Hi, do you have any ETA for this issue - https://github.com/pulumi/pulumi-aws/issues/1292? I know it depends on the upstream issue in Terraform but have a use case that would take a great advantage of this. Any estimate (e.g. based on similar issues in the past) would help me to decide if I should wait or use a different architecture.

Does anyone know how to get access to a load balancer (either ALB or NLB) that was created by EKS? This is a bit of an issue where almost everything is created by Pulumi except the load balancer, I was hoping Pulimi would have something for this, but it just redirects you to the controller you’re supposed to install. The reason this is an issue, is because I want to get access to the load balancer from Pulumi, but I can’t see how. We don’t get name or an arn and there is now way to get via tags.

Trying to add

EncryptionConfigKeyArn

to eks cluster configuration fails in replacing eks cluster with the following error:

-   ├─ aws:ec2:LaunchConfiguration  eks-cluster-nodeLaunchConfiguration  **deleting failed**     1 error
     └─ aws:eks:Cluster              eks-cluster-eksCluster

Diagnostics:
  aws:ec2:LaunchConfiguration (eks-cluster-nodeLaunchConfiguration):
    error: deleting urn:pulumi:dev::inferencio::eks:index:Cluster$aws:ec2/launchConfiguration:LaunchConfiguration::eks-cluster-nodeLaunchConfiguration: 1 error occurred:
    	* error deleting Autoscaling Launch Configuration (eks-cluster-nodeLaunchConfiguration-3bbda96): ResourceInUse: Cannot delete launch configuration eks-cluster-nodeLaunchConfiguration-3bbda96 because it is attached to AutoScalingGroup eks-cluster-bcd4ea99-NodeGroup-1Q6K169TLRD57
    	status code: 400, request id: c1e24bce-aced-45b1-bdad-47d2d4f89a8e

  pulumi:pulumi:Stack (inferencio-dev):
    error: update failed

I'm using the new

pulumi-eki

sdk for cluster creation. Will appreciate any help. Thanks!

Hi there,

pulumi-aws

just trashed all my main zone without any reason (in production, else that’s not fun), while i didn’t change anything for ages related to this zone or its records (i was updating something else in the stack):

+-aws:route53/zone:Zone: (replace)
            [id=[REDACTED]]
            [urn=urn:pulumi:main::core::[REDACTED]:aws:Zone$aws:route53/zone:Zone::[REDACTED]-zone]
            [provider: urn:pulumi:main::core::pulumi:providers:aws::default_2_13_1::d1d769bc-62a1-45ba-b339-e706b31a6fbd => urn:pulumi:main::core::pulumi:providers:aws::default_3_23_0::0800a252-acfa-4069-ad32-aa0ee18ebb0e]
          ~ name: "[REDACTED]." => "[REDACTED]"
        ++aws:route53/zone:Zone: (create-replacement)
            [id=[REDACTED]]
            [urn=urn:pulumi:main::core::[REDACTED]:aws:Zone$aws:route53/zone:Zone::[REDACTED]-zone]
            [provider: urn:pulumi:main::core::pulumi:providers:aws::default_2_13_1::d1d769bc-62a1-45ba-b339-e706b31a6fbd => urn:pulumi:main::core::pulumi:providers:aws::default_3_23_0::0800a252-acfa-4069-ad32-aa0ee18ebb0e]
          ~ name: "[REDACTED]." => "[REDACTED]"
        +-aws:route53/record:Record: (replace)
            [id=[REDACTED]_TXT]
            [urn=urn:pulumi:main::core::[REDACTED]:aws:Zone$aws:route53/record:Record::[REDACTED]-record-3-TXT]
            [provider: urn:pulumi:main::core::pulumi:providers:aws::default_2_13_1::d1d769bc-62a1-45ba-b339-e706b31a6fbd => urn:pulumi:main::core::pulumi:providers:aws::default_3_23_0::0800a252-acfa-4069-ad32-aa0ee18ebb0e]
          ~ zoneId : "[REDACTED]" => output<string>

Since most of the time it just wants to update some props related to zone or records (that’s weird btw), I didn’t pay attention (my fault), but this time it trashed all my records, trying to replace them without any reason nor changes, and failed when it tried to delete the main zone (obviously since it’s not empty). Now it’s stuck deleting the records & the zone and preventing me to recreate them ! I had to quickly recreate everything by hand and now I have a stack completely stale, desync and unusable… I suppose that’s related to the update of

pulumi-aws

, but even trying to downgrade to

2.x

it still wants to delete the zone by renaming it

zone.tld.

