pulumi-community #aws

aws

freezing-lifeguard-49209

04/23/2021, 8:49 PM

Any idea on how to configure the $default route in https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/apigateway/ so that all my urls aren't prefixed with /stage (default stage name) -- https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-routes-integrations.html. If I use $default for the stage name pulumi says $ is not a valid name

bland-byte-34481

04/23/2021, 9:46 PM

hello - any guidance on how to do docker image mirroring so I can pull an image from Dockerhub and upload it into ECR? this can be done from the command line as follows:

docker pull {whatever_dockerhub_image}
docker tag {the_image_id_from_above} <http://009024277649.dkr.ecr.us-west-2.amazonaws.com/{whatever_name_you_want}|009024277649.dkr.ecr.us-west-2.amazonaws.com/{whatever_name_you_want}>
docker push <http://009024277649.dkr.ecr.us-west-2.amazonaws.com/{whatever_name_you_want}|009024277649.dkr.ecr.us-west-2.amazonaws.com/{whatever_name_you_want}>

i'm having trouble figuring out how to do this with the docker provider provided by Pulumi (docker.Image, docker.RemoteImage, etc.)

millions-market-17062

04/25/2021, 2:22 PM

Hey, Is GetRecordSet exists in AWS Node SDK?

millions-market-17062

04/25/2021, 2:22 PM

https://www.pulumi.com/docs/reference/pkg/aws/route53/

refined-bear-62276

04/25/2021, 8:49 PM

Hello buddies. Is it possible to programatically attach a certificate arn to a

cloud.Service

without first configuring it in the yaml config?

elegant-pager-5412

04/26/2021, 5:11 AM

Is it possible to inject environment variables after the initialization of a lambda?

elegant-pager-5412

04/26/2021, 5:13 AM

It seems like all of the properties are marked as

read-only

and I can’t alter them, which means that the only way I can change them is by re-creating a lambda and copy all of the settings… Why doesn’t pulumi allow changes to resources? By not doing so, it becomes immensely painful to create wrappers around common workflows such as

SQS -> Lambda

pattern.

elegant-pager-5412

04/26/2021, 9:03 AM

Has anyone been successful in allowing lambdas (

CallbackFunction

) to send logs to CloudWatch? Can’t get it working 🤔

elegant-pager-5412

04/26/2021, 2:28 PM

Hey, I’m getting

error creating Lambda Function (1): ValidationException:

when trying to create a lambda function. Does anyone know why it can happen? Also, is there any way I can see a more detailed error message that may indicate what the issue is?

average-ability-11166

04/26/2021, 6:30 PM

Are there plans to add the Object Lambda Access Points (over standard Access Points)? Looking to roll out object lambdas and the current API doesn't have the

invokeLambaFunction

property found here.

➕ 1

kind-airport-89906

04/26/2021, 7:23 PM

Hi, I’m trying to provision an EKS Nodegroup attached to an EKS cluster, but keep getting the following:

error: Error: 'dependsOn' was passed a value that was not a Resource.

I’m not using any ResourceOpts (depends on or parent) in the NodeGroup resource. Anyone have any ideas on how to get around this?

worried-queen-62794

04/26/2021, 10:09 PM

Is it possible to move resources to another account? I am using a specific role on my provider and I tried just changing that role to the role in the new account but now things are really messed up. It's now stuck trying to delete resources in the old account with the new role.

elegant-pager-5412

04/27/2021, 12:15 PM

Hey guys! How can I configure a layer that will act as my

node_modules

? As mentioned in the docs: https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html#configuration-layers-path

elegant-pager-5412

04/27/2021, 2:45 PM

When using the

CallbackFunction

to define lambdas, there is a major issue with the scoping. The generated code is exporting the entire callback

exports.handler = __f0

. While it should be fine, it leaves no room for us to open sockets/connection in the “global” lambda scope, but only in the invoked code which is a bad practice. Is there any way to solve this? Essentially, I want something like:

exports.handle = __f0;

// Some connection code:
AWSLambda.init({...}) // sentry

function __f0(...) {
  // ...
}

refined-bear-62276

04/27/2021, 10:06 PM

Hello. I'm trying to set up the basic ecs service example, but I have some policy errors right from the start 😞

const cluster = new awsx.ecs.Cluster("testing");

