pulumi-community #aws

Channels

aws

steep-alligator-79173

07/22/2020, 1:12 PM

File "/usr/local/lib/python3.8/runpy.py", line 87, in _run_code
        exec(code, run_globals)
      File "./__main__.py", line 54, in <module>
        availability_zone_id=azs[0].name,

steep-alligator-79173

07/22/2020, 1:13 PM

in documentation https://www.pulumi.com/docs/reference/pkg/aws/getavailabilityzone/

steep-alligator-79173

07/22/2020, 1:13 PM

GetAvailabilityZone Result name

steep-alligator-79173

07/22/2020, 1:13 PM

any idea what Im doing wrong

steep-alligator-79173

07/22/2020, 1:13 PM

steep-alligator-79173

07/22/2020, 1:22 PM

fixed, had a typo

steep-alligator-79173

07/22/2020, 1:22 PM

i should use

names

worried-engineer-33884

07/22/2020, 4:04 PM

when a security group is altered it triggers a “replace” operation — but the delete fails if the security group is being used by other resources (AWS does not allow you to delete a security group that is in use) Is there a workaround for this? cc @dazzling-memory-8548

salmon-ghost-86211

07/22/2020, 11:59 PM

Why doesn't pulumi support

email

as an option for SNS? I can manually create an email subscription. This page:

<https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/sns/#TopicSubscriptionArgs>

says

The possible values for this are: sqs, sms, lambda, application. (http or https are partially supported, see below) (email is an option but is unsupported, see below).

It says that three times on the same page but there is nothing

below

to reference.

sparse-state-34229

07/23/2020, 12:00 AM

there’s no ARN until the E-mail is validated

sparse-state-34229

07/23/2020, 12:00 AM

same as with Terraform

salmon-ghost-86211

07/23/2020, 12:06 AM

@sparse-state-34229 Right. I just found issue #1660. @white-balloon-205 closed it mentioning that there was a workaround, however his comment doesn't actually mention a workaround.

little-cartoon-10569

07/23/2020, 8:03 PM

Free workshops / labs from AWS, including test automation, security testing, chaos testing, IaC (x2) and monitoring: https://pages.awscloud.com/GLOBAL-partner-OE-MAD-Virtual-Workshop-Series-2020-reg-event.html Note that registering doesn't seem to work in Firefox, you'll need a Chrome-based browser 😞

bitter-dentist-28132

07/24/2020, 1:38 PM

has anyone managed to deploy eks with a public+private vpc? i can't seem to get my nodes to join the cluster

millions-furniture-75402

07/24/2020, 2:42 PM

Where do the “AWS Best Practices” for AWS Guard come from? https://github.com/pulumi/pulumi-policy-aws Is there a more thorough explanation or reference for these best practices?

brave-oyster-92747

07/24/2020, 3:59 PM

Hi guys, I would like to use Pulumi to spin up an ec2 with ASG. If anyone had worked on it, can you share your project? I will use it as a reference for my requirement.

sparse-state-34229

07/24/2020, 5:17 PM

https://github.com/pulumi/examples

👍 1

faint-motherboard-95438

07/28/2020, 1:30 PM

Hi there, it seems

aws.ec2.Subnet

and

awsx.ec2.Subnet

don’t set the subnet Name, neither from the

name

parameter nor any

SubnetArgs

values. Why and how to set it then ? Also these two lacks a lot of properties from

awsx.ec2.Vpc

subnets

argument, which would be helpful to have when adding new subnets later on. (or should we avoid

aws(x).ec2.Subnet

entirely ?)

famous-garage-15683

07/29/2020, 4:16 AM

I'm trying to figure out how to setup an

<http://awsx.lb|awsx.lb>.ApplicationLoadBalancer

that sends traffic to different fargate servers based on path, but can't figure out how to specify the path. Could anyone provide any pointers or example?

famous-garage-15683

07/29/2020, 4:17 AM

Here are the AWS docs for the feature I'm talking about: docs & tutorial

busy-magazine-48939

07/29/2020, 8:32 AM

Hey there, is there any example on how to deal with multiple aws accounts and multiple user identities?

faint-motherboard-95438

07/30/2020, 2:24 PM

Hi guys, I’m wondering what’s the canonical way with Pulumi to access and manage RDS instances/clusters in a private subnet ? I created a postgresql provider with

@pulumi/postgresql

but obviously it can’t reach the

endpoint

which does not resolve outside my vpc/subnet. I was thinking using an

aws.ec2clientvpn

but not sure I can then use some kind of provider from it to connect my program to the vpn and access the rds instances. Thanks for your ideas/rex !

chilly-hydrogen-41038

08/02/2020, 10:04 AM

Hi guys, I’ve just started working with Pulumi with the S3 backend, I’m used to work with CloudFormation. From the CloudFormation console it’s easy to find an AWS resource create by the stack, everything is linked under the resources tab. With the

pulimi stack -u

I can get a list of resource but there isn’t an easy way to find them in the AWS console.

