https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • d

    dazzling-sundown-39670

    06/27/2020, 11:01 AM
    Trying to follow this guide regard k8s and efs here: https://www.pulumi.com/blog/persisting-kubernetes-workloads-with-amazon-efscsi-volumes-using-pulumi-sdks/ but I'm getting these errors:
    admin@ponyo ~/s/infrastructure (cleanup) [1]> kc logs efs-csi-controller-0 --namespace=kube-system
    error: a container name must be specified for pod efs-csi-controller-0, choose one of: [efs-plugin csi-attacher]
    admin@ponyo ~/s/infrastructure (cleanup) [1]> kc logs efs-csi-node-qt48m --namespace=kube-system
    error: a container name must be specified for pod efs-csi-node-qt48m, choose one of: [efs-plugin csi-driver-registrar]
    My code here: https://gist.github.com/benjick/fade82590773b89d753c3580e107a1fa How do I specify the container names?
    b
    • 2
    • 4
  • l

    little-cartoon-10569

    06/28/2020, 9:20 PM
    Are there pre-built security groups with well-known rules and rule groups? Like the Terraform "aws security-group" module? I'd like a shortcut for creating the security group needed for EC2 instances to join an AD domain, and there's about 16 well-known rules needed...
    g
    l
    • 3
    • 7
  • l

    little-cartoon-10569

    06/28/2020, 11:35 PM
    Is there a way to get the dnsIpAddresses of a MicrosoftAD instance in the same run as it is being created? The Terraform module provides them on the DirectoryService resource, but the only thing in the Pulumi equivalent is its ID. If I
    .apply()
    the ID, I can use getDirectory which returns the dnsIPAddresses, but I can't create a new resource from within an
    .apply()
    . So I can't create my VpcDhcpOptions from those IP addresses 😞
    g
    • 2
    • 8
  • q

    quiet-painter-30539

    06/30/2020, 8:10 AM
    I'm creating a bucket and a bucket policy using Pulumi / Python. How to get the bucket arn from a bucket resource for creating the bucket policy? If I try to get the bucket arn in the same
    pulumi up
    run (i.e. creating the bucket and bucket policy) I get
    required field is not set
    .
    l
    g
    • 3
    • 3
  • f

    faint-motherboard-95438

    06/30/2020, 1:21 PM
    Hi, That’s not a pulumi question per se, but we have an aws role issue when creating an EKS cluster. It seems bound to the person creating it (or the aws credentials used by the pulumi aws provider). If someone else tries to interact with it (doing an
    aws eks update-kubeconfig
    then a
    kubectl
    ) even with aws administrator permissions, we get an Unauthorized error. How would one properly provision an EKS Cluster with pulumi, with the right role(s)/provider, so that team members can interact afterward on it with
    kubectl
    without getting an error ?
    • 1
    • 2
  • d

    dazzling-sundown-39670

    07/01/2020, 9:33 AM
    I think this one needs a refresh: https://www.pulumi.com/blog/persisting-kubernetes-workloads-with-amazon-efscsi-volumes-using-pulumi-sdks/ So much stuff outdated
    b
    • 2
    • 3
  • d

    dazzling-sundown-39670

    07/01/2020, 3:52 PM
    Is there any way I can "wait" for this?
    const image = repository.buildAndPushImage(buildOptions)
    (using
    awsx/ecr
    ) I want helm to be run after it's built and pushed but I can't use it with
    dependsOn
    because it's just output
    h
    l
    • 3
    • 15
  • h

    hundreds-musician-51496

    07/02/2020, 4:49 PM
    Can a "magic function" refer to pulumi.Output values at runtime via the`get()` method or will they be undefined? Thread follows.
    • 1
    • 2
  • d

    dazzling-sundown-39670

    07/03/2020, 10:34 PM
    Any suggestions on how to create a mysql-provider for a rds-cluster inside a VPC? My current code looks like this but I guess I have to take my ip and add it to some rule maybe?
    m
    • 2
    • 3
  • s

    strong-lock-6425

    07/07/2020, 2:29 PM
    I'm struggling with setting up EKS with alb ingress controller. I followed guide from: https://www.pulumi.com/blog/kubernetes-ingress-with-aws-alb-ingress-controller-and-pulumi-crosswalk/ But I'm struggling to make it work. Needed to modify a bit as was outdated, but it always fails on creation of alb ingress with:
    error: 2 errors occurred:
            * resource test/test-alb-ingress was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: 'test-alb-ingress' timed out waiting to be Ready
            * Ingress .status.loadBalancer field was not updated with a hostname/IP address.
            for more information about this error, see <https://pulumi.io/xdv72s>
    I'm attaching source code here, would appreciate any help! (No loadbalancer is appearing in AWS after this)
    index.ts
  • h

