https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • c

    curved-pharmacist-41509

    08/21/2020, 5:07 AM
    Anyone seen this error before:
    pulumi:providers:aws (serverless-mono-shared-dev-targetaccount):
        error: rpc error: code = Unknown desc = could not validate provider configuration: 1 error occurred:
        	* assume_role.0: expected object, got string
    Provider looks like this
    export const deploymentProvider = new aws.Provider(
        `${projectName}-${environment}-targetaccount`,
        {
            region: awsConfig.require('region') as any,
            assumeRole: {
                roleArn: roleArnToAssume,
            },
        },
    )
    Role is pretty straight forward arn:aws:sts::<account>:role/Admin
  • a

    alert-raincoat-81485

    08/21/2020, 6:00 AM
    Hello folks, I am trying to register the instances on AWS Service discovery service (cloudmap) but there are no specific API for service discovery where i can register instance id and IP here https://www.pulumi.com/docs/reference/pkg/aws/servicediscovery/service/
  • b

    bumpy-garden-89740

    08/21/2020, 7:56 AM
    Hi! Let me try to ask this questions here. Maybe somebody know how to deal with this I faced with two issues yesterday. Help please, it's painful... 1. Autoscaling group creation for ECS (with EC2 type), failed with next error.
    aws:cloudformation:Stack (sosafe-staging-sg):
        error: 1 error occurred:
        	* updating urn:pulumi:staging::ss-servers::awsx:x:ecs:Cluster$awsx:x:autoscaling:AutoScalingGroup$aws:cloudformation/stack:Stack::sosafe-staging-sg: ValidationError: Stack:arn:aws:cloudformation:eu-north-1:606515313688:stack/sosafe-staging-sg-211ef70/86ab6f70-e337-11ea-99ce-06cb12622298 is in ROLLBACK_COMPLETE state and can not be updated.
        	status code: 400, request id: 6e5d68df-e95c-486f-8ac1-f58ffeca0841
    • 1
    • 1
  • b

    bumpy-garden-89740

    08/21/2020, 7:57 AM
    And second one - I cannot create security groups with error:
    Diagnostics:
      pulumi:pulumi:Stack (ss-servers-staging):
        error: update failed
    
      aws:ec2:SecurityGroupRule (EcsSecurityGroupHTTPinbound):
        error: [WARN] A duplicate Security Group rule was found on (sg-0d4217ba67f301afc). This may be
        a side effect of a now-fixed Terraform issue causing two security groups with
        identical attributes but different source_security_group_ids to overwrite each
        other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
        information and instructions for recovery. Error message: the specified rule "peer: 0.0.0.0/0, TCP, from port: 80, to port: 80, ALLOW" already exists
    I see issue https://github.com/pulumi/pulumi-awsx/issues/293 , but I still have no idea how to solve this or find workaround.
    b
    • 2
    • 2
  • h

    handsome-knife-3587

    08/21/2020, 8:58 PM
    If you create an isolated subnet in a VPC using the awsx.ec2.vps crosswalk is that visible to the other subnets automatically or do you need to add a NAT?
    b
    • 2
    • 4
  • g

    green-salesclerk-34937

    08/22/2020, 12:35 AM
    Hello, anyone having problem with ec2.Instance.associatePublicIpAddress? I clearly set this field to false, but it keeps having publicIp, and pulumi dashboard shows me that it thinks it's true
    b
    • 2
    • 2
  • q

    quaint-guitar-13446

    08/24/2020, 4:48 AM
    Can anyone tell me what affect auto-scaling has on nonessential containers? Do nonessential containers run again when scaling?
    s
    • 2
    • 1
  • f

    full-printer-16754

    08/25/2020, 9:59 PM
    Hi Guys, I'm wonder if anyone has used the API gateway with sending message to SQS before. It ran fine with pulumi up but when I'm trying to test the API it is giving me a weird message indicating it can't load module "@pulumi/aws/sqs/index.js" Here is how I setup this:
    import * as awsx from '@pulumi/awsx';
    import { Context, nameOf } from './naming';
    import * as sqs from '@pulumi/aws/sqs';
    import * as sqssdk from 'aws-sdk/clients/sqs';
    
