https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • l

    little-cartoon-10569

    11/24/2020, 9:06 PM
    I'm having problems updating a recently-imported SNS TopicPolicy. I'm getting the less-then-helpful error InvalidParameter: Invalid parameter: Policy Error: null. Since the only field I'm updating is the policy doc, I'm guessing the error is there. I'm guessing the format of the doc based on IAM policy docs, so maybe I'm making mistakes. Is there an example of creating an SNS TopicPolcy in Pulumi anywhere? Or a spec for TopicPolicy policy documents?
    b
    • 2
    • 2
  • d

    dazzling-sundown-39670

    11/25/2020, 8:49 AM
    Is there any way to use a bastion of sorts in Pulumi to use
    mysql.User
    on a MySQL cluster behind a VPC?
    l
    • 2
    • 7
  • r

    refined-bear-62276

    11/25/2020, 9:42 AM
    Hello friends, is there a way with pulumi to stop an ec2 instance without destroying it?
    b
    • 2
    • 2
  • r

    refined-bear-62276

    11/25/2020, 1:05 PM
    Is there a way to set a role to an inline lambda function to do stuff with the aws sdk?
    const endpoint = new awsx.apigateway.API(`service-api`, {
      routes: [
        // Serve static files from the `www` folder (using AWS S3)
        {
          path: "/",
          localPath: "www",
        },
    
        // Serve a simple REST API on `GET /name` (using AWS Lambda)
        {
          path: "/start",
          method: "GET",
          eventHandler: async (event) => {
            try {
              const ec2 = new aws.sdk.EC2();
              const myInstance = await server.id.get();
              const params = {
                InstanceIds: [myInstance],
              };
    ...
    b
    • 2
    • 3
  • p

    powerful-furniture-83753

    11/26/2020, 10:24 AM
    Morning all.. anyone know how to reference complex types across stacks? For example, i have subnet ids that i want to export from one stack to put in another?
    Output<string[]>
    doesn't seem to convert well to
    Input<string>[]
    (using typescript btw).
    t
    l
    c
    • 4
    • 14
  • a

    agreeable-ram-97887

    11/26/2020, 2:40 PM
    Hello everyone, question here regarding EKS Fargate profiles and subnets. In short, I am getting the error "Subnet <subnet-name> provided in Fargate Profile is not a private subnet" but, as far as I'm aware, I already have set it to private? Has anyone else encountered this before and figured out how to solve it? Hopefully I'm not missing something simple 🤔
    l
    c
    • 3
    • 7
  • a

    aloof-grass-44583

    11/27/2020, 2:12 AM
    Hey guys, running into issue while creating records for a web server. The domain name is getting suffixed when the record is created and preventing proper routing. When deployed the record ends up with mydomain.com-suffix. I've referenced the docs and see that the 'name' property can be used to lock down the resource name but it seems to overlap with the record name param. I'm using the python sdk and for reference here is my record resource:
    a_record = aws.route53.Record("a",
                                  zone_id=hosted_zone.zone_id,
                                  name="<http://mydomain.com|mydomain.com>",
                                  type="A",
                                  ttl=30,
                                  records=[server.public_ip])
    l
    • 2
    • 5
  • b

    busy-umbrella-36067

    11/28/2020, 4:55 AM
    Does this example have valid IAM credentials attached to the lambda function? https://www.pulumi.com/blog/scheduling-serverless/
    b
    • 2
    • 4
  • b

    busy-umbrella-36067

    11/28/2020, 5:02 AM
    Is there any way to attach extra permissions to the inline lambdas?
    f
    • 2
    • 2
  • l

    little-cartoon-10569

    11/29/2020, 9:31 PM
    Has anyone ever noticed weird spooky magicness happening with LogMetricFilters?
    • 1
    • 9
  • f

    future-nail-59564

    11/30/2020, 5:26 PM
    Has anyone used
    keybase
    to encrypt/decrypt user passwords with
    aws.iam.UserLoginProfile
    ? The
    encryptedPassword
    output returns a simple string in the form
    wcFMA433DHhZWgKpARAAXYd0q2oRc83hFcLJXQMV9yC…
    but keybase seems to expect something of the form
    BEGIN KEYBASE SALTPACK ENCRYPTED MESSAGE. keDIDMQWYvVR58B FTfTeDQNHx1585M … 1UfUcHnbYM8vtOw OsZfpid. END KEYBASE SALTPACK ENCRYPTED MESSAGE.
    for decryption… 🤔
    b
    l
    • 3
    • 12
  • a

    alert-raincoat-81485

    11/30/2020, 6:20 PM
    Hello folks, I am trying to run a script through userdata as per the example shown but look like it’s not successfully running.
    user_data = """
    #!/bin/bash
    