=>

zone.tld

(which does not make sense to me since I didn’t put a trailing dot in the domain name in the first place nor change anything in that regard) That’s impossible to maintain a production stack when it wants to delete / replace something as critical as your main NS zone, I don’t see the point here and it does not seem there’s any way to prevent it. What should I have done and how can I save the stack now (without deleting the zone) ?

Wish people would stop dumping code here, and just use Gists/Pastebins instead.

Hi everyone who's watching, is this a place where I can get some community support for something pulumi-aws related? if so, please help, I'm trying to import a keypair into pulumi:

pulumi import aws:ec2/keyPair:KeyPair deployer deployer-key

as documented here: https://www.pulumi.com/docs/reference/pkg/aws/ec2/keypair/#import but it fails with:

Diagnostics:
  pulumi:pulumi:Stack (myproject_name-mystackname_dev):
    error: preview failed

  aws:ec2:KeyPair (dev_keypair):
    error: aws:ec2/keyPair:KeyPair resource 'dev_keypair' has a problem: Required attribute is not set
    error: Preview failed: one or more inputs failed to validate

Hey all, I'm running into an issue using the automation-api with api-gateway and lambda. In pulumiProgram(), I'm creating a gateway like so:

const gateway = new awsx.apigateway.API(
    `my-lambda-gateway`,
    {
      routes: [
        {
          path: '/myLambdaFunction',
          method: 'POST',
          eventHandler: myLambdaFunction
        }
      ]
    }
  );

and get the error:

Diagnostics:
  pulumi:pulumi:Stack (my-stack-development):
    error: update failed
 
  aws:apigateway:RestApi (my-lambda-gateway):
    error: 1 error occurred:
        * creating urn:pulumi:development::my-stack::aws:apigateway:x:API$aws:apigateway/restApi:RestApi::my-lambda-gateway: 1 error occurred:
        * error creating API Gateway specification: BadRequestException: Errors found during import:
        Unable to put integration on 'POST' for resource at path '/myLambdaFunction': Invalid ARN specified in the request

This is odd because I can confirm that

myLambdaFunction

does in fact have a valid arn that is currently working on an api-gateway set up outside of this test in the same way. Any ideas?

Does anyone have any recommendations for creating AMIs? I don't see a Packer provider, so I'm guessing that one of the AWS-native ways would be the best way to do this using Pulumi?

Guys does it make sense to have one task definition defined in the Project_A (With all containers and CPU/Memory usage defined) and want to use the same task definition (from Project_A) to add other containers from Project_B?

I created a SG rule as below, which was successful:

example = aws.ec2.SecurityGroupRule(
                "example",
                type="ingress",
                from_port=443,
                to_port=443,
                protocol="tcp",
                cidr_blocks=["1.1.1.1/32"],
                security_group_id=allow_tls.id,
                opts=pulumi.ResourceOptions(parent=allow_tls))

I then added another ip to the cidr list of the SG rule:

example = aws.ec2.SecurityGroupRule(
                "example",
                type="ingress",
                from_port=443,
                to_port=443,
                protocol="tcp",
                cidr_blocks=["1.1.1.1/32","2.2.2.2/32"],
                security_group_id=allow_tls.id,
                opts=pulumi.ResourceOptions(parent=allow_tls))

That resulted in the following error:

Previewing update (test):
~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
        +-aws:ec2/securityGroupRule:SecurityGroupRule: (replace)
            [id=sgrule-3919269017]
            [urn=urn:pulumi:test::Experiment::aws:ec2/securityGroup:SecurityGroup$aws:ec2/securityGroupRule:SecurityGroupRule::example]
            [provider=urn:pulumi:test::Experiment::pulumi:providers:aws::default_3_29_0::1d8ffca5-685c-4b69-8ddd-3883e405d97f]
          ~ cidrBlocks: [
                [0]: <null>
              + [1]: "2.2.2.2/32"
            ]
Resources:
    +-1 to replace
    2 unchanged
Permalink: file:///Users/sibu/test/state/.pulumi/stacks/test.json
Do you want to perform this update? yes
Updating (test):
~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
error: 1 error occurred:
	* [WARN] A duplicate Security Group rule was found on (sg-0acf2e4ef3c4ab3ee). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error message: the specified rule "peer: 1.1.1.1/32, TCP, from port: 443, to port: 443, ALLOW" already exists


error: update failed

Isn’t it possible to update the cidr_block?

