pulumi-community #aws

broad-dog-22463

10/08/2020, 2:29 PM

@here we are investigating a P1 issue were Pulumi config is not being read - this is prominent in pulumi-aws v3.6.0 and pulumi-azure v3.24.0 If this is affecting you, you can downgrade the version while we fix this up

broad-dog-22463

10/08/2020, 6:57 PM

This issue has been resolved and pulumi-aws v3.6.1 has been released

nice-policeman-63970

10/08/2020, 9:46 PM

Hi, i'm new to pulumi and also mostly new to AWS. I'm trying to deploy a service in fargate using the awsx package. Unlike the basic examples of this in the docs, I want to expose the service via HTTPS on a custom domain. I have almost figured it out, but I'm running into a weird issue I can't figure out with security rules and health checks. My basic setup is this: • a

awsx.ecs.FargateService

, with a container listening on port 8080 • a

<http://awsx.lb|awsx.lb>.ApplicationTargetGroup

for port 8080 HTTP with the right healthcheck configured. This is connected to the container/service via

portMappings

• a

<http://awsx.lb|awsx.lb>.ApplicationListener

for port 443 HTTPS, connected to the targetGroup • ... a bunch of route53/ACM stuff that seems to be working by now The problem is that the health checks that the Target Group performs are failing with this setup, but succeeding with a listener on port 8080 HTTP (using the same

targetGroup

!) I have narrowed the problem down to the

awsx:x:ec2:IngressSecurityGroupRule

(+egress) named

listener-id-external-0-ingress

awsx creates. This only includes port 443. If I add port 8080 via the console, everything works. I would have expected that this rule is only applied to the external load balancer, not to the container, but maybe not? What can I do to fix this, without fully rewriting from awsx to aws components? (happy to post typescript snippets as well if they are helpful)

sparse-state-34229

10/09/2020, 12:56 AM

Anyone know how I can disable the

last_updated_by_user

tag?

adamant-translator-31969

10/09/2020, 1:55 PM

Hi! I want to test a project with mocha but, i have this error

ERROR: Error: Cannot find module 'ts-node/register'

Require stack:

rhythmic-napkin-82334

10/10/2020, 6:59 PM

Hey all, we run prefect on AWS EKS for orchestration. (How) Can I change a

config.toml

using pulumi for the k8s agent?

dazzling-sundown-39670

10/11/2020, 10:11 PM

So I have an efs store with a creation key, then I have 1 PersistentVolume and 1 PersistentVolumeClaim with both

persistentVolumeReclaimPolicy: 'Retain',

. How come the data is lost when I do

pulumi destroy; pulumi up

? Is this due to the random names?

worried-queen-62794

10/11/2020, 10:26 PM

When a resource depends on an EC2 resource I'm guessing it only waits for it to be created and not be in the

Running

state? If so how can I make it wait?

wonderful-window-14544

10/12/2020, 1:16 PM

Hello, trying to import AWS lighsail StaticIp to pulumi as existting resouce (imported a few things before and it works) but something is not ok. Pulumi cannot import that IP. Looks like AWS API request requirements is not fullfilled. Here is pulumi code:

Copy code

const staticIp = new aws.lightsail.StaticIp(
  "my-static-ip",
  {
    name: "my-static-ip"
  },
  {
    import: "my-static-ip",
  }
);

and here is output from pulumi:

Copy code

{
      RespMetadata: {
        StatusCode: 400,
        RequestID: "foo-baar"
      },
      Code_: "MissingParams",
      Message_: "These parameters are required: staticIpName"
    }

Is it some way how to import that IP?

quaint-electrician-41503

10/13/2020, 4:24 AM

I'm trying to use https://www.pulumi.com/docs/reference/pkg/aws/iam/rolepolicyattachment/ and I only have a library the exports a role arn vs a role. Any ideas how I can do this or do I have to go back to the library provider and ask them to export the role?

future-megabyte-14556

10/13/2020, 10:03 AM

Is it possible to configure EKS NodeGroup to use elastic IPs ? I need my Nodes to run on reserved IP addresses. Using TypeScript btw.

dazzling-sundown-39670

10/13/2020, 12:18 PM

How come I get this error (

error creating RDS DB Instance: InvalidParameterCombination: RDS does not support creating a DB instance with the following combination: DBInstanceClass=db.m5.xlarge, Engine=aurora, EngineVersion=5.6.mysql_aurora.1.22.2, LicenseModel=general-public-license