    happy-parrot-60128

    07/07/2020, 3:05 PM
    We’ve just open-sourced a complete Pulumi-based AWS serverless application for booking office visits: https://github.com/o2Labs/office-booker It’s written in TypeScript, uses some low-level DynamoDB operations, and configured the whole monorepo through Pulumi’s stack config.
    🍺 3
    🎉 2
    👍 2
    b
    l
    • 3
    • 2
  • f

    few-pillow-1133

    07/09/2020, 6:00 PM
    Hi, when creating ec2 instance, can the name tag be included...couldn't see where in the doc
    s
    • 2
    • 2
  • l

    limited-solstice-34584

    07/11/2020, 1:08 AM
    I am still trying to figure out how to create a mock integration for api gateway for cors purposes. So far I have been unable to make it work.
    f
    • 2
    • 2
  • s

    stocky-lion-56153

    07/11/2020, 8:51 PM
    Hi, I have a program that creates an ACM cert and a cloudfront distro that uses it. Everything is functioning correctly except that every time I run
    pulumi up
    it updates the
    viewerCertificate
    even though nothing has changed. Not sure how to debug this. Can anyone suggest anything please?
    b
    • 2
    • 21
  • s

    salmon-ghost-86211

    07/15/2020, 2:27 PM
    I'm trying to create access keys, write a few fields into a new JSON object and convert it to ciphertext, then save it to S3 as a new file. Before this code I create a KMS key (myKms), and IAM user (iamUser) and have an S3 bucket object defined (myS3Bucket). If
    userIamAccessKeys.id
    or
    userIamAccessKeys.secret
    is the only
    content
    on the BucketObject, it writes successfully. If
    encryptedKeys
    ciphertext is the
    content
    , the text written is
    [object Object]
    . I can't seem to use
    toJSON
    or
    toString
    or
    .apply
    to build the ciphertext. How do I pull out some details from the
    AccessKey
    , convert it to
    Ciphertext
    and insert it into the
    BucketObject
    content
    ?
    const userIamAccessKeys = new aws.iam.AccessKey(
        "iam-access-key",
        { user: iamUser.name, },
        { dependsOn: iamUser }
    );
    
    const encryptedKeys = new aws.kms.Ciphertext(
        "user-encrypted-keys",
        {
            keyId: myKms.keyId,
            plaintext: `{
              "access_key": ${userIamAccessKeys.id},
              "secret_key": ${userIamAccessKeys.secret}
            }
            `
        },
        { dependsOn: userIamAccessKeys }
    );
    
    // Store the already encrypted access keys in S3
    const accessKeysInS3 = new aws.s3.BucketObject(
        "access-keys-in-s3",
        {
            bucket: myS3Bucket.apply(bucket => bucket.id),
            content: encryptedKeys.toString(),
            key: "accesskeys.json.enc"
        },
        { dependsOn: [userIamAccessKeys, encryptedKeys] }
    );
    g
    • 2
    • 5
  • s

    salmon-ghost-86211

    07/15/2020, 11:13 PM
    I'm trying to assign an instance profile I just created to a Launch Template , but I get
    error: aws:ec2/launchTemplate:LaunchTemplate resource 'my-launch-template' has a problem: iam_instance_profile.0: expected object, got string
    Here's my basic code snippet
    const myInstanceRole = new ServiceRole(
        `${pulumi.getStack()}-my-instanceRole`,
        {
            managedPolicyArns: [
                "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
                "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
            ],
            service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
        }
    ).role;
    
    const myInstanceProfile = new aws.iam.InstanceProfile(
        "my-instance-profile",
        { role: myInstanceRole }
    );
    
    const myLaunchTemplate = new aws.ec2.LaunchTemplate(
        `${namePrefix}-launch-template`,
        {
            description: `Builds the ${namePrefix} my server`,
            iamInstanceProfile: myInstanceProfile,
            imageId: amiId,
            instanceType: instanceType,
            keyName: sshKey,
            namePrefix: namePrefix,
            userData: userData,
            vpcSecurityGroupIds: availableSubnetIds,
        }
    );
    Any ideas?
    b
    • 2
    • 2
  • a

    acceptable-stone-35112

    07/16/2020, 10:32 AM
    When importing existing S3 Bucket to stack, should I use bucket name, domain name or arn?
  • l

