https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • h

    happy-pencil-64085

    11/09/2020, 10:27 PM
    Does the aws configuration bag contain other key:values other than aws:region?
    b
    • 2
    • 3
  • s

    sticky-bear-14421

    11/10/2020, 10:43 AM
    Accidently posted my question in the #general channel instead of here, will copy my assume role chaining problem over here
  • s

    sticky-bear-14421

    11/10/2020, 10:43 AM
    Hi, I've got some trouble chaining providers with assumeRole and I guess Im doing something perfectly wrong, as the role chaining works in my shell. When executing pulumi up I am in the starting role, then I create the first provider ("intermediate") and execute aws.getCallerIdentity() and I get the correct json Then I use this provider to assume into the destination role inside a second account but ..
    • 1
    • 5
  • s

    steep-spoon-2023

    11/10/2020, 3:07 PM
    Hey guys, any idea how to modify the aws-auth config map for EKS to allow other IAM entites aside from the creator to interact with the cluster?
    • 1
    • 1
  • a

    able-morning-18592

    11/10/2020, 5:15 PM
    I am having issues with AWS/KMS secrets provider, error and info in thread.
    • 1
    • 2
  • l

    little-cartoon-10569

    11/11/2020, 1:54 AM
    I'm using pulumi.awsx's SecurityGroups, and
    createIngressRule()
    etc. For at least the rules defined using
    location
    and
    cidrBlocks
    , if I update the cidrBlocks, then it causes duplicated security group rules, and errors out. I can't add
    deleteBeforeCreate
    because the
    opts
    field on this class takes a CustomResourceOptions, not a ComponentResourceOptions.
    g
    • 2
    • 3
  • d

    dazzling-sundown-39670

    11/11/2020, 10:53 PM
    How do I decode this error?
    aws:ec2/launchTemplate:LaunchTemplate resource 'spot-workers' has a problem: ConflictsWith
    g
    • 2
    • 3
  • d

    dazzling-sundown-39670

    11/12/2020, 8:51 PM
    How can I tell if my
    NodeGroup
    changes will remove the nodes or just update them?
    b
    • 2
    • 4
  • b

    breezy-butcher-78604

    11/13/2020, 7:14 AM
    i'm attempting to import a Route53 hosted zone into a template but since Pulumi adds "Managed by Pulumi" to the
    comment
    property when nothing is provided, the import fails since there's a difference. I've tried supplying an empty string but that still causes a difference to be picked up. is there a way to simply not include the comment property?
    d
    • 2
    • 2
  • c

    colossal-librarian-55280

    11/13/2020, 10:44 PM
    Hi there! I'm running into some issues when trying to set up an ECS cluster with an AutoScalingGroup using a VPC defined in another stack. I've created a minimal reproduction example to illustrate the issue. The output is pretty opaque, I'm really blind here as to what seems to be the problem... https://github.com/eordano/autosg-repro Would really appreciate some help! More info in thread:
    b
    c
    • 3
    • 7
  • k

    kind-school-28825

    11/15/2020, 6:00 PM
    Anyone care to share an example that points a Route53 A record to an ALB? I can only see an example in the docs that is pointing to an ELB and not an ALB. Not sure how to achieve this.
    ✅ 1
    a
    • 2
    • 3
  • m

    most-address-4174

    11/16/2020, 6:15 PM
    Hey all! 👋 I’m trying to launch an EC2 instance that looks like:
    const server = new aws.ec2.Instance('xyz-staging-server-instance', {
      instanceType: 't2.micro',
      vpcSecurityGroupIds: [securityGroup.id], // reference the security group resource above
      ami: ami.id,
    })
    And I get the following error:
    aws:ec2:Instance (xyz-staging-server-instance):
    error: 1 error occurred:
    * Error launching source instance: VPCIdNotSpecified: No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC.
    I found this issue, which says specifying a subnet ID should help, but I can’t seem to work out how specifying the
    subnetId
    property should work 🤔 Has anyone seen/dealt with this before?
    g
    • 2
    • 4
  • d

    dazzling-sundown-39670

    11/16/2020, 9:45 PM
    Seeing this while running pulumi up in Github Actions:
    error: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
    . What can I do? It's worked so many times before. I'm using
    pulumi.StackReference
    to retrieve the kubeconfig. Works fine locally
    • 1
    • 1
  • h

