/vpc:Vpc::main-cluster-main-vpc: Error deleting VPC: DependencyViolation: The vpc 'vpc-0f6b89731e2593036' has dependencies and cannot be deleted.
            status code: 400, request id: fdefca83-99e9-4b10-8d0f-2d3e5b9ab1b7
    I don’t know what dependencies it’s talking about (no clue added in the error), and it does not seems to be an issue when deleting manually from console/CLI. What am I missing here ?
  • b

    best-receptionist-98400

    06/26/2020, 12:17 AM
    Hello, if I'm trying to set up a Policy on an autoscaling group and there's already a predefined policy (Alarm) that I want to leverage, how would I specify that? https://www.pulumi.com/docs/reference/pkg/aws/autoscaling/policy/
  • l

    loud-battery-37784

    06/26/2020, 1:59 PM
    I’m working to get currently provisioned infrastructure into Pulumi. Trying to figure out what id to use to import Route53 Records?
    m
    • 2
    • 3
  • c

    calm-parrot-72437

    06/26/2020, 11:46 PM
    I've trying to assume a role when accessing my eks cluster with kubectl. In my kubeconfig, under the user: section, I've got aws eks get-token --cluster-name --role <myrolearn>... I'm expecting for this for the get-token call to be run prior to my kubectl call and used in my kubectl call and thus ignoring whatever aws config i've got setup via ~/.aws/credentials. Am I understanding this correctly?
    • 1
    • 3
Powered by Linen
Title
c

calm-parrot-72437

06/26/2020, 11:46 PM
I've trying to assume a role when accessing my eks cluster with kubectl. In my kubeconfig, under the user: section, I've got aws eks get-token --cluster-name --role <myrolearn>... I'm expecting for this for the get-token call to be run prior to my kubectl call and used in my kubectl call and thus ignoring whatever aws config i've got setup via ~/.aws/credentials. Am I understanding this correctly?
I believe it is indeed assuming the role-- I can see the lastactivity on the role updating as I kubectl.
however, some kubectl actions fail in the cluster with this error message: error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
oddly, if I change my aws config via ~/.aws/credentials to that of the cluster creator, these errors will go away..
View count: 2