https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • b

    bland-byte-34481

    01/15/2021, 10:20 PM
    Using the awsx LoadBalancer classes to add elements to a load balancer always generates a diff every time I run
    pulumi preview
    or
    pulumi up
    (and nothing is being changed) - is there any way to prevent this outside of migrating away from awsx components? for more detail - i'm calling
    addListenerRule
    to add rules to the ALB and also
    addListener
    to add listeners to the load balancer - the "diff" has no unexpected side effects outside of just generating a diff every time I deploy changes
    • 1
    • 1
  • b

    brash-student-27683

    01/18/2021, 12:48 PM
    I am using pulumi crosswalk to deploy a fargate cluster. Sometimes I want to force a new deployment of fargate service..even though there are no new changes..how do I get pulumi to do this? I do not want to redeploy the entire stack - just the fargate service..thanks!
    b
    • 2
    • 2
  • f

    future-oyster-5387

    01/18/2021, 8:04 PM
    How can I customize the RDS Snapshot policy for an RDS MySQL Instance? How can I customize the log retention period for an aws.lambda.CallbackFunction?
    l
    c
    • 3
    • 6
  • q

    quaint-guitar-13446

    01/19/2021, 6:42 AM
    Is there any documentation for configuring autoscaling for fargate services?
    b
    • 2
    • 5
  • s

    silly-address-30441

    01/19/2021, 11:05 PM
    This isn't a pulumi question yet, but I'm curious about other folks experience logging metrics. I want to be able to call something like
    log_rate('foo', count)
    from code in a ECS cluster and see a graph of how many
    foos
    per second are happening. This looks like something I can set up with a bit of overhead using CloudWatch Custom Metrics, but will I regret going down that road? The UI doesn't seem as rich as something like Grafana, but it's nice I don't have to install anything else. Any thoughts or advice?
  • b

    billowy-oxygen-65892

    01/20/2021, 12:11 AM
    Running into issue when deploying stack to aws
    error: 1 error occurred:
            * updating urn:pulumi:prod::speedlimit-alert::aws:lambda/function:Function::speedlimit-alert-prod-speedingAlert: 1 error occurred:
            * At least one field is expected inside environment
  • e

    eager-petabyte-62054

    01/20/2021, 5:42 AM
    Hi folks. I’m trying to rewrite some AWS CDK code using Pulumi. Is there utils similar to AWS CDK’s
    grant*
    in Pulumi?
    g
    b
    • 3
    • 4
  • s

    sparse-spring-91820

    01/20/2021, 10:51 AM
    For anyone who is interested in codepipeline example with pulumi here is my working demo example: https://github.com/ikovac/CICD-pipeline-with-pulumi Repo is still not fully finished, due to other business obligations, but it works. Feel free to ask any question, also feel free to criticize if there is something it can be improved.
  • n

    nutritious-shampoo-16116

    01/20/2021, 3:28 PM
    Hi! I get stuck every time when my list of
    cidr_blocks
    changes, the replacement of the
    aws:ec2:SecurityGroupRule
    fails giving the error
    * [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxxxx). This may be
        a side effect of a now-fixed Terraform issue causing two security groups with
        identical attributes but different source_security_group_ids to overwrite each
        other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
        information and instructions for recovery. Error message: the specified rule "peer: SOME_CIDR, TCP, from port: 443, to port: 443, ALLOW" already exists
    Is there any way of getting around this?
    c
    l
    • 3
    • 4
  • n

    nutritious-shampoo-16116

    01/20/2021, 3:29 PM
    I am thinking of hashing the cidr_blocks myself and appending that to the rule name, but I feel this would be more a workaround than a proper fix
  • a

    adventurous-lighter-33507

    01/20/2021, 7:48 PM
    Hello, I am trying to create an AWS ECR in Python that has the visibility set to 'public', but i am not seeing anything in the API that looks like it will set that value, what would I need to adjust about this snippet to accomplish that?
    from pulumi_aws import ecr
    image_name="my_image"
    repo = ecr.Repository(f"my_repo/{image_name}")
    b
    • 2
    • 3
  • b

    bland-byte-34481

    01/20/2021, 9:19 PM
    I'm not sure if this is a bug so i'll ask - I get this error:
    aws:lb:TargetGroup (sample-full-dev-retool-tg):
        error: aws:lb/targetGroup:TargetGroup resource 'sample-full-dev-retool-tg' has a problem: "name" cannot be longer than 32 characters
    (you see the "name" is only 25 characters long... is this a bug?)
    πŸ‘€ 1
    g
    l
    • 3
    • 9
  • l

