Using the awsx LoadBalancer classes to add elements to a load balancer always generates a diff every time I run

pulumi preview

or

pulumi up

(and nothing is being changed) - is there any way to prevent this outside of migrating away from awsx components? for more detail - i'm calling

addListenerRule

to add rules to the ALB and also

addListener

to add listeners to the load balancer - the "diff" has no unexpected side effects outside of just generating a diff every time I deploy changes

I am using pulumi crosswalk to deploy a fargate cluster. Sometimes I want to force a new deployment of fargate service..even though there are no new changes..how do I get pulumi to do this? I do not want to redeploy the entire stack - just the fargate service..thanks!

How can I customize the RDS Snapshot policy for an RDS MySQL Instance? How can I customize the log retention period for an aws.lambda.CallbackFunction?

Is there any documentation for configuring autoscaling for fargate services?

This isn't a pulumi question yet, but I'm curious about other folks experience logging metrics. I want to be able to call something like

log_rate('foo', count)

from code in a ECS cluster and see a graph of how many

foos

per second are happening. This looks like something I can set up with a bit of overhead using CloudWatch Custom Metrics, but will I regret going down that road? The UI doesn't seem as rich as something like Grafana, but it's nice I don't have to install anything else. Any thoughts or advice?

Running into issue when deploying stack to aws

error: 1 error occurred:
        * updating urn:pulumi:prod::speedlimit-alert::aws:lambda/function:Function::speedlimit-alert-prod-speedingAlert: 1 error occurred:
        * At least one field is expected inside environment

Hi folks. I’m trying to rewrite some AWS CDK code using Pulumi. Is there utils similar to AWS CDK’s

grant*

in Pulumi?

For anyone who is interested in codepipeline example with pulumi here is my working demo example: https://github.com/ikovac/CICD-pipeline-with-pulumi Repo is still not fully finished, due to other business obligations, but it works. Feel free to ask any question, also feel free to criticize if there is something it can be improved.

Hi! I get stuck every time when my list of

cidr_blocks

changes, the replacement of the

aws:ec2:SecurityGroupRule

fails giving the error

* [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxxxx). This may be
    a side effect of a now-fixed Terraform issue causing two security groups with
    identical attributes but different source_security_group_ids to overwrite each
    other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
    information and instructions for recovery. Error message: the specified rule "peer: SOME_CIDR, TCP, from port: 443, to port: 443, ALLOW" already exists

Is there any way of getting around this?

I am thinking of hashing the cidr_blocks myself and appending that to the rule name, but I feel this would be more a workaround than a proper fix

Hello, I am trying to create an AWS ECR in Python that has the visibility set to 'public', but i am not seeing anything in the API that looks like it will set that value, what would I need to adjust about this snippet to accomplish that?

from pulumi_aws import ecr
image_name="my_image"
repo = ecr.Repository(f"my_repo/{image_name}")

I'm not sure if this is a bug so i'll ask - I get this error:

aws:lb:TargetGroup (sample-full-dev-retool-tg):
    error: aws:lb/targetGroup:TargetGroup resource 'sample-full-dev-retool-tg' has a problem: "name" cannot be longer than 32 characters

(you see the "name" is only 25 characters long... is this a bug?)

Hi! I was trying to use

awsx.apigateway.API

to create a PRIVATE APIGW Rest endpoint. I documented it here: https://github.com/pulumi/pulumi-awsx/issues/627 This doesn't work because private APIGWs need a RestApiPolicy.

let endpoint = new awsx.apigateway.API(`ea-orders-${stackEnv}`, {
    
    restApiArgs: {
        endpointConfiguration: {
            types: "PRIVATE",
            vpcEndpointIds: [execApiVpcEndpointId],        
        },
    },
    
    routes: [{
        path: "/",
        method: "GET",
        eventHandler: async (event) => {
            // This code runs in an AWS Lambda and will be invoked any time `/` is hit.
            return {
                statusCode: 200,
                body: "hello",
            };
        },
    }],

},
);

