https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • m

    mysterious-wolf-74677

    05/13/2021, 10:52 PM
    How do you change the name of a resource without deleting and recreating it, using the
    import
    feature I'm guessing?
    b
    • 2
    • 1
  • f

    future-nightfall-79300

    05/14/2021, 2:01 PM
    Hello, Our team has repeatedly tried to use AWS Fargate for tasks with pulumi, and it has worked fine but everytime we try to launch a task with 4 vcpu, we get an error:
    Dispatched with response: {'tasks': [], 'failures': [{'reason': 'The requested CPU configuration is above your limit'}],
    However, we have not found any documentation about how to raise this limit, since the service quota increase has not solved this issue. Only thing about this found by Googling has been this thread, that has no answers: https://forums.aws.amazon.com/thread.jspa?threadID=335825. Does someone here happen to have had this issue, and has resolved it somehow? This started to happen a while back, and before this it was working ok. So it's quite confusing
    b
    • 2
    • 2
  • a

    alert-area-12501

    05/14/2021, 2:18 PM
    Hi, I'm new to Pulumi (using 3.0) and found a possible issue? I'm using the AWS crosswalk module to create a VPC, and then the VPC created has
    assignGeneratedIpv6CidrBlock: true
    I might assume it should automatically add a route table route for outbound ipv6 traffic like
    ::/0
    through the internet gateway like it does with ipv4 traffic and
    0.0.0.0/0
    , but it doesn't. Not sure if this is really a bug or anything it just caused me some time tracking down why some outbound internet traffic was not working and found it was exclusive to ipv6.
  • p

    proud-art-41399

    05/14/2021, 7:17 PM
    Hi, I'm using an AWS Batch on Fargate. I'd like to enable Container Insights on the cluster that Batch creates when I define compute environment, however I don't know how. There's no argument that I could pass to compute environment resource. On the other hand, there's an output with ECS cluster ARN that Batch creates. Now how do I change the cluster settings provided I have an ARN? I think I might get the cluster resource using a lookup (https://www.pulumi.com/docs/reference/pkg/aws/ecs/cluster/#look-up) but how do I change the settings? Thanks
    b
    • 2
    • 4
  • c

    cold-caravan-83486

    05/15/2021, 9:14 AM
    Using Pulumi.Aws in .net, I'm getting the following error:
    error: 1 error occurred:
            * updating urn:pulumi:dev::Deployment::aws:lambda/permission:Permission::wordPermission: 1 error occurred:
            * doesn't support update
    Is there a way to force the permission to be deleted and re-created instead of updated; or do I have to remove it from the code and
    pulumi up
    and then put it back again?
    c
    • 2
    • 2
  • m

    microscopic-zoo-3564

    05/16/2021, 10:07 PM
    I'm sure I'm missing something simple here, but how can I use an external stack reference inside the following:
    const secret = pulumi.output(
          aws.secretsmanager.getSecret(
            {
              name: stackReferenceToSecretName,
            },
            { async: true }
          )
        )
    I keep running into a typescript error
    Type 'string | Output<any>' is not assignable to type 'string | undefined'
    l
    • 2
    • 9
  • s

    shy-house-53993

    05/17/2021, 11:28 AM
    I need to add some additional supporting files to the code bundle that's created for a magic lambda function. Is this possible?
  • p

    purple-plumber-90981

    05/17/2021, 10:20 PM
    anyone got an example of adding a trust relationship (assume_role_policy) to an IAM role that was created on earlier pulumi up ?
    b
    b
    • 3
    • 137
  • q

    quick-traffic-77022

    05/18/2021, 10:07 AM
    Hi! Does anyone know if pulumi supports CustomEmailSender triggers for cognito''s user pool?
  • l

    lemon-television-29125

    05/18/2021, 2:31 PM
    o/
  • l

    lemon-television-29125

    05/18/2021, 2:33 PM
    seem that pulumi is missing the resource group stagging api resources which appear in tf v3.38.0
  • l

    lemon-television-29125

    05/18/2021, 2:34 PM
    i've tried to use getTargetGroups with tags, but seem that aws api is not aware about such things, so my guess was to use the aws_resourcegroupstaggingapi_resources
  • f

    full-artist-27215

    05/18/2021, 4:46 PM
    Does anyone happen to have some examples they could share of using
    pulumi_docker.Image
    to build and push images to an ECR repository? Thanks.
    b
    • 2
    • 2
  • l

    lemon-television-29125

    05/18/2021, 6:25 PM
    @broad-dog-22463 thx for #1496
    b
    • 2
    • 4
  • l