// Create a listener to handle requests coming in on port 80.  This will automatically create a
// target group that also forwards the requests to targets in it at the same port.
const listener = new awsx.elasticloadbalancingv2.NetworkListener("nginx", {
  port: 80,
});

// Create a Service pointing to the well known 'nginx' image.  Supply the listener we just created
// in the `portMappings` section.  This will both properly connect the service and launched instances
// to the target group.
//
// For a Fargate service just replace this with `new awsx.ecs.FargateService`.
const nginx = new awsx.ecs.EC2Service("examples-nginx", {
  cluster,
  taskDefinitionArgs: {
    containers: {
      nginx: {
        image: "nginx",
        memory: 128,
        portMappings: [listener],
      },
    },
  },
  desiredCount: 2,
});

export let frontendURL = pulumi.interpolate`http://${listener.endpoint.hostname}/`;

aws:iam:RolePolicyAttachment (examples-nginx-task-fd1a00e5):
    error: 1 error occurred:
        * Error attaching policy arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess to IAM Role examples-nginx-task-8d887ee: NoSuchEntity: Policy arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess does not exist or is not attachable.
        status code: 404, request id: 496380b4-0994-4330-b79a-fd6d9cfdb227
 
  aws:iam:RolePolicyAttachment (examples-nginx-task-32be53a2):
    error: 1 error occurred:
        * Error attaching policy arn:aws:iam::aws:policy/AWSLambdaFullAccess to IAM Role examples-nginx-task-8d887ee: NoSuchEntity: Policy arn:aws:iam::aws:policy/AWSLambdaFullAccess does not exist or is not attachable.
        status code: 404, request id: 6747b5d7-4e4b-454a-86c1-41ed662aa065

straight-church-84802

04/27/2021, 11:31 PM

Hello, I’m trying to set up Python lambda functions using a Python Pulumi project. According to the docs (https://www.pulumi.com/docs/reference/pkg/aws/lambda/function/), I should be able to pass a local zip file to the argument called

filename

. But I can’t find that parameter anywhere in Function.

elegant-pager-5412

04/28/2021, 8:37 AM

Hey, I’m using the

callbackFactory

in order to define global scope and invocation scope for my Lambda. However, the end code inside the lambda is

exports.handler = __f0();

, which means that I can’t have async code inside my global lambda scope. Is there any way to make Pulumi change the aforementioned statement to:

exports.handler = await __f0();

bright-intern-41366

04/28/2021, 9:51 AM

I tried to add package to

Lambda

function with Pulumi, however, I only found a way to add, only if package is a

node_modue.

Is there anyway to add package outside of

node_modules .

I cannot use

new pulumi.asset.FileArchive("./file.zip")

since I write code inside

new aws.lambda.CallbackFunction()

. Any help guys..

purple-orange-91853

04/28/2021, 3:39 PM

I'm facing an issue when trying to do a

pulumi up

or a

pulumi preview

. The process hangs indefinitely and does not return any errors or information around what is going on when it hangs. I started a preview last night and let it run until I started again this morning and it was still hanging at the same place again with no messaging on screen of any activity or errors. I cancelled the process and then I get dozens of these types of error messages back. This stack has worked prior and I am not sure what is causing this issue. Any help is very appreciated.

Diagnostics:
  pulumi:pulumi:Stack (aws-us-east-1-eks-temp):
    xxxxxxxx us-east-1
    xxx c5.large 1
    unhandled rejection: CONTEXT(1681): Invoking function: tok=kubernetes:helm:template asynchronously
    STACK_TRACE:
    Error
        at Object.debuggablePromise (/Users/tonyelliott/repos/temp-platform/node_modules/@pulumi/pulumi/runtime/debuggable.js:69:75)
        at /Users/tonyelliott/repos/temp-platform/node_modules/@pulumi/pulumi/runtime/invoke.js:126:45
        at Generator.next (<anonymous>)
        at fulfilled (/Users/tonyelliott/repos/temp-platform/node_modules/@pulumi/pulumi/runtime/invoke.js:18:58)
        at processTicksAndRejections (internal/process/task_queues.js:93:5)
    unhandled rejection: CONTEXT(1681): Invoking function: tok=kubernetes:helm:template asynchronously

