I'm trying to use aws eks managed nodes launch templates from dotnet/c# but hitting an issue with `MetadataOptions`:

// node launch template; <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>
var nodeLaunchTemplate = new LaunchTemplate($"{prefix}-node-lt",
    new LaunchTemplateArgs
    {
        InstanceType = config.InstanceType,
        KeyName = config.KeyName,
        MetadataOptions = new LaunchTemplateMetadataOptionsArgs { HttpPutResponseHopLimit = 2 },
        Tags = config.EnvTags.Merge("Name", $"{prefix}-node"),
        UpdateDefaultVersion = true,
        VpcSecurityGroupIds =
        {
            // <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-security-groups>
            cluster.VpcConfig.Apply(config => config.ClusterSecurityGroupId!),
            securityGroupStack.Apply(stack => stack.Outputs["InternalAccessSG"])
        }
    });

returns an error:

aws:ec2:LaunchTemplate (alpha-eks-node-lt):
    error: 1 error occurred:
        * InvalidParameterValue: A value of '' is not valid for http-endpoint. Valid values are 'enabled' or 'disabled'.

If I remove

MetadataOptions

it succeeds.

According to LaunchTemplateMetadataOptions,

HttpEndpoint

should default to enabled. It's nullable in c#, so I expected it to use the default under the hood if unspecified. If I explicitly specify it then it works. Am I missing something or should this not be nullable?

Corresponding docs for Terraform Metadata Options

i'm having some issues deleting buckets with versioning turned on, anyone know why this might be the case? pulumi doesn't seem to delete any of the content, i have to delete it all manually before running

pulumi destroy

, otherwise it just hangs forever.

Hi All, I'm doing some work with the Aurora MySQL global database and I'm having a problem with the engine version. Does anyone know if there is a reference list of the versions that are supported. If I use no version it comes up under MySQL 5.6. I've tried a few of the 5.7 versions that work in the AWS console and I get a failure back.

I'm looking into using dotnet/c# to create a self-managed windows node group for aws eks, using https://github.com/pulumi/pulumi-eks for guidance. Is it still the case that the nodes can only be bootstrapped and synchronized via cloud formation? https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/nodegroup.ts#L562

Also, how can I port the "dynamic resource" used for randomizing the cf stack name? https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/transform.ts#L21 (Assuming it's actually required to randomize the cf stack name)

Hey everyone. How are people handling cloudfront invalidation?

I have moved my SQL Server RDS instance from one project to another. That has involved various stack import/change/export iterations, to get the name and identifier values from the old stack to be used successfully in the new stack, so that Pulumi doesn't try to delete my database. (It's pretty laborious stuff, and I can't use "alias" because the code is in a ComponentResource that is shared between multiple stacks, so there are multiple "aliases" involved). The process has worked for lots of other resources, and seems to have worked for this DB. But somehow I've got myself into a situation where any updates detected by Pulumi cause this exception:

panic: fatal: An assertion has failed: Expected diff to not require deletion or replacement during Update of urnpulumicore:shared resourcespamsaws:ManagedDb$awsrds/instanceInstance::mydb

I’m having some trouble with providers. I do not want to use the aws user logged in on my computer, but pass a secret and access key from code. I figured this would work

const provider = new aws.Provider('aws', {region: 'eu-west-3',secretKey: 'm/XXX/xxxxx',accessKey: 'XXXXX' });
const cluster = new eks.Cluster('my-cluster',{...},{ provider });

but it deploys using the user on my computer. What am I missing?

And just in case anyone knows the answer to the following issue: I’m trying to make a simple EKS cluster via pulumi.  My code and package.json: https://gist.github.com/roderik/473ec5c381526e0a668894d7dcef6459 It always error with the following error (cluster itself is deployed)

pulumi-nodejs:dynamic:Resource (newcluster-vpc-cni):
   error: Command failed: kubectl apply -f /var/folders/93/trfs1ns93nx39y22gbwx6hmr0000gn/T/tmp-13508VziZRSVp56CV.tmp
  error: You must be logged in to the server (the server has asked for the client to provide credentials)

Full error log and the yaml it tries to deploy and my computers kubeconfig: https://gist.github.com/roderik/1a969b10c4365841ab72e79b51152b9b As far as I can tell, it means my kubeconfig cannot connect to the cluster correctly. I have no aws config file on my computer and have exported AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (working credentials, we deploy and interact with clusters with these credentials constantly in the CLI and code I’m trying to replace by pulumi. Which I assume is because it did not authenticate correctly using aws-iam-authenticator?

