https://pulumi.com logo
Powered by
#aws
  • l

    little-cartoon-10569

    08/06/2020, 5:15 AM
    Is it possible to get the NACL rules of a given NACL using @pulumi/aws? Or do I have to drop out to the AWS SDK?
    • 1
    • 2
  • d

    delightful-controller-41497

    08/06/2020, 10:47 AM
    Hi there! Newbie here. I have question, if anyone is able to help. I've managed to create a Fargate service + RDS Postgres. The database is obviously empty, so I'd like to run 
    create database X;
    as part of my Pulumi flow. How might one go about doing that?
    b
    b
    h
    • 4
    • 12
  • a

    astonishing-quill-88807

    08/06/2020, 3:41 PM
    So, I've got a cloudfront distribution and associated Route53 record that need to be replaced, but it's failing on the distribution because the Route53 record is already present. Any thoughts on how I can force it to remove the Route53 record before recreating the Cloudfront distribution? Relevant code here: https://github.com/mitodl/ol-infrastructure/blob/main/src/ol_infrastructure/infrastructure/aws/s3_sites/__main__.py#L17-L26
    b
    • 2
    • 1
  • i

    incalculable-engineer-92975

    08/06/2020, 3:59 PM
    Hello, is there any way to modify the assumeRolePolicy for an existing IAM role?
    l
    • 2
    • 1
  • h

    handsome-knife-3587

    08/06/2020, 9:38 PM
    I'm interested in using Fargate to run a cluster with multiple containers written in different languages. I've got a basic setup working but it's all in one repo. I'd like to move each container into a different repo and still have Pulumi 'do the right thing'. What is the right way to do this?
    h
    • 2
    • 6
  • l

    little-cartoon-10569

    08/07/2020, 1:43 AM
    Reviving my question from yesterday: how can I read NACL rules (not managed by Pulumi)? The getNetworkAcls function seems to hide the "Entries" part of what's returned from the SDK's DescribeNetworkAcls, so I can inspect the rules programmatically. I tried used the SDK directly, but this is problematic because I don't have any creds available to get a client, I only have the Pulumi provider, which doesn't expose the creds.
    b
    • 2
    • 1
  • a

    aloof-engine-23345

    08/08/2020, 1:44 AM
    howdy, does anyone here have an example of how to look up an existing route 53 zone?
  • i

    important-appointment-55126

    08/08/2020, 2:01 AM
  • a

    aloof-engine-23345

    08/08/2020, 4:40 PM
    @important-appointment-55126 thanks, i got that sorted out… next issue i’m having is that i’m walking through the process of setting up a an SSL cert for an API gateway domain outlined here: https://www.pulumi.com/docs/guides/crosswalk/aws/api-gateway/#configuring-aws-api-gateway-custom-domains-and-ssl-using-route53-and-acm The odd thing is that I see the CNAME record created for DNS validation but there is no cert in the ACM awaiting validation
  • a

    aloof-engine-23345

    08/08/2020, 4:44 PM
    oh… hold on… for some reason it is creating the cert request in the wrong account
  • a

    aloof-engine-23345

    08/08/2020, 4:50 PM
    i wonder why pulumi would create all my resources in the correct account but not this particular certificate… it looks like it has been issued and validated but the cert is in my top level AWS account while all other resources are in aws org child account
    s
    • 2
    • 3
  • m

    millions-furniture-75402

    08/11/2020, 2:29 PM
    How do I set CloudWatch log role ARN in apigateway settings?
    d
    • 2
    • 7
  • d

    delightful-controller-41497

    08/11/2020, 2:49 PM
    Hi folks, anyone managed to get 
    awsx.apigateway.API
    working with 
    aws.apigatewayv2.VpcLink
    ? I can see the VpcLink on the AWS Dashboard but I'm getting the error "Vpc Link <X> was not found in account <Y>"
    ✔️ 1
    • 1
    • 2
  • d