Yeah, restApiArgs takes a policy arg but that doesn't work. This is my current hack. I run

pulumi up

twice, yep twice, with the below and it works. The first time partially works but the deploy of the API fails because the policy isn't created before the deploy fires. The second

pulumi up

works because the policy is in place and the deploy can work now. Is this just how the APIGW crosswalk works right now or am I missing something?

let endpoint = new awsx.apigateway.API(`ea-orders-${stackEnv}`, {
    
    restApiArgs: {
        endpointConfiguration: {
            types: "PRIVATE",
            vpcEndpointIds: [execApiVpcEndpointId],        
        },
    },
    
    routes: [{
        path: "/",
        method: "GET",
        eventHandler: async (event) => {
            // This code runs in an AWS Lambda and will be invoked any time `/` is hit.
            return {
                statusCode: 200,
                body: "hello",
            };
        },
    }],

},
);

const eaOrdersApiPolicy = new aws.apigateway.RestApiPolicy(`ea-orders-${stackEnv}`, {
    restApiId: endpoint.restAPI.id,
    policy: executeApiPolicy,
});

Hi, Any idea when Pulumi would support AWS Proton (application Deployment Service) integration give it's also api-based This takes the power of platform automation to the next level, and provides balance between do it yourself by developers and platform team rolling out standard template

Hi, how to test lambda locally? ( like invoke local in serverless )

Hi, I'm working on a demo to evaluate Pulumi for our AWS resources. I think I have it nearly working, but when I try to upload a docker image to ECR using awsx.ecs.Image.fromDockerBuild, I get an error that docker login has failed. It looks to me like the temporary credentials the awsx module gets from ECR may not be making it down into the docker module. All of the other resources in my project (including the automatically created ECR repo) look like they've successfully created themselves. Here's the build code

var image = awsx.ecs.Image.fromDockerBuild("WebAuthImage", {
            dockerfile: "D:/code/kaiju/deploy/Dockerfile",
            context: "D:/code/kaiju",
            args: {
                "APP_NAME": "web-auth",
                "GITHUB_TOKEN": process.env.GITHUB_TOKEN ?? "ERROR TOKEN"
            }
        });

With debug logging, I can see the docker image build succeed during the plan step of

pulumi up

.

Hi everyone! I'm trying to create an EKS cluster with an existing VPC, but I'm getting and error that

vpc_config

is an unexpected keyword argument. Here's the code for the class I'm making which extends the eks.Cluster class:

class AwsEks(eks.Cluster):
    def __init__(self, name='', policy_statement=None, **kwargs):
        if name:
            asset_key = f"{name}-eks"
        else:
            asset_key = "eks"

        self.asset_name = f"{environment}-{asset_key}"

        self._role = AwsRole(
            service="<http://eks.amazonaws.com|eks.amazonaws.com>",
            name=asset_key
        )

        self.vpc_config = ClusterVpcConfigArgs(
            subnet_ids = SUBNET_IDS
            vpc_id = VPC_ID
        )

        if policy_statement:
            self._policy = AwsPolicy(
                name=asset_key,
                policy_statement=policy_statement
                )

            self.policy_attachment = AwsPolicyAttachment(
                role_name=self._role.name,
                policy_arn=self._policy.arn,
                name=asset_key
            )

        super().__init__(
            resource_name=self.asset_name,
            name=self.asset_name,
            vpc_config = self.vpc_config,
            role=self._role.arn,
            **kwargs
        )

        export(self.asset_name, self.id)

And the error:

TypeError: __init__() got an unexpected keyword argument 'vpc_config'

Using this for reference: https://www.pulumi.com/docs/reference/pkg/aws/eks/cluster/#create

def Cluster(
  resource_name: str,
  opts: Optional[ResourceOptions] = None,
  enabled_cluster_log_types: Optional[Sequence[str]] = None,
  encryption_config: Optional[ClusterEncryptionConfigArgs] = None,
  kubernetes_network_config: Optional[ClusterKubernetesNetworkConfigArgs] = None,
  name: Optional[str] = None,
  role_arn: Optional[str] = None,
  tags: Optional[Mapping[str, str]] = None,
  version: Optional[str] = None,
  vpc_config: Optional[ClusterVpcConfigArgs] = None
)

Hi all, when I create an eks cluster in a non-default VPC using the crosswalk library it fails because the security groups are still being created in the default VPC. Is this a bug or am I not configuring something I should have?