    lively-ice-73493

    01/21/2021, 12:14 AM
    Hi! I was trying to use
    awsx.apigateway.API
    to create a PRIVATE APIGW Rest endpoint. I documented it here: https://github.com/pulumi/pulumi-awsx/issues/627 This doesn't work because private APIGWs need a RestApiPolicy.
    let endpoint = new awsx.apigateway.API(`ea-orders-${stackEnv}`, {
        
        restApiArgs: {
            endpointConfiguration: {
                types: "PRIVATE",
                vpcEndpointIds: [execApiVpcEndpointId],        
            },
        },
        
        routes: [{
            path: "/",
            method: "GET",
            eventHandler: async (event) => {
                // This code runs in an AWS Lambda and will be invoked any time `/` is hit.
                return {
                    statusCode: 200,
                    body: "hello",
                };
            },
        }],
    
    },
    );
    Yeah, restApiArgs takes a policy arg but that doesn't work. This is my current hack. I run
    pulumi up
    twice, yep twice, with the below and it works. The first time partially works but the deploy of the API fails because the policy isn't created before the deploy fires. The second
    pulumi up
    works because the policy is in place and the deploy can work now. Is this just how the APIGW crosswalk works right now or am I missing something?
    let endpoint = new awsx.apigateway.API(`ea-orders-${stackEnv}`, {
        
        restApiArgs: {
            endpointConfiguration: {
                types: "PRIVATE",
                vpcEndpointIds: [execApiVpcEndpointId],        
            },
        },
        
        routes: [{
            path: "/",
            method: "GET",
            eventHandler: async (event) => {
                // This code runs in an AWS Lambda and will be invoked any time `/` is hit.
                return {
                    statusCode: 200,
                    body: "hello",
                };
            },
        }],
    
    },
    );
    
    const eaOrdersApiPolicy = new aws.apigateway.RestApiPolicy(`ea-orders-${stackEnv}`, {
        restApiId: endpoint.restAPI.id,
        policy: executeApiPolicy,
    });
    b
    • 2
    • 15
  • f

    few-pillow-1133

    01/22/2021, 8:00 AM
    Hi, Any idea when Pulumi would support AWS Proton (application Deployment Service) integration give it's also api-based This takes the power of platform automation to the next level, and provides balance between do it yourself by developers and platform team rolling out standard template
    b
    • 2
    • 2
  • r

    rhythmic-fireman-45324

    01/22/2021, 1:04 PM
    Hi, how to test lambda locally? ( like invoke local in serverless )
    s
    b
    f
    • 4
    • 9
  • s

    shy-oxygen-8874

    01/22/2021, 8:24 PM
    Hi, I'm working on a demo to evaluate Pulumi for our AWS resources. I think I have it nearly working, but when I try to upload a docker image to ECR using awsx.ecs.Image.fromDockerBuild, I get an error that docker login has failed. It looks to me like the temporary credentials the awsx module gets from ECR may not be making it down into the docker module. All of the other resources in my project (including the automatically created ECR repo) look like they've successfully created themselves. Here's the build code
    var image = awsx.ecs.Image.fromDockerBuild("WebAuthImage", {
                dockerfile: "D:/code/kaiju/deploy/Dockerfile",
                context: "D:/code/kaiju",
                args: {
                    "APP_NAME": "web-auth",
                    "GITHUB_TOKEN": process.env.GITHUB_TOKEN ?? "ERROR TOKEN"
                }
            });
    With debug logging, I can see the docker image build succeed during the plan step of
    pulumi up
    .
    f
    • 2
    • 3
  • p

    purple-mouse-61376

    01/25/2021, 3:07 AM
    Hi everyone! I'm trying to create an EKS cluster with an existing VPC, but I'm getting and error that
    vpc_config
    is an unexpected keyword argument. Here's the code for the class I'm making which extends the eks.Cluster class:
    class AwsEks(eks.Cluster):
        def __init__(self, name='', policy_statement=None, **kwargs):
            if name:
                asset_key = f"{name}-eks"
            else:
                asset_key = "eks"
    
            self.asset_name = f"{environment}-{asset_key}"
    
