pulumi-community #aws

Channels

aws

damp-school-17708

05/21/2021, 12:59 PM

Hi, did something change with the 'magic lambda creations'? I Am pretty sure those used to create a log group in the past (like 1-2 months ago) this function doesn't get its own log group created by default const test = aws.cloudwatch.onSchedule(

test-lambda-${env}

cron(* * * ? * *)

, (e) => {

JSON.stringify(e)
})

tall-beard-99429

05/21/2021, 3:21 PM

Hi, i'm trying to create a Route53 Zone called "Primary" like the docs show (https://www.pulumi.com/docs/reference/pkg/aws/route53/zone/) however i get the error:

error creating Route53 Hosted Zone: InvalidDomainName: Primary-06bb170 is reserved by AWS!

any ideas how I can get around this?

prehistoric-kite-30979

05/21/2021, 5:30 PM

Is it possible to tell the

awsx.vpc

library (on refresh) not to override the subnet tags created by

awsx.eks

miniature-potato-84713

05/22/2021, 8:29 PM

Howdy! I’ve got a static website implementation very close to the original Pūlumi example. However, now that I’m trying to

pulumi destroy

the stack, I receive an error that

**deleting failed**

because

Diagnostics:
  aws:cloudfront:Distribution (cdn):
    error: deleting urn:pulumi:website-dev::website::aws:cloudfront/distribution:Distribution::cdn: CloudFront Distribution ED…W9 cannot be deleted: PreconditionFailed: The request failed because it didn't meet the preconditions in one or more request-header fields.
    	status code: 412, request id: 9180b51d-17da-4291-9399-38784fcf2f65

Before attempting to destroy, I changed all protect resource options (for all resources, not just the Distribution) to

false

, yet still the error occurs. Question: where can I find more information about the mentioned preconditions, and what does the request id refer to (is that a Pūlumi request id or an AWS request id)?

little-cartoon-10569

05/23/2021, 10:45 PM

EC2 Image Builder question: how do we update in-use Components?

green-knife-34770

05/24/2021, 4:07 PM

message has been deleted

purple-appointment-84502

05/25/2021, 4:48 AM

Hi all, I'm having an issue with s3 objects, pulumi doesn't always detect if the underlying s3 object has changed when using pulumi up. I'm using the s3 object for a Lambda layer as it's too large for direct upload onto lambda. i.e Updating the layer code doesn't always get auto-detected when running pulumi up

broad-eve-12764

05/25/2021, 5:45 PM

Why can't I specify

deploymentCircuitBreaker

config when creating an

awsx.ecs.FargateService

little-market-63455

05/26/2021, 12:31 PM

Hi all, anything coming up for converting CloudFormation templates to Pulumi? I understand work still needs to be done after the transformation but it's easier than rewriting 10,000 lines of YAML by hand 😞

👀 1

shy-waiter-84958

05/26/2021, 6:34 PM

Need a sanity check... Using EC2 Metadata Credentials for pulumi up/preview/destroy is supported right?

modern-nest-74116

05/27/2021, 3:13 AM

I’d like to replace the default CNI plugin for EKS using VpcCni. I am curious if anyone has already done this and could maybe share the settings.

bitter-application-91815

05/27/2021, 8:44 AM

Hey guys, are there any examples of how to deploy the aws load balancer to a eks on aws through pulumi (in go)

bitter-application-91815

05/27/2021, 8:44 AM

I have a node script that does it, but would like to wrap it all into the pulumi stuff

bitter-application-91815

05/27/2021, 8:45 AM

Same goes for the cluster autoscaler

bitter-application-91815

05/27/2021, 8:46 AM

My node script just calls out to aws / ekctl clis to administer the commands given in the instructions, it's a bit clunky

billowy-nail-26074

05/27/2021, 1:03 PM

Hi. I'm running into a problem where I cannot import DynamoDB tables. I get the

All attributes must be indexed.

error, similar to this report: https://github.com/pulumi/pulumi/issues/6690 Does anyone have a workaround for this bug? Or is it simply impossible to import DynamoDB tables into Pulumi?

cold-yacht-45876

05/28/2021, 12:56 PM

Hi, I get an error when pulumi is attemting to delete a load balancer listener in aws: * Error deleting Listener: ValidationError: 'arn:aws:elasticloadbalancing:eu-north-1:XXXXXXXXXXXX:listener/app/some-service-name-alb/bf6319e86bd9f8d3/09d5f33c8ff235f8' is not a valid listener ARN status code: 400, request id: 38c77cac-dcce-4160-9ebf-bfbc2dd15938 I've checked, and the ARN is identical to what's shown in the AWS console. Any ideas?

purple-orange-91853

05/28/2021, 9:18 PM

SOLVED

Turns out I was missing one : in the arn string causing the policy to render bad.  Updated the Resource below to Resource: "arn:aws:iam::" + await accountId + ":user/${aws:username}" and all is well.