Anyone who can verify if aws step functions is supported now? Thanks!

Currently in python, the change of 'environment' in Lambda function is not detected. And when I enter 'yes' anyway during 'pulumi up', it is just stuck, so I need to terminate the process using Ctrl+c. Anyone who has the same experience?

Hi! 👋 I'm having some issues with replacing an existing aws.servicediscovery.PrivateDnsNamespace().. it's trying to delete the namespace, but there are still ECS / Fargate services running that use the old namespace (see thread for output). Seems like a bug, perhaps?

can anyone share how to use the cli to show the details of a resource in the state file? like the terraform state show

I'm trying to import an existing bucket with:

bucket_sse = aws.s3.Bucket.get(
    resource_name = "dev-file-storage-sse",
    id = "arn:aws:s3:::dev-file-storage-sse"
)

Pulumi complaining about the arn though:

aws:s3:Bucket (dev-file-storage-sse):
    error: Preview failed: refreshing urn:pulumi:sandbox1::compute::aws:s3/bucket:Bucket::dev-file-storage-sse: 1 error occurred:
    	* error reading S3 Bucket (arn:aws:s3:::dev-file-storage-sse): InvalidARNError: invalid ARN
    caused by: invalid Amazon s3 ARN, unknown resource type, arn:aws:s3:::dev-file-storage-sse

The arn was copied from the console, so it's correct. Am I missing something obvious here? I can access the bucket without issues from the cli using the same user that pulumi is running with.

Is there anyway to config the layer when creating event based lambda with crosswalk? Instead of creating a lambda function with pulumi/aws.

I'm trying to create a lambda function in typescript, but I got this error during deployment, which is not quite explanatory.

* error creating Lambda Function: ValidationException:
    	status code: 400, request id: 65419587-ddbb-465b-9d57-afb7efb7fcb0

Anyway to get more detailed information?

can you still do this https://www.pulumi.com/docs/reference/pkg/aws/cloudtrail/trail/#logging-all-s3-bucket-object-events?

error TS2345: Argument of type '{ eventSelectors: { dataResources: { type: string; values: string[]; }[]; includeManagementEvents: true; readWr
iteType: string; }[]; }' is not assignable to parameter of type 'TrailArgs'.                                                                                     
  Property 's3BucketName' is missing in type '{ eventSelectors: { dataResources: { type: string; values: string[]; }[]; includeManagementEvents: true; readWriteT
ype: string; }[]; }' but required in type 'TrailArgs'.                                                                                                           
                                                                                                                                                                 
    at createTSError (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:293:12)                                             
    at reportTSError (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:297:19)                                             
    at getOutput (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:399:34)                                                 
    at Object.compile (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:457:32)                                            
    at Module.m._compile (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:536:43)                                         
    at Module._extensions..js (internal/modules/cjs/loader.js:1027:10)                                                                                           
    at Object.require.extensions.<computed> [as .ts] (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:539:12)             
    at Module.load (internal/modules/cjs/loader.js:863:32)                                                                                                       
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)                                                                                             
    at Module.require (internal/modules/cjs/loader.js:887:19)

With pulumi, is it possible to create and verify a ses domain identity with

Provide Your Own DKIM Authentication Token

approach? I currently achieve it with aws cli:

aws sesv2 create-email-identity --cli-input-json <file://path>

And then look up existing resource manually to get its id.

I checked the doc but did not find property

DkimSigningAttributes

in interface like

DomainDkimArgs

Hi, I'm trying to get some items from dynamodb, I could get it using aws-sdk, I wonder if someone have an example using this function: https://www.pulumi.com/docs/reference/pkg/aws/dynamodb/tableitem/#look-up