            self._role = AwsRole(
                service="<http://eks.amazonaws.com|eks.amazonaws.com>",
                name=asset_key
            )
    
            self.vpc_config = ClusterVpcConfigArgs(
                subnet_ids = SUBNET_IDS
                vpc_id = VPC_ID
            )
    
            if policy_statement:
                self._policy = AwsPolicy(
                    name=asset_key,
                    policy_statement=policy_statement
                    )
    
                self.policy_attachment = AwsPolicyAttachment(
                    role_name=self._role.name,
                    policy_arn=self._policy.arn,
                    name=asset_key
                )
    
            super().__init__(
                resource_name=self.asset_name,
                name=self.asset_name,
                vpc_config = self.vpc_config,
                role=self._role.arn,
                **kwargs
            )
    
            export(self.asset_name, self.id)
    And the error:
    TypeError: __init__() got an unexpected keyword argument 'vpc_config'
    Using this for reference: https://www.pulumi.com/docs/reference/pkg/aws/eks/cluster/#create
    def Cluster(
      resource_name: str,
      opts: Optional[ResourceOptions] = None,
      enabled_cluster_log_types: Optional[Sequence[str]] = None,
      encryption_config: Optional[ClusterEncryptionConfigArgs] = None,
      kubernetes_network_config: Optional[ClusterKubernetesNetworkConfigArgs] = None,
      name: Optional[str] = None,
      role_arn: Optional[str] = None,
      tags: Optional[Mapping[str, str]] = None,
      version: Optional[str] = None,
      vpc_config: Optional[ClusterVpcConfigArgs] = None
    )
    b
    • 2
    • 3
  • p

    prehistoric-kite-30979

    01/25/2021, 3:12 PM
    Hi all, when I create an eks cluster in a non-default VPC using the crosswalk library it fails because the security groups are still being created in the default VPC. Is this a bug or am I not configuring something I should have?
    b
    • 2
    • 36
  • c

    chilly-receptionist-94436

    01/26/2021, 3:09 PM
    Anyone who can verify if aws step functions is supported now? Thanks!
    b
    • 2
    • 7
  • c

    chilly-receptionist-94436

    01/26/2021, 7:50 PM
    Currently in python, the change of 'environment' in Lambda function is not detected. And when I enter 'yes' anyway during 'pulumi up', it is just stuck, so I need to terminate the process using Ctrl+c. Anyone who has the same experience?
  • q

    quiet-leather-94755

    01/27/2021, 7:02 AM
    Hi! πŸ‘‹ I'm having some issues with replacing an existing aws.servicediscovery.PrivateDnsNamespace().. it's trying to delete the namespace, but there are still ECS / Fargate services running that use the old namespace (see thread for output). Seems like a bug, perhaps?
    f
    • 2
    • 12
  • a

    average-lamp-65631

    01/27/2021, 8:48 AM
    can anyone share how to use the cli to show the details of a resource in the state file? like the terraform state show
    b
    • 2
    • 3
  • g

    gifted-yak-28427

    01/27/2021, 1:44 PM
    I'm trying to import an existing bucket with:
    bucket_sse = aws.s3.Bucket.get(
        resource_name = "dev-file-storage-sse",
        id = "arn:aws:s3:::dev-file-storage-sse"
    )
    Pulumi complaining about the arn though:
    aws:s3:Bucket (dev-file-storage-sse):
        error: Preview failed: refreshing urn:pulumi:sandbox1::compute::aws:s3/bucket:Bucket::dev-file-storage-sse: 1 error occurred:
        	* error reading S3 Bucket (arn:aws:s3:::dev-file-storage-sse): InvalidARNError: invalid ARN
        caused by: invalid Amazon s3 ARN, unknown resource type, arn:aws:s3:::dev-file-storage-sse
    The arn was copied from the console, so it's correct. Am I missing something obvious here? I can access the bucket without issues from the cli using the same user that pulumi is running with.
    b
    • 2
    • 3
  • r

    rhythmic-fireman-45324

    01/27/2021, 3:36 PM
    Is there anyway to config the layer when creating event based lambda with crosswalk? Instead of creating a lambda function with pulumi/aws.
    b
    • 2
    • 11
  • c

    chilly-receptionist-94436

    01/27/2021, 5:53 PM
    I'm trying to create a lambda function in typescript, but I got this error during deployment, which is not quite explanatory.
    * error creating Lambda Function: ValidationException:
        	status code: 400, request id: 65419587-ddbb-465b-9d57-afb7efb7fcb0
    Anyway to get more detailed information?
    b
    • 2
    • 5
  • s

