How do you change the name of a resource without deleting and recreating it, using the

import

feature I'm guessing?

Hello, Our team has repeatedly tried to use AWS Fargate for tasks with pulumi, and it has worked fine but everytime we try to launch a task with 4 vcpu, we get an error:

Dispatched with response: {'tasks': [], 'failures': [{'reason': 'The requested CPU configuration is above your limit'}],

However, we have not found any documentation about how to raise this limit, since the service quota increase has not solved this issue. Only thing about this found by Googling has been this thread, that has no answers: https://forums.aws.amazon.com/thread.jspa?threadID=335825. Does someone here happen to have had this issue, and has resolved it somehow? This started to happen a while back, and before this it was working ok. So it's quite confusing

Hi, I'm new to Pulumi (using 3.0) and found a possible issue? I'm using the AWS crosswalk module to create a VPC, and then the VPC created has

assignGeneratedIpv6CidrBlock: true

I might assume it should automatically add a route table route for outbound ipv6 traffic like

::/0

through the internet gateway like it does with ipv4 traffic and

0.0.0.0/0

, but it doesn't. Not sure if this is really a bug or anything it just caused me some time tracking down why some outbound internet traffic was not working and found it was exclusive to ipv6.

Hi, I'm using an AWS Batch on Fargate. I'd like to enable Container Insights on the cluster that Batch creates when I define compute environment, however I don't know how. There's no argument that I could pass to compute environment resource. On the other hand, there's an output with ECS cluster ARN that Batch creates. Now how do I change the cluster settings provided I have an ARN? I think I might get the cluster resource using a lookup (https://www.pulumi.com/docs/reference/pkg/aws/ecs/cluster/#look-up) but how do I change the settings? Thanks

Using Pulumi.Aws in .net, I'm getting the following error:

error: 1 error occurred:
        * updating urn:pulumi:dev::Deployment::aws:lambda/permission:Permission::wordPermission: 1 error occurred:
        * doesn't support update

Is there a way to force the permission to be deleted and re-created instead of updated; or do I have to remove it from the code and

pulumi up

and then put it back again?

I'm sure I'm missing something simple here, but how can I use an external stack reference inside the following:

const secret = pulumi.output(
      aws.secretsmanager.getSecret(
        {
          name: stackReferenceToSecretName,
        },
        { async: true }
      )
    )

I keep running into a typescript error

Type 'string | Output<any>' is not assignable to type 'string | undefined'

I need to add some additional supporting files to the code bundle that's created for a magic lambda function. Is this possible?

anyone got an example of adding a trust relationship (assume_role_policy) to an IAM role that was created on earlier pulumi up ?

Hi! Does anyone know if pulumi supports CustomEmailSender triggers for cognito''s user pool?

o/

seem that pulumi is missing the resource group stagging api resources which appear in tf v3.38.0

i've tried to use getTargetGroups with tags, but seem that aws api is not aware about such things, so my guess was to use the aws_resourcegroupstaggingapi_resources

Does anyone happen to have some examples they could share of using

pulumi_docker.Image

to build and push images to an ECR repository? Thanks.

@broad-dog-22463 thx for #1496

was preparing the same, but you're faster than me

Is it possible to import a Route53 record? I'm trying to import one (previously created by Pulumi but removed from state), and it's failing due to not finding the mandatory name and records properties.

Apologies in advance if a silly question. Regarding plans to eventually release a native provider for AWS https://www.pulumi.com/blog/pulumiup-native-providers/#aws-later-this-year-and-more-to-come. Will this change the syntax of writing pulumi programs? For example, I really appreciate the fact that pulumi closely aligns with the syntax of HCL when using Terraform to declare a resource. I don't have to declare OO constructs like classes in Typescript to define/deploy some infrastructure.

A while back I’ve announced

aws-iam-policy

a Node.js Typescript package for building and unit testing AWS IAM Policy documents. Today I’ve released v2.0.0 with proper support for the

Condition

element (which was missing). https://github.com/thinkinglabs/aws-iam-policy/tree/v2.0.0

Hi, I have just installed Pulumi on Linux, and tried to follow https://www.pulumi.com/docs/get-started/aws/begin/ but getting

panic: strconv.ParseUint: parsing "": invalid syntax

error:

# pulumi up
Previewing update (dev):
     Type                     Name           Plan       Info
 +   pulumi:pulumi:Stack      staging-dev    create     8 messages
     └─ pulumi:providers:aws  default_4_5_0             1 error