    delightful-controller-41497

    08/11/2020, 5:35 PM
    Is there a cost associated with VPC Links? (I can only find information about VPC PrivateLinks but I reckon these are different things)
    l
    • 2
    • 5
  • g

    gifted-vase-28337

    08/11/2020, 8:26 PM
    👋 hi all, I'm experiencing unexpected behavior with pulumi aws. When 
    config:aws:endpoints
    contains endpoints for both 
    iam
    and 
    cloudwatch
    , the `iam`endpoint is ignored, causing IAM requests to be sent to 
    <http://iam.amazonaws.com|iam.amazonaws.com>
    .
    • 1
    • 6
  • c

    crooked-knife-92853

    08/12/2020, 5:23 PM
    Hi everyone. We have an existing EKS cluster (not created with Pulumi) and are wondering if there is any way to get the cluster’s kubeconfig programmatically?
    b
    w
    • 3
    • 4
  • d

    delightful-controller-41497

    08/13/2020, 10:34 AM
    Anyone managed to get a CloudFlare domain set up with API Gateway?
    • 1
    • 2
  • w

    witty-ice-69000

    08/13/2020, 4:21 PM
    Any ideas what this error is trying to tell me? Google doesn't help and neither does Pulumi docs so far.
    Copy code
    error: Program failed with an unhandled exception:
    error: Traceback (most recent call last):
      File "/usr/local/bin/pulumi-language-python-exec", line 85, in <module>
        loop.run_until_complete(coro)
      File "/usr/local/Cellar/python@3.8/3.8.5/Frameworks/Python.framework/Versions/3.8/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
        return future.result()
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 83, in run_in_stack
        await run_pulumi_func(lambda: Stack(func))
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 51, in run_pulumi_func
        await RPC_MANAGER.rpcs.pop()
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 35, in run_pulumi_func
        func()
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 83, in <lambda>
        await run_pulumi_func(lambda: Stack(func))
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 106, in __init__
        func()
      File "/usr/local/bin/pulumi-language-python-exec", line 84, in <lambda>
        coro = pulumi.runtime.run_in_stack(lambda: runpy.run_path(args.PROGRAM, run_name='__main__'))
      File "/usr/local/Cellar/python@3.8/3.8.5/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 282, in run_path
        return _run_code(code, mod_globals, init_globals,
      File "/usr/local/Cellar/python@3.8/3.8.5/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 87, in _run_code
        exec(code, run_globals)
      File "./__main__.py", line 41, in <module>
        main()
      File "./__main__.py", line 37, in main
        create_stack_deployment_iam(this_provider, "production", permission_boundaries)
      File "/asi/aws/infrastructure.py", line 62, in create_stack_deployment_iam
        instance_assume_role_policy = iam.get_policy_document(
      File ".venv/lib/python3.8/site-packages/pulumi_aws/iam/get_policy_document.py", line 317, in get_policy_document
        __ret__ = pulumi.runtime.invoke('aws:iam/getPolicyDocument:getPolicyDocument', __args__, opts=opts).value
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/invoke.py", line 127, in invoke
        return InvokeResult(_sync_await(asyncio.ensure_future(do_rpc())))
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/sync_await.py", line 95, in _sync_await
        return fut.result()
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/invoke.py", line 124, in do_rpc
        raise exn
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/rpc_manager.py", line 67, in rpc_wrapper
        result = await rpc
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/invoke.py", line 108, in do_invoke
        resp = await asyncio.get_event_loop().run_in_executor(None, do_invoke)
      File "/usr/local/Cellar/python@3.8/3.8.5/Frameworks/Python.framework/Versions/3.8/lib/python3.8/concurrent/futures/thread.py", line 57, in run
        result = self.fn(*self.args, **self.kwargs)
      File ".venv/lib/python3.8/site-packages/pulumi/runtime/invoke.py", line 106, in do_invoke
        raise Exception(details)
    Exception: invocation of aws:iam/getPolicyDocument:getPolicyDocument returned an error: grpc: error while marshaling: proto: repeated field Values has nil element
    error: an unhandled error occurred: Program exited with non-zero exit code: 1
    The snippet of my code that it's referencing is this:
  • w

