https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • f

    freezing-lifeguard-49209

    04/23/2021, 8:49 PM
    Any idea on how to configure the $default route in https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/apigateway/ so that all my urls aren't prefixed with /stage (default stage name) -- https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-routes-integrations.html. If I use $default for the stage name pulumi says $ is not a valid name
  • b

    bland-byte-34481

    04/23/2021, 9:46 PM
    hello - any guidance on how to do docker image mirroring so I can pull an image from Dockerhub and upload it into ECR? this can be done from the command line as follows:
    docker pull {whatever_dockerhub_image}
    docker tag {the_image_id_from_above} <http://009024277649.dkr.ecr.us-west-2.amazonaws.com/{whatever_name_you_want}|009024277649.dkr.ecr.us-west-2.amazonaws.com/{whatever_name_you_want}>
    docker push <http://009024277649.dkr.ecr.us-west-2.amazonaws.com/{whatever_name_you_want}|009024277649.dkr.ecr.us-west-2.amazonaws.com/{whatever_name_you_want}>
    i'm having trouble figuring out how to do this with the docker provider provided by Pulumi (docker.Image, docker.RemoteImage, etc.)
    • 1
    • 1
  • m

    millions-market-17062

    04/25/2021, 2:22 PM
    Hey, Is GetRecordSet exists in AWS Node SDK?
  • m

    millions-market-17062

    04/25/2021, 2:22 PM
    https://www.pulumi.com/docs/reference/pkg/aws/route53/
  • r

    refined-bear-62276

    04/25/2021, 8:49 PM
    Hello buddies. Is it possible to programatically attach a certificate arn to a
    cloud.Service
    without first configuring it in the yaml config?
  • e

    elegant-pager-5412

    04/26/2021, 5:11 AM
    Is it possible to inject environment variables after the initialization of a lambda?
  • e

    elegant-pager-5412

    04/26/2021, 5:13 AM
    It seems like all of the properties are marked as
    read-only
    and I can’t alter them, which means that the only way I can change them is by re-creating a lambda and copy all of the settings… Why doesn’t pulumi allow changes to resources? By not doing so, it becomes immensely painful to create wrappers around common workflows such as
    SQS -> Lambda
    pattern.
    b
    • 2
    • 13
  • e

    elegant-pager-5412

    04/26/2021, 9:03 AM
    Has anyone been successful in allowing lambdas (
    CallbackFunction
    ) to send logs to CloudWatch? Can’t get it working 🤔
    s
    r
    • 3
    • 24
  • e

    elegant-pager-5412

    04/26/2021, 2:28 PM
    Hey, I’m getting
    error creating Lambda Function (1): ValidationException:
    when trying to create a lambda function. Does anyone know why it can happen? Also, is there any way I can see a more detailed error message that may indicate what the issue is?
    • 1
    • 1
  • a

    average-ability-11166

    04/26/2021, 6:30 PM
    Are there plans to add the Object Lambda Access Points (over standard Access Points)? Looking to roll out object lambdas and the current API doesn't have the
    invokeLambaFunction
    property found here.
    ➕ 1
  • k

    kind-airport-89906

    04/26/2021, 7:23 PM
    Hi, I’m trying to provision an EKS Nodegroup attached to an EKS cluster, but keep getting the following:
    error: Error: 'dependsOn' was passed a value that was not a Resource.
    I’m not using any ResourceOpts (depends on or parent) in the NodeGroup resource. Anyone have any ideas on how to get around this?
    • 1
    • 1
  • w

    worried-queen-62794

    04/26/2021, 10:09 PM
    Is it possible to move resources to another account? I am using a specific role on my provider and I tried just changing that role to the role in the new account but now things are really messed up. It's now stuck trying to delete resources in the old account with the new role.
    l
    r
    • 3
    • 6
  • e

    elegant-pager-5412

    04/27/2021, 12:15 PM
    Hey guys! How can I configure a layer that will act as my
    node_modules
    ? As mentioned in the docs: https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html#configuration-layers-path
    m
    • 2
    • 2
  • e

    elegant-pager-5412

    04/27/2021, 2:45 PM
    When using the
    CallbackFunction
    to define lambdas, there is a major issue with the scoping. The generated code is exporting the entire callback
    exports.handler = __f0
    . While it should be fine, it leaves no room for us to open sockets/connection in the “global” lambda scope, but only in the invoked code which is a bad practice. Is there any way to solve this? Essentially, I want something like:
    exports.handle = __f0;
    
