curved-pharmacist-41509
08/21/2020, 5:07 AMpulumi:providers:aws (serverless-mono-shared-dev-targetaccount):
error: rpc error: code = Unknown desc = could not validate provider configuration: 1 error occurred:
* assume_role.0: expected object, got string
Provider looks like this
export const deploymentProvider = new aws.Provider(
`${projectName}-${environment}-targetaccount`,
{
region: awsConfig.require('region') as any,
assumeRole: {
roleArn: roleArnToAssume,
},
},
)
Role is pretty straight forward arnawssts:<account>role/Adminalert-raincoat-81485
08/21/2020, 6:00 AMbumpy-garden-89740
08/21/2020, 7:56 AMaws:cloudformation:Stack (sosafe-staging-sg):
error: 1 error occurred:
* updating urn:pulumi:staging::ss-servers::awsx:x:ecs:Cluster$awsx:x:autoscaling:AutoScalingGroup$aws:cloudformation/stack:Stack::sosafe-staging-sg: ValidationError: Stack:arn:aws:cloudformation:eu-north-1:606515313688:stack/sosafe-staging-sg-211ef70/86ab6f70-e337-11ea-99ce-06cb12622298 is in ROLLBACK_COMPLETE state and can not be updated.
status code: 400, request id: 6e5d68df-e95c-486f-8ac1-f58ffeca0841
bumpy-garden-89740
08/21/2020, 7:57 AMDiagnostics:
pulumi:pulumi:Stack (ss-servers-staging):
error: update failed
aws:ec2:SecurityGroupRule (EcsSecurityGroupHTTPinbound):
error: [WARN] A duplicate Security Group rule was found on (sg-0d4217ba67f301afc). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error message: the specified rule "peer: 0.0.0.0/0, TCP, from port: 80, to port: 80, ALLOW" already exists
I see issue https://github.com/pulumi/pulumi-awsx/issues/293 , but I still have no idea how to solve this or find workaround.handsome-knife-3587
08/21/2020, 8:58 PMgreen-salesclerk-34937
08/22/2020, 12:35 AMquaint-guitar-13446
08/24/2020, 4:48 AMfull-printer-16754
08/25/2020, 9:59 PMimport * as awsx from '@pulumi/awsx';
import { Context, nameOf } from './naming';
import * as sqs from '@pulumi/aws/sqs';
import * as sqssdk from 'aws-sdk/clients/sqs';
export function createApiGetaway(
purpose: string,
context: Context,
queueName: string
): awsx.apigateway.API {
const name = nameOf('api', context, purpose);
const handler = async (event: any) => {
const requestBody = event.body as string;
const queue = await sqs.getQueue(
{
name: queueName,
},
{ async: true }
);
const sqsClient = new sqssdk();
sqsClient.sendMessage(
{
QueueUrl: queue.url,
MessageBody: requestBody,
},
() => {}
);
return {
statusCode: 200,
body: 'message',
};
};
const api = new awsx.apigateway.API(name, {
routes: [
{
path: '/',
method: 'POST',
eventHandler: handler,
},
],
});
return api;
}
The logs from testing this in the aws console is
Execution log for request b8ae63fa-7d2b-427e-b629-6b3e0a702610
Tue Aug 25 21:59:08 UTC 2020 : Starting execution for request: b8ae63fa-7d2b-427e-b629-6b3e0a702610
Tue Aug 25 21:59:08 UTC 2020 : HTTP Method: POST, Resource Path: /
Tue Aug 25 21:59:08 UTC 2020 : Method request path: {}
Tue Aug 25 21:59:08 UTC 2020 : Method request query string: {}
Tue Aug 25 21:59:08 UTC 2020 : Method request headers: {}
Tue Aug 25 21:59:08 UTC 2020 : Method request body before transformations: {
"sample":""
}
Tue Aug 25 21:59:08 UTC 2020 : Endpoint request URI: <https://lambda.eu-west-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:eu-west-1:606148221596:function:ta-dev-api-damavand-process-image980655da-731571a/invocations>
