https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • p

    proud-art-41399

    02/12/2021, 6:31 AM
    Hi, do you have any ETA for this issue - https://github.com/pulumi/pulumi-aws/issues/1292? I know it depends on the upstream issue in Terraform but have a use case that would take a great advantage of this. Any estimate (e.g. based on similar issues in the past) would help me to decide if I should wait or use a different architecture.
  • f

    flat-insurance-25294

    02/12/2021, 8:19 AM
    Does anyone know how to get access to a load balancer (either ALB or NLB) that was created by EKS? This is a bit of an issue where almost everything is created by Pulumi except the load balancer, I was hoping Pulimi would have something for this, but it just redirects you to the controller you’re supposed to install. The reason this is an issue, is because I want to get access to the load balancer from Pulumi, but I can’t see how. We don’t get name or an arn and there is now way to get via tags.
    s
    • 2
    • 16
  • b

    big-state-95297

    02/12/2021, 9:00 AM
    Trying to add
    EncryptionConfigKeyArn
    to eks cluster configuration fails in replacing eks cluster with the following error:
    -   ├─ aws:ec2:LaunchConfiguration  eks-cluster-nodeLaunchConfiguration  **deleting failed**     1 error
         └─ aws:eks:Cluster              eks-cluster-eksCluster
    
    Diagnostics:
      aws:ec2:LaunchConfiguration (eks-cluster-nodeLaunchConfiguration):
        error: deleting urn:pulumi:dev::inferencio::eks:index:Cluster$aws:ec2/launchConfiguration:LaunchConfiguration::eks-cluster-nodeLaunchConfiguration: 1 error occurred:
        	* error deleting Autoscaling Launch Configuration (eks-cluster-nodeLaunchConfiguration-3bbda96): ResourceInUse: Cannot delete launch configuration eks-cluster-nodeLaunchConfiguration-3bbda96 because it is attached to AutoScalingGroup eks-cluster-bcd4ea99-NodeGroup-1Q6K169TLRD57
        	status code: 400, request id: c1e24bce-aced-45b1-bdad-47d2d4f89a8e
    
      pulumi:pulumi:Stack (inferencio-dev):
        error: update failed
    I'm using the new
    pulumi-eki
    sdk for cluster creation. Will appreciate any help. Thanks!
  • f

    faint-motherboard-95438

    02/12/2021, 10:58 AM
    Hi there,
    pulumi-aws
    just trashed all my main zone without any reason (in production, else that’s not fun), while i didn’t change anything for ages related to this zone or its records (i was updating something else in the stack):
    +-aws:route53/zone:Zone: (replace)
                [id=[REDACTED]]
                [urn=urn:pulumi:main::core::[REDACTED]:aws:Zone$aws:route53/zone:Zone::[REDACTED]-zone]
                [provider: urn:pulumi:main::core::pulumi:providers:aws::default_2_13_1::d1d769bc-62a1-45ba-b339-e706b31a6fbd => urn:pulumi:main::core::pulumi:providers:aws::default_3_23_0::0800a252-acfa-4069-ad32-aa0ee18ebb0e]
              ~ name: "[REDACTED]." => "[REDACTED]"
            ++aws:route53/zone:Zone: (create-replacement)
                [id=[REDACTED]]
                [urn=urn:pulumi:main::core::[REDACTED]:aws:Zone$aws:route53/zone:Zone::[REDACTED]-zone]
                [provider: urn:pulumi:main::core::pulumi:providers:aws::default_2_13_1::d1d769bc-62a1-45ba-b339-e706b31a6fbd => urn:pulumi:main::core::pulumi:providers:aws::default_3_23_0::0800a252-acfa-4069-ad32-aa0ee18ebb0e]
              ~ name: "[REDACTED]." => "[REDACTED]"
            +-aws:route53/record:Record: (replace)
                [id=[REDACTED]_TXT]
                [urn=urn:pulumi:main::core::[REDACTED]:aws:Zone$aws:route53/record:Record::[REDACTED]-record-3-TXT]
                [provider: urn:pulumi:main::core::pulumi:providers:aws::default_2_13_1::d1d769bc-62a1-45ba-b339-e706b31a6fbd => urn:pulumi:main::core::pulumi:providers:aws::default_3_23_0::0800a252-acfa-4069-ad32-aa0ee18ebb0e]
              ~ zoneId : "[REDACTED]" => output<string>
    Since most of the time it just wants to update some props related to zone or records (that’s weird btw), I didn’t pay attention (my fault), but this time it trashed all my records, trying to replace them without any reason nor changes, and failed when it tried to delete the main zone (obviously since it’s not empty). Now it’s stuck deleting the records & the zone and preventing me to recreate them ! I had to quickly recreate everything by hand and now I have a stack completely stale, desync and unusable… I suppose that’s related to the update of
    pulumi-aws
    , but even trying to downgrade to
    2.x
    it still wants to delete the zone by renaming it
    zone.tld.
    =>
    zone.tld
    (which does not make sense to me since I didn’t put a trailing dot in the domain name in the first place nor change anything in that regard) That’s impossible to maintain a production stack when it wants to delete / replace something as critical as your main NS zone, I don’t see the point here and it does not seem there’s any way to prevent it. What should I have done and how can I save the stack now (without deleting the zone) ?
    b
    i
    g
    • 4
    • 31
  • f