Hi all, I am brand new to using Pulumi and am trying to make my way through the AWS ECS Fargate tutorial. I am running into an issue and my usual strategy of googling my error is failing me. If anyone is able to help me with this error I would greatly appreciate it:

error: Error: No 'docker' command available on PATH: Please install to use container 'build' mode.
        at /home/chris/cloud_db/setup/pulumi/node_modules/@pulumi/docker.ts:114:19
        at Generator.throw (<anonymous>)
        at rejected (/home/chris/cloud_db/setup/pulumi/node_modules/@pulumi/docker/docker.js:19:65

I’m really struggling with some of the provider configurations. I have a stack that deploys three k8s clusters, one on aws, one on azure and one on gcp. And, and this is proving hard, i do not want any pulumi config variables and use only environment variables or variables coded in the TS code. Got gcp and azure this is fine, i have the credentials in env files and use in the cluster creation the location field to set the region to e.g. europe-west1-b. But for eks, there is no location field, and as far as i can tell from the docs, it has to be either in the config yaml file, OR use a custom provider. I would have expected the following to work, but since i use a new aws provider, it complains that i also have to do the providerCredentialsOpts `Error: providerCredentialOpts and an AWS provider instance must be set together`:

const provider = new aws.Provider(`aws`, {
      region: location,
    });

    const cluster = new eks.Cluster(
      name,
      {
        skipDefaultNodeGroup: true,
        vpcId: vpc.id,
        publicSubnetIds: vpc.publicSubnetIds,
        privateSubnetIds: vpc.privateSubnetIds,
        instanceRoles: [role],
        name,
      },
      { provider: this.provider }
    );

But as far as I can tell, it does not listen to the env vars any more so i have to hardcode in the credentials or fetcht hem myself out or process.env.

QQ: I am constantly getting my flow log replaced on every

pulumi up

. The resulting diff is:

~ logDestination: "arn:aws:logs:us-east-1:ACCTNUMBER:log-group:kstream-vpc-dev" => "arn:aws:logs:us-east-1:ACCTNUMBER:log-group:kstream-vpc-dev:*"

As you can see, it keeps trying to add the

:*

at the end. The AWS console shows that the ARN DOES have the

:*

The code I’m using is:

const flowLog = new aws.ec2.FlowLog("vpc-flow-log-" + pulumi.getStack(), {
    iamRoleArn: config.require("FLOW_LOG_ARN"),
    logDestination: logGroup.arn,
    trafficType: "ALL",
    vpcId: vpc.id,
    tags: {
        Name: "VPC Flow Logs for " + name
    }
}, {deleteBeforeReplace: true})

Current package.json dependencies:

"dependencies": {
    "@pulumi/aws": "^3.5.0",
    "@pulumi/awsx": "^0.22.0",
    "@pulumi/docker": "^2.3.0",
    "@pulumi/pulumi": "^2.10.2"
}

Any thoughts on correcting this behavior or preventing Pulumi from trying to replace the flow log every time? p.s. I had to put

deleteBeforeReplace:true

so

pulumi up

would not fail every time.

Using Go I'm trying to create a new Lambda function and I've specified the required handler, role and runtime but I keep getting

aws:lambda:Function (my-lambda):
    error: Preview failed: required configuration keys were missing

After adding a name (that I'm assuming maps to the required function_name) still no dice. Next trying to add a local archive using the code field still nothing. I've looked at AWS docs, Pulumi docs, pkg.go.dev docs, Terraform docs and source but have been unable to figure it out. What am I missing?

If during a refresh there’s a sudden permissions issue when running pulumi it considers the objects as deleted and updates the state accodingly

If I have multiple AWS profiles in my ~\.aws\config, how do I select one when running

pulumi up

?

Hi folks, I'm trying to deploy AWS Lambda function within a VPC. I use Python, but when I call

pulumi_aws.lambda_.FunctionVpcConfigArgs

as per the documentation, I get an error

AttributeError: module 'pulumi_aws.lambda_' has no attribute 'FunctionVpcConfigArgs'

. Has anyone managed to deploy AWS Lambda function within a VPC before?

How to get the public IP address for an ALB that is in front of ECS services?

I believe I found a bug in the aws.cognito.IdentityProvider provider but it's hard for me to understand how to fix it. In short - providerDetails shouldn't serialize client_id as clientId (same goes for client_secret). Any points as to how to fix and test this locally? Been trying to set up my env for testing a custom version of pulumi-aws for a few hours now, would appreciate some help

Within a

componentResource

, is it possible to

ignoreChanges

on one of the children? I want to ignore changes on the task definition for an

awsx.ecs.FargateService

I have a feeling I will need to use transformations for this.

QQ: does pulumi support docker compose with ECS?