Diagnostics:
  pulumi:pulumi:Stack (staging-dev):
    panic: strconv.ParseUint: parsing "": invalid syntax
    goroutine 1 [running]:
    <http://github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.GetModuleMajorVersion(0x0|github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.GetModuleMajorVersion(0x0>, 0x0, 0xc00199f5b0, 0x1)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v3@v3.0.0/pkg/tfbridge/info.go:730 +0x1dc
    <http://github.com/pulumi/pulumi-aws/provider/v4.Provider(0x0|github.com/pulumi/pulumi-aws/provider/v4.Provider(0x0>, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
        /home/runner/work/pulumi-aws/pulumi-aws/provider/resources.go:4173 +0x52e1b
    main.main()
        /home/runner/work/pulumi-aws/pulumi-aws/provider/cmd/pulumi-resource-aws/main.go:26 +0x37

  pulumi:providers:aws (default_4_5_0):
    error: could not read plugin [/root/.pulumi/plugins/resource-aws-v4.5.0/pulumi-resource-aws] stdout: EOF


# ll /root/.pulumi/plugins/resource-aws-v4.5.0/
total 255496
-rw-r--r--. 1 root root     38593 May 19 14:00 CHANGELOG.md
-rw-r--r--. 1 root root     11358 May 19 14:00 LICENSE
-rwxr-xr-x. 1 root root 261558786 May 19 14:00 pulumi-resource-aws
# uname -mso
Linux x86_64 GNU/Linux

Hi, I’m using a Pulumi program to create some resources on a bastion account and several sub-accounts, but I’m stuck with an error when I try to use a non-default

aws.Provider

to assume role into a sub-account role and create a resource in that sub-account:

# ~/.aws/credentials

[bastion-profile]
aws_access_key_id = redact
aws_secret_access_key = redact


# Pulumi.<stack>.yaml
…
config:
 aws:allowedAccountIds:
 - <bastionAccountId>
 aws:profile: bastion-profile
 aws:region: eu-west-2
 …


# index.ts

// Assume role into IAM Role "role-manager" in sub-account.
const subAccountProvider = new aws.Provider("…", {
   region: "eu-west-2",
   allowedAccountIds: [subAccountId],
   assumeRole: {
      sessionName "role-manager-session",
      roleArn: `arn:aws:iam::${subAccountId}:role/role-manager`,
      externalId: "…",
      durationSeconds: 60 * 5,
   },
});

// Create a new resource in the sub-account.
const newRoleInSubAccount = new aws.iam.Role("new-role", {
   …
}, {
   provider: subAccountProvider,
});

On

pulumi up

, I get the following error:

error: 1 error occurred:
    * error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::<redact>:role/role-manager) cannot be assumed.
   
  There are a number of possible causes of this - the most common are:
   * The credentials used in order to assume the role are invalid
   * The credentials do not have appropriate permission to assume the role
   * The role ARN is not valid
   
  Error: NoCredentialProviders: no valid providers in chain. Deprecated.
    For verbose messaging see aws.Config.CredentialsChainVerboseErrors

I have verified: •

aws.getCallerIdentity()

returns the expected IAM User from the “bastion-profile” credentials in

~/.aws/credentials

. That User has permission for the

sts:AssumeRole

action on the Role ARN in the error message. • The IAM Role ARN in the error message exists, and its trust relationship allows the

sts:AssumeRole

action for any user in the bastion account. • The default AWS provider works fine to create/destroy resources in the bastion account, so the credentials are valid. What am I missing? Does Pulumi treat

~/.aws/credentials

differently for explicit providers vs the default provider?

We're working on importing our old cloudformation stacks (and soon migrating away from them). This cloudformation stack had failed an update earlier due to a bad config, and is currently in UPDATE_ROLLBACK_COMPLETE state. We're getting this opaque error on

pulumi up

aws:cloudformation:Stack (ec2Stack):
      error: 1 error occurred:
      	* updating urn:pulumi:env::project::aws:cloudformation/stack:Stack::ec2Stack: 1 error occurred:
      	* error waiting for CloudFormation Stack update: failed to update CloudFormation stack (UPDATE_ROLLBACK_COMPLETE): []

Any ideas?

hi all - I’ve just run into github issue 918 (policy attachments not detaching when role needs to be recreated) and left a comment in the thread with my example. In the meantime, has anyone found a good workaround for this?

Hey folks, I'm trying to add a db with a new role to an existing aurora cluster, but it times out when i try to create role, i.e. it's timing out because itcan't get to the cluster.

i presume the issue is because my cluster is in it's own vpc

and really i need to do this manually ?

Also everytime i do up, it will redploy lambdas i have, is there a way to tell the update to not bother updating those lambdas

it thinks everytime that there is an update when there isn't

the lambda is packaged from my code here, so obviously the payload for the lambda is a different zip each time, even though it's the same code

would prefer to be explicit as to when to deploy the lambda as opposed to doing every time i do a 'pulumi up' for some other entirely unrelated update

I guess this question came up before, but how can I control the retention of lambda logs. Since Pulumi assigns the unique suffix to resource names (which I want to keep), I cannot predict what the log group name for the lambda is going to be so I cannot create it before hand and declare it as a manual dependency. Is there a way to accomplish this atm