Hello, This might be a stupid question, but I am stuck with routing with ALB for ECS cluster. And I couldn't find any help on Pulumi website. Resources created: 1. ECS services

const helloService = new awsx.ecs.FargateService(...)

2. Load balancer

const alb = new <http://awsx.lb|awsx.lb>.ApplicationLoadBalancer(...)

3. Listener

export const backendListener = alb.createListener(...)

4. Target groups

const helloTarget = alb.createTargetGroup()

5. Listener Rules:

const helloRule = new <http://aws.lb|aws.lb>.ListenerRule()

My question is how can I connect the

helloRule

to the

helloService

? For example,

helloService1

should response to requests matches

hellowRule1

, and

helloService2

should response to requests matches

helloRule2

.

Hey! When you guys plan to release pulumi-awsx 0.26.0? I am planning to use the new features

What’s a good example of using

Output<T>

(in typescript) to use a generated bucket name

new-bucket-[the magic hash number]

in a previous task as a string value in an IAM policy in a later script:

const importPolicy = {
    Version: '2012-10-17',
    Statement: [
      {
        Sid: 's3Import',
        Action: [
          's3:GetObject',
          's3:ListBucket'
        ],
        Effect: 'Allow',
        Resource: [
          `arn:aws:s3:::${newS3.bucket}`, // <-- does not work
          `arn:aws:s3:::${newS3.bucket}/*` // <-- does not work
        ]
      }
    ]
  }

newS3

is an

aws.s3.Bucket

.

Hi - does anyone have an example in any language of creating the resources necessary to generate logs from ECS container instances and send them to cloudwatch? From the AWS docs it mentions needing an IAM policy that allows this transfer, the attachment of the policy, the download and installation of cloudwatch agent in the container, and a config file in the container. I am just interested in getting the output of the docker container in ECS so this seems like quite a bit of work just to see that info, but I don’t get anything in the details section … so guess that’s the thing to do.

Hello, I am having problem with routing with ALB for ECS cluster. I don't understand why it says the 

targetGroup

 does not have an associated load balancer. The target groups are created with 

alb.createTargetGroup()

 

Diagnostics:                                                                                                                                                                                     
  aws:ecs:Service (backend-nginx):                                                                                                                                                                   error: 1 error occurred:                                                                                                                                                                     
        * InvalidParameterException: The target group with targetGroupArn arn:aws:elasticloadbalancing:us-west-2:617706700270:targetgroup/backend-nginx-tg-041ec1c/55dd1342456346aa does 
not have an associated load balancer. "backend-nginx-5a1a7c5"                                                                                                                                    

  pulumi:pulumi:Stack (ingenio-backend-dev):                                                                                                                                                     
    error: update failed                                                                                                                                                                         

  awsx:x:ecs:FargateTaskDefinition (backend-hello):                                                                                                                                              
    warning: WARNING! Your password will be stored unencrypted in /root/.docker/config.json.                                                                                                     
    Configure a credential helper to remove this warning. See                                                                                                                                    
    <https://docs.docker.com/engine/reference/commandline/login/#credentials-store>                                                                                                                

  aws:ecs:Service (backend-hello):                                                                                                                                                               
    error: 1 error occurred:                                                                                                                                                                             * InvalidParameterException: The target group with targetGroupArn arn:aws:elasticloadbalancing:us-west-2:617706700270:targetgroup/backend-hello-tg-6614d94/57f5672e4de31767 does 
not have an associated load balancer. "backend-hello-9844a6d"

Hi, I was trying to destroy my resources and suddenly i got error. After that every time that i am trying to delete the slack i get the error as in pic. Does anybody knows how i can resolve the issue. I also did pulumi

stack export

and find the

"pending_operations".

Now i have a json file which indicate

k8scicd-eks-cluster-08ef97b:k8scicd-eks-nodegroup"

 is in

pending_operations.

How can i resolve this issue?

