bland-byte-34481
01/15/2021, 10:20 PMpulumi preview
or pulumi up
(and nothing is being changed) - is there any way to prevent this outside of migrating away from awsx components?
for more detail - i'm calling addListenerRule
to add rules to the ALB and also addListener
to add listeners to the load balancer - the "diff" has no unexpected side effects outside of just generating a diff every time I deploy changesbrash-student-27683
01/18/2021, 12:48 PMfuture-oyster-5387
01/18/2021, 8:04 PMquaint-guitar-13446
01/19/2021, 6:42 AMsilly-address-30441
01/19/2021, 11:05 PMlog_rate('foo', count)
from code in a ECS cluster and see a graph of how many foos
per second are happening. This looks like something I can set up with a bit of overhead using CloudWatch Custom Metrics, but will I regret going down that road? The UI doesn't seem as rich as something like Grafana, but it's nice I don't have to install anything else. Any thoughts or advice?billowy-oxygen-65892
01/20/2021, 12:11 AMerror: 1 error occurred:
* updating urn:pulumi:prod::speedlimit-alert::aws:lambda/function:Function::speedlimit-alert-prod-speedingAlert: 1 error occurred:
* At least one field is expected inside environment
eager-petabyte-62054
01/20/2021, 5:42 AMgrant*
in Pulumi?sparse-spring-91820
01/20/2021, 10:51 AMnutritious-shampoo-16116
01/20/2021, 3:28 PMcidr_blocks
changes, the replacement of the aws:ec2:SecurityGroupRule
fails giving the error
* [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxxxx). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error message: the specified rule "peer: SOME_CIDR, TCP, from port: 443, to port: 443, ALLOW" already exists
Is there any way of getting around this?nutritious-shampoo-16116
01/20/2021, 3:29 PMadventurous-lighter-33507
01/20/2021, 7:48 PMfrom pulumi_aws import ecr
image_name="my_image"
repo = ecr.Repository(f"my_repo/{image_name}")
bland-byte-34481
01/20/2021, 9:19 PMaws:lb:TargetGroup (sample-full-dev-retool-tg):
error: aws:lb/targetGroup:TargetGroup resource 'sample-full-dev-retool-tg' has a problem: "name" cannot be longer than 32 characters
(you see the "name" is only 25 characters long... is this a bug?)lively-ice-73493
01/21/2021, 12:14 AMawsx.apigateway.API
to create a PRIVATE APIGW Rest endpoint. I documented it here: https://github.com/pulumi/pulumi-awsx/issues/627
This doesn't work because private APIGWs need a RestApiPolicy.
let endpoint = new awsx.apigateway.API(`ea-orders-${stackEnv}`, {
restApiArgs: {
endpointConfiguration: {
types: "PRIVATE",
vpcEndpointIds: [execApiVpcEndpointId],
},
},
routes: [{
path: "/",
method: "GET",
eventHandler: async (event) => {
// This code runs in an AWS Lambda and will be invoked any time `/` is hit.
return {
statusCode: 200,
body: "hello",
};
},
}],
},
);
Yeah, restApiArgs takes a policy arg but that doesn't work. This is my current hack. I run pulumi up
twice, yep twice, with the below and it works. The first time partially works but the deploy of the API fails because the policy isn't created before the deploy fires. The second pulumi up
works because the policy is in place and the deploy can work now. Is this just how the APIGW crosswalk works right now or am I missing something?
let endpoint = new awsx.apigateway.API(`ea-orders-${stackEnv}`, {
restApiArgs: {
endpointConfiguration: {
types: "PRIVATE",
vpcEndpointIds: [execApiVpcEndpointId],
},
},
routes: [{
path: "/",
method: "GET",
eventHandler: async (event) => {
// This code runs in an AWS Lambda and will be invoked any time `/` is hit.