    witty-ice-69000

    08/13/2020, 4:21 PM
    Copy code
    [10:53 AM]     instance_assume_role_policy = iam.get_policy_document(
        opts=pulumi.ResourceOptions(depends_on=[user], provider=provider),
        statements=[
            {
                "actions": ["sts:AssumeRole"],
                "effect": "Allow",
                "principals": [
                    {"identifiers": [user.arn.apply(lambda arn: arn)], "type": "AWS"}
                ],
            },
        ],
    )
    d
    • 2
    • 5
  • d

    delightful-controller-41497

    08/13/2020, 4:25 PM
    Anyone ever faced 
    aws.acm.Certificate
    trying to create a new ARN every time instead of returning the ARN for the existing certificate? it doesn't actually create the duplicated certificate, but the wrong arn makes my workflow break.
    ✔️ 1
    i
    • 2
    • 6
  • f

    future-diamond-31373

    08/13/2020, 5:45 PM
    Hey everyone! I'm creating rest apis via 
    awsx
    and have run into a major roadblock trying to enable IAM authorization on my methods. The documentation seems to have extensive support for token auth, lambda auth, and api key auth - however doesn't seem to have much detail in the way of IAM auth. After doing a lot of documentation and library digging, I've found that the 
    AWS_IAM
    string can be specified on the 
    aws.apigateway.Method
    resource, however when using 
    awsx
    a lot of this wiring and resource generation happens behind the scenes, so I'm unable to get the method (since I don't know the id and the resource isn't accounted for anywhere in the output or UI to my knowledge), and unable to create a new method since the path is already in use. Any help on the matter would be greatly appreciated!
    m
    • 2
    • 8
  • m

    most-lighter-1731

    08/14/2020, 10:04 AM
    Hi, when creating an 
    ecs.Cluster
    resource, I'm seeing a child s3 bucket resource whose parent is the cluster's 
    AutoScalingLaunchConfiguration
    . The bucket seems to be empty all or most of the time and I'm wondering why it's there, what data might be stored there and if it's possible to either prevent pulumi from creating it or to specify that it be encrypted.
    👍 1
    b
    • 2
    • 1
  • w

    worried-engineer-33884

    08/14/2020, 5:55 PM
    Hi, I just upgraded pulumi/aws to v3.x and now getting an error.
    Copy code
    Diagnostics:
  pulumi:providers:aws (admin-provider):
    error: rpc error: code = Unknown desc = could not validate provider configuration: 1 error occurred:
    	* assume_role.0: expected object, got string
    Untitled
    • 1
    • 1
  • f

    famous-garage-15683

    08/14/2020, 9:11 PM
    I created a VPC just by doing 
    new awsx.ec2.Vpc("name", {})
    . It looks like it created a private subnet and a public subnet by default and the way it secured the private subnet is with a NAT Gateway. Why use a NAT Gateway instead of just using a Network ACL? Is there some advantage to NAT Gateway that makes it worth the extra cost?
    b
    • 2
    • 4
  • s

    salmon-ghost-86211

    08/14/2020, 9:39 PM
    I have a launch template being created and updated by 
    pulumi
    but I found that the 
    default
    launch template version was not being changed. I'm not sure how to use the 
    updateDefaultVersion
    LaunchTemplate resource property listed here 
    <https://www.pulumi.com/docs/reference/pkg/aws/ec2/launchtemplate/#updatedefaultversion_nodejs>
    . I can't seem to get this property in my code correctly. It doesn't go in 
    LaunchTemplateArgs
    and I can't seem to assign a boolean to it as if it's a property. What am I doing wrong?
    b
    • 2
    • 18
  • n

