little-cartoon-10569
08/06/2020, 5:15 AMdelightful-controller-41497
08/06/2020, 10:47 AMcreate database X;
as part of my Pulumi flow. How might one go about doing that?astonishing-quill-88807
08/06/2020, 3:41 PMincalculable-engineer-92975
08/06/2020, 3:59 PMhandsome-knife-3587
08/06/2020, 9:38 PMlittle-cartoon-10569
08/07/2020, 1:43 AMaloof-engine-23345
08/08/2020, 1:44 AMimportant-appointment-55126
08/08/2020, 2:01 AMaloof-engine-23345
08/08/2020, 4:40 PMaloof-engine-23345
08/08/2020, 4:44 PMaloof-engine-23345
08/08/2020, 4:50 PMmillions-furniture-75402
08/11/2020, 2:29 PMdelightful-controller-41497
08/11/2020, 2:49 PMawsx.apigateway.API
working with aws.apigatewayv2.VpcLink
? I can see the VpcLink on the AWS Dashboard but I'm getting the error "Vpc Link <X> was not found in account <Y>"delightful-controller-41497
08/11/2020, 5:35 PMgifted-vase-28337
08/11/2020, 8:26 PMconfig:aws:endpoints
contains endpoints for both iam
and cloudwatch
, the `iam`endpoint is ignored, causing IAM requests to be sent to <http://iam.amazonaws.com|iam.amazonaws.com>
.crooked-knife-92853
08/12/2020, 5:23 PMdelightful-controller-41497
08/13/2020, 10:34 AMwitty-ice-69000
08/13/2020, 4:21 PMerror: Program failed with an unhandled exception:
error: Traceback (most recent call last):
File "/usr/local/bin/pulumi-language-python-exec", line 85, in <module>
loop.run_until_complete(coro)
File "/usr/local/Cellar/python@3.8/3.8.5/Frameworks/Python.framework/Versions/3.8/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
return future.result()
File ".venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 83, in run_in_stack
await run_pulumi_func(lambda: Stack(func))
File ".venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 51, in run_pulumi_func
await RPC_MANAGER.rpcs.pop()
File ".venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 35, in run_pulumi_func
func()
File ".venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 83, in <lambda>
await run_pulumi_func(lambda: Stack(func))
File ".venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 106, in __init__
func()
File "/usr/local/bin/pulumi-language-python-exec", line 84, in <lambda>
coro = pulumi.runtime.run_in_stack(lambda: runpy.run_path(args.PROGRAM, run_name='__main__'))
File "/usr/local/Cellar/python@3.8/3.8.5/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 282, in run_path
return _run_code(code, mod_globals, init_globals,
File "/usr/local/Cellar/python@3.8/3.8.5/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "./__main__.py", line 41, in <module>
main()
File "./__main__.py", line 37, in main
create_stack_deployment_iam(this_provider, "production", permission_boundaries)
File "/asi/aws/infrastructure.py", line 62, in create_stack_deployment_iam
instance_assume_role_policy = iam.get_policy_document(
File ".venv/lib/python3.8/site-packages/pulumi_aws/iam/get_policy_document.py", line 317, in get_policy_document
__ret__ = pulumi.runtime.invoke('aws:iam/getPolicyDocument:getPolicyDocument', __args__, opts=opts).value
File ".venv/lib/python3.8/site-packages/pulumi/runtime/invoke.py", line 127, in invoke
return InvokeResult(_sync_await(asyncio.ensure_future(do_rpc())))
File ".venv/lib/python3.8/site-packages/pulumi/runtime/sync_await.py", line 95, in _sync_await
return fut.result()
File ".venv/lib/python3.8/site-packages/pulumi/runtime/invoke.py", line 124, in do_rpc
raise exn
File ".venv/lib/python3.8/site-packages/pulumi/runtime/rpc_manager.py", line 67, in rpc_wrapper
result = await rpc
File ".venv/lib/python3.8/site-packages/pulumi/runtime/invoke.py", line 108, in do_invoke
resp = await asyncio.get_event_loop().run_in_executor(None, do_invoke)
File "/usr/local/Cellar/python@3.8/3.8.5/Frameworks/Python.framework/Versions/3.8/lib/python3.8/concurrent/futures/thread.py", line 57, in run
result = self.fn(*self.args, **self.kwargs)
File ".venv/lib/python3.8/site-packages/pulumi/runtime/invoke.py", line 106, in do_invoke
raise Exception(details)
Exception: invocation of aws:iam/getPolicyDocument:getPolicyDocument returned an error: grpc: error while marshaling: proto: repeated field Values has nil element
error: an unhandled error occurred: Program exited with non-zero exit code: 1
The snippet of my code that it's referencing is this:witty-ice-69000
08/13/2020, 4:21 PM[10:53 AM] instance_assume_role_policy = iam.get_policy_document(
opts=pulumi.ResourceOptions(depends_on=[user], provider=provider),
statements=[
{
"actions": ["sts:AssumeRole"],
"effect": "Allow",
"principals": [
{"identifiers": [user.arn.apply(lambda arn: arn)], "type": "AWS"}
],
},
],
)
delightful-controller-41497
08/13/2020, 4:25 PMaws.acm.Certificate
trying to create a new ARN every time instead of returning the ARN for the existing certificate? it doesn't actually create the duplicated certificate, but the wrong arn makes my workflow break.future-diamond-31373
08/13/2020, 5:45 PMawsx