    ## Checking if Splunk user exist ##
    if getent passwd splunk > /dev/null 2>&1;
    then
        echo "splunk user exist"
    else
        useradd -m splunk
        echo 'splunk    ALL=(ALL:ALL)   ALL' >> /etc/sudoers
        echo 'splunk    ALL=(ALL:ALL)   NOPASSWD' >> /etc/sudoers
    fi
    """
    Instances = aws.ec2.Instance(
                    ins_name,
                    user_data = user_data,
                    ami = ami_centos.value,
                    iam_instance_profile = iam_profile,
                    instance_type = self.instance_type,
                    subnet_id = sbnet,
                    tags={"Name": ins_name},
                )
                instance_info = {
                    "id": Instances.id,
                    "primary_network_interface_id": Instances.primary_network_interface_id,
                    "instance_name": ins_name,
                }
    )
    b
    g
    p
    • 4
    • 17
  • f

    future-nail-59564

    11/30/2020, 10:28 PM
    Is it possible that we can only have a single
    aws.iam.GroupMembership
    per
    aws.iam.Group
    ? I want to be able to attach a user to a group, independently from the users already part of that group. Therefore, in my User component, I am creating a
    GroupMembership
    specifically for that user-group relationship:
    new aws.iam.GroupMembership(
            `${username}-${group}`,
            {
              users: [username],
              group: group,
            },
    However, it appears that this group membership gets overwritten by each user, even if all GroupMembership resources have unique names. The first time I run my stack, the group is correctly created in IAM with all users, however the state doesn’t seem to be updated correctly, because the next time I run the stack (while there is supposed to be no change), it removes all users from group in IAM but one. I assuming it’s a bug, because the second run of the stack should be idempotent.
    l
    • 2
    • 7
  • l

    little-cartoon-10569

    12/01/2020, 12:05 AM
    I notice that aws.backup.RegionsSettings and aws.backup.VaultPolicy are documented but not included in the JS SDK. Is that intentional? Maybe I need to update?
    b
    • 2
    • 4
  • r

    refined-bear-62276

    12/01/2020, 11:14 PM
    hello friends, I'm curious about SpotInstances. When I run
    pulumi up
    and an instance is replaced, the old SpotInstance is not terminated, just kind of hangs around, is that the expected behavior?
    p
    • 2
    • 1
  • n

    nice-lamp-12786

    12/02/2020, 3:57 AM
    I'm trying to launch an AWS EC2 instance using
    iamInstanceProfile
    so that I can pull an ECR container image from the EC2 instance, but I'm not seeing examples, and there seems to be problems (using the most recent version of Pulumi)
    const role = new aws.iam.Role("role", {
        path: "/",
        assumeRolePolicy: `{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": "sts:AssumeRole",
                "Principal": {
                   "Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
                },
                "Effect": "Allow",
                "Sid": ""
            }
        ]
    }
    `,
    });
    
    const testProfile = new aws.iam.InstanceProfile("testProfile", {role: role.name});
    
    const server = new aws.ec2.Instance("webserver-www", {
        ami: ami.id,
        iamInstanceProfile: testProfile,
    ...
    I'm not sure if this is the right approach -- it's not working.
    b
    • 2
    • 7
  • n

    nice-lamp-12786

    12/02/2020, 4:45 AM
    On a different note, it appears that AWS t4g instances are not supported? I'm getting this error when I try to launch an EC2 instance type of "t4g.nano":
    aws:ec2:Instance (webserver-www):
        error: 1 error occurred:
            * Error launching source instance: Unsupported: The requested configuration is currently not supported. Please check the documentation for supported configurations.
            status code: 400, request id: f97087d6-efc6-4893-8362-344c997733c0
    b
    l
    • 3
    • 8
  • q

