https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • m

    microscopic-zoo-3564

    05/01/2021, 4:41 AM
    Hi, I'm trying to setup aws cognito with Pulumi. I have successfully created and configured a user pool, but I'm stuck with: 1. Defining the preTokenGeneration lambda 2. Configuring the user pool to use the preTokenGeneration lambda Is there a guide/example on doing this?
    • 1
    • 1
  • m

    millions-market-17062

    05/02/2021, 9:05 AM
    Hey, Is GetRecordSet exists in AWS Node SDK? https://www.pulumi.com/docs/reference/pkg/aws/route53/
    l
    • 2
    • 4
  • w

    worried-queen-62794

    05/03/2021, 12:56 AM
    Am I correct in interpreting from this issue https://github.com/pulumi/pulumi/issues/6547 that it is not possible to import a volume?
    l
    b
    • 3
    • 18
  • s

    square-dress-80180

    05/04/2021, 8:43 PM
    A docs question. For
    aws.cognito.UserPoolClient("client", user_pool_id=pool.id)
    I can’t actually get the client to use cognito as an id provider unless I do
    aws.cognito.UserPoolClient("client", user_pool_id=pool.id, supported_identity_providers=["COGNITO"]
    … and the use of
    COGNITO
    as an arg is documented nowhere as far as I can tell. Am I misunderstanding how the method
    userPoolClient
    works? Or can we update the docs to link to the aws docs where I found this was an option as it is nowhere in the pulumi / terraform example code or docs: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html
  • q

    quaint-air-36266

    05/05/2021, 2:26 AM
    Hey guys - getting an error when trying to delete a specific resource with the Pulumi cli. Trying to run
    pulumi destroy --target urn:pulumi:dev::database::aws:rds/cluster:Cluster::aurora-cluster --target-dependents
    but getting the following error:
    error: Cannot delete parent resource 'urn:pulumi:dev::database::aws:rds/cluster:Cluster::aurora-cluster' without also deleting child 'urn:pulumi:dev::database::aws:rds/cluster:Cluster$aws:cloudwatch/metricAlarm:MetricAlarm::chumba-casino-dev-uptime-alarm'
    Unsure why its failing on removing child resources when the
    --target-dependents
    toggle is being used.
    l
    r
    • 3
    • 8
  • b

    bright-scientist-61638

    05/05/2021, 9:48 AM
    I'm making some progress learning how to setup an ECS cluster. How do I configure a
    FargateService
    to allow me to ssh into the running container? I assume I need to assign a key pair somehow, but I can't find the right place to do that.
    b
    s
    b
    • 4
    • 8
  • g

    gentle-toddler-99412

    05/05/2021, 1:02 PM
    Hello, just getting started on the Slack here, we have a question with @colossal-camera-57941 about running nodeJs task on aws from an image ( using .fromFunction ); we’re not sure how to import others npm packages into this function. Is it here the right place to ask for that?
    b
    • 2
    • 3
  • r

    ripe-shampoo-80285

    05/06/2021, 1:27 AM
    Anybody knows how to using pulumi CLI to import an existing lambda function? Any help will be appreciated.
    b
    • 2
    • 2
  • r

    ripe-shampoo-80285

    05/06/2021, 1:36 AM
    Here is the command I use and the error result: "pulumi import aws:lambda/function:Function mylambda MyLambda" aws:lambda:Function (mylambda): error: Preview failed: diffing urn😛ulumi:dev::import_s3::aws:lambda/function:Function::mylambda: handler and runtime must be set when PackageType is Zip
  • r

    ripe-shampoo-80285

    05/06/2021, 1:37 AM
    here "import_s3" is just project name. I used the same project for importing a s3 bucket and it worked well.
  • e

    early-rose-86563

    05/06/2021, 8:36 PM
    Hi, folks! I’m having a devil of a time determining which missing AWS IAM action(s) are causing a fail when I run
    pulumi up
    or
    pulumi destroy
    . Is there any way to log the exact AWS API request or AWS error reply ? Pulumi gives me an error like “*Error reading new Lambda permissions: AccessDeniedException: status code: 403, request id: 22b39a15-7ff2-4fda-abf4-e7b057e073ef*” , but I’m looking for something to tell me which IAM action(s) I need to add to my IAM role (such as “`lambda:listFunctions`”). I don’t want to just use “`lambda:*`” for security reasons. I don’t know if the vague error message is coming from AWS or Pulumi. Any ideas? (-v=9 did not log the details I seek.) Thanks!
    l
    r
    f
    • 4
    • 13
  • m

