microscopic-zoo-3564
05/01/2021, 4:41 AMmillions-market-17062
05/02/2021, 9:05 AMworried-queen-62794
05/03/2021, 12:56 AMsquare-dress-80180
05/04/2021, 8:43 PMaws.cognito.UserPoolClient("client", user_pool_id=pool.id)
I can’t actually get the client to use cognito as an id provider unless I do aws.cognito.UserPoolClient("client", user_pool_id=pool.id, supported_identity_providers=["COGNITO"]
… and the use of COGNITO
as an arg is documented nowhere as far as I can tell. Am I misunderstanding how the method userPoolClient
works? Or can we update the docs to link to the aws docs where I found this was an option as it is nowhere in the pulumi / terraform example code or docs: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.htmlquaint-air-36266
05/05/2021, 2:26 AMpulumi destroy --target urn:pulumi:dev::database::aws:rds/cluster:Cluster::aurora-cluster --target-dependents
but getting the following error:
error: Cannot delete parent resource 'urn:pulumi:dev::database::aws:rds/cluster:Cluster::aurora-cluster' without also deleting child 'urn:pulumi:dev::database::aws:rds/cluster:Cluster$aws:cloudwatch/metricAlarm:MetricAlarm::chumba-casino-dev-uptime-alarm'
Unsure why its failing on removing child resources when the --target-dependents
toggle is being used.bright-scientist-61638
05/05/2021, 9:48 AMFargateService
to allow me to ssh into the running container? I assume I need to assign a key pair somehow, but I can't find the right place to do that.gentle-toddler-99412
05/05/2021, 1:02 PMripe-shampoo-80285
05/06/2021, 1:27 AMripe-shampoo-80285
05/06/2021, 1:36 AMripe-shampoo-80285
05/06/2021, 1:37 AMearly-rose-86563
05/06/2021, 8:36 PMpulumi up
or pulumi destroy
. Is there any way to log the exact AWS API request or AWS error reply ? Pulumi gives me an error like “*Error reading new Lambda permissions: AccessDeniedException: status code: 403, request id: 22b39a15-7ff2-4fda-abf4-e7b057e073ef*” , but I’m looking for something to tell me which IAM action(s) I need to add to my IAM role (such as “`lambda:listFunctions`”). I don’t want to just use “`lambda:*`” for security reasons. I don’t know if the vague error message is coming from AWS or Pulumi. Any ideas? (-v=9 did not log the details I seek.) Thanks!mammoth-electrician-64525
05/07/2021, 7:26 AMs3.BucketObject("obj", bucket=bucket.id, source=pulumi.AssetArchive({"folder": pulumi.FileArchive("./segment-logs")}))
Can someone help me in figure out it?proud-art-41399
05/07/2021, 7:56 PMpulumi/awsx
. Here's the relevant part of the Pulumi program:
// Create an ALB associated with the default VPC listening to HTTP traffic on port 80.
const lb = new awsx.lb.ApplicationListener("flatzone-sk-strapi-lb", {
external: true,
protocol: "HTTP",
port: 80,
targetGroup: {
protocol: "HTTP",
port: 1337
}
});
// Create an ECS service containing a Strapi task running on Fargate.
const service = new awsx.ecs.FargateService("flatzone-sk-strapi-svc", {
cluster: cluster,
taskDefinitionArgs: {
container: {
image: image,
cpu: 256,
memory: 1024,
portMappings: [ lb ]
},
executionRole: executionRole,
logGroup: logGroup
},
desiredCount: 1
});
After deployment, I can't connect to the port 80 of the listener endpoint. I keep seeing this in the Events tab of the service:
0762c099-8eb3-4b80-aa6b-1282013cea6e
2021-05-07 21:45:26 +0200
service flatzone-sk-strapi-svc-8d4bf16 (port 1337) is unhealthy in target-group flatzone-sk-strapi-lb-78d9d12 due to (reason Health checks failed).
fdda0e3f-f1d9-4518-9fb8-81f37023a205
2021-05-07 21:42:30 +0200
service flatzone-sk-strapi-svc-8d4bf16 registered 1 targets in target-group flatzone-sk-strapi-lb-78d9d12
48ca16be-c96c-490e-b984-1ce03e2755f8
2021-05-07 21:41:49 +0200
service flatzone-sk-strapi-svc-8d4bf16 has started 1 tasks: task d1810b4141bf4af8a64e65b672007abb.
a8a501ed-7e2b-446d-b16c-9f7d1d1b0b4d
2021-05-07 21:41:38 +0200
service flatzone-sk-strapi-svc-8d4bf16 has stopped 1 running tasks: task 32808dc77f0149ddb251926417d45710.
