https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • p

    proud-pizza-80589

    03/07/2021, 8:16 PM
    Did something change in the way to create an EKS cluster? Just tonight suddenly
    const cluster = new eks.Cluster(name, {
      instanceType: "t2.medium",
      desiredCapacity: 1,
      minSize: 1,
      maxSize: 2,
      storageClasses: 'gp2',
      deployDashboard: false,
    });
    fails with
    Diagnostics:
      eks:index:VpcCni (chartmuseum-vpc-cni):
        error: Command failed: kubectl apply -f /var/folders/4z/2zvwp19d343djqc78xywc6p00000gn/T/tmp-215018e7GR5EVRaFT.tmp
        error: You must be logged in to the server (the server has asked for the client to provide credentials)
     
      kubernetes:<http://storage.k8s.io/v1:StorageClass|storage.k8s.io/v1:StorageClass> (chartmuseum-gp2):
        error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
     
      kubernetes:core/v1:ConfigMap (chartmuseum-nodeAccess):
        error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
     
      pulumi:pulumi:Stack (chartmuseum-tutorial-chartmuseum):
        error: You must be logged in to the server (the server has asked for the client to provide credentials)
     
        error: update failed
    The cluster is created so not sure why this suddenly no longer works
    b
    b
    • 3
    • 47
  • a

    average-nest-71706

    03/08/2021, 7:08 AM
    I'm reading the documentation about alb, and what confusing me is the line of code
    security_groups=[aws_security_group["lb_sg"]["id"]],
    I believe the documentation assumed that I already have created a security group for application load balancer. But what if I want to create a new security group for alb? You have a documentation on how to create security group on elb but I think that alb has different approach in creating one.
    b
    • 2
    • 1
  • b

    broad-hairdresser-1495

    03/08/2021, 12:15 PM
    Hi, when i run
    pulumi import aws:ec2/instance:Instance myInstanceName i-0ba17989210ad396a
    Import works fine but, it looks like one config is missing from import, networkInterfaces: [] Due to when running
    pulumi up
    networkInterfaces are in pulumi console. but now im getting this issue with imported resource:
    >pumuli up
        +-aws:ec2/instance:Instance: (replace)
            [id=i-0bdc3124xxxx]
            [urn=urn:pulumi:ob-server83::local_proj::aws:ec2/instance:Instance::aws2-eu1tst-rhtestsuppdb002]
            [provider=urn:pulumi:ob-server83::local_proj::pulumi:providers:aws::default_3_30_0::9807bxxx]
          ~ networkInterfaces: [
              + [0]: {
                      + deleteOnTermination: false
                      + deviceIndex        : 0
                      + networkInterfaceId : "eni-021d47151dexxx"
                    }
            ]
    -----------------
        --aws:ec2/instance:Instance: (delete-replaced)
            [id=i-0bdc3124xxxx]
            [urn=urn:pulumi:ob-server83::local_proj::aws:ec2/instance:Instance::aws2-eu1tst-rhtestsuppdb002]
            [provider=urn:pulumi:ob-server83::local_proj::pulumi:providers:aws::default_3_30_0::9807bxxxx]
    diff between
    pulumi up
    and
    pulumi import
    in console: is it possible to add manually config in stack so that when running
    pulumi up
    it wont have this networkInterfaces diff?
  • a

    acceptable-stone-35112

    03/08/2021, 2:04 PM
    in ALB target group args, stickiness block has type any in newer pulumi/aws versions. what's the convention to configure application cookie stickiness for my target group? Should I follow the TF syntax? https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/app_cookie_stickiness_policy
  • l

    limited-planet-95090

    03/08/2021, 11:51 PM
    Hey folks, I’m working on adding code examples to get to language parity across our top five code examples in AWS, Azure, Google Cloud, and Kubernetes. For AWS, these are the tutorials I’m adding examples for: Deploy a Webserver to EC2 (https://www.pulumi.com/docs/tutorials/aws/ec2-webserver/) Running Containers on ECS Fargate (https://www.pulumi.com/docs/tutorials/aws/ecs-fargate/) Serverless App using API Gateways and Lambda (https://www.pulumi.com/docs/tutorials/aws/rest-api/) Host a Static Website on Amazon S3 (https://www.pulumi.com/docs/tutorials/aws/s3-website/) Create a Slackbot for Posting Mention Notifications (https://www.pulumi.com/docs/tutorials/aws/aws-ts-slackbot/) Do these feel like the most important examples you’ve used or are there other examples from our examples repo that have been more helpful? Are there different examples you’d like to see? Thanks, Dave
    l
    b
    • 3
    • 9
  • l

