https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • f

    flat-car-33421

    12/08/2020, 10:06 PM
    Apologies if this is not the right channel for such queries ... i am trying to create VPC, Security Group and EC2 Instances using pulumi-javascript, however, my EC2 instance is failing with error "security group id and subnet is a different network" i am creating VPC then Security Group by passing the VPC object and then i using both SG.id and VPC.subnetids in Instance creation: let ec2_1 = new aws.ec2.Instance("webserver-www-1", {     instanceType: size,     vpcSecurityGroupIds: [sg.id],     ami: ami.id,     subnetId: vpc.publicSubnetIds[0],     userData: userData1, }); however, when i print the vpc.publicSubnetIds[0], it s coming as [object promise] .. i am not sure how to get the value from vpc.publicSubnetIds? Thanks for the help in advance ...
    ✅ 1
    g
    • 2
    • 10
  • l

    little-cartoon-10569

    12/09/2020, 1:30 AM
    Is cross-region backup replication supported through Pulumi? I can see the feature in the AWS SDK (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StartDBInstanceAutomatedBackupsReplication.html) but not in TF or Pulumi. I may be looking in the wrong place though...
  • q

    quiet-agency-98780

    12/09/2020, 11:18 AM
    I am trying to make a vpc, ec2 instance, a load balancer and an nginx web server with a page deployed in it through Pulumi. I’m looking for some example based on which I can start expanding
    👍 1
    c
    • 2
    • 2
  • l

    little-cartoon-10569

    12/10/2020, 8:36 PM
    If anyone is looking for a pet project over Christmas, wrapping AWS' Reachability Analyzer in something that can be easily used in Pulumi integration tests would be O for Oarsome... https://docs.aws.amazon.com/vpc/latest/reachability/getting-started.html
    g
    • 2
    • 7
  • g

    gifted-vase-28337

    12/10/2020, 10:06 PM
    Does Pulumi support AWS Client VPN?
    g
    • 2
    • 1
  • b

    big-account-56668

    12/11/2020, 10:03 AM
    I'd like to manage a lambda environment variables with Pulumi. Having imported an existing resource and trying to make a change it's failing with
    * filename or s3_* attributes must be set
    Is it possible to work around this some how? Note that I need to ignore code updates which happens elsewhere.
  • b

    big-account-56668

    12/11/2020, 10:17 AM
    Terraform does not seem to have this requirement on its
    aws_lambda_function
    resource as I've been able to define and use those independent of code. The code is updated separately using the AWS cli and it all seems to work the way I expect.
    w
    • 2
    • 3
  • p

    powerful-furniture-83753

    12/11/2020, 10:39 AM
    I've got an API gateway setup using crosswalk. I'd like to add CORS to one of my endpoints (which has a Cognito Authorizer associated with it)... i can't seem to find any examples/docs of how to do this. Anyone have any ideas?
    w
    • 2
    • 2
  • f

    flat-car-33421

    12/12/2020, 12:34 PM
    is there a way to configure and deploy S3 static-website using “HTTPS” protocol within pulumi aws.s3.Bucket ?
    ✅ 1
    b
    b
    • 3
    • 7
  • c

    creamy-knife-53051

    12/14/2020, 3:04 PM
    Hi everyone! Is aws elasticsearch CNAME supported on pulumi? (python) https://aws.amazon.com/about-aws/whats-new/2020/11/amazon-elasticsearch-service-now-supports-defining-a-custom-name-for-your-domain-endpoint/
  • f

    flat-car-33421

    12/14/2020, 6:07 PM
    although i am returning, *headers: { “Access-Control-Allow-Origin”: “*” }*, from my lambda function and also got following configuration for API Gateway endpoint: // add vote api const songsAddApiResource = new aws.apigateway.Resource(preName(‘voteresource’), { restApi: songsApiRest.id, parentId: songsApiRest.rootResourceId, pathPart: ‘vote’ }) const authApi = new aws.apigateway.Authorizer(preName(‘authorizer’), { restApi: songsApiRest.id, authorizerUri: authFunction.invokeArn }) const songsAddApiMethod = new aws.apigateway.Method(preName(‘votemethod’), { restApi: songsApiRest.id, resourceId: songsAddApiResource.id, authorization: ‘CUSTOM’, authorizerId: authApi.id, httpMethod: ‘POST’ }) const songsAddApiIntegration = new aws.apigateway.Integration(preName(‘voteintegration-post’), { restApi: songsApiRest.id, resourceId: songsAddApiResource.id, httpMethod: songsAddApiMethod.httpMethod, integrationHttpMethod: ‘POST’, type: ‘AWS_PROXY’, uri: recordVotesFunction.invokeArn }) i am still getting following CORS error while accessing post endpoint from javascript: has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
    ✅ 1
    f
    • 2
    • 5
  • a