    quaint-guitar-13446

    12/02/2020, 5:03 AM
    Is there a way to load an RDS instance akin to how
    Vpc.fromExistingIds
    works?
    g
    c
    • 3
    • 8
  • c

    cuddly-smartphone-15267

    12/02/2020, 6:48 AM
    hey guys, i'm having a bit of trouble creating a creating the route53 Records that I need to for validation of a certificate request. this is the relevant code (C#) firstly i create a certificate:
    var cert = new Certificate("cert", new CertificateArgs
            {
                DomainName = domainName,
                Tags =
                {
                    {"Environment", "test"},
                },
                ValidationMethod = "DNS"
            });
    then i try to create a dns record:
    var validationRecord = new Record($"validationRecord",
                    new RecordArgs
                    {
                        AllowOverwrite = true,
                        Name = cert.DomainValidationOptions.Apply(x => x[0].ResourceRecordName),
                        Records = new[] {cert.DomainValidationOptions.Apply(x => x[0].ResourceRecordValue)},
                        Type = cert.DomainValidationOptions.Apply(x => x[0].ResourceRecordType),
                        Ttl = 60,
                        ZoneId = zone.Apply(z => z.ZoneId),
                    })
    however it seems like it's not actually passing the domain validation option values into the Record object. I'm getting this error:
    Diagnostics:
        aws:route53:Record (validationRecord):
            error: aws:route53/record:Record resource 'validationRecord' has a problem: Required attribute is not set
            error: aws:route53/record:Record resource 'validationRecord' has a problem: Required attribute is not set
    am i doing something obviously stupid?
    g
    • 2
    • 2
  • w

    wooden-truck-40033

    12/02/2020, 10:36 AM
    Hi there , Anyone used eks package with nodegroups? especially this parameters extraNodeSecurityGroups: ? I can't seem to get security groups attached to worker nodes. Raised an issue too https://github.com/pulumi/pulumi-aws/issues/1242
  • n

    nice-lamp-12786

    12/02/2020, 3:19 PM
    I am launching a server, using
    const server = new aws.ec2.Instance
    and once it is up and running, I need to execute a command (I'm going to
    scp
    a Rust MUSL executable into the server from the harddrive of the machine that is running
    pulumi
    ). Is there an existing and/or easy way to do that?
    g
    • 2
    • 2
  • n

    narrow-xylophone-93444

    12/02/2020, 6:07 PM
    Hello - I'm new to Pulumi! It's particularly interesting to me because using the Automation API looks way better than shelling out to AWS CDK. The one problem I've noticed is that the docs omit any mention of support for AWS MediaLive, which is critical for my use case (even though it supports all its sister services like MediaPackage and MediaStore!). It seems like Terraform has the same limitation too. I'm not expecting to deploy general infrastructure through Pulumi in the near future - just simple video broadcast pipelines and a few S3 buckets. So my question is: should I just be hacking a solution with AWS CDK, or is there a workaround that would allow me to create MediaLive resources through Pulumi? I couldn't find anything in the Pulumi docs about this.
    l
    g
    • 3
    • 4
  • c

    cuddly-smartphone-15267

    12/03/2020, 7:08 AM
    Is there any way to attach additional ssl certificates to a load balancer from pulumi? Eg to serve from multiple domains
    b
    • 2
    • 3
  • c

    cuddly-smartphone-15267

    12/03/2020, 12:16 PM
    I’m still learning docker and ECS but let’s say I have an ECR repo and I’ve pushed my docker image there, what resources do I need to add in pulumi to be able to utilise the image? I’ve gotten as far as getting a load balancer set up with ssl cert. now I would like to point it at a docker app. I can’t use fargate as it’s a windows docker image.
    b
    w
    • 3
    • 6
  • n