    little-cartoon-10569

    03/09/2021, 1:17 AM
    I need to pass an availability zone to the constructor of a VpnGateay (don't know if it's a zone name or ID, can sort that later). I presume I get this from the subnets that I've created using awsx.ec2.Vpc.
    • 1
    • 5
  • e

    enough-leather-70274

    03/09/2021, 6:04 AM
    Hi folks - I have a complex security group that I want to import into pulumi, however I'm a bit confused by the docs. When I run something like the example:
    pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8
    It just gives me a blank security group, not all the rules defined in it.
  • e

    enough-leather-70274

    03/09/2021, 6:06 AM
    I found the docs for SecurityGroupRule, but the examples seem a bit mangled (is the word "console" meant to be everywhere?) and it all seems to be one-by-one. What's the easiest way of importing all the rules attached to a security group?
    b
    • 2
    • 6
  • m

    microscopic-dress-1605

    03/09/2021, 8:38 AM
    Hello, first time here. I would like to unit-test an IAM Policy that is build up dynamically using
    aws.iam.getPolicyDocument
    . However, I’ve noticed that
    getPolicyDocument
    gets mocked away during unit testing. As a result:
    GetPolicyDocumentResult.json
    returns undefined in the unit test 😒 Of course I can add something like this in
    Mocks.call
    :
    pulumi.runtime.setMocks({
      newResource: function(resourceType: string, name: string, inputs: any, provider?: string, id?: string) {},
      call:  function(token: string, args: any, provider?: string) {
        switch (token) {
            case 'aws:iam/getPolicyDocument:getPolicyDocument':
              return {
                json: JSON.stringify(args),
              };
          }
          return args;
        },
    });
    But then the returned IAM Policy json document is not a valid IAM policy. What would be the preferred way of unit testing the result of
    getPolicyDocument
    ? Thank you for your input. As you see the code is written in Typescript.
    l
    • 2
    • 8
  • m

    microscopic-dress-1605

    03/09/2021, 9:47 AM
    This fits in the context of testing the creation of an IAM Policy. I would like to check the IAM Policy json document that was assigned to that IAM Policy.
  • w

    wooden-truck-40033

    03/09/2021, 2:31 PM
    @here I have something to share I made an opinionated EKS provisioning pulumi code in javascript. I like to call it POKE- Provision Opinionated Kubernetes on EKS https://github.com/bit-cloner/poke
  • a

    average-school-38756

    03/09/2021, 9:01 PM
    i have an RDS/Aurora cluster set up, and want to create an additional user for the database. i was planning to use the
    pulumi_postgresql
    provider to connect to the database via the endpoint (using the master credentials) but i'm getting a timeout:
    postgresql:index:Role (pg-user):
        error: error detecting capabilities: error PostgreSQL version: dial tcp 10.0.1.136:5432: i/o timeout
    That's when i realized that my database is in a VPC, and there is no public endpoint. So how can i use IaC to handle this task?
    m
    • 2
    • 2
  • e

    enough-leather-70274

    03/09/2021, 11:24 PM
    Hi folks - how do I setup a SecurityGroupRule to allow all ICMP IPv4 traffic from a specific prefix list?
    l
    • 2
    • 24
  • s

    shy-oxygen-8874

    03/10/2021, 1:28 AM
    Hi, I just ran a pulumi up that reported that it succeeded, but one resource in the stack was not created. I never got an error at any point, and it wasn't until a test ran later that I caught it at all. A pulumi preview --refresh showed that the resource needed to be created. This is the second time I've encountered this with Pulumi. I don't remember what the resource was the first time (I think it was a VPC SG, but I'm not sure). This time it was an alb listener rule. Is there some setting to make pulumi more sensitive to these failures?
    l
    s
    • 3
    • 10
  • w

    wooden-truck-40033

    03/10/2021, 12:07 PM
    Hi folks . I need to create a userdata script for eks windows nodes. The documentation says the script needs to be
    <powershell>
                  
    [string]$EKSBinDir = "$env:ProgramFiles\Amazon\EKS"
                  
    [string]$EKSBootstrapScriptName = 'Start-EKSBootstrap.ps1'
                  