@millions-furniture-75402 thank you for continuing to add more features to awsx for us 🙂

Is it normal for the first image push to ECR to be very slow? My

pulumi up

has been running for about 25 minutes now while pushing my image to ECR. From the diag logs in the console I can tell it is making progress but this seems like an inordinate amount of time to take

Trying to create Elasticahe redis, I always get this error.

* error creating ElastiCache Cache Cluster: CacheSubnetGroupNotFoundFault: Cache Subnet Group redis-subnet-group-ec90733 does not exist.
        status code: 400

adding dependencies explicitly doesn't help

const subnetGroup = new SubnetGroup("redis-subnet-group", { subnetIds: sids.ids })

                const nsg = new SecurityGroup("sgredis", {
                    vpcId: vpc.id,
                    ingress: [{
                        fromPort: redisConfig.port,
                        toPort: redisConfig.port,
                        protocol: "tcp",
                        cidrBlocks: [vpc.cidrBlock]
                    }]
                })

                const cluster = new elasticache.Cluster("redis-cluster", {
                    preferredAvailabilityZones: redisConfig.availabilityZones,
                    nodeType: redisConfig.nodeType,
                    numCacheNodes: 1,
                    subnetGroupName: subnetGroup.name,
                    engine: "redis",
                    securityGroupIds: [nsg.id]
                }, { dependsOn: [subnetGroup, nsg] })

I'm having a hard time setting up read replica for a Postgres RDS server. My first attempt failed with

error modifying DB Instance (read-replicaf4d753f): InvalidParameterCombination: Cannot change master user password on an RDS postgres Read Replica because it uses physical replication and therefore cannot differ from its parent

even though the replica was created and visible in the console. Is there a trick I'm missing?

Is there a way to set up and configure schedule

Fargate Task Definitions

in an

ECS cluster

with an

Event Rule

with

cron

? If so what’s a good example?

hey friends 👋 running into an issue with lambda layers - I'm getting an 'unable to load' error due to permission issues (screenshot threaded)

With awsx, how do I define a FargateService with an ALB where the ALB listener port is different than the one of the container? For example my ALB is listening on port 80 but the container is running on port 3000. In AWS I would route this through the target group, but I don't know what the awsx syntax for this is. All the docs assume the port is the same. A code snippet would be great.

Hi All!👋 I've got a Redshift cluster I want to generate and associate a

CloudWatch

metric (i.e.

PercentDiskSpaceUsed

) and alarm to. This is achievable via the console and - to an extent - with Pulumi. I can generate the alarm easily via

aws.cloudwatch.MetricAlarm

, but it seems that the association part of "attaching" that metric to the cluster is unclear. Is there a way to do this? I feel like I'm missing something quite obvious despite a lot of research...😅

Hi, need help with

pulumi import

when storing this in local file after this command

pulumi import aws:ec2/instance:Instance myInstanceName i-0ba17989210ad396a

i get this output (and a .pulumi/aws_test.json file with whole EC2 instance):

import pulumi
import pulumi_aws as aws

eu1tst_rhtestloadgen002 = aws.ec2.Instance("eu1tst-rhtestloadgen002",
    ami="ami-04c89a19fea29f1f0",
    ebs_optimized=True,
    get_password_data=False,
    instance_type="c4.2xlarge",
    source_dest_check=True,
    tags={
        "Name": "eu1tst-rhtestloadgen002"
    },
    opts=pulumi.ResourceOptions(protect=True))

this works fine when running

pulumi up

and i get no changes. but how do i make volume changes on existing AWS EC2 instance after import?

Hi, I'm setting up an API Gateway and my routes are Lambdas with the cloud API (https://github.com/pulumi/pulumi-cloud) in typescript, and within a route I'm trying to access dynamodb, but I keep getting errors saying my lambda doesnt have the correct role to access my dynamodb, I've yet to find way to attach a role to a lambda using the cloud API, any suggestions?

I can’t find how to run just regular task inside FARGATE, any ideas where it’s hidden in the SDK? Thanks

Is there a way to set the timeout pulumi should wait when replacing an ECS service task? I have been stuck on this screen for well over ten minutes now. I think the health checks fail somewhere and won't recover on its own, but I can't cancel pulumi or it will be in an invalid state. Can I lower the timeout somehow?