7736ecad-8ebf-44a1-aedd-cbce2e1c0e72
2021-05-07 21:41:38 +0200
service flatzone-sk-strapi-svc-8d4bf16 deregistered 1 targets in target-group flatzone-sk-strapi-lb-78d9d12
a17597c4-a163-4dff-a17f-03263ea54b35
2021-05-07 21:41:38 +0200
service flatzone-sk-strapi-svc-8d4bf16 (port 1337) is unhealthy in target-group flatzone-sk-strapi-lb-78d9d12 due to (reason Request timed out).
22b214d3-0dd5-4dca-a80d-0ab7ccb485fa
2021-05-07 21:39:03 +0200
service flatzone-sk-strapi-svc-8d4bf16 registered 1 targets in target-group flatzone-sk-strapi-lb-78d9d12
3ba68e54-225d-41f3-acbe-53452d14c58d
2021-05-07 21:38:10 +0200
service flatzone-sk-strapi-svc-8d4bf16 has started 1 tasks: task 32808dc77f0149ddb251926417d45710.
The container is listening on port 1337 and I can connect to it using running tasks pubic IP, however the health check keeps failing. The weird thing is that when I change the listener port from 80 to 1337 by explicitely port: 1337
then I can connect to the listener endpoint on 1337. I've spent half a day trying to get it to work but without success. What am I doing wrong?
Thanks for helpsilly-address-30441
05/07/2021, 8:43 PMpulumi up
in a situation where there should be no changes:
Diagnostics:
aws:elasticache:Cluster (example):
error: unmarshaling urn:pulumi:dev::core::aws:elasticache/cluster:Cluster::example's instance state: could not read field snapshot_arns: '' expected type 'string', got unconvertible type '[]interface {}', value: '[]'
microscopic-zoo-3564
05/10/2021, 3:09 AMoriginAccessIdentity.id
value is not working, and results in an error Error putting S3 policy: MalformedPolicy: Policy has invalid principal
I can't seem to find an example anywhere that uses anything other than the bucket name in the policy.
const domain = "<mailto:testing@example.com|testing@example.com>";
const contentBucket = new aws.s3.Bucket("content-bucket", {
bucket: domain,
acl: "private",
website: {
indexDocument: "index.html",
errorDocument: "index.html",
},
forceDestroy: true,
});
const originAccessIdentity = new aws.cloudfront.OriginAccessIdentity(
"cloudfront-oai",
{
comment: pulumi.interpolate`OAI-${contentBucket.bucketDomainName}`,
}
);
new aws.s3.BucketPolicy("bucket-policy", {
bucket: contentBucket.bucket,
policy: contentBucket.bucket.apply((bucketName) =>
JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Sid: "CloudfrontAllow",
Effect: "Allow",
Principal: {
AWS: pulumi.interpolate`arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${originAccessIdentity.id}`,
},
Action: "s3:GetObject",
Resource: `arn:aws:s3:::${bucketName}/*`,
},
],
})
),
});
brief-ram-15160
05/10/2021, 10:54 AMGET /path/abc
another creates POST /path/abc
and another creates GET /path/xyz
When Im trying to create them I don’t know if path
(or abc
) exists already or not.
Pulumi’s documentation for awsx.apigateway.API
shows that it receives the entire routes altogether, which I cannot do.
and using aws.apigateway.Resource
will fail if resource exists or not.
Any thoughts? cloudformation
allows the management of routes inside the Lambda declaration. Why is it not possible with Pulumi?lemon-machine-35564
05/10/2021, 4:19 PMlittle-cartoon-10569
05/10/2021, 9:31 PMlittle-cartoon-10569
05/11/2021, 2:13 AMcolossal-camera-57941
05/11/2021, 2:39 PMcreamy-knife-93354
05/11/2021, 3:28 PMpulumi destroy
. Do I have to resolve things manually in the AWS Console (e.g. by mapping the VPC to a different route table, or something)?
aws:ec2:RouteTable (development-vpc-route-table-public):
error: deleting urn:pulumi:development::playground-infrastructure::aws:ec2/routeTable:RouteTable::development-vpc-route-table-public: 1 error occurred:
* InvalidParameterValue: cannot disassociate the main route table association rtbassoc-035832433d2a099be
status code: 400, request id: c0f480d9-abe5-472d-96f2-27c71a837aff
mysterious-wolf-74677
05/11/2021, 6:43 PMlittle-cartoon-10569
05/11/2021, 9:38 PMbumpy-laptop-30846
05/12/2021, 9:23 AMquiet-leather-94755
05/12/2021, 9:54 AMerror updating EC2 Managed Prefix List (pl-......): InvalidParameterValue: The specified value for version is not valid. The value must be greater than (1).