    mammoth-electrician-64525

    05/07/2021, 7:26 AM
    Hi guys, I’m trying create a folder into AWS S3 bucket but I do not have success yet, I’m using that code in Python:
    s3.BucketObject("obj", bucket=bucket.id, source=pulumi.AssetArchive({"folder": pulumi.FileArchive("./segment-logs")}))
    Can someone help me in figure out it?
    b
    • 2
    • 8
  • p

    proud-art-41399

    05/07/2021, 7:56 PM
    Hi, I'm trying to setup a Fargate service using
    pulumi/awsx
    . Here's the relevant part of the Pulumi program:
    // Create an ALB associated with the default VPC listening to HTTP traffic on port 80.
    const lb = new awsx.lb.ApplicationListener("flatzone-sk-strapi-lb", {
      external: true,
      protocol: "HTTP",
      port: 80,
      targetGroup: {
        protocol: "HTTP",
        port: 1337
      }
    });
    
    // Create an ECS service containing a Strapi task running on Fargate.
    const service = new awsx.ecs.FargateService("flatzone-sk-strapi-svc", {
      cluster: cluster,
      taskDefinitionArgs: {
        container: {
          image: image,
          cpu: 256,
          memory: 1024,
          portMappings: [ lb ]
        },
        executionRole: executionRole,
        logGroup: logGroup
      },
      desiredCount: 1
    });
    After deployment, I can't connect to the port 80 of the listener endpoint. I keep seeing this in the Events tab of the service:
    0762c099-8eb3-4b80-aa6b-1282013cea6e
    2021-05-07 21:45:26 +0200
    service flatzone-sk-strapi-svc-8d4bf16 (port 1337) is unhealthy in target-group flatzone-sk-strapi-lb-78d9d12 due to (reason Health checks failed).
    fdda0e3f-f1d9-4518-9fb8-81f37023a205
    2021-05-07 21:42:30 +0200
    service flatzone-sk-strapi-svc-8d4bf16 registered 1 targets in target-group flatzone-sk-strapi-lb-78d9d12
    48ca16be-c96c-490e-b984-1ce03e2755f8
    2021-05-07 21:41:49 +0200
    service flatzone-sk-strapi-svc-8d4bf16 has started 1 tasks: task d1810b4141bf4af8a64e65b672007abb.
    a8a501ed-7e2b-446d-b16c-9f7d1d1b0b4d
    2021-05-07 21:41:38 +0200
    service flatzone-sk-strapi-svc-8d4bf16 has stopped 1 running tasks: task 32808dc77f0149ddb251926417d45710.
    7736ecad-8ebf-44a1-aedd-cbce2e1c0e72
    2021-05-07 21:41:38 +0200
    service flatzone-sk-strapi-svc-8d4bf16 deregistered 1 targets in target-group flatzone-sk-strapi-lb-78d9d12
    a17597c4-a163-4dff-a17f-03263ea54b35
    2021-05-07 21:41:38 +0200
    service flatzone-sk-strapi-svc-8d4bf16 (port 1337) is unhealthy in target-group flatzone-sk-strapi-lb-78d9d12 due to (reason Request timed out).
    22b214d3-0dd5-4dca-a80d-0ab7ccb485fa
    2021-05-07 21:39:03 +0200
    service flatzone-sk-strapi-svc-8d4bf16 registered 1 targets in target-group flatzone-sk-strapi-lb-78d9d12
    3ba68e54-225d-41f3-acbe-53452d14c58d
    2021-05-07 21:38:10 +0200
    service flatzone-sk-strapi-svc-8d4bf16 has started 1 tasks: task 32808dc77f0149ddb251926417d45710.
    The container is listening on port 1337 and I can connect to it using running tasks pubic IP, however the health check keeps failing. The weird thing is that when I change the listener port from 80 to 1337 by explicitely
    port: 1337
    then I can connect to the listener endpoint on 1337. I've spent half a day trying to get it to work but without success. What am I doing wrong? Thanks for help
    r
    • 2
    • 5
  • s