Are there any examples of using the

triggers

parameter for API Gateway deployments? Best I can find is https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_deployment

There doesn’t appear to be any way to select the engine version when creating an Athena Workgroup: aws.athena.Workgroup

This is possibly just something I'm not understanding, but when I specify a networkListener in my awsx.ecs.FargateService container, how do I pass the portMappings to it so that the container port and host port can map to each other? I've found that if I just don't provide a listener and specify the right portMappings, then my tasks stabilize because they are passing health checks on the appropriate ports, but then of course I can't reach the endpoint bc no listener. However, when I provide a network listener, the health checks constantly fail because I can't pass both a listener and the correct port mappings (e.g. containerPort and hostPort). Am I missing something here?

With pulumi_aws am I correct we cannot supply WLM json to the Cluster? Or where is that at?

Hi, Why do Pulumi responds with error when importing AWS Volume:

pulumi import aws:ebs/volume:Volume id vol-049df61146c4d7901

Previewing import (aws_import):
     Type                 Name                   Plan       Info
     pulumi:pulumi:Stack  aws_import-aws_import             1 error
 =   └─ aws:ebs:Volume    id                     import     3 errors

Diagnostics:
  pulumi:pulumi:Stack (aws_import-aws_import):
    error: preview failed

  aws:ebs:Volume (id):
    error: aws:ebs/volume:Volume resource 'id' has a problem: AtLeastOne: "size": one of `size,snapshot_id` must be specified. Examine values at 'Volume.Size'.
    error: aws:ebs/volume:Volume resource 'id' has a problem: AtLeastOne: "snapshot_id": one of `size,snapshot_id` must be specified. Examine values at 'Volume.SnapshotId'.
    error: Preview failed: one or more inputs failed to validate

is there another way of importing ebs volumes and manage them? used this guide: https://www.pulumi.com/docs/reference/pkg/aws/ebs/volume/#import

What is this warning supposed to mean?

warning: security_groups is deprecated: Use of `securityGroups` is discouraged as it does not allow for changes and will force your instance to be replaced if changes are made. To avoid this, use `vpcSecurityGroupIds` which allows for updates.

When creating instances using python, am I supposed to use

vpcSecurityGroupIds

instead of

security_groups

?

Came across this issue. However, it’s still not clear what action need to be taken by an end user

Hi, I have this issue when doing a pulumi up:

Type           Name               Status         Info

   

pulumi:pulumi:Stack    poc-us-1-dev           **failed**       1 error

 

-  └─ aws:ec2:SecurityGroup poc-us-1-eksClusterSecurityGroup **deleting failed**   1 error

 

-  └─ aws:ec2:SecurityGroup poc-us-1-eksClusterSecurityGroup deleting... completing deletion from previous update

Diagnostics:

 

aws:ec2:SecurityGroup (poc-us-1-eksClusterSecurityGroup):

  

error: deleting urn:pulumi:dev::xxx:ec2/securityGroup:SecurityGroup::xxxlusterSecurityGroup: 1 error occurred:

    

* Error deleting security group: DependencyViolation: resource xxx has a dependent object

    

status code: 400, request id: xxx

 

pulumi:pulumi:Stack (poc-us-1-dev):

  

error: update failed

The previous update is actually finished. Even pulumi destroy does not work. I am blocked. Do you see a ‘clean’ way out ?

👋 Hey, y'all. I've been running up against an error this morning when trying to

pulumi up

or `pulumi refresh`:

error: Preview failed: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration

Neither command will get past this point. I have the AWS profile configured and it has worked up until this morning. The AWS CLI still works as expected. Any insights into how I can track down the issue?

lately (as in the last week or so) pulumi has been having issues deleting subnets and internet gateways (see image for an example). This has been observed across several pulumi projects (which used to work with pulumi up / destroy without any issue, and some of these projects haven’t changed in the meantime), and for multiple of colleagues. Is anyone else having a similar issue? Any action steps to suggest?