    nice-lamp-12786

    12/03/2020, 4:35 PM
    Trying to deploy to an AWS t4g instance using Typescript, but getting a typescript error in pulumi version = v2.14.0 that
    node_modules/@pulumi/aws/types/enums/ec2/index.d.ts
    does not have an enum value for "t4g.micro".
    Diagnostics:
      pulumi:pulumi:Stack (website-website):
        error: Running program '/home/user/code/pulumi/website' failed with an unhandled exception:
        TSError: ⨯ Unable to compile TypeScript:
        index.ts(222,3): error TS2322: Type '"t4g.micro"' is not assignable to type 'Input<"a1.2xlarge" | "a1.4xlarge" | "a1.large" | "a1.medium" | "a1.xlarge" | "c3.2xlarge" | "c3.4xlarge" | "c3.8xlarge" | "c3.large" | "c3.xlarge" | "c4.2xlarge" | "c4.4xlarge" | ... 154 more ... | "z1d.xlarge">'.
    
            at createTSError (/home/user/code/pulumi/website/node_modules/ts-node/src/index.ts:261:12)
            at getOutput (/home/user/code/pulumi/website/node_modules/ts-node/src/index.ts:367:40)
            at Object.compile (/home/user/code/pulumi/website/node_modules/ts-node/src/index.ts:558:11)
            at Module.m._compile (/home/user/code/pulumi/website/node_modules/ts-node/src/index.ts:439:43)
            at Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
            at Object.require.extensions.<computed> [as .ts] (/home/user/code/pulumi/website/node_modules/ts-node/src/index.ts:442:12)
            at Module.load (internal/modules/cjs/loader.js:928:32)
            at Function.Module._load (internal/modules/cjs/loader.js:769:14)
            at Module.require (internal/modules/cjs/loader.js:952:19)
            at require (internal/modules/cjs/helpers.js:88:18)
    I got around this before by hand editing the ts file in node_modules, but that seems like a bad approach (since I had to 
    npm install
     again and it blew away my hacky changes). What's the better way to get around this?
    "devDependencies": {
            "@types/node": "^10.17.48"
        },
        "dependencies": {
            "@pulumi/aws": "^3.17.0",
            "@pulumi/awsx": "^0.22.0",
            "@pulumi/pulumi": "^2.15.0",
            "@types/ssh2": "^0.5.39",
            "@types/uuid": "^3.4.4",
            "scp2": "^0.5.0",
            "ssh2": "^0.8.5",
            "uuid": "^3.4.0"
        }
    b
    b
    r
    • 4
    • 7
  • g

    gifted-vase-28337

    12/03/2020, 10:17 PM
    I'm seeing this error:
    └─ aws:ec2:NatGateway    nat-gateway-nat-gateway  **failed**               1 error
     
    Diagnostics:
      aws:ec2:NatGateway (nat-gateway-nat-gateway):
        error: aws:ec2/natGateway:NatGateway resource 'nat-gateway-nat-gateway' has a problem: Required attribute is not set
    but it doesn't tell me what attribute is not set. Plus I've set all the required attributes per the documentation (resource_name, allocation_id, subnet_id). Here's the resource call:
    nat_gateway = aws.ec2.NatGateway(
        resource_name="foo",
        allocation_id=eip.allocation_id,
        subnet_id=subnet.id,
    )
    where
    eip
    is an
    aws.ec2.Eip
    and
    subnet
    is an
    aws.ec2.Subnet
    , both created above. Is the issue that the
    eip.allocation_id
    or
    subnet.id
    calls aren't resolving, and I should use
    apply
    or some such?
    g
    • 2
    • 4
  • q

    quaint-guitar-13446

    12/04/2020, 4:16 AM
    Hey guys I'm getting a crash in pulumi causing my stack to be corrupted
    panic: fatal: An assertion has failed
    