    nice-airport-15607

    08/19/2020, 4:42 PM
    Anyone know how, or where to override the 
    isBase64Encoded
    property on API Gateways? I’m trying to make it 
    false
    , but not sure where to pass that in since the 
    eventHandler
    takes a 
    aws.lambda.EventHandler<Request, Response>
    , but I’m not sure how to pass those arguments along to the API when its pointing to a new `aws.lambda.CallbackFunction`… Thanks in advance.
    f
    • 2
    • 4
  • q

    quaint-guitar-13446

    08/20/2020, 4:14 AM
    I'm trying to pass ssm Parameters to Fargate and it's throwing the following error while provisioning:
    Copy code
    Fetching secret data from SSM Parameter Store in ap-southeast-2: AccessDeniedException: User: <...> is not authorized to perform: ssm:GetParameters on resource: <...> status code: 400, request id: f13766c0-3c7b-46c7-9a34-5dd3b12f0e86
    n
    • 2
    • 9
  • q

    quaint-guitar-13446

    08/20/2020, 4:14 AM
    Is this resolved with Pulumi or via the IAM console?
  • e

    echoing-angle-67526

    08/20/2020, 3:20 PM
    i've tried deploying eks but the nodes remain in a 'NotReady' status since it can't pull the VPC CNI plugin image for the aws-node DaemonSet. Not sure if this is problem happens in other regions but i'm seeing it in both the us-east-1 and ca-central-1 regions. see below:
    Copy code
    Events:
  Type     Reason     Age               From                                                   Message
  ----     ------     ----              ----                                                   -------
  Normal   Scheduled  9m                default-scheduler                                      Successfully assigned kube-system/aws-node-7rl2w to ip-10-0-47-120.ca-central-1.compute.internal
  Normal   Pulling    7m (x4 over 9m)   kubelet, ip-10-0-47-120.ca-central-1.compute.internal  Pulling image "<http://602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0|602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0>"
  Warning  Failed     7m (x4 over 9m)   kubelet, ip-10-0-47-120.ca-central-1.compute.internal  Failed to pull image "<http://602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0|602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0>": rpc error: code = Unknown desc = Error response from daemon: Get <https://602401143452.dkr.ecr.us-west-2.amazonaws.com/v2/amazon-k8s-cni/manifests/v1.6.0>: no basic auth credentials
  Warning  Failed     7m (x4 over 9m)   kubelet, ip-10-0-47-120.ca-central-1.compute.internal  Error: ErrImagePull
  Normal   BackOff    7m (x6 over 9m)   kubelet, ip-10-0-47-120.ca-central-1.compute.internal  Back-off pulling image "<http://602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0|602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0>"
  Warning  Failed     4m (x21 over 9m)  kubelet, ip-10-0-47-120.ca-central-1.compute.internal  Error: ImagePullBackOff
    and my pulumi program:
    Copy code
    import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";

// Create a VPC for our cluster.
const vpc = new awsx.ec2.Vpc("vpc", { numberOfAvailabilityZones: 2 });

// Create the EKS cluster itself and a deployment of the Kubernetes dashboard.
const cluster = new eks.Cluster("cluster", {
    vpcId: vpc.id,
    subnetIds: vpc.publicSubnetIds,
    instanceType: "t2.medium",
    desiredCapacity: 1,
    minSize: 1,
    maxSize: 2,
    deployDashboard: true,
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;
    I've checked the roles and it looks like the node has permissions to read from ECR. Any ideas why this is happening?
  • h

    handsome-knife-3587

    08/20/2020, 8:47 PM
    I'm porting a CloudFormation script into Pulumi and I'm looking at an SNS:Topic. The subscriptions is email but the Pulumi docs (https://www.pulumi.com/docs/reference/pkg/aws/sns/topicsubscription/) say 'email isn't supported - see below' but there is nothing below. Is this because it's auto-generated from Terraform or is something missing?
    l
    • 2
    • 3
1...151617...94Latest