    alert-raincoat-81485

    12/14/2020, 8:20 PM
    Folks, how to handle error handling if ssm parameter not found? is there any way of handling exceptions if parameter not found? What i am getting in my code is invocation of ‘PARAMETER’ returned an error and doesn’t execute else part. Any help?
    g
    • 2
    • 1
  • r

    rough-oxygen-8318

    12/16/2020, 5:17 AM
    I guess this is some how related to the previous message, but I still want to ask, is there any option to handle these type of Exceptions from AWS API? I wasn't able to catch this exception with regular
    try/except
    blocks inside my python code. Any pattern or suggestion? Thanks.
    l
    • 2
    • 6
  • a

    abundant-appointment-96790

    12/16/2020, 6:55 AM
    Hi all! Is there anyway to hook a lambda function with a Cloudwatch Event rule that returns a static JSON? The
    EventRule.onEvent
    doesn’t seem to support customize the payload and only support the default one. More info: EventRule -> SQS: you can use 
    new aws.cloudwatch.EventTarget
     and it will emit a static JSON to the SQS queue. When I tried to do the same thing for Lambda, passing the Lambda ARN into 
    aws.cloudwatch.EventTarget
     , the Lambda triggered is not created (presumably because EventSourceMapping is not created underneath). The only way to hook an 
    EventRule
     to a Lambda is to call: 
    EventRule.onEvent
    . But that doesn’t let me configure the payload (code linked in the comment)
    f
    • 2
    • 2
  • g

    gifted-yak-28427

    12/16/2020, 3:39 PM
    Hey guys. When deploying a RDS instance with both
    snapshot_identifier
    and
    username
    defined the username does not get set to what I've defined. It always stays at what was originally in the snapshot. The problem is this results in a replacement loop as pulumi always detects a difference. Anyone know if I'm missing something or are these two not meant to be used together?
    b
    • 2
    • 2
  • g

    gentle-account-13294

    12/17/2020, 12:43 AM
    Are there full examples of creating a VPN with Self signed cert credentials somewhere ? Note: I was able to setup the VPN Endpoint in AWS , Add Associations , Routes etc.. however, the instructions i had before when i tried (without pulumi) using
    easyrsa
    certificates and keys, said that I have to: • download the VPN config from the Web console • Modify the config to add path to the cert and key • https://prasaddomala.com/2020/04/02/aws-client-vpn-setup-private-access-across-aws-accounts-and-vpcs/ So i tried to dump the cert and key generated using..
    # one year
    VALID_HOURS = 24 * 365
    
    # read teh CA cert obtained from running
    # ./easyrsa init-pki && ./easyrsa build-ca nopass
    with open("ca_encoded.pem", "r") as ca_crt:
        ca_crt_chain = ca_crt.read().replace("\n", " ")
    
    # TODO: check if we can use this instead of using easy rsa
    test_vpn_private_key = tls.PrivateKey("test_vpn", algorithm="RSA")
    test_vpn_self_signed_cert = tls.SelfSignedCert(
        "test_vpnSelfSignedCert",
        key_algorithm="RSA",
        private_key_pem=test_vpn_private_key.private_key_pem,
        subjects=[
            tls.SelfSignedCertSubjectArgs(
                common_name="<http://test_vpn.com|test_vpn.com>",
                organization="Valo Health",
            )
        ],
        validity_period_hours=VALID_HOURS,
        allowed_uses=[
            "key_encipherment",
            "digital_signature",
            "server_auth",
            "dns_names",
            "is_ca_certificate",
        ],
    )
    
    cert_test_vpn = aws.acm.Certificate(
        "test_vpn",
        private_key=test_vpn_private_key.private_key_pem,
        certificate_body=test_vpn_self_signed_cert.cert_pem,
        certificate_chain=test_vpn_self_signed_cert.cert_pem,
    )
    but the certificate chain is not what it should be…
    g
    g
    • 3
    • 16
  • a

    alert-raincoat-81485

    12/17/2020, 7:04 PM
    Is there any pulumi api that runs the custom resource as cloudformation! https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html
    b
    w
    • 3
    • 3
  • a

    average-school-38756

    12/21/2020, 4:14 PM
    Anyone have a convention for using pulumi CLI to force a new ECS deployment (for example, after a Secret is changed)?
    f
    c
    f
    • 4
    • 7
  • b

    bumpy-motorcycle-53357

    12/22/2020, 4:47 PM
    Has there been any Pulumi announcement or support for EKS Add-Ons? https://aws.amazon.com/blogs/containers/introducing-amazon-eks-add-ons/ Pulumi did a brief blog post about it (https://www.pulumi.com/blog/reinvent-2020-eks-announcements/#simplified-install-and-management-for-kubernetes-cni-plugin), but didn't mention if/when Pulumi would add support for it.
  • w