    silly-address-30441

    05/07/2021, 8:43 PM
    I'm getting an error running
    pulumi up
    in a situation where there should be no changes:
    Diagnostics:
      aws:elasticache:Cluster (example):
        error: unmarshaling urn:pulumi:dev::core::aws:elasticache/cluster:Cluster::example's instance state: could not read field snapshot_arns: '' expected type 'string', got unconvertible type '[]interface {}', value: '[]'
    r
    • 2
    • 6
  • m

    microscopic-zoo-3564

    05/10/2021, 3:09 AM
    Does anyone know how to interpolate the id of another resource inside an S3 bucket policy? I'm trying to do the below, but the interpolation of the
    originAccessIdentity.id
    value is not working, and results in an error
    Error putting S3 policy: MalformedPolicy: Policy has invalid principal
    I can't seem to find an example anywhere that uses anything other than the bucket name in the policy.
    const domain = "<mailto:testing@example.com|testing@example.com>";
    
    const contentBucket = new aws.s3.Bucket("content-bucket", {
      bucket: domain,
      acl: "private",
      website: {
        indexDocument: "index.html",
        errorDocument: "index.html",
      },
      forceDestroy: true,
    });
    
    const originAccessIdentity = new aws.cloudfront.OriginAccessIdentity(
      "cloudfront-oai",
      {
        comment: pulumi.interpolate`OAI-${contentBucket.bucketDomainName}`,
      }
    );
    
    new aws.s3.BucketPolicy("bucket-policy", {
      bucket: contentBucket.bucket,
      policy: contentBucket.bucket.apply((bucketName) =>
        JSON.stringify({
          Version: "2012-10-17",
          Statement: [
            {
              Sid: "CloudfrontAllow",
              Effect: "Allow",
              Principal: {
                AWS: pulumi.interpolate`arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${originAccessIdentity.id}`,
              },
              Action: "s3:GetObject",
              Resource: `arn:aws:s3:::${bucketName}/*`,
            },
          ],
        })
      ),
    });
    r
    l
    +2
    • 5
    • 19
  • b

    brief-ram-15160

    05/10/2021, 10:54 AM
    Hi everyone. I’m trying to build an API Gateway RestApi. The problem that i am facing is that each file is trying (asynchronously) create a Resource/Method, without knowing if the path/resource already exist. E.g., someone creates
    GET /path/abc
    another creates
    POST /path/abc
    and another creates
    GET /path/xyz
    When Im trying to create them I don’t know if
    path
    (or
    abc
    ) exists already or not. Pulumi’s documentation for
    awsx.apigateway.API
    shows that it receives the entire routes altogether, which I cannot do. and using
    aws.apigateway.Resource
    will fail if resource exists or not. Any thoughts?
    cloudformation
    allows the management of routes inside the Lambda declaration. Why is it not possible with Pulumi?
  • l

    lemon-machine-35564

    05/10/2021, 4:19 PM
    Greetings! Any update on the ElastiCache Redis snapshotArn issue? It is currently blocking us from upgrade to v3.0.0.
    👀 1
    g
    • 2
    • 5
  • l

    little-cartoon-10569

    05/10/2021, 9:31 PM
    Does anyone know of a wrapper around the various supported EC2 user data formats? Something that will create MIME multiparts, cloud-init files, etc.?
    b
    • 2
    • 6
  • l

    little-cartoon-10569

    05/11/2021, 2:13 AM
    How do I set up an S3 bucket to use SSE-S3 encryption? Apparently it's a requirement for ALB access logs. I can see how to do it in the console, but neither TF nor Pulumi docs are enlightening me....
    b
    b
    • 3
    • 10
  • c

    colossal-camera-57941

    05/11/2021, 2:39 PM
    Hey, is there a way to get the default subnet from the default Vpc and give it to a StateMachine definition? (with node)
    b
    f
    • 3
    • 16
  • c