Tue Aug 25 21:59:08 UTC 2020 : Endpoint request headers: {x-amzn-lambda-integration-tag=b8ae63fa-7d2b-427e-b629-6b3e0a702610, Authorization=************************************************************************************************************************************************************************************************************************************************************************************************************************23b3a8, X-Amz-Date=20200825T215908Z, x-amzn-apigateway-api-id=jxv808o1mk, X-Amz-Source-Arn=arn:aws:execute-api:eu-west-1:606148221596:jxv808o1mk/test-invoke-stage/POST/, Accept=application/json, User-Agent=AmazonAPIGateway_jxv808o1mk, X-Amz-Security-Token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [TRUNCATED]
Tue Aug 25 21:59:08 UTC 2020 : Endpoint request body after transformations: {"resource":"/","path":"/","httpMethod":"POST","headers":null,"multiValueHeaders":null,"queryStringParameters":null,"multiValueQueryStringParameters":null,"pathParameters":null,"stageVariables":null,"requestContext":{"resourceId":"72qfdqq0qf","resourcePath":"/","httpMethod":"POST","extendedRequestId":"R2Jy_H3iDoEFdfw=","requestTime":"25/Aug/2020:21:59:08 +0000","path":"/","accountId":"606148221596","protocol":"HTTP/1.1","stage":"test-invoke-stage","domainPrefix":"testPrefix","requestTimeEpoch":1598392748608,"requestId":"b8ae63fa-7d2b-427e-b629-6b3e0a702610","identity":{"cognitoIdentityPoolId":null,"cognitoIdentityId":null,"apiKey":"test-invoke-api-key","principalOrgId":null,"cognitoAuthenticationType":null,"userArn":"arn:aws:iam::606148221596:root","apiKeyId":"test-invoke-api-key-id","userAgent":"aws-internal/3 aws-sdk-java/1.11.829 Linux/4.9.217-0.1.ac.205.84.332.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.262-b10 java/1.8.0_262 vendor/Oracle_Corporation","accountId [TRUNCATED]
Tue Aug 25 21:59:08 UTC 2020 : Sending request to <https://lambda.eu-west-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:eu-west-1:606148221596:function:ta-dev-api-damavand-process-image980655da-731571a/invocations>
Tue Aug 25 21:59:08 UTC 2020 : Received response. Status: 200, Integration latency: 299 ms
Tue Aug 25 21:59:08 UTC 2020 : Endpoint response headers: {Date=Tue, 25 Aug 2020 21:59:08 GMT, Content-Type=application/json, Content-Length=781, Connection=keep-alive, x-amzn-RequestId=bc3f7c83-81d9-4b69-aebd-52e2fc0182d0, X-Amz-Function-Error=Unhandled, x-amzn-Remapped-Content-Length=0, X-Amz-Executed-Version=$LATEST, X-Amzn-Trace-Id=root=1-5f4589ac-0d5733967208c879ec0782d5;sampled=0}
Tue Aug 25 21:59:08 UTC 2020 : Endpoint response body before transformations: {"errorType":"Error","errorMessage":"Cannot find module '@pulumi/aws/sqs/index.js'\nRequire stack:\n- /var/task/__index.js\n- /var/runtime/UserFunction.js\n- /var/runtime/index.js","trace":["Error: Cannot find module '@pulumi/aws/sqs/index.js'","Require stack:","- /var/task/__index.js","- /var/runtime/UserFunction.js","- /var/runtime/index.js"," at Function.Module._resolveFilename (internal/modules/cjs/loader.js:966:15)"," at Function.Module._load (internal/modules/cjs/loader.js:842:27)"," at Module.require (internal/modules/cjs/loader.js:1026:19)"," at require (internal/modules/cjs/helpers.js:72:18)"," at /var/task/__index.js:23:34"," at Runtime.__f0 [as handler] (/var/task/__index.js:42:6)"," at Runtime.handleOnce (/var/runtime/Runtime.js:66:25)"]}
Tue Aug 25 21:59:08 UTC 2020 : Lambda execution failed with status 200 due to customer function error: Cannot find module '@pulumi/aws/sqs/index.js'
Require stack:
- /var/task/__index.js
- /var/runtime/UserFunction.js
- /var/runtime/index.js. Lambda request id: bc3f7c83-81d9-4b69-aebd-52e2fc0182d0
Tue Aug 25 21:59:08 UTC 2020 : Method completed with status: 502
many-psychiatrist-74327
08/26/2020, 11:25 PMmany-psychiatrist-74327
08/26/2020, 11:26 PMaws iam list-open-id-connect-providers
, I don’t see the provider that the EKS cluster is using. Why?broad-gold-44713
08/28/2020, 12:12 AMimport