    [string]$EKSBootstrapScriptFile = "$EKSBinDir\$EKSBootstrapScriptName"
                  
    [string]$cfn_signal = "$env:ProgramFiles\Amazon\cfn-bootstrap\cfn-signal.exe"
                  
    & $EKSBootstrapScriptFile -EKSClusterName ${ClusterName} ${BootstrapArguments} 3>&1 4>&1 5>&1 6>&1
                  
    $LastError = if ($?) { 0 } else { $Error[0].Exception.HResult }
                  `& $cfn_signal --exit-code=$LastError ``                 `--stack="${AWS::StackName}" ``                 `--resource="NodeGroup" ``                 
    --region=${AWS::Region}
                  
    </powershell>
  • w

    wooden-truck-40033

    03/10/2021, 12:08 PM
    in pulumi code How can i get the values of
    ${AWS::StackName}
    ?
  • w

    wooden-truck-40033

    03/10/2021, 12:09 PM
    has anyone provisioned windows EKS nodes with pulumi ?
  • s

    shy-sunset-67287

    03/10/2021, 1:22 PM
    Anyone have any suggestions on dealing with
    ValidationException
    when creating Lambda functions in python? I’m already running with
    pulumi up --logtostderr -v=9 2> out.txt
    but I can’t find in the logs any detail about the AWS call that fails and why. This has had me stumped for a couple days now, so any help would be very much appreciated 😄
    b
    • 2
    • 7
  • a

    adamant-translator-31969

    03/10/2021, 2:50 PM
    Hi! I have a problem with awsx.apigateway promise leak when I use component resource
    b
    • 2
    • 3
  • p

    powerful-art-3002

    03/10/2021, 3:00 PM
    Hello, I have question about CD tool I have 4 repositories an each repo which corespond to product In future there will be more products (repos) I want to deploy this stacks as products, independently. I want to deploy this stacks for many aws accounts. So I want to tool which allows add products, add envs, keep states which product is deployed on which envs? Do you know something better than GitLab for this problem?
    m
    • 2
    • 1
  • b

    breezy-apartment-46543

    03/10/2021, 3:39 PM
    I have a lambda where I import ‘aws-xray-sdk’ but the dependency does not seem to be uploaded to AWS as the lambda throws “errorType”:“Runtime.ImportModuleError”,“errorMessage”:“Error: Cannot find module ‘aws-xray-sdk’… Shouldn’t Pulumi automatically handle this? I run npm i aws-xray-sdk before pulumi up ofc.
    d
    • 2
    • 15
  • f

    flat-insurance-25294

    03/10/2021, 8:07 PM
    Does parameter store use some efault AWS KMS when using
    SecureString
    ? https://www.pulumi.com/docs/reference/pkg/aws/ssm/parameter/ or do we need to supply its ARN/ID ourselves?
  • f

    flat-insurance-25294

    03/10/2021, 8:07 PM
    To specify an AWS KMS CMK, use the KeyId parameter. The default is the AWS managed CMK for your account, aws/ssm.
    It sounds like it uses a default one if not supplied.
    b
    • 2
    • 10
  • p

    polite-lighter-21850

    03/10/2021, 8:49 PM
    Hi, I'm learning about stacks today and how to configure them for different environments. To do this I have set up 3 different AWS accounts - dev, non-prod and prod and configured a profile for each one in my credentials file. I then use the appropriate profile in the appropriate stack that I have created - dev, non-prod and prod and ran pulumi up. As expected the resource appeared in the stack that was currently active. Now, when I change the aws profile for that stack using pulumi config set aws:profile to one of the other profiles and run pulumi up, then the resource is still deployed to the original profile's account and not the profile that I've changed to. This doesn't seem to be the correct behaviour. Could anyone point where I'm going wrong?
    b
    l
    • 3
    • 5
  • a

    average-nest-71706

    03/11/2021, 8:38 AM
    My code:
    test = aws.lb.LoadBalancer(
    							"MyTestALB",
    							internal=False,
    							load_balancer_type="application",
    							security_groups=[alb_security_group.id],
    							subnets=[__item["id"] for __item in aws_subnet["public"]],
    							enable_deletion_protection=True,
    							#access_logs=aws.lb.LoadBalancerAccessLogsArgs(
    							#		bucket=
    							#	)
    						  )
    I would like to understand what this line of code is saying:
    subnets=[__item["id"] for __item in aws_subnet["public"]],
    My question is how am I going to get the subnets, because the lb documentation assumed that I already the code getting the subnets and it is assigned to aws_subnet["public"].
    b
    • 2
    • 5
  • a

