AFAICT, pulumi has no API for actually returning the hostname assigned by service discovery. would love to be pointed in the direction of that if so. I’d love to avoid having to query this in application, and I’m fairly certain I would still be exposed to the same race condition issue querying service discovery on startup

Hi , I'm trying to create a vpc and subnets in specific AZ, I'm using de awsx.ec2.vpc library, I would like to know if there is some way to choose the AZ, I have tried it but it didn't work: const vpc = new awsx.ec2.Vpc("cloud-pulumi", { cidrBlock: vpcCidr, subnets: [ { type: "public" , name: "public" , location: { availabilityZone: "us-east-1a,us-east-1b", } }, { type: "private" , name: "application" ,location: { availabilityZone: "us-east-1a,us-east-1b", } } ], });

Humm, is there a way to update a security group rather than replace it when modifying ingress / egress rules? I've got a group that I imported, and I want to modify it, but it's not acceptable to have some in-between state where the EC2 instances don't have any security group applied. The instances are unfortunately not in Pulumi's control, and probably shouldn't be either (as they are created by a lambda deployed via a CF template by a vendor).

https://github.com/pulumi/pulumi-eks/issues/277 Is there a method for disabling auto-naming for eks clusters? "name" override doesn't work and I don't see any other options in the docs

What is the best way to manage multiple accounts with Pulumi? On GCP, each resource has a

project

property to specify which project it belongs to

Hey channel, if anyone is looking for a job in the infrastructure space, AWS specifically, please let me know Preferably located in Melbourne, Australia but would consider remote as well johnbaro@yarrasoft.com, stay safe 🙂

Does anyone know, as I am currently unable to find it yet, if Pulumi Supports RDS Proxy?

This message was deleted.

Anyone familiar with https://dce.readthedocs.io/en/latest/index.html. ? Curious for any thoughts on it.

Seems like a nice way to develop Pulumi projects

Has the ec2 Subnet resource changed recently? My preview is telling me that all my subnets are about to get a ipv6CidrBlock, though I didn't change anything in that area...

Has anyone figured out a workaround for deleting Lambda@Edge functions along with the associated CloudFront distribution? I get this error:

Lambda was unable to delete <arn> because it is a replicated function. Please see our documentation for Deleting Lambda@Edge Functions and Replicas.

I can always delete it after waiting awhile, but thats hard in a CI script.

Hi, It’s impossible to

getSubnetIds

in the same run of the

Vpc

creation:

Error: invocation of aws:ec2/getSubnetIds:getSubnetIds returned an error: invoking aws:ec2/getSubnetIds:getSubnetIds: no matching subnet found for vpc with id REDACTED
        at /pulumi/projects/node_modules/@pulumi/pulumi/runtime/invoke.js:136:33
        at Http2CallStream.<anonymous> (/pulumi/projects/node_modules/@grpc/grpc-js/src/client.ts:155:9)
        at Http2CallStream.emit (events.js:327:22)
        at Http2CallStream.EventEmitter.emit (domain.js:485:12)
        at /pulumi/projects/node_modules/@grpc/grpc-js/src/call-stream.ts:186:14
        at processTicksAndRejections (internal/process/task_queues.js:79:11)

We’re using

pulumi.all([vpc.id]).apply(([vpcId]) => aws.ec2.getSubnetIds({…}))

but still it fails. Running a

pulumi update

again fix the problem by itself, but we obviously don’t want to have to do that. We are using

awsx.ec2.Vpc

to create the VPC and define some custom subnets.

Is pulumi able to work with AWS profiles that use source_profile and role_arn? We have several AWS accounts so I have credentials for one account and cofigure cross-account access to other accounts. so I have an .aws/config that contains like

[profile is-signin]

[profile myprofile]
output=json
region=us-east-1
source_profile=is-signin
role_arn=arn:aws:iam::819835124123:role/Admins

so I can run aws cli like

aws s3 ls --profile=myprofile

and that works fine but when I configure pulumi to with

myprofile

it doesn't work.

if anyone can help with this error, that would be awesome. This was deploying just fine yesterday, and then all of a sudden today it can’t find it? Idk what I’m missing all of a sudden, but this one is pretty frustrating… just to note I’ve also tried

pulumi refresh

and

pulumi stack export > stack.json

and then

pulumi stack import < stack.json

but nothing seems to be helping 😞

error: error creating AppSync Resolver: NotFoundException: No field named showScheduledReport found on type Query

AppSync Resolver:

export const showScheduledReportResolver = new aws.appsync.Resolver(
	resourceName(pulumi, 'showScheduledReport-R'),
	{
		apiId: publicApi.id,
		dataSource: readLambdaDataSource.name,
		field: 'showScheduledReport',
		requestTemplate: mainLambdaRequest(),
		responseTemplate: mainLambdaResponse,
		type: 'Query'
	}
)