    export function createApiGetaway(
    	purpose: string,
    	context: Context,
    	queueName: string
    ): awsx.apigateway.API {
    	const name = nameOf('api', context, purpose);
    
    	const handler = async (event: any) => {
    		const requestBody = event.body as string;
    
    		const queue = await sqs.getQueue(
    			{
    				name: queueName,
    			},
    			{ async: true }
    		);
    		const sqsClient = new sqssdk();
    		sqsClient.sendMessage(
    			{
    				QueueUrl: queue.url,
    				MessageBody: requestBody,
    			},
    			() => {}
    		);
    
    		return {
    			statusCode: 200,
    			body: 'message',
    		};
    	};
    
    	const api = new awsx.apigateway.API(name, {
    		routes: [
    			{
    				path: '/',
    				method: 'POST',
    				eventHandler: handler,
    			},
    		],
    	});
    
    	return api;
    }
    The logs from testing this in the aws console is
    Execution log for request b8ae63fa-7d2b-427e-b629-6b3e0a702610
    Tue Aug 25 21:59:08 UTC 2020 : Starting execution for request: b8ae63fa-7d2b-427e-b629-6b3e0a702610
    Tue Aug 25 21:59:08 UTC 2020 : HTTP Method: POST, Resource Path: /
    Tue Aug 25 21:59:08 UTC 2020 : Method request path: {}
    Tue Aug 25 21:59:08 UTC 2020 : Method request query string: {}
    Tue Aug 25 21:59:08 UTC 2020 : Method request headers: {}
    Tue Aug 25 21:59:08 UTC 2020 : Method request body before transformations: {
        "sample":""
    }
    Tue Aug 25 21:59:08 UTC 2020 : Endpoint request URI: <https://lambda.eu-west-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:eu-west-1:606148221596:function:ta-dev-api-damavand-process-image980655da-731571a/invocations>
    Tue Aug 25 21:59:08 UTC 2020 : Endpoint request headers: {x-amzn-lambda-integration-tag=b8ae63fa-7d2b-427e-b629-6b3e0a702610, Authorization=************************************************************************************************************************************************************************************************************************************************************************************************************************23b3a8, X-Amz-Date=20200825T215908Z, x-amzn-apigateway-api-id=jxv808o1mk, X-Amz-Source-Arn=arn:aws:execute-api:eu-west-1:606148221596:jxv808o1mk/test-invoke-stage/POST/, Accept=application/json, User-Agent=AmazonAPIGateway_jxv808o1mk, X-Amz-Security-Token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [TRUNCATED]
    Tue Aug 25 21:59:08 UTC 2020 : Endpoint request body after transformations: {"resource":"/","path":"/","httpMethod":"POST","headers":null,"multiValueHeaders":null,"queryStringParameters":null,"multiValueQueryStringParameters":null,"pathParameters":null,"stageVariables":null,"requestContext":{"resourceId":"72qfdqq0qf","resourcePath":"/","httpMethod":"POST","extendedRequestId":"R2Jy_H3iDoEFdfw=","requestTime":"25/Aug/2020:21:59:08 +0000","path":"/","accountId":"606148221596","protocol":"HTTP/1.1","stage":"test-invoke-stage","domainPrefix":"testPrefix","requestTimeEpoch":1598392748608,"requestId":"b8ae63fa-7d2b-427e-b629-6b3e0a702610","identity":{"cognitoIdentityPoolId":null,"cognitoIdentityId":null,"apiKey":"test-invoke-api-key","principalOrgId":null,"cognitoAuthenticationType":null,"userArn":"arn:aws:iam::606148221596:root","apiKeyId":"test-invoke-api-key-id","userAgent":"aws-internal/3 aws-sdk-java/1.11.829 Linux/4.9.217-0.1.ac.205.84.332.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.262-b10 java/1.8.0_262 vendor/Oracle_Corporation","accountId [TRUNCATED]
    Tue Aug 25 21:59:08 UTC 2020 : Sending request to <https://lambda.eu-west-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:eu-west-1:606148221596:function:ta-dev-api-damavand-process-image980655da-731571a/invocations>
    Tue Aug 25 21:59:08 UTC 2020 : Received response. Status: 200, Integration latency: 299 ms
    Tue Aug 25 21:59:08 UTC 2020 : Endpoint response headers: {Date=Tue, 25 Aug 2020 21:59:08 GMT, Content-Type=application/json, Content-Length=781, Connection=keep-alive, x-amzn-RequestId=bc3f7c83-81d9-4b69-aebd-52e2fc0182d0, X-Amz-Function-Error=Unhandled, x-amzn-Remapped-Content-Length=0, X-Amz-Executed-Version=$LATEST, X-Amzn-Trace-Id=root=1-5f4589ac-0d5733967208c879ec0782d5;sampled=0}
    Tue Aug 25 21:59:08 UTC 2020 : Endpoint response body before transformations: {"errorType":"Error","errorMessage":"Cannot find module '@pulumi/aws/sqs/index.js'\nRequire stack:\n- /var/task/__index.js\n- /var/runtime/UserFunction.js\n- /var/runtime/index.js","trace":["Error: Cannot find module '@pulumi/aws/sqs/index.js'","Require stack:","- /var/task/__index.js","- /var/runtime/UserFunction.js","- /var/runtime/index.js","    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:966:15)","    at Function.Module._load (internal/modules/cjs/loader.js:842:27)","    at Module.require (internal/modules/cjs/loader.js:1026:19)","    at require (internal/modules/cjs/helpers.js:72:18)","    at /var/task/__index.js:23:34","    at Runtime.__f0 [as handler] (/var/task/__index.js:42:6)","    at Runtime.handleOnce (/var/runtime/Runtime.js:66:25)"]}
    Tue Aug 25 21:59:08 UTC 2020 : Lambda execution failed with status 200 due to customer function error: Cannot find module '@pulumi/aws/sqs/index.js'
    Require stack:
    - /var/task/__index.js
    - /var/runtime/UserFunction.js
    - /var/runtime/index.js. Lambda request id: bc3f7c83-81d9-4b69-aebd-52e2fc0182d0
    Tue Aug 25 21:59:08 UTC 2020 : Method completed with status: 502
    l
    n
    • 3
    • 4
  • m