    hundreds-musician-51496

    11/17/2020, 12:08 AM
    I'm using Lambda@Edge (Cloudfront + lambda functions). When I try to destroy the stack, and occasionally when I update (and am removing functions), I get this error from AWS. Any ideas how to work around this?
    error: deleting urn:pulumi:zzz::deploy::aws:lambda/function:Function::xxx: Error deleting Lambda Function: InvalidParameterValueException: Lambda was unable to delete arn:aws:lambda:us-east-1:1111:function:xxx:1 because it is a replicated function. Please see our documentation for Deleting Lambda@Edge Functions and Replicas.
    • 1
    • 2
  • m

    most-address-4174

    11/17/2020, 1:47 PM
    Hey all! Does anyone have experience deploying an EC2 instance into ECS? We’re having issue where the creation of the ECS service is hanging on `pulumi up`:
    b
    • 2
    • 8
  • f

    future-journalist-90839

    11/20/2020, 2:33 AM
    Hello I’m having difficulties running pulumi up Basically this is what I’m trying to do but for AWS lambda https://www.pulumi.com/resources/getting-started-gcp-serverless-graphql/
    error: Error serializing '() => { const typeDefs = ` type Quer ...': index.js(10,16)
    const aws = require("@pulumi/aws");
    const pulumi = require("@pulumi/pulumi");
    const env = pulumi.getStack();
    
    const { ApolloServer } = require("apollo-server-lambda");
    
    const factory = () => {
      const typeDefs = `
        type Query {
          dummy: String!
        }
      `;
    
      const resolvers = {
        Query: {
          hello: () => "Hello world!",
        },
      };
      const server = new ApolloServer({
        typeDefs,
        resolvers,
        playground: true,
        introspection: true,
      });
    
      return server.createHandler();
    };
    
    module.exports = {
      route: {
        path: "/social/grapqql",
        method: "ANY",
        eventHandler: new aws.lambda.CallbackFunction(`${env}-social`, {
          callback: factory,
        }),
        apiKeyRequired: true,
      },
    };
  • f

    future-journalist-90839

    11/20/2020, 3:18 AM
    nvm found the problem, I was using react style imports 🤦
    const { ApolloServer } = require("apollo-server-lambda");
    🙂 1
    👍 1
  • f

    future-journalist-90839

    11/20/2020, 3:22 AM
    need coffee lol
  • a

    alert-raincoat-81485

    11/20/2020, 6:55 AM
    Hello folks, When i am trying to create Ingress/Egress attribute of the SecurityGroup, it throws a following error
    ingress=[aws.ec2.SecurityGroupIngressArgs(
        AttributeError: module 'pulumi_aws.ec2' has no attribute 'SecurityGroupIngressArgs'
    The code was referred from an Pulumi docs example.
    security_group = aws.ec2.SecurityGroup( # type: ignore
        "secgrp",
        description="Splunk Hybrid cloud security group",
        vpc_id=vpcid,
        ingress=[aws.ec2.SecurityGroupIngressArgs(
            description="TLS from VPC",
            from_port=443,
            to_port=443,
            protocol="tcp",
            cidr_blocks=["0.0.0.0/0"],
        )],
        egress=[aws.ec2.SecurityGroupEgressArgs(
            from_port=0,
            to_port=0,
            protocol="-1",
            cidr_blocks=["0.0.0.0/0"],
        )],
    )
    Any suggestions?
    w
    b
    • 3
    • 10
  • b

    brash-student-27683

    11/23/2020, 4:15 PM
    I have a few hundred EC2 servers running (currently not part of a Pulumi stack). How do I do patch management across those servers? I am looking for an alternative to AWS Systems Manager. I also am looking for a way to execute other commands in these instances at scale (updating firewall rules for example). Is Pulumi a good tool to use for this use case?
    b
    c
    • 3
    • 6
  • f

    future-nail-59564

    11/23/2020, 10:35 PM
    Hey! 👋 🙂 Could anyone point me to some doc about the proper format expected by the
    pgpKey
    property of classes such
    aws.iam.AccessKey
    and
    aws.iam.UserLoginProfile
    . It’s really unclear what the base-64 encoded PGP public key is expected to be. No matter what I try, I always get this:
    * Error encrypting IAM Access Key Secret: error parsing given PGP key: openpgp: invalid data: tag byte does not have MSB set
    I created my key-pair using:
    $ openssl genrsa -out keypair.pem 2048
    Then exported the public-key part with:
    $ openssl rsa -in keypair.pem -pubout -out publickey.crt
    Then I tried to pass that public key using different variations: 1. with/without BEGIN/END markers, 2. with/without new lines, 3. with/without over-base-64-encoding the whole thing, etc… But no luck! 😓
    l
    • 2
    • 5
  • a