Current stack resources (11):
    TYPE                                                           NAME
    pulumi:pulumi:Stack                                            02-cloud-notifier-dev
    │  URN: urn:pulumi:dev::02-cloud-notifier::pulumi:pulumi:Stack::02-cloud-notifier-dev
    ├─ aws:cloudwatch:EventRuleEventSubscription                   handler
    │  │  URN: urn:pulumi:dev::02-cloud-notifier::aws:cloudwatch:EventRuleEventSubscription::handler
    │  ├─ aws:iam/role:Role                                        handler
    │  │     URN: urn:pulumi:dev::02-cloud-notifier::aws:cloudwatch:EventRuleEventSubscription$aws:iam/role:Role::handler

chilly-hydrogen-41038

08/02/2020, 10:13 AM

It’s there a better way list the pulumi stack resources?

chilly-hydrogen-41038

08/02/2020, 11:34 AM

Or at least is there an easy way to print all the AWS resources ARNs?

nice-airport-15607

08/04/2020, 6:44 PM

anyone here know how to return

readonly lambda?: pulumi.Input<{
        functionArn: pulumi.Input<string>;
    }>

☝️ is that supposed to be

lambda: () => ``

lambda: `lambda.arn`

gifted-city-99717

08/04/2020, 8:51 PM

Does anyone have a recommended way to get a config file (eg: a grafana datasource.yaml file) into an ECS container? I’ve been looking at EFS, but I’m not sure if using DataSync to push a single file to EFS makes sense - DataSync seems to be pretty involved to push a single file. And I don’t think Fargate supports data volumes. I think the only way to sanely do this is to build my own container and set the various config files when building the container. Anyone have a better idea?

nice-airport-15607

08/04/2020, 11:50 PM

Can someone help me out here? Unless I’m missing something, this should be an accurate name for an IoT TopicRule right?

some_topic_name

According to this regex: https://regex101.com/r/oEIngn/3 but I’m getting the following error:

error: aws:iot/topicRule:TopicRule resource 'some_topic_name' has a problem: Name must match the pattern ^[a-zA-Z0-9_]+$

little-cartoon-10569

08/05/2020, 12:24 AM

Using only the default AWS provider, is it possible to use one set of creds for accessing my S3 backend, and a different set for my project? I've set AWS_PROFILE, then

pulumi login -c s3://....

, now I'd like to switch to a different profile to run the Pulumi code. Can I say "use this profile to access the state and whatever is in AWS_PROFILE for running the project"?

quaint-guitar-13446

08/06/2020, 2:45 AM

Hi there. I'm trying to get a Laravel app running on Fargate. The standard approach is to serve requests to nginx which proxy to a php-fpm instance. In development I have this set up using two containers with the source code mounted via volumes at the same path in both containers. I could create a new docker image that has both php-fpm and nginx in one, though I would think that having two containers is still the correct approach.

Title

quaint-guitar-13446

08/06/2020, 2:45 AM

Is it possible to create a volume using EFS that is loaded up with the source and shared between containers? What are my options?

billowy-army-68599

08/06/2020, 3:34 AM

If you want to have 2 containers, I think using EFS is basically your only option, because you need a file system that can have read/write from multiple sources, which EBS can't do. I would personally make a single container and ensure it's forked properly from something like dumb-init. I think introducing EFS as a potential performance bottleneck is unnecessary. Most php-fpm applications use a single container

i guess another option if you never need to write to disk is just to do

COPY

to both containers?

quaint-guitar-13446

08/06/2020, 4:01 AM

Thanks @billowy-army-68599 Doing a COPY on both containers would be fairly trivial. If I was to go the EFS route, how do I actually push the files to it? Is that achievable via the AWS API or does it need to be attached to EC2 or Lambda first?

limited-rainbow-51650

08/06/2020, 8:35 AM

Yet another alternative (without EFS) is to create a single image with everything in it, but which allows for separate

ENTRYPOINT

CMD

. You still run a pod with 2 containers, but both using the same image using the different

ENTRYPOINT

CMD

👍 2

quaint-guitar-13446

08/07/2020, 2:36 AM

What's the best way to get secrets into ECS? The passwords will be visible in plain text.

billowy-army-68599

08/07/2020, 2:57 AM

@quaint-guitar-13446 the best way is to store them in AWS SSM or AWS Secret manager: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html

quaint-guitar-13446

08/07/2020, 3:04 AM

Thank you

Just getting a chance to revisit this. I've created a

dbPassword

aws.ssm.Parameter

but getting a TypeScript error when trying to pass it to the

secrets

array in ecs because the

arn

is an

Output<string>

not a

string

. Is there a tutorial on the recommended way to do this?

Do I need to

apply

the parameter and create the container inside the callback?

View count: 1