    many-psychiatrist-74327

    08/26/2020, 11:25 PM
    👋 hello! New to pulumi. I have a couple questions: Q1. Is there an example that exposes a service running in Kubernetes (EKS) through an ALB with pulumi in Python? Doing the task (i.e. exposing an EKS service through an ALB) has a number of steps, including: 1. Create an identity provider and associate it to the cluster (this might already be done? see Q2) 2. Create an IAM role with a policy that (a) grants it permissions to manage ALBs, and (b) trusts the identity provider created in (1). 3. Create a ServiceAccount and ClusterRole in k8s and annotate it with the arn of the role in (2). 4. Create an ALB ingress controller with the role created in (3). 5. Create an actual Ingress for the service! Seems like a lot of moving parts. Before I spend hours miserably trying to do it, I wanted to see if there’s prior art. I think steps 3-5 are easy (just k8s config). But steps 1-2 (esp. step 1) may not be as easy? Any pointers very much appreciated!
    c
    • 2
    • 1
  • m

    many-psychiatrist-74327

    08/26/2020, 11:26 PM
    (Second question in separate message) Q2. I created my EKS cluster with pulumi. It has an associated OICD provider. However, if I do
    aws iam list-open-id-connect-providers
    , I don’t see the provider that the EKS cluster is using. Why?
    c
    • 2
    • 5
  • b

    broad-gold-44713

    08/28/2020, 12:12 AM
    How does one lookup the ID for an existing resource SES EmailIdentity for adoption using the
    import
    paramater? The EmailIdentity get function seems to need the ID as input. Similar issues exist for some other resources where the
    get
    method requires an ID parameter to find it, but no ID is apparent from aws-cli or from AWS Console.
    l
    • 2
    • 3
  • q