    creamy-knife-93354

    05/11/2021, 3:28 PM
    Hi! Does anyone have any idea on how I can clean this up? This happens during a
    pulumi destroy
    . Do I have to resolve things manually in the AWS Console (e.g. by mapping the VPC to a different route table, or something)?
    aws:ec2:RouteTable (development-vpc-route-table-public):
        error: deleting urn:pulumi:development::playground-infrastructure::aws:ec2/routeTable:RouteTable::development-vpc-route-table-public: 1 error occurred:
            * InvalidParameterValue: cannot disassociate the main route table association rtbassoc-035832433d2a099be
            status code: 400, request id: c0f480d9-abe5-472d-96f2-27c71a837aff
    b
    • 2
    • 6
  • m

    mysterious-wolf-74677

    05/11/2021, 6:43 PM
    So after reading through this: AWS IAM Role vs Group I'm not entirely sure what would be better for a group of users. We're looking at implementing a group of users with least privileges, but doing it by giving them all a 'dev' role to assume, rather than a group. This seems reasonable but what's the best practice here? What advantages do AWS User Groups have over Roles or vice versa?
    b
    f
    +2
    • 5
    • 12
  • l

    little-cartoon-10569

    05/11/2021, 9:38 PM
    I've been trying to figure out why my EventRuleEventSubscription has so many RolePolicyAttachment resources that I can't add any of my own.
    f
    • 2
    • 46
  • b

    bumpy-laptop-30846

    05/12/2021, 9:23 AM
    Hello, Is it possible to dynamically start / stop an existing ec2 instance? Pulumi up would start the instance, destroy would stop it, without destroying it? I don’t see how to do it with the api.
    b
    m
    • 3
    • 7
  • q

    quiet-leather-94755

    05/12/2021, 9:54 AM
    Hi all, I seem to get an error when Pulumi tries to update a Managed Prefix List:
    error updating EC2 Managed Prefix List (pl-......): InvalidParameterValue: The specified value for version is not valid. The value must be greater than (1).
    Am I doing something wrong, or is there a bug here somewhere? 😅 EDIT: Never mind, worked fine with Pulumi 3.2.1! (was on 2.23.1) EDIT: It failed with 3.2.1, too.. but works if I try again?! EDIT: It only pretends to work on the second attempt, but doesn't change anything..
    g
    • 2
    • 2
  • c

    colossal-battery-24701

    05/12/2021, 3:39 PM
    Hey guys, need some help. I am creating an ec2 instance, it does get created but I’m unable to ssh into the instance.
    import * as aws from "@pulumi/aws";
    
    const size = "t2.small";
    
    const group = new aws.ec2.SecurityGroup("metabase-security-group", {
        ingress: [
            { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"], },
            { protocol: "tcp", fromPort: 80, toPort: 81, cidrBlocks: ["0.0.0.0/0"], },
            { protocol: "tcp", fromPort: 443, toPort: 443, cidrBlocks: ["0.0.0.0/0"], },
        ],
    });
    
    const deployerKeyPair = new aws.ec2.KeyPair("metabase-deployer", {
        publicKey: "<ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzTEEaJVG3RGdKhSo/VWBRX0uD+MMcCAtqqYZpFsdoyhJ/oZQgJas7AoazepSKUCge3B+7Flu7jLyesF7JrQm24c0aOkL2nXvOhVIt/8RrK/BuSmB942kXfcwfht01ANFh5Qnt+oMrPgVldtdAqLYMXZvYeGBFmknznbbEckl9rHcN7axN0cZk81SToyX6sr7QLNrPJXtdrOXvNAQe/GHuv5UdVk7k2o+YKqHJoR0ymprQ8VK9RvsboBjFhfMmHNBB5zvWo0NZCO/BWWEfq7JtIgF8HA1xdXkTux+UeRq2lxp9HljBVk1If1BqPURn6cttB2Zv9nUjU+qprIP7hwSf4E6hn+I9C4Vfl+yDtKnHjgf1OHfpaTtDG1WcKPubU5YN8dJUFZ6lOt5W865nnOgImjfeEOAtKr7xJciHaI3ZVE4w1xbWv2sRMdcDLzkMOknnDhqAMGU0/S7Uv2gYLoBGsg/EPmt0FLMrLXE/Kn7zzSFzW76RWoxEIqESZqH1ZQk= nikhil_shrv@nikhils-mbp\n>",
    });
    