    goroutine 49346 [running]:
    <http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)>
            /Users/runner/work/pulumi/pulumi/sdk/go/common/util/contract/failfast.go:23
    <http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assert(...)|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assert(...)>
            /Users/runner/work/pulumi/pulumi/sdk/go/common/util/contract/assert.go:26
    <http://github.com/pulumi/pulumi/sdk/v2/go/common/resource/plugin.(*provider).Read|github.com/pulumi/pulumi/sdk/v2/go/common/resource/plugin.(*provider).Read>(0xc0007a1260, 0xc001e93880, 0x65, 0x0, 0x0, 0x0, 0xc001652270, 0xe9b18d, 0x7fc200000004, 0xc001a49800, ...)
            /Users/runner/work/pulumi/pulumi/sdk/go/common/resource/plugin/provider_plugin.go:763 +0x1037
    <http://github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*ReadStep).Apply(0xc0016522d0|github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*ReadStep).Apply(0xc0016522d0>, 0x0, 0x1cf17e0, 0x23, 0xc00054de40, 0x3)
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step.go:620 +0x105
    <http://github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepExecutor).executeStep(0xc000734400|github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepExecutor).executeStep(0xc000734400>, 0x60, 0x201a480, 0xc0016522d0, 0x5, 0x0)
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step_executor.go:271 +0x209
    <http://github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepExecutor).executeChain(0xc000734400|github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepExecutor).executeChain(0xc000734400>, 0x60, 0xc001f74260, 0x1, 0x1)
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step_executor.go:221 +0xef
    <http://github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepExecutor).worker.func1(0xc000734400|github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepExecutor).worker.func1(0xc000734400>, 0x60, 0xc001f74260, 0x1, 0x1, 0xc0017f4360)
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step_executor.go:371 +0xc5
    created by <http://github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepExecutor).worker|github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepExecutor).worker>
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step_executor.go:368 +0x2e7
    error Command failed with exit code 2.
    c
    • 2
    • 5
  • s

    sparse-intern-71089

    12/05/2020, 12:21 PM
    This message was deleted.
    f
    • 2
    • 1
  • c

    cuddly-smartphone-15267

    12/06/2020, 12:13 PM
    i'm trying to set up an ECS cluster and getting an error:
    error creating capacity provider: ClientException: ECS Service Linked Role does not exist. Please create a Service linked role for ECS and try again.
    My code is pretty much based on this example: https://github.com/pulumi/examples/blob/aws-ecs-conatiner-instances-automation/aws-py-ecs-instances-autoapi/py-ecs-instance/__main__.py i don't see where I would be setting up a service linked role in this code workflow. would it be something similar to lines 36-57 above?
    b
    • 2
    • 5
  • b

    busy-magazine-48939

    12/08/2020, 8:09 AM
    Is there any working example on how to use EKS and NLB with mix protocols on the same ip address (different ports are fine)?
    error: resource demo/demo-service-x3i6m60y was not successfully created by the Kubernetes API server : Service "demo-service-x3i6m60y" is invalid: spec.ports: Invalid value: []core.ServicePort{core.ServicePort{Name:"udp-demo", Protocol:"UDP", AppProtocol:(*string)(nil), Port:6666, TargetPort:intstr.IntOrString{Type:1, IntVal:0, StrVal:"udp-demo"}, NodePort:0}, core.ServicePort{Name:"tcp-demo", Protocol:"TCP", AppProtocol:(*string)(nil), Port:6665, TargetPort:intstr.IntOrString{Type:1, IntVal:0, StrVal:"tcp-demo"}, NodePort:0}}: cannot create an external load balancer with mix protocols
Powered by Linen
Title
b

busy-magazine-48939

12/08/2020, 8:09 AM
Is there any working example on how to use EKS and NLB with mix protocols on the same ip address (different ports are fine)?
error: resource demo/demo-service-x3i6m60y was not successfully created by the Kubernetes API server : Service "demo-service-x3i6m60y" is invalid: spec.ports: Invalid value: []core.ServicePort{core.ServicePort{Name:"udp-demo", Protocol:"UDP", AppProtocol:(*string)(nil), Port:6666, TargetPort:intstr.IntOrString{Type:1, IntVal:0, StrVal:"udp-demo"}, NodePort:0}, core.ServicePort{Name:"tcp-demo", Protocol:"TCP", AppProtocol:(*string)(nil), Port:6665, TargetPort:intstr.IntOrString{Type:1, IntVal:0, StrVal:"tcp-demo"}, NodePort:0}}: cannot create an external load balancer with mix protocols
View count: 5