    quick-finland-93793

    08/28/2020, 7:49 AM
    Hello! I’m having issues creating AWS RDS aurora-mysql DB instances. Referring to the AWS documentation, the value for
    AllocatedStorage
    is not applicable, but still is required when instanciating an
    Rds.Instance()
    with Engine
    aurora-mysql
    . Furthermore, the CLI reports, that a value for
    iops
    has to be set, but setting an
    iops
    value for engine
    aurora-mysql
    seems to be invalid  (
    InvalidParameterCombination: Specifying IOPs is not allowed for this engine
    ). I can’t find an applicable example of how to create AWS RDS Aurora-Mysql instances on the web - may someone give me some hints of what I'm doing wrong?
    ✅ 1
  • h

    hundreds-receptionist-31352

    08/28/2020, 3:10 PM
    Hello, I'm trying to create a EKs cluster with managed groups, I'm following this example https://www.pulumi.com/blog/aws-eks-managed-nodes-fargate/, but can't find how to assign a InstanceType in a managed Group, I'm using the function
    createManagedNodeGroup
  • w

    witty-ice-69000

    08/28/2020, 3:16 PM
    I have an AWS/pulumi process that is configured to acquire a specific role and then pass that aws.Provider around to be incorporated using
    ResourceOptions
    for authenticating resource creation. Having to constantly remember to apply the resource options to correctly acquire the provider is both tedious and error prone. Is there a way I can declare the assume role provider to be the default provider, or at least the default provider within a specific scope to eliminate this toil?
    l
    • 2
    • 1
  • t

    tall-scientist-89115

    08/30/2020, 12:03 AM
    Is there a way to use
    m6g.large
    instance types in a eks.NodeGroup?
    error: Running program '/Users/daniel/code/infra/qa/03-cluster-configuration' failed with an unhandled exception:
      TSError: ⨯ Unable to compile TypeScript:
      index.ts(96,5): error TS2322: Type '"m6g.large"' is not assignable to type '"a1.2xlarge" | "a1.4xlarge" | "a1.large" | "a1.medium" | "a1.xlarge" | "c3.2xlarge" | "c3.4xlarge" | "c3.8xlarge" | "c3.large" | "c3.xlarge" | "c4.2xlarge" | "c4.4xlarge" | ... 157 more ... | undefined'.
  • s

    sticky-match-71841

    08/31/2020, 10:03 AM
    Hi all! It seems i am unable to set enabledClusterLogTypes on an EKS cluster after provisioning without some weirdness. Btw, this is my first attempt with pulumi, so there is a change I am doing things the wrong way. Would love if you could correct me. This is my code:
    const cluster = new aws.eks.Cluster(environment.name, {
            name: environment.name,
            vpcConfig: {
                subnetIds: subnets.map(s => s.id),
                endpointPublicAccess: false,
                endpointPrivateAccess: true,
                securityGroupIds: [clusterSecurityGroup.id]
            },
            //enabledClusterLogTypes: ["api","audit","authenticator","controllerManager","scheduler"], // Uncomment and cluster.vpcConfig.clusterSecurityGroupId becomes undefined
            roleArn: clusterRole.arn,
            version: environment.clusterKubernetesVersion ? environment.clusterKubernetesVersion : "1.17"
        })
    