    stocky-france-59380

    01/27/2021, 7:56 PM
    can you still do this https://www.pulumi.com/docs/reference/pkg/aws/cloudtrail/trail/#logging-all-s3-bucket-object-events?
    error TS2345: Argument of type '{ eventSelectors: { dataResources: { type: string; values: string[]; }[]; includeManagementEvents: true; readWr
    iteType: string; }[]; }' is not assignable to parameter of type 'TrailArgs'.                                                                                     
      Property 's3BucketName' is missing in type '{ eventSelectors: { dataResources: { type: string; values: string[]; }[]; includeManagementEvents: true; readWriteT
    ype: string; }[]; }' but required in type 'TrailArgs'.                                                                                                           
                                                                                                                                                                     
        at createTSError (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:293:12)                                             
        at reportTSError (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:297:19)                                             
        at getOutput (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:399:34)                                                 
        at Object.compile (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:457:32)                                            
        at Module.m._compile (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:536:43)                                         
        at Module._extensions..js (internal/modules/cjs/loader.js:1027:10)                                                                                           
        at Object.require.extensions.<computed> [as .ts] (/codefresh/volume/iac-s3/node_modules/@pulumi/pulumi/node_modules/ts-node/src/index.ts:539:12)             
        at Module.load (internal/modules/cjs/loader.js:863:32)                                                                                                       
        at Function.Module._load (internal/modules/cjs/loader.js:708:14)                                                                                             
        at Module.require (internal/modules/cjs/loader.js:887:19)
    l
    • 2
    • 7
  • r

    rhythmic-fireman-45324

    01/28/2021, 11:00 AM
    With pulumi, is it possible to create and verify a ses domain identity with
    Provide Your Own DKIM Authentication Token
    approach? I currently achieve it with aws cli:
    aws sesv2 create-email-identity --cli-input-json <file://path>
    And then look up existing resource manually to get its id.
  • r

    rhythmic-fireman-45324

    01/28/2021, 11:03 AM
    I checked the doc but did not find property
    DkimSigningAttributes
    in interface like
    DomainDkimArgs
  • h

    hundreds-receptionist-31352

    01/28/2021, 2:15 PM
    Hi, I'm trying to get some items from dynamodb, I could get it using aws-sdk, I wonder if someone have an example using this function: https://www.pulumi.com/docs/reference/pkg/aws/dynamodb/tableitem/#look-up
    b
    • 2
    • 4
  • c

    chilly-receptionist-94436

    01/28/2021, 3:22 PM
    Hi, I'm trying to using a bucket with cross-account permission, but it fails during 'pulumi up'. Anyone who knows what permissions needs to be assigned in the bucket policy?
    aws:s3:Bucket (srcConfig):
        error: Preview failed: refreshing urn:pulumi:dev::ts::aws:s3/bucket:Bucket::srcConfig: 1 error occurred:
        	* error reading S3 Bucket (aaaaa): BadRequest: Bad Request
        	status code: 400, request id: 411AC7A2EAE77462, host id: wg9X8hI45FSMSck7azalz1D3AG1WuFpC93zPrtKX+Z+Ph3aGoeDn+hWWSW96ElvfrdVyHQuxY8E=
    l
    • 2
    • 1
Powered by Linen
Title
c

chilly-receptionist-94436

01/28/2021, 3:22 PM
Hi, I'm trying to using a bucket with cross-account permission, but it fails during 'pulumi up'. Anyone who knows what permissions needs to be assigned in the bucket policy?
aws:s3:Bucket (srcConfig):
    error: Preview failed: refreshing urn:pulumi:dev::ts::aws:s3/bucket:Bucket::srcConfig: 1 error occurred:
    	* error reading S3 Bucket (aaaaa): BadRequest: Bad Request
    	status code: 400, request id: 411AC7A2EAE77462, host id: wg9X8hI45FSMSck7azalz1D3AG1WuFpC93zPrtKX+Z+Ph3aGoeDn+hWWSW96ElvfrdVyHQuxY8E=
l

little-cartoon-10569

01/28/2021, 8:00 PM
Have a look in CloudWatch for the UnauthorizedApiCall error, iirc it tells you which permissions are missing?
View count: 1