    // Some connection code:
    AWSLambda.init({...}) // sentry
    
    function __f0(...) {
      // ...
    }
    • 1
    • 1
  • r

    refined-bear-62276

    04/27/2021, 10:06 PM
    Hello. I'm trying to set up the basic ecs service example, but I have some policy errors right from the start 😞
    const cluster = new awsx.ecs.Cluster("testing");
    
    // Create a listener to handle requests coming in on port 80.  This will automatically create a
    // target group that also forwards the requests to targets in it at the same port.
    const listener = new awsx.elasticloadbalancingv2.NetworkListener("nginx", {
      port: 80,
    });
    
    // Create a Service pointing to the well known 'nginx' image.  Supply the listener we just created
    // in the `portMappings` section.  This will both properly connect the service and launched instances
    // to the target group.
    //
    // For a Fargate service just replace this with `new awsx.ecs.FargateService`.
    const nginx = new awsx.ecs.EC2Service("examples-nginx", {
      cluster,
      taskDefinitionArgs: {
        containers: {
          nginx: {
            image: "nginx",
            memory: 128,
            portMappings: [listener],
          },
        },
      },
      desiredCount: 2,
    });
    
    export let frontendURL = pulumi.interpolate`http://${listener.endpoint.hostname}/`;
    aws:iam:RolePolicyAttachment (examples-nginx-task-fd1a00e5):
        error: 1 error occurred:
            * Error attaching policy arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess to IAM Role examples-nginx-task-8d887ee: NoSuchEntity: Policy arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess does not exist or is not attachable.
            status code: 404, request id: 496380b4-0994-4330-b79a-fd6d9cfdb227
     
      aws:iam:RolePolicyAttachment (examples-nginx-task-32be53a2):
        error: 1 error occurred:
            * Error attaching policy arn:aws:iam::aws:policy/AWSLambdaFullAccess to IAM Role examples-nginx-task-8d887ee: NoSuchEntity: Policy arn:aws:iam::aws:policy/AWSLambdaFullAccess does not exist or is not attachable.
            status code: 404, request id: 6747b5d7-4e4b-454a-86c1-41ed662aa065
    b
    • 2
    • 16
  • s

    straight-church-84802

    04/27/2021, 11:31 PM
    Hello, I’m trying to set up Python lambda functions using a Python Pulumi project. According to the docs (https://www.pulumi.com/docs/reference/pkg/aws/lambda/function/), I should be able to pass a local zip file to the argument called
    filename
    . But I can’t find that parameter anywhere in Function.
    b
    • 2
    • 2
  • e

    elegant-pager-5412

    04/28/2021, 8:37 AM
    Hey, I’m using the
    callbackFactory
    in order to define global scope and invocation scope for my Lambda. However, the end code inside the lambda is
    exports.handler = __f0();
    , which means that I can’t have async code inside my global lambda scope. Is there any way to make Pulumi change the aforementioned statement to:
    exports.handler = await __f0();
  • b

    bright-intern-41366

    04/28/2021, 9:51 AM
    I tried to add package to 
    Lambda
     function with Pulumi, however, I only found a way to add, only if package is a 
    node_modue.
      Is there anyway to add package outside of 
    node_modules .
    I  cannot use 
    new pulumi.asset.FileArchive("./file.zip")
      since I write code inside 
    new aws.lambda.CallbackFunction()
     . Any help guys..
    d
    • 2
    • 8
  • p

    purple-orange-91853

    04/28/2021, 3:39 PM
    I'm facing an issue when trying to do a
    pulumi up
    or a
    pulumi preview
    . The process hangs indefinitely and does not return any errors or information around what is going on when it hangs. I started a preview last night and let it run until I started again this morning and it was still hanging at the same place again with no messaging on screen of any activity or errors. I cancelled the process and then I get dozens of these types of error messages back. This stack has worked prior and I am not sure what is causing this issue. Any help is very appreciated.
    Diagnostics:
      pulumi:pulumi:Stack (aws-us-east-1-eks-temp):
        xxxxxxxx us-east-1
        xxx c5.large 1
        unhandled rejection: CONTEXT(1681): Invoking function: tok=kubernetes:helm:template asynchronously
        STACK_TRACE:
        Error
            at Object.debuggablePromise (/Users/tonyelliott/repos/temp-platform/node_modules/@pulumi/pulumi/runtime/debuggable.js:69:75)
            at /Users/tonyelliott/repos/temp-platform/node_modules/@pulumi/pulumi/runtime/invoke.js:126:45
            at Generator.next (<anonymous>)
            at fulfilled (/Users/tonyelliott/repos/temp-platform/node_modules/@pulumi/pulumi/runtime/invoke.js:18:58)
            at processTicksAndRejections (internal/process/task_queues.js:93:5)
        unhandled rejection: CONTEXT(1681): Invoking function: tok=kubernetes:helm:template asynchronously
  • p