        // Patch the cluster security group
        environment.extraClusterIngressSecurityGroupIds?.forEach((id, i) => {
            console.log(id, i, cluster.vpcConfig.clusterSecurityGroupId)
            new aws.ec2.SecurityGroupRule(`extra-cluster-ingress-rules-${i}`, {
                securityGroupId: cluster.vpcConfig.clusterSecurityGroupId,
                type: "ingress",
                fromPort: 0,
                toPort: 0,
                protocol: "-1",
                sourceSecurityGroupId: id,
            })
        })
    I provisioned the cluster before I added
    enabledClusterLogTypes
    . I made a change that sets
    enabledClusterLogTypes
    , and now, when running
    pulumi up
    ,
    cluster.vpcConfig.clusterSecurityGroupId
    is undefined. If I comment out the block that uses the undefined value, I can successfully add the cluster log types. This has the consequence of removing my security group rules. Afterwards, i can uncomment the block again and this work. Is what i am trying to do actually possible? I also tried using
    dependsOn
    as well as wrapping the for loop in
    cluster.vpcConfig.apply()
    to no avail.
    • 1
    • 1
  • a

    aloof-engine-23345

    08/31/2020, 4:20 PM
    are there any good examples of building standalone lambda functions
    l
    • 2
    • 2
  • a

    ambitious-father-68746

    09/01/2020, 6:59 PM
    I'm using custom AWS providers with Pulumi (using Python) but I'm getting a weird error upgrading from pulumi-aws 2.x to 3.x:
    ~   ├─ pulumi:providers:aws          stack                  update      [diff: +assumeRole-assume_role]
    This also wants to replace all my resources, which is of course a no-go. Anyone doing the same thing that I am, but able to use version 3.x?
  • w

    worried-city-86458

    09/02/2020, 12:15 AM
    Managed node groups now support EC2 launch templates ... and if I understand correctly, this requires Terraform AWS Provider 3.3.0 which requires Upgrade to v3.3.0 of the AWS Terraform Provider (or newer) for these features to be available in Pulumi.Aws?
  • t

    tall-scientist-89115

    09/03/2020, 8:50 AM
    Hey, fairly new here. Attempting to import an existing load balancer and I'm hitting a length constraint on the import identifier:
    const main = new aws.elb.LoadBalancer("qa-elb", {
        name: "qa-elb",
        ...
    }, { import: "arn:aws:elasticloadbalancing:us-west-2:115325214166:loadbalancer/app/a-really-long-arn1233412asd1 });
    => error: Preview failed: refreshing urn😛ulumi:staging-managed-infra::infra::aws:elb/loadBalancer:LoadBalancer::redjade-qa: Error retrieving ELB: ValidationError: LoadBalancer name cannot be longer than 32 characters Is there any way to work around this? Thanks!
    b
    • 2
    • 9
  • a

    abundant-appointment-96790

    09/03/2020, 10:06 PM
    Hi all. I’m trying to update an ECS service and I’m getting this mystic message:
    Creation of service was not idempotent. "personal-andy-AugmentationService"
    . Digging around it seems to be related to this one: https://github.com/terraform-providers/terraform-provider-aws/issues/2283 I can’t find the reference in pulumi doc for ECS, but it’s mentioned here: https://www.pulumi.com/docs/reference/pkg/aws/acm/certificate/. How do you specify the lifecycle block? A quick search in pulumi docs didn’t yield anything… 😞 I eventually managed to work around by rename the service, but I’m still curious about the
    lifecycle
    reference here since we have ACM certs…
    l
    • 2
    • 4
  • b

    bitter-oil-45383

    09/04/2020, 3:06 PM
    Hi guys I'm trying to create a cloudwatch rule that publishes a message on SQS every 2 hours. That's where I'm stuck:
    const queue = new aws.sqs.Queue('myQueueName', { visibilityTimeoutSeconds: 180 });
    
    const eventRule = new aws.cloudwatch.EventRule('myRule', {
      scheduleExpression: 'cron(0 0 0/2 1/1 * ? *)',
    });
    
    new aws.cloudwatch.EventTarget('myEvent' {
      rule: eventRule.name,
      // ...
    });
    what do I have to pass as arguments to the
    aws.cloudwatch.EventTarget
    constructor to link the queue created above and the event? Also, how do I specify the SQS message format? Thank you!!
  • a