    flat-insurance-25294

    02/12/2021, 12:36 PM
    Wish people would stop dumping code here, and just use Gists/Pastebins instead.
    👎 1
  • f

    flaky-flower-13459

    02/14/2021, 12:25 PM
    Hi everyone who's watching, is this a place where I can get some community support for something pulumi-aws related? if so, please help, I'm trying to import a keypair into pulumi:
    pulumi import aws:ec2/keyPair:KeyPair deployer deployer-key
    as documented here: https://www.pulumi.com/docs/reference/pkg/aws/ec2/keypair/#import but it fails with:
    Diagnostics:
      pulumi:pulumi:Stack (myproject_name-mystackname_dev):
        error: preview failed
    
      aws:ec2:KeyPair (dev_keypair):
        error: aws:ec2/keyPair:KeyPair resource 'dev_keypair' has a problem: Required attribute is not set
        error: Preview failed: one or more inputs failed to validate
    l
    • 2
    • 15
  • h

    hallowed-mouse-70261

    02/15/2021, 7:46 PM
    Hey all, I'm running into an issue using the automation-api with api-gateway and lambda. In pulumiProgram(), I'm creating a gateway like so:
    const gateway = new awsx.apigateway.API(
        `my-lambda-gateway`,
        {
          routes: [
            {
              path: '/myLambdaFunction',
              method: 'POST',
              eventHandler: myLambdaFunction
            }
          ]
        }
      );
    and get the error:
    Diagnostics:
      pulumi:pulumi:Stack (my-stack-development):
        error: update failed
     
      aws:apigateway:RestApi (my-lambda-gateway):
        error: 1 error occurred:
            * creating urn:pulumi:development::my-stack::aws:apigateway:x:API$aws:apigateway/restApi:RestApi::my-lambda-gateway: 1 error occurred:
            * error creating API Gateway specification: BadRequestException: Errors found during import:
            Unable to put integration on 'POST' for resource at path '/myLambdaFunction': Invalid ARN specified in the request
    This is odd because I can confirm that
    myLambdaFunction
    does in fact have a valid arn that is currently working on an api-gateway set up outside of this test in the same way. Any ideas?
    g
    b
    • 3
    • 10
  • l

    little-cartoon-10569

    02/15/2021, 8:09 PM
    Does anyone have any recommendations for creating AMIs? I don't see a Packer provider, so I'm guessing that one of the AWS-native ways would be the best way to do this using Pulumi?
    b
    • 2
    • 11
  • v

    victorious-sugar-42620

    02/15/2021, 10:09 PM
    Guys does it make sense to have one task definition defined in the Project_A (With all containers and CPU/Memory usage defined) and want to use the same task definition (from Project_A) to add other containers from Project_B?
    • 1
    • 2
  • l