    alert-raincoat-81485

    11/23/2020, 11:33 PM
    Folks, How to assign multiple policies to one role. As per example, only one arn is assigned to the role. Is there any way we can assign multiple existing policies.
    policy = aws.iam.Policy("policy",
        description="A test policy",
        policy="""{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": [
            "ec2:Describe*"
          ],
          "Effect": "Allow",
          "Resource": "*"
        }
      ]
    }
    """)
    test_attach = aws.iam.PolicyAttachment("test-attach",
        users=[user.name],
        roles=[role.name],
        groups=[group.name],
        policy_arn=policy.arn)
    b
    l
    • 3
    • 6
  • l

    little-cartoon-10569

    11/24/2020, 4:00 AM
    Is there a shortcut for using Outputs in policy documents? How to I refer to outputs from resources when calling
    aws.iam.getPolicyDocument
    , short of using
    pulumi.all().apply()
    ?
    • 1
    • 2
  • v

    victorious-helmet-11068

    11/24/2020, 10:12 AM
    hi all. can I use multiple region with aws.cloudformation.get_export() ? I’m tring with:
  • v

    victorious-helmet-11068

    11/24/2020, 10:12 AM
    Untitled
  • v

    victorious-helmet-11068

    11/24/2020, 10:12 AM
    with no success (py)
  • f

    future-nail-59564

    11/24/2020, 1:37 PM
    ls
    l
    • 2
    • 2
  • h

    hundreds-receptionist-31352

    11/24/2020, 3:39 PM
    Hi, I'm trying to import a Eks cluster created previously without pulumi, using the command line and I'm getting this error:
    pulumi import aws:eks/cluster:Cluster mserv-test-eks mserv-testing-eks -d -v 999
    Previewing import (testing):
         Type                 Name                 Plan       Info
         pulumi:pulumi:Stack  qallariy-testing                1 error; 11 debugs
     =   └─ aws:eks:Cluster   mserv-test-eks  import     3 errors
    Diagnostics:
      pulumi:pulumi:Stack (qallariy-testing):
        debug: Attempting to use session-derived credentials
        debug: Successfully derived credentials from session
        debug: AWS Auth provider used: "AssumeRoleProvider"
        debug: Trying to get account information via sts:GetCallerIdentity
        debug: Trying to get account information via sts:GetCallerIdentity
        debug: Reading EKS Cluster: {
        debug:   Name: "mserv-testing-eks"
        debug: }
        debug: Truncating attribute path of 0 diagnostics for TypeSet
        debug: Truncating attribute path of 0 diagnostics for TypeSet
        debug: Truncating attribute path of 0 diagnostics for TypeSet
        error: preview failed
      aws:eks:Cluster (mserv-test-eks):
        error: aws:eks/cluster:Cluster resource 'mserv-test-eks' has a problem: Computed attribute cannot be set
        error: aws:eks/cluster:Cluster resource 'mserv-test-eks' has a problem: Computed attribute cannot be set
        error: Preview failed: one or more inputs failed to validate
    Please copy the following code into your Pulumi application. Not doing so
    will cause Pulumi to report that an update will happen on the next update command.
    Please note, that the imported resources are marked as protected. To destroy them
    you will need to remove the `protect` option and run `pulumi update` *before*
    the destroy will take effect.
    does anyone have a clue? thanks in advance!
  • b

    broad-dog-22463

    11/24/2020, 3:54 PM
    Hi @hundreds-receptionist-31352 / @adamant-translator-31969 It seems you both have the same issue wth the import of an EKS Cluster - can one of you opena . bug in pulumi-aws to suggest this so we can track it and get it fixed up?
  • s