Hi guys, asked this already in general, but maybe here is a better chance to get an answer :) When creating an eks node group with spot instances, will it be possible to give multiple instance types (like with KOPS the mixedInstancesPolicy)? In the docs the value is named "instanceTypes" (plural), but the description says it will only accept a single value.

Hi, I received an email for this workshop: https://pulumi.awsworkshop.io/10_prerequisites.html. Is this a live event or a self phased tutorial?

I have issues with creating an EKS cluster, I get this error

aws:cloudformation:Stack (process-cluster-nodes):

error: 1 error occurred:

* creating urn:pulumi:eks-process-cluster-cdev::eks-process-cluster::eks:index:Cluster$aws:cloudformation/stack:Stack::process-cluster-nodes: 1 error occurred:

* ROLLBACK_COMPLETE: ["The following resource(s) failed to create: [NodeGroup]. . Rollback requested by user." "The requested configuration is currently not supported. Please check the documentation for supported configurations. Launching EC2 instance failed."]

error: update failed

error: Running program '/process-cluster/pulumi' failed with an unhandled exception:

TypeError: Cannot use 'in' operator to search for 'NodeGroup' in undefined

Any idea what is wrong?

Heya, not sure where to ask this question, so I'll just start here. trying to setup an API stack with Pulumi, awsx gateway, Apollo graph server and neo4j... I can get through the apollo server with some typeDefs and resolvers

import * as awsx from '@pulumi/awsx'
import { lambda } from '@pulumi/aws'
import {
  APIGatewayProxyEvent,
  Callback,
  APIGatewayProxyResult,
} from 'aws-lambda'

import { ApolloServer, gql } from 'apollo-server-lambda'

const AwsLambdaContextForPulumiContext = (
  pulumiContext: lambda.Context
): AWSLambda.Context => {
  const lambdaContext: AWSLambda.Context = {
    done() {
      throw new Error('done is just a placeholder ')
    },
    fail() {
      throw new Error('fail is just a placeholder ')
    },
    succeed() {
      throw new Error('succeed is just a placeholder ')
    },
    ...pulumiContext,
    getRemainingTimeInMillis: () =>
      parseInt(pulumiContext.getRemainingTimeInMillis(), 10),
    memoryLimitInMB: pulumiContext.memoryLimitInMB,
  }
  return lambdaContext
}

const endpoint = new awsx.apigateway.API('hello', {
  routes: [
    {
      path: '/',
      method: 'ANY',
      eventHandler: (
        event: APIGatewayProxyEvent,
        context: lambda.Context,
        callback: CallbackAPIGatewayProxyResult
      ) => {
        const awsContext = AwsLambdaContextForPulumiContext(context)

        const typeDefs = gql`
          type Query {
            hello: String
          }
        `

        const resolvers = {
          Query: {
            hello: () => 'Hello world!',
          },
        }
        const server = new ApolloServer({
          typeDefs,
          resolvers,
          playground: {
            endpoint: '/',
          },
        })

        if (event.httpMethod === 'GET') {
          server.createHandler()(
            { ...event, path: event.requestContext.path || event.path },
            awsContext,
            callback
          )
        } else {
          server.createHandler()(event, awsContext, callback)
        }
      },
    },
  ],
})

// Export the public URL for the HTTP service
exports.endpoint = endpoint.url

but once I attach neo4j driver to a neo4j sandbox all I get back is a timeout error. Wondering if anyone has tried to do this or something similar and can point me towards a resource to debug what is going on here....

Am I missing something? I go to create a bucket with

aws.s3.Bucket("rd70-stream-dev" ..)

But my bucket is created as

rd70-stream-dev-23095803

. I don't know where I get the additional, unwanted

-23095803

. Maybe I'm missing a basic s3 principal, but can't I provide arguments to not create the bucket in this case?

Hi, I'm using the the AWS Pulumi module with Python - I'm trying to create a DocumentDB cluster instance, however, I cannot see how to turn on

storage_encryption

as it's not an Input - however it is specified as an Output - https://www.pulumi.com/docs/reference/pkg/aws/docdb/clusterinstance/#storage_encrypted_python Am I missing something? Am I suppose to use

opts

?

I'm getting a very weird behaviour. I have many AWS accounts and in Pulumi I create multiple providers, one for each.

pulumi up

is working fine. Unfortunately today I'm getting lots of permission error with

pulumi regresh

, which wasn't happening before, as if it's trying to use the main AWS identity without assuming any roles for the other AWS accounts. I'm using the latest versions of Pulumi and pulumi-aws and I didn't update any of the components of my project. Is anyone experiencing the same thing?

Since today I'm getting

Invalid AWS region:

when deploying stack to AWS.

aws:region

is indeed set within the config. Does someone know whats the issue here?