    limited-pager-46264

    02/16/2021, 11:44 AM
    I created a SG rule as below, which was successful:
    example = aws.ec2.SecurityGroupRule(
                    "example",
                    type="ingress",
                    from_port=443,
                    to_port=443,
                    protocol="tcp",
                    cidr_blocks=["1.1.1.1/32"],
                    security_group_id=allow_tls.id,
                    opts=pulumi.ResourceOptions(parent=allow_tls))
    I then added another ip to the cidr list of the SG rule:
    example = aws.ec2.SecurityGroupRule(
                    "example",
                    type="ingress",
                    from_port=443,
                    to_port=443,
                    protocol="tcp",
                    cidr_blocks=["1.1.1.1/32","2.2.2.2/32"],
                    security_group_id=allow_tls.id,
                    opts=pulumi.ResourceOptions(parent=allow_tls))
    That resulted in the following error:
    Previewing update (test):
    ~ pulumi:pulumi:Stack: (refresh)
        [urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
      pulumi:pulumi:Stack: (same)
        [urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
            +-aws:ec2/securityGroupRule:SecurityGroupRule: (replace)
                [id=sgrule-3919269017]
                [urn=urn:pulumi:test::Experiment::aws:ec2/securityGroup:SecurityGroup$aws:ec2/securityGroupRule:SecurityGroupRule::example]
                [provider=urn:pulumi:test::Experiment::pulumi:providers:aws::default_3_29_0::1d8ffca5-685c-4b69-8ddd-3883e405d97f]
              ~ cidrBlocks: [
                    [0]: <null>
                  + [1]: "2.2.2.2/32"
                ]
    Resources:
        +-1 to replace
        2 unchanged
    Permalink: file:///Users/sibu/test/state/.pulumi/stacks/test.json
    Do you want to perform this update? yes
    Updating (test):
    ~ pulumi:pulumi:Stack: (refresh)
        [urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
      pulumi:pulumi:Stack: (same)
        [urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
    error: 1 error occurred:
    	* [WARN] A duplicate Security Group rule was found on (sg-0acf2e4ef3c4ab3ee). This may be
    a side effect of a now-fixed Terraform issue causing two security groups with
    identical attributes but different source_security_group_ids to overwrite each
    other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
    information and instructions for recovery. Error message: the specified rule "peer: 1.1.1.1/32, TCP, from port: 443, to port: 443, ALLOW" already exists
    
    
    error: update failed
    Isn’t it possible to update the cidr_block?
    • 1
    • 1
  • s

    salmon-ghost-86211

    02/16/2021, 5:15 PM
    When will
    gp3
    EBS volumes be supported in EKS? Right now GP2 is hard-coded. https://github.com/pulumi/pulumi-eks/blob/259ac98f687c83af5d70d34802c893c835b62813/nodejs/eks/nodegroup.ts#L499
    volumeType: "gp2", // default is "standard"
    b
    b
    • 3
    • 6
  • b

    big-potato-91793

    02/16/2021, 7:28 PM
    error: 1 error occurred:
         	* error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
         
         Please see <https://registry.terraform.io/providers/hashicorp/aws>
         for more information about providing credentials.
         
         Error: NoCredentialProviders: no valid providers in chain. Deprecated.
         	For verbose messaging see aws.Config.CredentialsChainVerboseErrors
    Getting this error? But we are passing the
    aws:profile
    to a good value. What should cause this?
    l
    b
    +4
    • 7
    • 141
  • f

    flat-insurance-25294

    02/16/2021, 9:03 PM
    When using
    userMapping
    property on
    eks.Cluster()
    1) Is it dynamically updating if it were to change between calls? 2) Does it allow the same user be added two times in different
    groups
    ?
  • f

    flat-insurance-25294

    02/16/2021, 9:13 PM
    Is it possible to reference a specific image created on a different stack? We want the production stack to pick the latest image created on staging stacks ECR and push it to production ECR instead of building from scratch.
    l
    • 2
    • 23
  • f

    flat-insurance-25294

    02/16/2021, 10:58 PM
    Does
    buildAndPushImage
    always build and push? I am wondering how this works with digests on images when using K8
    imagePullPolicies
    .
  • f

    flat-insurance-25294

    02/17/2021, 12:44 PM
    How do I get the security group created by default for a
    db-subnet-group
    ?
    c
    • 2
    • 2
  • m

    millions-market-17062

    02/17/2021, 12:59 PM
    Does anyone have an example on serving S3 Static Web from API Gateway using Private (VPC_LINK) mode?
  • b

    brief-printer-34348

    02/18/2021, 8:22 PM
    When using a PolicyAttachment with a “default” policy like
    AmazonS3FullAccess
    it appears there’s a few scenarios where the PolicyWon’t be correctly attached to a role. As an example if I rename the resource name of the policy attachment it appears that it “creates” and then “deletes” the policy attachment leaving the attachment empty. There’s a few other ways that this seems to occur. What’s the best strategy to ensure the expected policy is always attached to a role?
    l
    • 2
    • 9
  • s

    stale-glass-57649

    02/18/2021, 11:32 PM
    cccccctnrlbcunttknfgvegkfbgitvkginghrgjnnibe
    m
    l
    • 3
    • 2
  • a