paramater? The EmailIdentity get function seems to need the ID as input. Similar issues exist for some other resources where the get
method requires an ID parameter to find it, but no ID is apparent from aws-cli or from AWS Console.quick-finland-93793
08/28/2020, 7:49 AMAllocatedStorage
is not applicable, but still is required when instanciating an Rds.Instance()
with Engine aurora-mysql
. Furthermore, the CLI reports, that a value for iops
has to be set, but setting an iops
value for engine aurora-mysql
seems to be invalid (InvalidParameterCombination: Specifying IOPs is not allowed for this engine
). I can’t find an applicable example of how to create AWS RDS Aurora-Mysql instances on the web - may someone give me some hints of what I'm doing wrong?hundreds-receptionist-31352
08/28/2020, 3:10 PMcreateManagedNodeGroup
witty-ice-69000
08/28/2020, 3:16 PMResourceOptions
for authenticating resource creation. Having to constantly remember to apply the resource options to correctly acquire the provider is both tedious and error prone. Is there a way I can declare the assume role provider to be the default provider, or at least the default provider within a specific scope to eliminate this toil?tall-scientist-89115
08/30/2020, 12:03 AMm6g.large
instance types in a eks.NodeGroup?
error: Running program '/Users/daniel/code/infra/qa/03-cluster-configuration' failed with an unhandled exception:
TSError: ⨯ Unable to compile TypeScript:
index.ts(96,5): error TS2322: Type '"m6g.large"' is not assignable to type '"a1.2xlarge" | "a1.4xlarge" | "a1.large" | "a1.medium" | "a1.xlarge" | "c3.2xlarge" | "c3.4xlarge" | "c3.8xlarge" | "c3.large" | "c3.xlarge" | "c4.2xlarge" | "c4.4xlarge" | ... 157 more ... | undefined'.
sticky-match-71841
08/31/2020, 10:03 AMconst cluster = new aws.eks.Cluster(environment.name, {
name: environment.name,
vpcConfig: {
subnetIds: subnets.map(s => s.id),
endpointPublicAccess: false,
endpointPrivateAccess: true,
securityGroupIds: [clusterSecurityGroup.id]
},
//enabledClusterLogTypes: ["api","audit","authenticator","controllerManager","scheduler"], // Uncomment and cluster.vpcConfig.clusterSecurityGroupId becomes undefined
roleArn: clusterRole.arn,
version: environment.clusterKubernetesVersion ? environment.clusterKubernetesVersion : "1.17"
})
// Patch the cluster security group
environment.extraClusterIngressSecurityGroupIds?.forEach((id, i) => {
console.log(id, i, cluster.vpcConfig.clusterSecurityGroupId)
new aws.ec2.SecurityGroupRule(`extra-cluster-ingress-rules-${i}`, {
securityGroupId: cluster.vpcConfig.clusterSecurityGroupId,
type: "ingress",
fromPort: 0,
toPort: 0,
protocol: "-1",
sourceSecurityGroupId: id,
})
})
I provisioned the cluster before I added enabledClusterLogTypes
. I made a change that sets enabledClusterLogTypes
, and now, when running pulumi up
, cluster.vpcConfig.clusterSecurityGroupId
is undefined.
If I comment out the block that uses the undefined value, I can successfully add the cluster log types. This has the consequence of removing my security group rules. Afterwards, i can uncomment the block again and this work.
Is what i am trying to do actually possible? I also tried using dependsOn
as well as wrapping the for loop in cluster.vpcConfig.apply()
to no avail.aloof-engine-23345
08/31/2020, 4:20 PMambitious-father-68746
09/01/2020, 6:59 PM~ ├─ pulumi:providers:aws stack update [diff: +assumeRole-assume_role]
This also wants to replace all my resources, which is of course a no-go. Anyone doing the same thing that I am, but able to use version 3.x?worried-city-86458
09/02/2020, 12:15 AMtall-scientist-89115
09/03/2020, 8:50 AMconst main = new aws.elb.LoadBalancer("qa-elb", {
name: "qa-elb",
...