    const server = new aws.ec2.Instance("metabase-instance", {
        instanceType: size,
        vpcSecurityGroupIds: [ group.id ],
        ami: 'ami-09e67e426f25ce0d7', // Ubuntu 20.04
        keyName: deployerKeyPair.keyName,
    });
    
    export const publicIp = server.publicIp;
    export const publicHostName = server.publicDns;
    That’s the script I’m using. Any ideas what I am doing wrong?
    b
    • 2
    • 21
  • s

    sparse-tomato-5980

    05/13/2021, 6:08 PM
    Hi all - need a quick sanity check. (I'm talking about a specific resource, but this might just be applicable to anything that accepts an Input of Sequence[SomethingArgs]) I'm wondering if it's idiomatic to mutate an `aws.ec2.SecurityGroup`'s
    .ingress
    (or
    .egress
    ) after it's already been constructed - i.e.
    ingress_rules: List[aws.ec2.SecurityGroupIngressArgs] = ...
    security_group = aws.ec2.SecurityGroup(
        "SwarmSecurityGroup",
        ...
        ingress=ingress_rules,
    )
    
    # ... and later...
    new_ingress_rule: aws.ec2.SecurityGroupIngressArgs = ...
    # might need a .apply or something, but you get the gist - add something to this list
    security_group.ingress = [new_ingress_rule, *security_group.ingress]
    The problem is that
    SecurityGroup#ingress
    isn't of type IngressArgs, but an
    outputs.SecurityGroupIngress
    What makes me think this is forbidden: I could probably convert my IngressArgs into a SecurityGroupIngress, but the roundabout-ness of all this makes me wonder if I'm doing something wrong. What makes me think this is allowable: aws.ec2.SecurityGroup has getter-setters for
    .ingress
    b
    b
    f
    • 4
    • 15
  • s

    sparse-tomato-5980

    05/13/2021, 6:08 PM
    (Thanks in advance!)
  • m

    millions-furniture-75402

    05/13/2021, 7:25 PM
    Regarding awsguard, why is the npm package
    0.3.0
    , but in GitHub it’s unreleased? https://www.npmjs.com/package/@pulumi/awsguard https://github.com/pulumi/pulumi-policy-aws/blob/master/CHANGELOG.md ? Also, this upgrades dependency MAJOR versions, I don’t think this should be released as a MINOR. It caused breaking changes https://github.com/pulumi/pulumi-policy-aws/commit/5b34b8fb4e10020052528d42643f72f96cbae597#diff-cc5a2f170768969f12410[…]d99a87a3a78fef4ab97bR13-R15
    b
    • 2
    • 4
  • c

    chilly-magazine-6129

    05/13/2021, 7:27 PM
    I'm trying to figure out how to reduce the default cloudwatch retention window for the Lambdas created through Pulumi. What's the right pattern / doc to follow? Thanks!
    m
    l
    • 3
    • 3
Powered by Linen
Title
c

chilly-magazine-6129

05/13/2021, 7:27 PM
I'm trying to figure out how to reduce the default cloudwatch retention window for the Lambdas created through Pulumi. What's the right pattern / doc to follow? Thanks!
m

millions-furniture-75402

05/13/2021, 7:29 PM
lambdaFunctionApi.name.apply(
  lambdaFunctionName =>
    new aws.cloudwatch.LogGroup(`${appName}-function-api-lg`, {
      name: `/aws/lambda/${lambdaFunctionName}`,
      retentionInDays: 14,
    }),
);
l

little-cartoon-10569

05/13/2021, 7:44 PM
It looks like that could be rewritten thus:
new aws.cloudwatch.LogGroup(`${appName}-function-api-lg`, {
  name: pulumi.interpolate`/aws/lambda/${lambdaFunctionApi.name}`,
  retentionInDays: 14,
});
c

chilly-magazine-6129

05/13/2021, 9:19 PM
❤️ thanks! will try it out
View count: 1