purple-orange-91853

04/28/2021, 3:40 PM

STACK_TRACE:
    Error
        at Object.debuggablePromise (/Users/tonyelliott/repos/temp-platform/deployments/aws-us-east-1-eks/node_modules/@pulumi/pulumi/runtime/debuggable.js:69:75)
        at /Users/tonyelliott/repos/temp-platform/deployments/aws-us-east-1-eks/node_modules/@pulumi/pulumi/runtime/invoke.js:126:45
        at Generator.next (<anonymous>)
        at fulfilled (/Users/tonyelliott/repos/temp-platform/deployments/aws-us-east-1-eks/node_modules/@pulumi/pulumi/runtime/invoke.js:18:58)
        at runMicrotasks (<anonymous>)
        at processTicksAndRejections (internal/process/task_queues.js:93:5)
    unhandled rejection: CONTEXT(105): Invoking function: tok=kubernetes:yaml:decode asynchronously

chilly-hydrogen-41038

04/28/2021, 5:32 PM

Hello, I see that AWS Timestream is not supported by Pulumi. I’m new to Pulumi, when a resource is not supported, it’s there an easy way to add it?

fancy-manchester-67426

04/28/2021, 8:39 PM

i noticed for dynamodb, pulumi’s api is not 1:1 with AWS’s create-table api. is it possible to pass in AWS’s create-table json input into pulumi? or do I have to transform it to fit pulumi’s api?

proud-pizza-80589

04/28/2021, 9:01 PM

I’m trying to setup a redis elasticache instance but the UI has a lot more options than I can find in the typescript types. Stuff like encryption, backups, authentication are all missing. Am I missing something or is this missing?

purple-plumber-90981

04/28/2021, 10:52 PM

in aws.iam for RolePolicyAttachment, every time i “pulumi up” the existing attachments are removed and new ones added. Is this expected behaviour ? I would think that as my attachments are unchanged, nothing should be removed/recreated

bumpy-laptop-30846

04/29/2021, 9:18 AM

Hello guys, I get this old issue: * Error deleting security group: DependencyViolation: resource sg-0849cdab4d00xxx has a dependent object How do you cope with this? How do you find the dependent object? What can it be?

gray-whale-15826

04/29/2021, 11:13 AM

Hey there, I’m trying to set up Imagebuilder, and after editing component setup I’m getting:

error: deleting urn:pulumi:dev-workflow-development-us-east-1-shared::dev-workflow-service::aws:imagebuilder/component:Component::dev_env: 1 error occurred:
    	* error deleting Image Builder Component (arn:aws:imagebuilder:us-east-1:824464961347:component/dev-env-e243ad8/1.0.1/1): ResourceDependencyException: Resource dependency error: The resource ARN 'arn:aws:imagebuilder:us-east-1:824464961347:component/dev-env-e243ad8/1.0.1/1' has other resources depended on it.

Here is my setup in TS:

const componentSetup = readFileSync('./dev-env/component-setup.yml', 'utf-8');

const VERSION = `1.0.3`;

export const devEnvComponent = new imagebuilder.Component('dev-env', {
  data: componentSetup,
  description: 'This component include all required installs for dev env',
  platform: "Linux",
  version: VERSION,
});

const devEnvImageBuilderRole = new iam.Role("dev-env-image-builder", {
  assumeRolePolicy: {
      Version: "2012-10-17",
      Statement: [{
          Action: "sts:AssumeRole",
          Principal: {
              Service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
          },
          Effect: "Allow",
          Sid: "",
      }]
  },
});

 new iam.RolePolicyAttachment("dev-env-image-builder-ssn", {
  role: devEnvImageBuilderRole,
  policyArn: 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore',
});

new iam.RolePolicyAttachment("dev-env-image-builder-ec2-ecr", {
  role: devEnvImageBuilderRole,
  policyArn: 'arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds',
});

new iam.RolePolicyAttachment("dev-env-image-builder-ec2", {
  role: devEnvImageBuilderRole,
  policyArn: 'arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder',
});