    limited-solstice-34584

    07/16/2020, 2:45 PM
    i would usually recommend arn
    👍 1
  • a

    acceptable-stone-35112

    07/17/2020, 7:15 AM
    I got this error while creating CF distribution. If there's a required parameter, I guess it should fail on pulumi preview
  • a

    acceptable-stone-35112

    07/17/2020, 7:15 AM
    error creating CloudFront Distribution: MalformedXML: 1 validation error detected: Value '' at 'distributionConfigWithTags.distributionConfig.viewerCertificate.sSLSupportMethod' failed to satisfy constraint: Member must satisfy enum value set: [static-ip, sni-only, vip]
  • s

    silly-train-98536

    07/18/2020, 5:39 PM
    Hi is a similar workshop for aws? Thanks. https://twitter.com/pulumicorp/status/1280962386330034177?s=21
    g
    • 2
    • 1
  • s

    silly-train-98536

    07/19/2020, 4:44 AM
    Hi, is there an example to build RDS Aurora (mysql, postgresql) multi region w/ global database ?
  • r

    refined-teacher-35628

    07/19/2020, 6:16 AM
    Hi, is there any example to up Postgres RDS with Secret manager with autorotation?
  • g

    gray-jewelry-3360

    07/20/2020, 7:47 PM
    Hi Team, I'm having issues while pulumi up with the auto generated requirements.txt file, can you please provide solution for this: pulumi😛ulumi:Stack (Pulumi-latest-dev):     error: an unhandled error occurred: Program exited with non-zero exit code: 3221225781 error: installing dependencies via `pip install -r requirements.txt`: exit status 3221225781
  • s

    stocky-lion-56153

    07/20/2020, 9:41 PM
    I’m seeing some odd behaviour and I was wondering it someone can check if I’m doing something dumb before I raise an issue…. My program runs in eu-west-1 but it needs to create an acm cert in us-east-1 for cloudfront. My
    Pulumi.production.yaml
    config has
    aws:region: eu-west-1
    and
    aws:profile: prod_deploy
    (a profile that assumes a role in production). However shell has
    AWS_PROFILE=dev
    (a developer role in a different account) and I found that the ACM cert is getting created in
    dev
    and everything else is (trying to be) created in
    prod
    The code is as follows:
    us_east_1 = Provider('us-east-1', region='us-east-1')
    
    cert = acm.Certificate(
        "cert",
        domain_name=target_domain,
        validation_method="DNS",
        opts=pulumi.ResourceOptions(provider=us_east_1)
    )
    
    cert_validation_domain = route53.Record(
        'cert-validation-domain',
        zone_id=hosted_zone_id,
        ttl=600,
        name=cert.domain_validation_options[0]['resourceRecordName'],
        type=cert.domain_validation_options[0]['resourceRecordType'],
        records=[cert.domain_validation_options[0]['resourceRecordValue']]
    )
    
    cert_validation = acm.CertificateValidation(
        'cert-validation',
        certificate_arn=cert.arn,
        validation_record_fqdns=[cert_validation_domain.fqdn],
        opts=pulumi.ResourceOptions(provider=us_east_1)
    )
  • s

    stocky-lion-56153

    07/20/2020, 9:43 PM
    When I
    export AWS_REGION=prod_deploy
    it works properly. Should I be doing something to pass the profile along when I create the provider in
    us-east-1
    maybe?
  • s

    stocky-lion-56153

    07/20/2020, 10:52 PM
    So, this works….
    aws_profile = pulumi.Config('aws').require('profile')
    us_east_1 = Provider('us-east-1', region='us-east-1', profile=aws_profile)
    it’s quite unintuitive to need to do that though - especially when the DNS validation of the cert will work fine across accounts
  • s

    steep-alligator-79173

    07/22/2020, 1:11 PM
    I’m trying to create ebs volume first Im pulling up az’s then based on the output I want to create ebs volume
    azs = aws.get_availability_zones(state="available")
    base_image_storage = aws.ebs.Volume(
      "qtx-base-image-storage",
      availability_zone=azs.zone_ids[0],
      size=10)
  • s

    steep-alligator-79173

    07/22/2020, 1:12 PM
    but Im getting error:
    aws:ebs:Volume (image-storage):
        error: Error creating EC2 volume: InvalidZone.NotFound: The zone 'euc1-az2' does not exist.
        	status code: 400, request id: 5659db1c-cbfc-4296-8705-e4d1fe226cec
  • s

    steep-alligator-79173

    07/22/2020, 1:12 PM
    when I try to use
    azs.name[0]
Powered by Linen
Title
s

steep-alligator-79173

07/22/2020, 1:12 PM
when I try to use
azs.name[0]
View count: 1