return {
statusCode: 200,
body: "hello",
};
},
}],
},
);
const eaOrdersApiPolicy = new aws.apigateway.RestApiPolicy(`ea-orders-${stackEnv}`, {
restApiId: endpoint.restAPI.id,
policy: executeApiPolicy,
});
few-pillow-1133
01/22/2021, 8:00 AMrhythmic-fireman-45324
01/22/2021, 1:04 PMshy-oxygen-8874
01/22/2021, 8:24 PMvar image = awsx.ecs.Image.fromDockerBuild("WebAuthImage", {
dockerfile: "D:/code/kaiju/deploy/Dockerfile",
context: "D:/code/kaiju",
args: {
"APP_NAME": "web-auth",
"GITHUB_TOKEN": process.env.GITHUB_TOKEN ?? "ERROR TOKEN"
}
});
With debug logging, I can see the docker image build succeed during the plan step of pulumi up
.purple-mouse-61376
01/25/2021, 3:07 AMvpc_config
is an unexpected keyword argument. Here's the code for the class I'm making which extends the eks.Cluster class:
class AwsEks(eks.Cluster):
def __init__(self, name='', policy_statement=None, **kwargs):
if name:
asset_key = f"{name}-eks"
else:
asset_key = "eks"
self.asset_name = f"{environment}-{asset_key}"
self._role = AwsRole(
service="<http://eks.amazonaws.com|eks.amazonaws.com>",
name=asset_key
)
self.vpc_config = ClusterVpcConfigArgs(
subnet_ids = SUBNET_IDS
vpc_id = VPC_ID
)
if policy_statement:
self._policy = AwsPolicy(
name=asset_key,
policy_statement=policy_statement
)
self.policy_attachment = AwsPolicyAttachment(
role_name=self._role.name,
policy_arn=self._policy.arn,
name=asset_key
)
super().__init__(
resource_name=self.asset_name,
name=self.asset_name,
vpc_config = self.vpc_config,
role=self._role.arn,
**kwargs
)
export(self.asset_name, self.id)
And the error:
TypeError: __init__() got an unexpected keyword argument 'vpc_config'
Using this for reference:
https://www.pulumi.com/docs/reference/pkg/aws/eks/cluster/#create
def Cluster(
resource_name: str,
opts: Optional[ResourceOptions] = None,
enabled_cluster_log_types: Optional[Sequence[str]] = None,
encryption_config: Optional[ClusterEncryptionConfigArgs] = None,
kubernetes_network_config: Optional[ClusterKubernetesNetworkConfigArgs] = None,
name: Optional[str] = None,
role_arn: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
version: Optional[str] = None,
vpc_config: Optional[ClusterVpcConfigArgs] = None
)
prehistoric-kite-30979
01/25/2021, 3:12 PMchilly-receptionist-94436
01/26/2021, 3:09 PMchilly-receptionist-94436
01/26/2021, 7:50 PMquiet-leather-94755
01/27/2021, 7:02 AMaverage-lamp-65631
01/27/2021, 8:48 AMgifted-yak-28427
01/27/2021, 1:44 PMbucket_sse = aws.s3.Bucket.get(
resource_name = "dev-file-storage-sse",
id = "arn:aws:s3:::dev-file-storage-sse"
)
Pulumi complaining about the arn though:
aws:s3:Bucket (dev-file-storage-sse):
error: Preview failed: refreshing urn:pulumi:sandbox1::compute::aws:s3/bucket:Bucket::dev-file-storage-sse: 1 error occurred:
* error reading S3 Bucket (arn:aws:s3:::dev-file-storage-sse): InvalidARNError: invalid ARN
caused by: invalid Amazon s3 ARN, unknown resource type, arn:aws:s3:::dev-file-storage-sse
The arn was copied from the console, so it's correct. Am I missing something obvious here? I can access the bucket without issues from the cli using the same user that pulumi is running with.rhythmic-fireman-45324
01/27/2021, 3:36 PMchilly-receptionist-94436
01/27/2021, 5:53 PM* error creating Lambda Function: ValidationException:
status code: 400, request id: 65419587-ddbb-465b-9d57-afb7efb7fcb0
Anyway to get more detailed information?stocky-france-59380
01/27/2021, 7:56 PMerror TS2345: Argument of type '{ eventSelectors: { dataResources: { type: string; values: string[]; }[]; includeManagementEvents: true; readWr
iteType: string; }[]; }' is not assignable to parameter of type 'TrailArgs'.
Property 's3BucketName' is missing in type '{ eventSelectors: { dataResources: { type: string; values: string[]; }[]; includeManagementEvents: true; readWriteT
ype: string; }[]; }' but required in type 'TrailArgs'.
at createTSError (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:293:12)
at reportTSError (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:297:19)
at getOutput (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:399:34)
at Object.compile (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:457:32)
at Module.m._compile (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:536:43)
at Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
at Object.require.extensions.<computed> [as .ts] (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:539:12)
at Module.load (internal/modules/cjs/loader.js:863:32)
at Function.Module._load (internal/modules/cjs/loader.js:708:14)
at Module.require (internal/modules/cjs/loader.js:887:19)
rhythmic-fireman-45324
01/28/2021, 11:00 AMProvide Your Own DKIM Authentication Token
approach?
I currently achieve it with aws cli:
aws sesv2 create-email-identity --cli-input-json <file://path>
And then look up existing resource manually to get its id.rhythmic-fireman-45324
01/28/2021, 11:03 AMDkimSigningAttributes
in interface like DomainDkimArgs
hundreds-receptionist-31352
01/28/2021, 2:15 PMchilly-receptionist-94436
01/28/2021, 3:22 PMaws:s3:Bucket (srcConfig):
error: Preview failed: refreshing urn:pulumi:dev::ts::aws:s3/bucket:Bucket::srcConfig: 1 error occurred:
* error reading S3 Bucket (aaaaa): BadRequest: Bad Request
status code: 400, request id: 411AC7A2EAE77462, host id: wg9X8hI45FSMSck7azalz1D3AG1WuFpC93zPrtKX+Z+Ph3aGoeDn+hWWSW96ElvfrdVyHQuxY8E=