) using Pulumi but can create the same combination via the aws console?

broad-church-78931

10/13/2020, 5:23 PM

Hi, if defining with Pulumi so that the Secrets Manager to rotate RDS secrets would the lambda functions need to be defined manually,,? Asking because from the AWS console defining the rotation seems to be automated in that parts...

happy-pencil-64085

10/13/2020, 8:09 PM

Is there a best practice for calling the AWS SDK from my pulumi program? Currently writing in C# and most of my infrastructure is defined in the constructors for my different stacks. Essentially, I need to create a table in Athena and there is no way to do it through the current Pulumi (terraform) API

quaint-electrician-41503

10/13/2020, 9:55 PM

How can we detach a policy from an aws role instance? https://docs.aws.amazon.com/cli/latest/reference/iam/detach-role-policy.html

quaint-electrician-41503

10/14/2020, 5:25 AM

I've been using

iam.RolePolicyAttachment

since yesterday to attach to an

iam.Policy

to a role. https://pulumi-community.slack.com/archives/CRH5ENVDX/p1602563075111100 . It seemed to work. Today I am again trying to use the same

iam.RolePolicyAttachment

. I see pulumi tell me the role attachment is created. But I look into the AWS console and look at the role or the policy itself and it's not attached. I am able to attach an aws manage policy today but not the custom policy I added yesterday. What should I be looking for as the breaking change? Why does pulumi tell me the attachment is created but I don't see it attached?

ambitious-father-68746

10/14/2020, 2:02 PM

Hi, when I run any

pulumi

command I'm getting:

Copy code

error: failed to load checkpoint: blob (key ".pulumi/stacks/prod.json") (code=Unknown): MissingRegion: could not find region configuration

ambitious-father-68746

10/14/2020, 2:03 PM

Copy code

$ cat Pulumi.prod.yaml
...
config:
  aws:region: eu-west-1
...

ambitious-father-68746

10/14/2020, 2:03 PM

Is this not used for the initial connection AWS? I'm using S3 to store state and KMS to store the secret key.

broad-dog-22463

10/14/2020, 2:13 PM

@ambitious-father-68746 what version of Pulumi aws are you using?

ambitious-father-68746

10/14/2020, 2:14 PM

The latest, 3.7.0, but it was happening on the previous one as well

broad-dog-22463

10/14/2020, 2:14 PM

Mmmhhhh

broad-dog-22463

10/14/2020, 2:14 PM

Can you open an issue with some details and I can look into it immediately?

ambitious-father-68746

10/14/2020, 2:14 PM

Thank you, I will

billowy-army-68599

10/14/2020, 2:42 PM

i believe this is a known issue, we don't actually read the backend config from the stack config, so you need to set

AWS_REGION

. I can't find the issue detailing it now, but @white-balloon-205 may know more

☝️ 1

worried-queen-62794

10/14/2020, 8:34 PM

This morning I am unable to update. I seem to be encountering https://github.com/pulumi/pulumi-aws/issues/814. I don't get why it would be using an expired token, I am manually calling

aws sts get-session-token

(because I use MFA) and setting the

AWS_ACCESS_KEY_ID

AWS_SECRET_ACCESS_KEY

AWS_SESSION_TOKEN

myself. They are definitely not expired. Any idea why this would be happening?

billowy-ocean-41790

10/14/2020, 9:49 PM

Hi! I'm trying to use AWS SecretsManager with an ECS service I'm provisioning. In the few places that receive a secret ARN, the pulumi typescript expects a

string

rather than an

Output<string>

. We'd expect it to accept

string | Output<string>

, so that we can dynamically assign it from a

new aws.secretsmanager.Secret

billowy-ocean-41790

10/14/2020, 9:50 PM

Right now this is in the

secrets

valueFrom

of our ECS container definition.

billowy-ocean-41790

10/14/2020, 9:50 PM

Is there a technical constraint or reason for it to be like this?

dazzling-sundown-39670

10/14/2020, 11:36 PM

https://github.com/kubernetes/autoscaler/tree/master/charts/cluster-autoscaler-chart#aws---iam how would I do this part in Pulumi?