and have run into a major roadblock trying to enable IAM authorization on my methods. The documentation seems to have extensive support for token auth, lambda auth, and api key auth - however doesn't seem to have much detail in the way of IAM auth. After doing a lot of documentation and library digging, I've found that the AWS_IAM
string can be specified on the aws.apigateway.Method
resource, however when using awsx
a lot of this wiring and resource generation happens behind the scenes, so I'm unable to get the method (since I don't know the id and the resource isn't accounted for anywhere in the output or UI to my knowledge), and unable to create a new method since the path is already in use. Any help on the matter would be greatly appreciated!most-lighter-1731
08/14/2020, 10:04 AMecs.Cluster
resource, I'm seeing a child s3 bucket resource whose parent is the cluster's AutoScalingLaunchConfiguration
. The bucket seems to be empty all or most of the time and I'm wondering why it's there, what data might be stored there and if it's possible to either prevent pulumi from creating it or to specify that it be encrypted.worried-engineer-33884
08/14/2020, 5:55 PMDiagnostics:
pulumi:providers:aws (admin-provider):
error: rpc error: code = Unknown desc = could not validate provider configuration: 1 error occurred:
* assume_role.0: expected object, got string
famous-garage-15683
08/14/2020, 9:11 PMnew awsx.ec2.Vpc("name", {})
. It looks like it created a private subnet and a public subnet by default and the way it secured the private subnet is with a NAT Gateway. Why use a NAT Gateway instead of just using a Network ACL? Is there some advantage to NAT Gateway that makes it worth the extra cost?salmon-ghost-86211
08/14/2020, 9:39 PMpulumi
but I found that the default
launch template version was not being changed.
I'm not sure how to use the updateDefaultVersion
LaunchTemplate resource property listed here <https://www.pulumi.com/docs/reference/pkg/aws/ec2/launchtemplate/#updatedefaultversion_nodejs>
.
I can't seem to get this property in my code correctly. It doesn't go in LaunchTemplateArgs
and I can't seem to assign a boolean to it as if it's a property. What am I doing wrong?nice-airport-15607
08/19/2020, 4:42 PMisBase64Encoded
property on API Gateways? I’m trying to make it false
, but not sure where to pass that in since the eventHandler
takes a aws.lambda.EventHandler<Request, Response>
, but I’m not sure how to pass those arguments along to the API when its pointing to a new `aws.lambda.CallbackFunction`… Thanks in advance.quaint-guitar-13446
08/20/2020, 4:14 AMFetching secret data from SSM Parameter Store in ap-southeast-2: AccessDeniedException: User: <...> is not authorized to perform: ssm:GetParameters on resource: <...> status code: 400, request id: f13766c0-3c7b-46c7-9a34-5dd3b12f0e86
quaint-guitar-13446
08/20/2020, 4:14 AMechoing-angle-67526
08/20/2020, 3:20 PMEvents:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 9m default-scheduler Successfully assigned kube-system/aws-node-7rl2w to ip-10-0-47-120.ca-central-1.compute.internal
Normal Pulling 7m (x4 over 9m) kubelet, ip-10-0-47-120.ca-central-1.compute.internal Pulling image "<http://602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0|602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0>"
Warning Failed 7m (x4 over 9m) kubelet, ip-10-0-47-120.ca-central-1.compute.internal Failed to pull image "<http://602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0|602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0>": rpc error: code = Unknown desc = Error response from daemon: Get <https://602401143452.dkr.ecr.us-west-2.amazonaws.com/v2/amazon-k8s-cni/manifests/v1.6.0>: no basic auth credentials
Warning Failed 7m (x4 over 9m) kubelet, ip-10-0-47-120.ca-central-1.compute.internal Error: ErrImagePull
Normal BackOff 7m (x6 over 9m) kubelet, ip-10-0-47-120.ca-central-1.compute.internal Back-off pulling image "<http://602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0|602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0>"
Warning Failed 4m (x21 over 9m) kubelet, ip-10-0-47-120.ca-central-1.compute.internal Error: ImagePullBackOff
and my pulumi program:
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
// Create a VPC for our cluster.
const vpc = new awsx.ec2.Vpc("vpc", { numberOfAvailabilityZones: 2 });
// Create the EKS cluster itself and a deployment of the Kubernetes dashboard.
const cluster = new eks.Cluster("cluster", {
vpcId: vpc.id,
subnetIds: vpc.publicSubnetIds,
instanceType: "t2.medium",
desiredCapacity: 1,
minSize: 1,
maxSize: 2,
deployDashboard: true,
});
// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;
I've checked the roles and it looks like the node has permissions to read from ECR. Any ideas why this is happening?handsome-knife-3587
08/20/2020, 8:47 PMhandsome-knife-3587
08/20/2020, 8:47 PMlittle-cartoon-10569
08/20/2020, 8:57 PMhandsome-knife-3587
08/20/2020, 11:16 PM