    shy-football-10348

    11/24/2020, 4:25 PM
    Hi folks, I am about to try to set up AWS Codebuild + AWS Codepipeline for my Pulumi Jupyterhub ECS infrastructure. I’ve not set up a pipeline like this before and wanted to reach out to yall about some things that are a bit confusing to me in regards to Pulumi’s role in the pipeline. My directory structure for my stack looks like this:
    jupyterhub > tree
    .
    ├── README.md
    ├── jupyterhub.png
    └── src
        ├── docker-hub
        │   ├── Dockerfile
        ├── docker-notebook
        │   ├── Dockerfile
        ├── jupyterhub-code-pipeline
        │   ├── Pulumi.jupyterhub-code-pipeline.yaml
        │   ├── Pulumi.yaml
        │   ├── __main__.py
        │   └── requirements.txt
        ├── jupyterhub-ecs-infra
        │   ├── Pulumi.jupyterhub-ecs-infra.yaml
        │   ├── Pulumi.yaml
        │   ├── __main__.py
        │   └── requirements.txt
        ├── jupyterhub-net-infra
        │   ├── Pulumi.jupyterhub-network-infra.yaml
        │   ├── Pulumi.yaml
        │   ├── __main__.py
        │   ├── config.yml
        │   └── requirements.txt
        └── notebook-ecs-infra
            ├── Pulumi.notebook-ecs-infra.yaml
            ├── Pulumi.yaml
            ├── __main__.py
            └── requirements.txt
    Based on this structure and the following documentation for Pulumi + Codebuild — I believe I will need multiple
    buildspec.yml
    files to account for these different stacks, is that correct? Looking at the Pulumi module for Codebuild shows a supporting type called
    ProjectSecondarySource
    where you need to specify a buildspec — is there where I would specify each of my projects? For example, will I need a
    ProjectSecondarySource
    for
    jupyterhub-net-infra
    ,
    notebook-ecs-infra
    , and
    jupyterhub-ecs-infra
    ? It seems so. Finally, one thing I am concerned about is this reliance of
    jupyterhub-ecs-infra
    and
    notebook-ecs-infra
    to be in sync. Specifically, when you make an update to the task definition in
    notebook-ecs-infra
    the arn for the task definition changes, as a result,
    jupyterhub-ecs-infra
    needs to be updated to reference that new taskdefiniton arn from the updated notebook stack. How do I account for this in my pipeline? Should I be completely rebuilding the infrastructure after every merge to master? Apologies if this is a massive post. Thanks in advance!
    • 1
    • 1
Powered by Linen
Title
s

shy-football-10348

11/24/2020, 4:25 PM
Hi folks, I am about to try to set up AWS Codebuild + AWS Codepipeline for my Pulumi Jupyterhub ECS infrastructure. I’ve not set up a pipeline like this before and wanted to reach out to yall about some things that are a bit confusing to me in regards to Pulumi’s role in the pipeline. My directory structure for my stack looks like this:
jupyterhub > tree
.
├── README.md
├── jupyterhub.png
└── src
    ├── docker-hub
    │   ├── Dockerfile
    ├── docker-notebook
    │   ├── Dockerfile
    ├── jupyterhub-code-pipeline
    │   ├── Pulumi.jupyterhub-code-pipeline.yaml
    │   ├── Pulumi.yaml
    │   ├── __main__.py
    │   └── requirements.txt
    ├── jupyterhub-ecs-infra
    │   ├── Pulumi.jupyterhub-ecs-infra.yaml
    │   ├── Pulumi.yaml
    │   ├── __main__.py
    │   └── requirements.txt
    ├── jupyterhub-net-infra
    │   ├── Pulumi.jupyterhub-network-infra.yaml
    │   ├── Pulumi.yaml
    │   ├── __main__.py
    │   ├── config.yml
    │   └── requirements.txt
    └── notebook-ecs-infra
        ├── Pulumi.notebook-ecs-infra.yaml
        ├── Pulumi.yaml
        ├── __main__.py
        └── requirements.txt
Based on this structure and the following documentation for Pulumi + Codebuild — I believe I will need multiple
buildspec.yml
files to account for these different stacks, is that correct? Looking at the Pulumi module for Codebuild shows a supporting type called
ProjectSecondarySource
where you need to specify a buildspec — is there where I would specify each of my projects? For example, will I need a
ProjectSecondarySource
for
jupyterhub-net-infra
,
notebook-ecs-infra
, and
jupyterhub-ecs-infra
? It seems so. Finally, one thing I am concerned about is this reliance of
jupyterhub-ecs-infra
and
notebook-ecs-infra
to be in sync. Specifically, when you make an update to the task definition in
notebook-ecs-infra
the arn for the task definition changes, as a result,
jupyterhub-ecs-infra
needs to be updated to reference that new taskdefiniton arn from the updated notebook stack. How do I account for this in my pipeline? Should I be completely rebuilding the infrastructure after every merge to master? Apologies if this is a massive post. Thanks in advance!
i figured it out
View count: 3