const profile = new iam.InstanceProfile("dev-env-instance-profile", { role: devEnvImageBuilderRole });

export const devEnvInfrastructureConfiguration = new imagebuilder.InfrastructureConfiguration("dev-env", {
  instanceProfileName: profile.name,
});

export const devEnvImgRecipe = new imagebuilder.ImageRecipe("dev-env", {
  blockDeviceMappings: [{
      deviceName: "/dev/xvda",
      ebs: {
          volumeSize: 100,
          volumeType: "gp2",
      },
  }],
  components: [{
      componentArn:  devEnvComponent.arn,
  }],
  parentImage: "arn:aws:imagebuilder:us-east-1:<aws:image/amazon-linux-2-ecs-optimized-x86/x.x.x>",
  version: VERSION,
});

const weeklyCron = 'cron(0 9 ? * mon)';
export const devEnvImagePipeline = new imagebuilder.ImagePipeline("dev-env", {
  imageRecipeArn: devEnvImgRecipe.arn,
  infrastructureConfigurationArn: devEnvInfrastructureConfiguration.arn,
  schedule: {
      scheduleExpression: weeklyCron,
  },
});

Anyone can advice what I’m doing wrong?

handsome-army-82617

04/29/2021, 12:07 PM

Hey. I am using API Gateway for an API that tends to have long periods without any calls. I am running into an issue where the underlying lambdas take over 10s to warm up which is far from ideal. I'm aware of "provisioned concurrency" for lamdas, but can't see how to enable this with API Gateway?

handsome-army-82617

04/29/2021, 12:09 PM

I tried following this: https://www.pulumi.com/blog/aws-lambda-provisioned-concurrency-no-cold-starts/ So ended up with this, but after 5 minutes it still needs warming up again

const fetchSurveyLambda = new aws.lambda.CallbackFunction(
  `${appName}-fetchSurveyLambda`,
  {
    callback: fetchSurvey,
    publish: true,
  }
)

new aws.lambda.ProvisionedConcurrencyConfig(
  `${appName}-fetchSurveyLambda-warmer`,
  {
    functionName: fetchSurveyLambda.name,
    qualifier: fetchSurveyLambda.version,
    provisionedConcurrentExecutions: 2,
  }
)

bumpy-laptop-30846

04/29/2021, 3:19 PM

If you have an app and create a VPC and later change the VPC and your infra depends on this VPC, then you may have some problems, you may in fact enter in a kind of pulumi hell. Meaning that pulumi can’t up or destroy. You have to delete the infra by hand, looking for depedencies between vpc’s, elb’s, eni’s and so on. That would be cool if pulumi could help and protect from this…

square-dress-80180

04/30/2021, 5:07 PM

I am trying to get an App Load Balancer and related ECS task (flask API) to use HTTPS in a demo app where I do not have a domain name and am just using the

dns_name

of the ALB. In trying to create a listener that uses the cert with

alb.dns_name

I am receiving an error that the cert is not found after it seems to be generated successfully (Pulumi doesn’t error out). I then look in my pulumi console and see in fact the cert does have a

FAILED

status. Since the docs all show the creation of the cert with an

<http://www.example.com|www.example.com>

domain, I am not clear how to adjust for an aws generated domain. Any guidance?

Title

square-dress-80180

04/30/2021, 5:07 PM

I am trying to get an App Load Balancer and related ECS task (flask API) to use HTTPS in a demo app where I do not have a domain name and am just using the

dns_name

of the ALB. In trying to create a listener that uses the cert with

alb.dns_name

I am receiving an error that the cert is not found after it seems to be generated successfully (Pulumi doesn’t error out). I then look in my pulumi console and see in fact the cert does have a

FAILED

status. Since the docs all show the creation of the cert with an

<http://www.example.com|www.example.com>

domain, I am not clear how to adjust for an aws generated domain. Any guidance?

In terms of the pulumi API, I was looking for something similar to the cloudfront arg

cloudfront_default_certificate

that make it easy to use a default SSL cert for a container-based (ECS) flask API service if I am not coming with my own domain name.

Well, maybe this is not pulumi’s problem: https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-failed.html

View count: 1