GraphQL:

type Query {
    showScheduledReport(
        Id: Int!
    ): ScheduledReport
}

is it possible to have an aws.provider that uses another aws.provider? I need to have an aws.provider that is the result of two assume roles: assume role X -> X assumes role Y Is there a way to do this? passing pulumi.Provider to another provider doesn’t seems to do anything

Hi everyone, I was just working on importing a cloudfront distribution that uses a cache policy and noticed that Pulumi doesn’t support that yet. I’m wondering, roughly how long does it normally take to implement a new aws feature like this?

Is it possible to cinfugre autoscaling for ECS service in Pulumi? I can’t find it anywhere in the doc or in the source code. What I’m referring to: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-auto-scaling.html Am I missing something?

So I deleted something from the AWS console, and then deleted it from the pulumi config (thinking that it could reconcile the state). But now when I run

pulumi up

, it seems to be failing because it can't delete the resource that isn't there. What's the best way out of this state?

I’m trying to create a WAFv2 association for rate limiting and I’m getting a confusing error:

WAFInvalidParameterException: Error reason: Your statement has multiple values set for a field that requires exactly one value., field: RULE, parameter: Rule

Here’s my code:

const exampleWebAcl = new aws.wafv2.WebAcl("exampleWebAcl", {
  scope: "REGIONAL",
  defaultAction: {
    allow: {},
  },
  visibilityConfig: {
    cloudwatchMetricsEnabled: true,
    metricName: `${stackEnv}-waf-metric`,
    sampledRequestsEnabled: true,
  },
  rules: [
    {
      name: "metric-based",
      priority: 0,
      statement: {
        rateBasedStatement: {
          aggregateKeyType: "IP",
          limit: 100,
        }
      },
      visibilityConfig: {
        cloudwatchMetricsEnabled: true,
        metricName: `${stackEnv}-waf-rate`,
        sampledRequestsEnabled: true,
      }
    }
  ]
});
const exampleWebAclAssociation = new aws.wafv2.WebAclAssociation("exampleWebAclAssociation", {
  resourceArn: loadBalancer.loadBalancer.arn,
  webAclArn: exampleWebAcl.arn,
});

Any idea?

Hi guys! any help ! I want add custom routes to my subnets. By default vpc creates default routing table with routes to IG (public subnet) and NAT(private subnet). I created additional routing table with my custom routes but I'm got error (Resource.AlreadyAssociated) when I trying associate my routing table with subnet. Also I didn't find any documentation how to add routes to default routing table...

How do I manage an

aws.directoryservice.Directory

password? If I change the password using Pulumi, it wants to replace the Directory. If I change it outside Pulumi and

ignoreChanges: ["password"]

then I get an error that it's missing the password property. Ideally, I want it to not read or write the password, just work around it.

Noticed while investigating the Directory stuff: in the SDK and console, Directory is not taggable. But in Pulumi, it is. Any changes to tags cause Pulumi to try to replace your Directory. Deleting AD because a doesn't-really-exist property has changed probably isn't ideal?

Hi AWS folks. Has anyone run into an issue with ELB SSL Policies not being respected when an ACM cert is in use?

How can I forward an aws log group of a lambda to a different log group arn? I'm trying to automate log forwarding of a lambda to datadog/new relic and both have that as a step

Does anyone know how Pulumi detects changes in Lambda Code? I am seeing a very weird behavior which I have not figured out yet. When doing

pulumi preview...

after the first

pulumi up

there are no changes detected when running it locally. However, when I put it in Azure DevOps pipeline, after I compile the code for a dotnet function and use

FileArchive()

every new compile causes pulumi to see a

change

even though the branch is static and no other commits have occurred. Which my thought process is that Pulumi hashes the folder, since no files have changed the hash should remain the same. Everything should compile exactly the same.

Hello I realize this is not really in the scope of Pulumi but I'm thinking someone might know: Do I really need to create a new

efs

for every mountpoint? Currently I have 1*efs and then I create a StorageClass/PersistentVolume/PersistentVolumeClaim for every different mountpoint but they still share files.

I have a funny issue - My provider is initialized with an access key and secret that are only valid for an hour. Because pulumi saves these credentials to the state file if I try after about an hour to use the state and refresh it, it tries to use the expired credentials (even though I have in hand the valid ones) and the refresh operation just hangs in the process. Is there a way to overcome this ? I can’t use a long lived credentials

What would be reasons for 'pulumi up' to keep updating lambdas because of code changes even though they weren't changed manually?