    lemon-television-29125

    05/18/2021, 6:26 PM
    was preparing the same, but you're faster than me
  • l

    little-cartoon-10569

    05/18/2021, 10:27 PM
    Is it possible to import a Route53 record? I'm trying to import one (previously created by Pulumi but removed from state), and it's failing due to not finding the mandatory name and records properties.
    • 1
    • 4
  • w

    wet-ambulance-3300

    05/19/2021, 10:46 AM
    Apologies in advance if a silly question. Regarding plans to eventually release a native provider for AWS https://www.pulumi.com/blog/pulumiup-native-providers/#aws-later-this-year-and-more-to-come. Will this change the syntax of writing pulumi programs? For example, I really appreciate the fact that pulumi closely aligns with the syntax of HCL when using Terraform to declare a resource. I don't have to declare OO constructs like classes in Typescript to define/deploy some infrastructure.
    b
    • 2
    • 3
  • m

    microscopic-dress-1605

    05/19/2021, 1:01 PM
    A while back I’ve announced
    aws-iam-policy
    a Node.js Typescript package for building and unit testing AWS IAM Policy documents. Today I’ve released v2.0.0 with proper support for the
    Condition
    element (which was missing). https://github.com/thinkinglabs/aws-iam-policy/tree/v2.0.0
    👍 2
    ❤️ 1
  • b

    broad-hairdresser-1495

    05/19/2021, 2:13 PM
    Hi, I have just installed Pulumi on Linux, and tried to follow https://www.pulumi.com/docs/get-started/aws/begin/ but getting
    panic: strconv.ParseUint: parsing "": invalid syntax
    error:
    # pulumi up
    Previewing update (dev):
         Type                     Name           Plan       Info
     +   pulumi:pulumi:Stack      staging-dev    create     8 messages
         └─ pulumi:providers:aws  default_4_5_0             1 error
    
    Diagnostics:
      pulumi:pulumi:Stack (staging-dev):
        panic: strconv.ParseUint: parsing "": invalid syntax
        goroutine 1 [running]:
        <http://github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.GetModuleMajorVersion(0x0|github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.GetModuleMajorVersion(0x0>, 0x0, 0xc00199f5b0, 0x1)
            /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v3@v3.0.0/pkg/tfbridge/info.go:730 +0x1dc
        <http://github.com/pulumi/pulumi-aws/provider/v4.Provider(0x0|github.com/pulumi/pulumi-aws/provider/v4.Provider(0x0>, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
            /home/runner/work/pulumi-aws/pulumi-aws/provider/resources.go:4173 +0x52e1b
        main.main()
            /home/runner/work/pulumi-aws/pulumi-aws/provider/cmd/pulumi-resource-aws/main.go:26 +0x37
    
      pulumi:providers:aws (default_4_5_0):
        error: could not read plugin [/root/.pulumi/plugins/resource-aws-v4.5.0/pulumi-resource-aws] stdout: EOF
    
    
    # ll /root/.pulumi/plugins/resource-aws-v4.5.0/
    total 255496
    -rw-r--r--. 1 root root     38593 May 19 14:00 CHANGELOG.md
    -rw-r--r--. 1 root root     11358 May 19 14:00 LICENSE
    -rwxr-xr-x. 1 root root 261558786 May 19 14:00 pulumi-resource-aws
    # uname -mso
    Linux x86_64 GNU/Linux
    g
    b
    • 3
    • 7
  • w

    wooden-student-58350

    05/19/2021, 6:11 PM
    Hi, I’m using a Pulumi program to create some resources on a bastion account and several sub-accounts, but I’m stuck with an error when I try to use a non-default
    aws.Provider
    to assume role into a sub-account role and create a resource in that sub-account:
    # ~/.aws/credentials
    
    [bastion-profile]
    aws_access_key_id = redact
    aws_secret_access_key = redact
    
    
    # Pulumi.<stack>.yaml
    …
    config:
     aws:allowedAccountIds:
     - <bastionAccountId>
     aws:profile: bastion-profile
     aws:region: eu-west-2
     …
    
    
    # index.ts
    
    // Assume role into IAM Role "role-manager" in sub-account.
    const subAccountProvider = new aws.Provider("…", {
       region: "eu-west-2",
       allowedAccountIds: [subAccountId],
       assumeRole: {
          sessionName "role-manager-session",
          roleArn: `arn:aws:iam::${subAccountId}:role/role-manager`,
          externalId: "…",
          durationSeconds: 60 * 5,
       },
    });
    
    // Create a new resource in the sub-account.
    const newRoleInSubAccount = new aws.iam.Role("new-role", {
       …
    }, {
       provider: subAccountProvider,
    });
    On
    pulumi up
    , I get the following error:
    error: 1 error occurred:
        * error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::<redact>:role/role-manager) cannot be assumed.
       