    wooden-truck-40033

    12/23/2020, 1:09 PM
    @here anyone created eks cluster using the option
    vpcCni
    This is to set custom vpc cni for cluster. I am looking to use vpc cni > 1.6.0 defualt pulumi creates 1.6.0
    s
    • 2
    • 2
  • h

    hundreds-receptionist-31352

    12/23/2020, 8:32 PM
    Hi, I'm having a very weird error, I have a custom pulumi component that call a sdk function to get the loadbalancer arn, and when it happens, I got this error: Error: connect EHOSTUNREACH 169.254.169.254:80 at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1134:16) if I execute the same code outsite of the pulumi component it works, I read that could be something related with the aws credentials, but the rest of the code works well, any idea? it only happens when I use a custom function that use the aws sdk.
    b
    • 2
    • 4
  • s

    sparse-gold-89283

    12/23/2020, 11:18 PM
    Anyone know on EKS if there is a straightforward way to default to encrypted volumes? The only thing I've found so far is creating a copy of the EKS ami and then setting that through the launch template. I haven't gotten that working yet, and it seems like there would be a better route for what I imagine is a pretty common requirement.
    b
    • 2
    • 1
  • b

    best-lifeguard-91445

    01/02/2021, 12:04 AM
    Is there a way to specify for Cloudfront, the Cache and origin request settings -> Use a cache policy and origin request policy value? Cache Policy: Managed-CachingOptimized Origin Request Policy: Managed-CORS-S3Origin From the cloudfront console: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html
  • a

    alert-raincoat-81485

    01/05/2021, 11:27 PM
    Just curious to know how can we collect the logs using
    pulumi logs
    All i see the message is
    Collecting logs for stack stack11 since 2021-01-05T13:55:54.000-08:00.
    g
    • 2
    • 14
  • c

    cuddly-smartphone-15267

    01/06/2021, 5:09 AM
    guys, would it be fair to say that the 'crosswalk' stuff is essentially an 'opinionated' version of some of the pulumi APIs?
    g
    l
    • 3
    • 6
  • r

    rhythmic-student-36708

    01/06/2021, 8:23 PM
    Quick question I setup an event source mapping from msk to Lambda (the lambda and msk are both in my VPC which was created using crosswalk with 2 public subnets and 1 private subnet
    export const vpc = new awsx.ec2.Vpc('vpc', {
        subnets: [
            { type: 'public' },
            { type: 'public', name: 'test-3' },
            { type: 'private' },
        ],
        numberOfNatGateways: 2
    })
    But when I check the status of my ESM I see this message under
    LastProcessingResult
    "PROBLEM: Connection error. Please check your event source connection configuration." After doing some digging and finding articles like https://awsfeed.com/whats-new/compute/using-amazon-msk-as-an-event-source-for-aws-lambda I'm at a loss for what the issue is FYI: ingress/egress are both allowing all traffic for the SG, and for the VPC config for both the consumer lambda and the msk cluster I'm using the first 2 subnets
    vpcConfig: {
          securityGroupIds: [securityGroup.id],
          subnetIds: PRIVATE_SUBNETS
        }
  • l

    limited-pager-46264

    01/07/2021, 10:01 AM
    Aren’t there functions to delete resources like VPC?
    b
    • 2
    • 5
  • r

    rhythmic-student-36708

    01/07/2021, 2:32 PM
    I'm now getting
    "PROBLEM: Lambda internal error. Please contact Lambda customer support."
    in the LastProcessingResult output for the ESM
    b
    • 2
    • 55
  • g

    gifted-terabyte-92288

    01/08/2021, 4:12 PM
    Morning! Question about the DataDog provider: Is this method: https://www.pulumi.com/docs/reference/pkg/datadog/aws/integrationlogcollection/ the same thing as setting this up manually? https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function/?tab=awsconsole
    w
    • 2
    • 2
  • l

    limited-pager-46264

    01/08/2021, 6:48 PM
    I would like to perform the same set of task in a couple of regions in AWS. Instead of creating 2 stack and associating regions to them, can I loop through the regions using a single stack?
    b
    • 2
    • 2
Powered by Linen
Title
l

limited-pager-46264

01/08/2021, 6:48 PM
I would like to perform the same set of task in a couple of regions in AWS. Instead of creating 2 stack and associating regions to them, can I loop through the regions using a single stack?
b

broad-dog-22463

01/08/2021, 6:49 PM
Hi @limited-pager-46264 This blog post will help https://www.pulumi.com/blog/controlling-aws-costs-with-lambda-and-pulumi/#deploying-to-multiple-regions
l

limited-pager-46264

01/08/2021, 6:50 PM
Interesting! I’ll go through it. Thanks a lot Paul 👍
View count: 1