When will

gp3

EBS volumes be supported in EKS? Right now GP2 is hard-coded. https://github.com/pulumi/pulumi-eks/blob/259ac98f687c83af5d70d34802c893c835b62813/nodejs/eks/nodegroup.ts#L499

volumeType: "gp2", // default is "standard"

error: 1 error occurred:
     	* error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
     
     Please see <https://registry.terraform.io/providers/hashicorp/aws>
     for more information about providing credentials.
     
     Error: NoCredentialProviders: no valid providers in chain. Deprecated.
     	For verbose messaging see aws.Config.CredentialsChainVerboseErrors

Getting this error? But we are passing the

aws:profile

to a good value. What should cause this?

When using

userMapping

property on

eks.Cluster()

1) Is it dynamically updating if it were to change between calls? 2) Does it allow the same user be added two times in different

groups

?

Is it possible to reference a specific image created on a different stack? We want the production stack to pick the latest image created on staging stacks ECR and push it to production ECR instead of building from scratch.

Does

buildAndPushImage

always build and push? I am wondering how this works with digests on images when using K8

imagePullPolicies

.

How do I get the security group created by default for a

db-subnet-group

?

Does anyone have an example on serving S3 Static Web from API Gateway using Private (VPC_LINK) mode?

When using a PolicyAttachment with a “default” policy like

AmazonS3FullAccess

it appears there’s a few scenarios where the PolicyWon’t be correctly attached to a role. As an example if I rename the resource name of the policy attachment it appears that it “creates” and then “deletes” the policy attachment leaving the attachment empty. There’s a few other ways that this seems to occur. What’s the best strategy to ensure the expected policy is always attached to a role?

cccccctnrlbcunttknfgvegkfbgitvkginghrgjnnibe

hello I am integrating microservices via api gateway and i am also using cloudflare for domain mapping i used to generate certificate from the cloudflare and also import the same as ACM certifcate in api gateway and used as custom domain but not having any idea how to implement it completely a little help will be highly appericiated.

This message was deleted.

any experts here in setting up cross account access in aws i have little doubts

Hello, everyone! Sorry, but i didn't find, how to create cloudfront using pulumi from scratch. Maybe someone can help me?

Invisible lambda functions… my lambda functions are not registering with pulumi at all. This is either a bug or I’m doing something stupid. The issue below describes the problem in detail and code included.

Is it possible to add 

deleteBeforeReplace: true

 to an API Gateway deployment created via Crosswalk? Don’t see it as possible via 

deploymentArgs

Getting an error while detaching EBS volume(s) from instance(s) on pulumi.

aws:ec2:VolumeAttachment (ebsatt1-asg03):
    error: deleting urn:pulumi:asg-ex-03::asg::aws:ec2/volumeAttachment:VolumeAttachment::ebsatt1-asg03: 1 error occurred:
    	* Failed to detach Volume (vol-*********) from Instance (i-*******): IncorrectState: Volume 'vol-*******' is in the 'available' state.
    	status code: 400, request id: 80154710-********

While checking it from the Ui, it shows the volumes are already detached from the instances, also instances are terminated. I deleted the volumes manually, but showing the same error messages while running pulumi destroy. Can someone explain the issue here?

Hi, I have a question about deploying an aws lambda and its code, using a zip from local machine. Will pulumi up update the lambda to use the new package when the contents of the zip changes? Or will I need a manual step that updates the lambda code after running pulumi?

This does not work because it says ''Specifying both a launch type and capacity provider strategy is not supported", and it does make sense. But how am I supposed to switch from Fargate launch instance to capacity provider strategy? There is no such option