    astonishing-quill-88807

    09/04/2020, 4:58 PM
    Is it possible to specify an ingress rule that is self-referential? Meaning, I want to create a security group that only allows access to a given port from other instances that are assigned to that same group. Pseudo code of how I would think it could work:
    consul_agent_security_group = ec2.SecurityGroup(
        f'consul-agent-{environment_name}-security-group',
        name=f'{environment_name}-consul-agent',
        description='Access control between Consul agents',
        tags=aws_config.merged_tags({'Name': f'{environment_name}-consul-agent'}),
        vpc_id=destination_vpc['id'],
        ingress=[
            ec2.SecurityGroupIngressArgs(
                security_groups=[self.id],
                protocol='tcp',
                from_port=8301,
                to_port=8301,
                description='LAN gossip protocol'
            )
        ]
    )
  • a

    astonishing-quill-88807

    09/04/2020, 4:58 PM
    Or, alternatively, is it possible to append rules to an existing security group?
    c
    l
    • 3
    • 2
  • a

    astonishing-quill-88807

    09/04/2020, 5:00 PM
    Nevermind, think I just found what I need in the form of
    ec2.SecurityGroupIngressRule
  • s

    sparse-intern-71089

    09/04/2020, 6:25 PM
    This message was deleted.
    c
    • 2
    • 1
  • s

    sparse-intern-71089

    09/04/2020, 6:26 PM
    This message was deleted.
    c
    • 2
    • 2
  • s

    sparse-intern-71089

    09/04/2020, 6:49 PM
    This message was deleted.
    c
    i
    • 3
    • 6
  • i

    incalculable-portugal-13011

    09/07/2020, 5:33 PM
    hey all, I have two fargate services that I’ve registered with aws service discovery. one fargate service depends on the hostname assigned to the other service by AWS, yet it doesn’t seem there’s a way to query for it without creating a race condition in pulumi. am I missing something in the API? my code looks something like the following:
    let myFirstServiceRegistryService = new aws.servicediscovery.Service("myFirstFargateService", {
        dnsConfig: {
            namespaceId: nodeServiceDiscoveryNamespace.id,
            dnsRecords: [{
                ttl: 10,
                type: "A"
            }],
            routingPolicy: "MULTIVALUE"
        }
    });
    
    let myFirstFargateService = new awsx.ecs.FargateService("myFirstFargateService", {
        ...
        serviceRegistries: {
            registryArn: myServiceRegistry.arn,
            containerName: myAppServiceRegistryService
        }
    });
    
    let mySecondFargateService = new awsx.ecs.FargateService("mySecondFargateService", {
        ...
        taskDefinitionArgs: {
            containers: {
                mySecondFargateService: {
                    environment: [{
                        name: "APP_HOSTNAME",
                        value:  myAppFArgateService HOSTNAME GOES HERE
                    }]
                }
            }
        }
    });
  • i

    incalculable-portugal-13011

    09/07/2020, 5:33 PM
    unfortunately, doing something like the following creates a race condition:
    environment: [{
        name: "APP_HOSTNAME",
        value: pulumi.output(pulumi.all([myFirstFargateService.id, myFirstServiceRegistryService.id])
            .apply(([myFirstFargateServiceId, myFirstServiceRegistryServiceId]) => {
                serviceDiscovery.listInstances({ServiceId: myFirstServiceRegistryServiceId}, function (err, data) {
                    if (err) {
                        throw err;
                    } else {
                        return data.Instances[0].Attributes["AWS_INSTANCE_IPV4"];
                    }
                });
            }))
    }]
Powered by Linen
Title
i

incalculable-portugal-13011

09/07/2020, 5:33 PM
unfortunately, doing something like the following creates a race condition:
environment: [{
    name: "APP_HOSTNAME",
    value: pulumi.output(pulumi.all([myFirstFargateService.id, myFirstServiceRegistryService.id])
        .apply(([myFirstFargateServiceId, myFirstServiceRegistryServiceId]) => {
            serviceDiscovery.listInstances({ServiceId: myFirstServiceRegistryServiceId}, function (err, data) {
                if (err) {
                    throw err;
                } else {
                    return data.Instances[0].Attributes["AWS_INSTANCE_IPV4"];
                }
            });
        }))
}]
View count: 1