    agreeable-ram-97887

    03/11/2021, 5:11 PM
    Hey all, I'm experiencing some weird behavior with
    pulumi destroy
    , where pulumi incorrectly thinks an AWS resource failed to destroy (when in fact, it had). The process goes something like this: 1. I call
    pulumi up
    on a stack which includes and AWS EKS Cluster. I am not an admin user on AWS, but nevertheless I have access to all EKS-relevant actions for resources with the proper tags. So the building succeeds without any issues 2. I then tear this stack down with
    pulumi destroy
    which fails for some unknown reason. The error message tells me that the EKS cluster failed to be destroyed due to a permissions issue (as a result, pulumi thinks the cluster still exists) 3. But I check on the AWS console, and can confirm that in fact the cluster HAS been properly destroyed. Looking into CloudWatch, it appears that the the pulumi destroy process successfully destroyed the EKS cluster, but then tried to do it again (which is then denied since the non-existent cluster of course does not have the proper tags which allow me to operate on it) 4. Any subsequent
    pulumi destroy
    call also fails for the same reason. Similarly
    pulumi refresh
    fails because pulumi would like to "describe" the cluster to determine it's state, which of course also fails due to the same tag-condition 5. The situation is thus stuck until a colleague who is an AWS admin calls either
    pulumi destroy
    or
    pulumi refresh
    on my behalf So has anyone else experienced similar behavior? Or are there any thoughts on what could be wrong here? It seems to me like it is a Pulumi issue (rather than an AWS permissions issue) since Pulumi mistakenly thinks the cluster fails to be destroyed
    f
    • 2
    • 1
  • b

    busy-apartment-9626

    03/11/2021, 9:50 PM
    Pulumi novice here, just wondering what the difference between `apigateway.Deployment`'s
    triggers
    and
    variables
    . I noticed in AWSX a redeployed is forced by a new hash of a bunch of settings in
    variables
    , but my impression is that's what
    triggers
    are for. Am I missing something here?
  • a

    ambitious-monitor-34019

    03/12/2021, 12:01 AM
    Hi - Are there any functions to create a users in AWS Managed Microsoft AD?
    l
    • 2
    • 8
  • m

    mysterious-oyster-86659

    03/12/2021, 1:06 AM
    Advice for best strategy: Our team wants to use AWS Airflow (which is quite new). Pulumi doesn’t yet accomodate for that service, so we have decided to do the following: 1] Build another separate repository and corresponding Pulumi stack that handles only the provisioning and management of AWS Airflow through CloudFormation. 2] Keep our (mostly) monolithic project in its own repository and Pulumi stack BUT still be able reference and use some of the AWS resources (i.e. S3, VPC) made from #1 after all resources have been entirely and successfully deployed (via
    pulumi up
    ). So, ideally #1 would occur first with its own
    pulumi up
    and then - after that entire deployment is complete - automatically do the same for #2 but somehow be able to be aware of and use resources that were changed/deleted/added from #1. Finally, being able to “tear” all this down in an automated way would be fantastic, but that’s secondary for now. What your advice for approaching this use-case?
  • q

    quick-finland-93793

    03/12/2021, 5:41 PM
    Hello! I've noticed these weird exceptions multiple times yet. When compiling C# Pulumi Stacks with the latest
    Pulumi.Aws
    plugin (current v3.32.1) i get exception that certain setter-methods of basic resources do not exist:
    System.MissingMethodException: Method not found: "Void Pulumi.aws.Rds.ClusterArgs.set_engine(Puluim.Input'1<System.String>)
    Does someone else has noticed something like that? What am I doing wrong? With version
    v3.13.0
    everything works fine
Powered by Linen
Title
q

quick-finland-93793

03/12/2021, 5:41 PM
Hello! I've noticed these weird exceptions multiple times yet. When compiling C# Pulumi Stacks with the latest
Pulumi.Aws
plugin (current v3.32.1) i get exception that certain setter-methods of basic resources do not exist:
System.MissingMethodException: Method not found: "Void Pulumi.aws.Rds.ClusterArgs.set_engine(Puluim.Input'1<System.String>)
Does someone else has noticed something like that? What am I doing wrong? With version
v3.13.0
everything works fine
View count: 1