    ambitious-rainbow-88588

    02/19/2021, 4:53 AM
    hello I am integrating microservices via api gateway and i am also using cloudflare for domain mapping i used to generate certificate from the cloudflare and also import the same as ACM certifcate in api gateway and used as custom domain but not having any idea how to implement it completely a little help will be highly appericiated.
    g
    • 2
    • 4
  • s

    sparse-intern-71089

    02/19/2021, 10:25 PM
    This message was deleted.
    b
    • 2
    • 1
  • a

    ambitious-rainbow-88588

    02/20/2021, 3:44 AM
    any experts here in setting up cross account access in aws i have little doubts
    c
    l
    • 3
    • 4
  • w

    wide-boots-22590

    02/20/2021, 11:46 AM
    Hello, everyone! Sorry, but i didn't find, how to create cloudfront using pulumi from scratch. Maybe someone can help me?
    w
    • 2
    • 1
  • a

    average-kilobyte-47828

    02/20/2021, 1:08 PM
    Invisible lambda functions… my lambda functions are not registering with pulumi at all. This is either a bug or I’m doing something stupid. The issue below describes the problem in detail and code included.
  • a

    average-kilobyte-47828

    02/20/2021, 1:08 PM
    https://github.com/pulumi/pulumi/issues/6394
    w
    • 2
    • 2
  • l

    lemon-machine-35564

    02/22/2021, 6:31 PM
    Is it possible to add 
    deleteBeforeReplace: true
     to an API Gateway deployment created via Crosswalk? Don’t see it as possible via 
    deploymentArgs
    b
    • 2
    • 8
  • a

    alert-raincoat-81485

    02/22/2021, 9:57 PM
    Getting an error while detaching EBS volume(s) from instance(s) on pulumi.
    aws:ec2:VolumeAttachment (ebsatt1-asg03):
        error: deleting urn:pulumi:asg-ex-03::asg::aws:ec2/volumeAttachment:VolumeAttachment::ebsatt1-asg03: 1 error occurred:
        	* Failed to detach Volume (vol-*********) from Instance (i-*******): IncorrectState: Volume 'vol-*******' is in the 'available' state.
        	status code: 400, request id: 80154710-********
    While checking it from the Ui, it shows the volumes are already detached from the instances, also instances are terminated. I deleted the volumes manually, but showing the same error messages while running pulumi destroy. Can someone explain the issue here?
    w
    b
    • 3
    • 5
  • c

    cold-yacht-45876

    02/23/2021, 12:42 PM
    Hi, I have a question about deploying an aws lambda and its code, using a zip from local machine. Will pulumi up update the lambda to use the new package when the contents of the zip changes? Or will I need a manual step that updates the lambda code after running pulumi?
    w
    • 2
    • 1
  • v

    victorious-sugar-42620

    02/24/2021, 2:46 AM
    This does not work because it says ''Specifying both a launch type and capacity provider strategy is not supported", and it does make sense. But how am I supposed to switch from Fargate launch instance to capacity provider strategy? There is no such option
    f
    • 2
    • 2
  • g

    gentle-monitor-55086

    02/24/2021, 7:23 PM
    anyone know of a a faster/better way to test / develop lambdas than needing to do a
    pulumi up
    every time i want to run the code? it's not super painful but it's not ideal.
    n
    l
    • 3
    • 5
Powered by Linen
Title
g

gentle-monitor-55086

02/24/2021, 7:23 PM
anyone know of a a faster/better way to test / develop lambdas than needing to do a
pulumi up
every time i want to run the code? it's not super painful but it's not ideal.
n

nice-airport-15607

02/24/2021, 7:45 PM
i use webpack to zip up the lambda, and then you can upload the lambda through the aws console
l

little-cartoon-10569

02/24/2021, 7:55 PM
If you prefer the CLI (handy for running automatically from your editor), then you could create a new project with just the resources you want to change, and import them?
That would speed up
pulumi up
g

gentle-monitor-55086

02/24/2021, 8:02 PM
hmmm... i'm using pulumi's ".CallbackFunction" to avoid having to pack up the lambda myself which complicates that. Otherwise yea that +
aws lambda invoke
cli might have been a decent enough work flow. tenwit: hm that's not a bad idea either, might be a bit of a pain to orchestrate the resource names between the projects ( though i can probably fetch them easily enough ) anyway to get pulumi to hand me the package it's zipping up?
then i could have it make the initial lambda, dump it, use the webpack + invoke idea for rapid dev, copy the changes back over and then pulumi up. (so simple 🙃 )
View count: 1