    purple-orange-91853

    04/28/2021, 3:40 PM
    STACK_TRACE:
        Error
            at Object.debuggablePromise (/Users/tonyelliott/repos/temp-platform/deployments/aws-us-east-1-eks/node_modules/@pulumi/pulumi/runtime/debuggable.js:69:75)
            at /Users/tonyelliott/repos/temp-platform/deployments/aws-us-east-1-eks/node_modules/@pulumi/pulumi/runtime/invoke.js:126:45
            at Generator.next (<anonymous>)
            at fulfilled (/Users/tonyelliott/repos/temp-platform/deployments/aws-us-east-1-eks/node_modules/@pulumi/pulumi/runtime/invoke.js:18:58)
            at runMicrotasks (<anonymous>)
            at processTicksAndRejections (internal/process/task_queues.js:93:5)
        unhandled rejection: CONTEXT(105): Invoking function: tok=kubernetes:yaml:decode asynchronously
    c
    b
    • 3
    • 27
  • c

    chilly-hydrogen-41038

    04/28/2021, 5:32 PM
    Hello, I see that AWS Timestream is not supported by Pulumi. I’m new to Pulumi, when a resource is not supported, it’s there an easy way to add it?
    b
    • 2
    • 3
  • f

    fancy-manchester-67426

    04/28/2021, 8:39 PM
    i noticed for dynamodb, pulumi’s api is not 1:1 with AWS’s create-table api. is it possible to pass in AWS’s create-table json input into pulumi? or do I have to transform it to fit pulumi’s api?
    b
    • 2
    • 5
  • p

    proud-pizza-80589

    04/28/2021, 9:01 PM
    I’m trying to setup a redis elasticache instance but the UI has a lot more options than I can find in the typescript types. Stuff like encryption, backups, authentication are all missing. Am I missing something or is this missing?
    b
    • 2
    • 3
  • p

    purple-plumber-90981

    04/28/2021, 10:52 PM
    in aws.iam for RolePolicyAttachment, every time i “pulumi up” the existing attachments are removed and new ones added. Is this expected behaviour ? I would think that as my attachments are unchanged, nothing should be removed/recreated
    l
    • 2
    • 26
  • b

    bumpy-laptop-30846

    04/29/2021, 9:18 AM
    Hello guys, I get this old issue: * Error deleting security group: DependencyViolation: resource sg-0849cdab4d00xxx has a dependent object How do you cope with this? How do you find the dependent object? What can it be?
    c
    l
    • 3
    • 2
  • g

    gray-whale-15826

    04/29/2021, 11:13 AM
    Hey there, I’m trying to set up Imagebuilder, and after editing component setup I’m getting:
    error: deleting urn:pulumi:dev-workflow-development-us-east-1-shared::dev-workflow-service::aws:imagebuilder/component:Component::dev_env: 1 error occurred:
        	* error deleting Image Builder Component (arn:aws:imagebuilder:us-east-1:824464961347:component/dev-env-e243ad8/1.0.1/1): ResourceDependencyException: Resource dependency error: The resource ARN 'arn:aws:imagebuilder:us-east-1:824464961347:component/dev-env-e243ad8/1.0.1/1' has other resources depended on it.
    Here is my setup in TS:
    const componentSetup = readFileSync('./dev-env/component-setup.yml', 'utf-8');
    
    const VERSION = `1.0.3`;
    
    export const devEnvComponent = new imagebuilder.Component('dev-env', {
      data: componentSetup,
      description: 'This component include all required installs for dev env',
      platform: "Linux",
      version: VERSION,
    });
    
    const devEnvImageBuilderRole = new iam.Role("dev-env-image-builder", {
      assumeRolePolicy: {
          Version: "2012-10-17",
          Statement: [{
              Action: "sts:AssumeRole",
              Principal: {
                  Service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
              },
              Effect: "Allow",
              Sid: "",
          }]
      },
    });
    
     new iam.RolePolicyAttachment("dev-env-image-builder-ssn", {
      role: devEnvImageBuilderRole,
      policyArn: 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore',
    });
    
    new iam.RolePolicyAttachment("dev-env-image-builder-ec2-ecr", {
      role: devEnvImageBuilderRole,
      policyArn: 'arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds',
    });
    