      There are a number of possible causes of this - the most common are:
       * The credentials used in order to assume the role are invalid
       * The credentials do not have appropriate permission to assume the role
       * The role ARN is not valid
       
      Error: NoCredentialProviders: no valid providers in chain. Deprecated.
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors
    I have verified: •
    aws.getCallerIdentity()
    returns the expected IAM User from the “bastion-profile” credentials in
    ~/.aws/credentials
    . That User has permission for the
    sts:AssumeRole
    action on the Role ARN in the error message. • The IAM Role ARN in the error message exists, and its trust relationship allows the
    sts:AssumeRole
    action for any user in the bastion account. • The default AWS provider works fine to create/destroy resources in the bastion account, so the credentials are valid. What am I missing? Does Pulumi treat
    ~/.aws/credentials
    differently for explicit providers vs the default provider?
    b
    • 2
    • 6
  • g

    green-musician-49057

    05/19/2021, 6:22 PM
    We're working on importing our old cloudformation stacks (and soon migrating away from them). This cloudformation stack had failed an update earlier due to a bad config, and is currently in UPDATE_ROLLBACK_COMPLETE state. We're getting this opaque error on
    pulumi up
    aws:cloudformation:Stack (ec2Stack):
          error: 1 error occurred:
          	* updating urn:pulumi:env::project::aws:cloudformation/stack:Stack::ec2Stack: 1 error occurred:
          	* error waiting for CloudFormation Stack update: failed to update CloudFormation stack (UPDATE_ROLLBACK_COMPLETE): []
    Any ideas?
    b
    • 2
    • 2
  • c

    careful-beard-19872

    05/19/2021, 7:05 PM
    hi all - I’ve just run into github issue 918 (policy attachments not detaching when role needs to be recreated) and left a comment in the thread with my example. In the meantime, has anyone found a good workaround for this?
    b
    • 2
    • 17
  • b

    bitter-application-91815

    05/20/2021, 1:16 PM
    Hey folks, I'm trying to add a db with a new role to an existing aurora cluster, but it times out when i try to create role, i.e. it's timing out because itcan't get to the cluster.
    l
    • 2
    • 4
  • b

    bitter-application-91815

    05/20/2021, 1:16 PM
    i presume the issue is because my cluster is in it's own vpc
  • b

    bitter-application-91815

    05/20/2021, 1:16 PM
    and really i need to do this manually ?
  • b

    bitter-application-91815

    05/20/2021, 1:54 PM
    Also everytime i do up, it will redploy lambdas i have, is there a way to tell the update to not bother updating those lambdas
  • b

    bitter-application-91815

    05/20/2021, 1:55 PM
    it thinks everytime that there is an update when there isn't
  • b

    bitter-application-91815

    05/20/2021, 5:29 PM
    the lambda is packaged from my code here, so obviously the payload for the lambda is a different zip each time, even though it's the same code
  • b

    bitter-application-91815

    05/20/2021, 5:30 PM
    would prefer to be explicit as to when to deploy the lambda as opposed to doing every time i do a 'pulumi up' for some other entirely unrelated update
  • l

    little-market-63455

    05/21/2021, 8:19 AM
    I guess this question came up before, but how can I control the retention of lambda logs. Since Pulumi assigns the unique suffix to resource names (which I want to keep), I cannot predict what the log group name for the lambda is going to be so I cannot create it before hand and declare it as a manual dependency. Is there a way to accomplish this atm
    l
    • 2
    • 6
Powered by Linen
Title
l

little-market-63455

05/21/2021, 8:19 AM
I guess this question came up before, but how can I control the retention of lambda logs. Since Pulumi assigns the unique suffix to resource names (which I want to keep), I cannot predict what the log group name for the lambda is going to be so I cannot create it before hand and declare it as a manual dependency. Is there a way to accomplish this atm
l

lemon-machine-35564

05/21/2021, 2:11 PM
AWS automatically creates log groups for Lambdas unless you create it yourself. To control the settings, create the log group yourself after the Lambda is deployed. Naming is something like
/aws/lambda/{lambdaName}
.
l

little-market-63455

05/21/2021, 2:18 PM
Wouldn't you be in a race condition with AWS or you would have to poll until AWS have created it? I am more in favor of creating it myself but then I would have to override pulumi's auto naming feature
l

lemon-machine-35564

05/21/2021, 2:28 PM
You don’t have to override their autonaming, just have to create the log group right after the Lambda and use the name from the newly created resource.
We have a helper function that does it all for us
l

little-market-63455

05/21/2021, 3:30 PM
I see what you are saying. I was basically afraid of a situation where I am competing with the lambda itself creating that log group but I guess I can only prevent that from happening by denying it permissions
l

lemon-machine-35564

05/21/2021, 6:58 PM
Yeah the log group isn’t created by AWS until the function is actually invoked
View count: 1