Am I doing something wrong, or is there a bug here somewhere? 😅
EDIT: colossal-battery-24701
05/12/2021, 3:39 PMimport * as aws from "@pulumi/aws";
const size = "t2.small";
const group = new aws.ec2.SecurityGroup("metabase-security-group", {
ingress: [
{ protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"], },
{ protocol: "tcp", fromPort: 80, toPort: 81, cidrBlocks: ["0.0.0.0/0"], },
{ protocol: "tcp", fromPort: 443, toPort: 443, cidrBlocks: ["0.0.0.0/0"], },
],
});
const deployerKeyPair = new aws.ec2.KeyPair("metabase-deployer", {
publicKey: "<ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzTEEaJVG3RGdKhSo/VWBRX0uD+MMcCAtqqYZpFsdoyhJ/oZQgJas7AoazepSKUCge3B+7Flu7jLyesF7JrQm24c0aOkL2nXvOhVIt/8RrK/BuSmB942kXfcwfht01ANFh5Qnt+oMrPgVldtdAqLYMXZvYeGBFmknznbbEckl9rHcN7axN0cZk81SToyX6sr7QLNrPJXtdrOXvNAQe/GHuv5UdVk7k2o+YKqHJoR0ymprQ8VK9RvsboBjFhfMmHNBB5zvWo0NZCO/BWWEfq7JtIgF8HA1xdXkTux+UeRq2lxp9HljBVk1If1BqPURn6cttB2Zv9nUjU+qprIP7hwSf4E6hn+I9C4Vfl+yDtKnHjgf1OHfpaTtDG1WcKPubU5YN8dJUFZ6lOt5W865nnOgImjfeEOAtKr7xJciHaI3ZVE4w1xbWv2sRMdcDLzkMOknnDhqAMGU0/S7Uv2gYLoBGsg/EPmt0FLMrLXE/Kn7zzSFzW76RWoxEIqESZqH1ZQk= nikhil_shrv@nikhils-mbp\n>",
});
const server = new aws.ec2.Instance("metabase-instance", {
instanceType: size,
vpcSecurityGroupIds: [ group.id ],
ami: 'ami-09e67e426f25ce0d7', // Ubuntu 20.04
keyName: deployerKeyPair.keyName,
});
export const publicIp = server.publicIp;
export const publicHostName = server.publicDns;
That’s the script I’m using. Any ideas what I am doing wrong?sparse-tomato-5980
05/13/2021, 6:08 PM.ingress
(or .egress
) after it's already been constructed - i.e.
ingress_rules: List[aws.ec2.SecurityGroupIngressArgs] = ...
security_group = aws.ec2.SecurityGroup(
"SwarmSecurityGroup",
...
ingress=ingress_rules,
)
# ... and later...
new_ingress_rule: aws.ec2.SecurityGroupIngressArgs = ...
# might need a .apply or something, but you get the gist - add something to this list
security_group.ingress = [new_ingress_rule, *security_group.ingress]
The problem is that SecurityGroup#ingress
isn't of type IngressArgs, but an outputs.SecurityGroupIngress
What makes me think this is forbidden:
I could probably convert my IngressArgs into a SecurityGroupIngress, but the roundabout-ness of all this makes me wonder if I'm doing something wrong.
What makes me think this is allowable:
aws.ec2.SecurityGroup has getter-setters for .ingress
sparse-tomato-5980
05/13/2021, 6:08 PMmillions-furniture-75402
05/13/2021, 7:25 PM0.3.0
, but in GitHub it’s unreleased? https://www.npmjs.com/package/@pulumi/awsguard https://github.com/pulumi/pulumi-policy-aws/blob/master/CHANGELOG.md ? Also, this upgrades dependency MAJOR versions, I don’t think this should be released as a MINOR. It caused breaking changes https://github.com/pulumi/pulumi-policy-aws/commit/5b34b8fb4e10020052528d42643f72f96cbae597#diff-cc5a2f170768969f12410[…]d99a87a3a78fef4ab97bR13-R15chilly-magazine-6129
05/13/2021, 7:27 PMchilly-magazine-6129
05/13/2021, 7:27 PMmillions-furniture-75402
05/13/2021, 7:29 PMlambdaFunctionApi.name.apply(
lambdaFunctionName =>
new aws.cloudwatch.LogGroup(`${appName}-function-api-lg`, {
name: `/aws/lambda/${lambdaFunctionName}`,
retentionInDays: 14,
}),
);
little-cartoon-10569
05/13/2021, 7:44 PMnew aws.cloudwatch.LogGroup(`${appName}-function-api-lg`, {
name: pulumi.interpolate`/aws/lambda/${lambdaFunctionApi.name}`,
retentionInDays: 14,
});
chilly-magazine-6129
05/13/2021, 9:19 PM