    new iam.RolePolicyAttachment("dev-env-image-builder-ec2", {
      role: devEnvImageBuilderRole,
      policyArn: 'arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder',
    });
    
    const profile = new iam.InstanceProfile("dev-env-instance-profile", { role: devEnvImageBuilderRole });
    
    export const devEnvInfrastructureConfiguration = new imagebuilder.InfrastructureConfiguration("dev-env", {
      instanceProfileName: profile.name,
    });
    
    export const devEnvImgRecipe = new imagebuilder.ImageRecipe("dev-env", {
      blockDeviceMappings: [{
          deviceName: "/dev/xvda",
          ebs: {
              volumeSize: 100,
              volumeType: "gp2",
          },
      }],
      components: [{
          componentArn:  devEnvComponent.arn,
      }],
      parentImage: "arn:aws:imagebuilder:us-east-1:<aws:image/amazon-linux-2-ecs-optimized-x86/x.x.x>",
      version: VERSION,
    });
    
    const weeklyCron = 'cron(0 9 ? * mon)';
    export const devEnvImagePipeline = new imagebuilder.ImagePipeline("dev-env", {
      imageRecipeArn: devEnvImgRecipe.arn,
      infrastructureConfigurationArn: devEnvInfrastructureConfiguration.arn,
      schedule: {
          scheduleExpression: weeklyCron,
      },
    });
    Anyone can advice what I’m doing wrong?
    l
    • 2
    • 5
  • h

    handsome-army-82617

    04/29/2021, 12:07 PM
    Hey. I am using API Gateway for an API that tends to have long periods without any calls. I am running into an issue where the underlying lambdas take over 10s to warm up which is far from ideal. I'm aware of "provisioned concurrency" for lamdas, but can't see how to enable this with API Gateway?
  • h

    handsome-army-82617

    04/29/2021, 12:09 PM
    I tried following this: https://www.pulumi.com/blog/aws-lambda-provisioned-concurrency-no-cold-starts/ So ended up with this, but after 5 minutes it still needs warming up again
    const fetchSurveyLambda = new aws.lambda.CallbackFunction(
      `${appName}-fetchSurveyLambda`,
      {
        callback: fetchSurvey,
        publish: true,
      }
    )
    
    new aws.lambda.ProvisionedConcurrencyConfig(
      `${appName}-fetchSurveyLambda-warmer`,
      {
        functionName: fetchSurveyLambda.name,
        qualifier: fetchSurveyLambda.version,
        provisionedConcurrentExecutions: 2,
      }
    )
    • 1
    • 2
  • b

    bumpy-laptop-30846

    04/29/2021, 3:19 PM
    If you have an app and create a VPC and later change the VPC and your infra depends on this VPC, then you may have some problems, you may in fact enter in a kind of pulumi hell. Meaning that pulumi can’t up or destroy. You have to delete the infra by hand, looking for depedencies between vpc’s, elb’s, eni’s and so on. That would be cool if pulumi could help and protect from this…
    b
    m
    s
    • 4
    • 8
  • s

    square-dress-80180

    04/30/2021, 5:07 PM
    I am trying to get an App Load Balancer and related ECS task (flask API) to use HTTPS in a demo app where I do not have a domain name and am just using the
    dns_name
    of the ALB. In trying to create a listener that uses the cert with
    alb.dns_name
    I am receiving an error that the cert is not found after it seems to be generated successfully (Pulumi doesn’t error out). I then look in my pulumi console and see in fact the cert does have a
    FAILED
    status. Since the docs all show the creation of the cert with an
    <http://www.example.com|www.example.com>
    domain, I am not clear how to adjust for an aws generated domain. Any guidance?
    • 1
    • 2
Powered by Linen
Title
s

square-dress-80180

04/30/2021, 5:07 PM
I am trying to get an App Load Balancer and related ECS task (flask API) to use HTTPS in a demo app where I do not have a domain name and am just using the
dns_name
of the ALB. In trying to create a listener that uses the cert with
alb.dns_name
I am receiving an error that the cert is not found after it seems to be generated successfully (Pulumi doesn’t error out). I then look in my pulumi console and see in fact the cert does have a
FAILED
status. Since the docs all show the creation of the cert with an
<http://www.example.com|www.example.com>
domain, I am not clear how to adjust for an aws generated domain. Any guidance?
In terms of the pulumi API, I was looking for something similar to the cloudfront arg
cloudfront_default_certificate
that make it easy to use a default SSL cert for a container-based (ECS) flask API service if I am not coming with my own domain name.
Well, maybe this is not pulumi’s problem: https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-failed.html
View count: 1