}, { import: "arn:aws:elasticloadbalancing:us-west-2:115325214166:loadbalancer/app/a-really-long-arn1233412asd1 });
=> error: Preview failed: refreshing urnpulumistaging-managed-infra:infraawselb/loadBalancerLoadBalancerredjade qa Error retrieving ELB: ValidationError: LoadBalancer name cannot be longer than 32 characters
Is there any way to work around this? Thanks!abundant-appointment-96790
09/03/2020, 10:06 PMCreation of service was not idempotent. "personal-andy-AugmentationService"
.
Digging around it seems to be related to this one: https://github.com/terraform-providers/terraform-provider-aws/issues/2283
I can’t find the reference in pulumi doc for ECS, but it’s mentioned here: https://www.pulumi.com/docs/reference/pkg/aws/acm/certificate/. How do you specify the lifecycle block? A quick search in pulumi docs didn’t yield anything… 😞
I eventually managed to work around by rename the service, but I’m still curious about the lifecycle
reference here since we have ACM certs…bitter-oil-45383
09/04/2020, 3:06 PMconst queue = new aws.sqs.Queue('myQueueName', { visibilityTimeoutSeconds: 180 });
const eventRule = new aws.cloudwatch.EventRule('myRule', {
scheduleExpression: 'cron(0 0 0/2 1/1 * ? *)',
});
new aws.cloudwatch.EventTarget('myEvent' {
rule: eventRule.name,
// ...
});
what do I have to pass as arguments to the aws.cloudwatch.EventTarget
constructor to link the queue created above and the event?
Also, how do I specify the SQS message format?
Thank you!!astonishing-quill-88807
09/04/2020, 4:58 PMconsul_agent_security_group = ec2.SecurityGroup(
f'consul-agent-{environment_name}-security-group',
name=f'{environment_name}-consul-agent',
description='Access control between Consul agents',
tags=aws_config.merged_tags({'Name': f'{environment_name}-consul-agent'}),
vpc_id=destination_vpc['id'],
ingress=[
ec2.SecurityGroupIngressArgs(
security_groups=[self.id],
protocol='tcp',
from_port=8301,
to_port=8301,
description='LAN gossip protocol'
)
]
)
astonishing-quill-88807
09/04/2020, 4:58 PMastonishing-quill-88807
09/04/2020, 5:00 PMec2.SecurityGroupIngressRule
sparse-intern-71089
09/04/2020, 6:25 PMsparse-intern-71089
09/04/2020, 6:26 PMsparse-intern-71089
09/04/2020, 6:49 PMincalculable-portugal-13011
09/07/2020, 5:33 PMlet myFirstServiceRegistryService = new aws.servicediscovery.Service("myFirstFargateService", {
dnsConfig: {
namespaceId: nodeServiceDiscoveryNamespace.id,
dnsRecords: [{
ttl: 10,
type: "A"
}],
routingPolicy: "MULTIVALUE"
}
});
let myFirstFargateService = new awsx.ecs.FargateService("myFirstFargateService", {
...
serviceRegistries: {
registryArn: myServiceRegistry.arn,
containerName: myAppServiceRegistryService
}
});
let mySecondFargateService = new awsx.ecs.FargateService("mySecondFargateService", {
...
taskDefinitionArgs: {
containers: {
mySecondFargateService: {
environment: [{
name: "APP_HOSTNAME",
value: myAppFArgateService HOSTNAME GOES HERE
}]
}
}
}
});
incalculable-portugal-13011
09/07/2020, 5:33 PMenvironment: [{
name: "APP_HOSTNAME",
value: pulumi.output(pulumi.all([myFirstFargateService.id, myFirstServiceRegistryService.id])
.apply(([myFirstFargateServiceId, myFirstServiceRegistryServiceId]) => {
serviceDiscovery.listInstances({ServiceId: myFirstServiceRegistryServiceId}, function (err, data) {
if (err) {
throw err;
} else {
return data.Instances[0].Attributes["AWS_INSTANCE_IPV4"];
}
});
}))
}]