I am trying to write a AWS Self Manage policy and I'm stuck on getting the policy to work with aws internal variables such as

${aws:username}

when inside the JSON policy document. I have tried the terraform way of replacing the

with an

, but that does not work either. If I replace the Resource string in the policy document with

"*"

it works as expected. I have also tried escaping the

and

{}

with a`\` in the code to no avail. Code block in question:

export const IAMSelfManagePolicy = async () => {
const current = aws.getCallerIdentity({ async: true });
const accountId = current.then(current => current.accountId);

const IAMSelfManagePolicy = new aws.iam.Policy("IAMSelfManagePolicy", {
    name: "IAMSelfManagePolicy",
    path: "/",
    description: "Allow users to Self Manage their own credentials",
    policy: JSON.stringify({
      Version: "2012-10-17",
      Statement: [
        {
          Sid: "AllowUserToChangePersonalOptions",
            Effect: "Allow",
            Action: [
              "iam:*AccessKey*",
              "iam:*SSHPublicKey*",
              "iam:*LoginProfile",
              "iam:ChangePassword"
            ],
            Resource: "arn:aws:iam:" + await accountId + ":user/${aws:username}"
        }
      ]
    }),
  });
}

curved-pharmacist-41509

05/31/2021, 3:14 AM

Our of interest, does pulumi create an implicit dependency between policy attachments and the services which consume the role. Take this code

const role = new Role('role')

const myLambda = new Lambda('lambda', { executionRole: role })

const policy = new Policy('policy', {})

new RolePolicyAttachment('rpa', { role, policy })

Will the lambda update be done after the policy update?

curved-pharmacist-41509

05/31/2021, 3:15 AM

Or should I do something like this

const role = new Role('role')
const policy = new Policy('policy', {})
const rpa = new RolePolicyAttachment('rpa', { role, policy })
const myLambda = new Lambda('lambda', { executionRole: role }, { dependsOn: [rpa] })

elegant-pager-5412

05/31/2021, 9:11 AM

Is there any way I can ignore certain layers/environment variables during

pulumi up

tall-truck-58456

06/01/2021, 12:16 PM

Hi 👋, I'm new to Pulumi and trying to deploy a simple docker container to Fargate. 1. I'm building a docker image using

awsx.ecs.Image.fromPath

how can I pass environment variables to the docker build command? 2. Is it possible to map EFS volume to the docker container for persistency using Pulumi? This is my current scripts (following the Fargate tutorial)

import * as awsx from '@pulumi/awsx';
import * as pulumi from '@pulumi/pulumi';

const listener = new awsx.elasticloadbalancingv2.NetworkListener('example', { port: 443 });

// eslint-disable-next-line @typescript-eslint/no-unused-vars
const service = new awsx.ecs.FargateService('example', {
  taskDefinitionArgs: {
    containers: {
      example: {
        image: awsx.ecs.Image.fromPath('example', '/Source/example'),
        memory: 2048,
        portMappings: [listener],
        environment: [
          {
            name: 'ENV',
            value: 'CLOUD',
          },
        ],
      },
    },
  },
});

export const frontendURL = pulumi.interpolate`http://${listener.endpoint.hostname}/`;

little-market-63455

06/01/2021, 2:08 PM

Hello folks, at this stage I am feeling that using

getPolicyDocument()

is almost not recommended. All the properties on it take literal

string

and not

Input<string>

so if I want to interpolate other resource ARNs that I have created into the policy document, I would need to

apply()

and

all

all these resources? Am I getting this right? What's the reason it is designed to take

string

instead of

Input<string>

for its properties?

rhythmic-actor-14991

06/02/2021, 3:53 AM

hi , how can i add the cronjob tigger for lambda by typescript?

rhythmic-actor-14991

06/02/2021, 3:54 AM

I tried for a long time, and search every possible example, but still failed to do that

elegant-pager-5412

06/03/2021, 5:00 AM

Good morning guys! How do I place a lambda resource in a VPC?

breezy-butcher-78604

06/03/2021, 5:37 AM

is there a way to force Pulumi to replace a resource if certain properties change? i have an S3 delivery firehose that i want to ensure gets replaced (rather than updated) if the bucket configuration changes

elegant-pager-5412

06/03/2021, 6:05 AM

Did anyone encounter an issue with setting an output of another stack as an input for current stack? I’m getting the following issue:

aws:lambda/function:Function resource 'DEV-Lambda' has a problem: Computed attributes cannot be set: Computed attributes cannot be set, but a value was set for "vpc_config.0.vpc_id".. Examine values at 'Function.VpcConfig.VpcId'

elegant-pager-5412

06/03/2021, 11:26 AM

Hey guys, I’m having tough problems with associating a lambda with a VPC. Either an existing one, or a new one. Doesn’t matter what I do, Pulumi shows me an error that says:

Computed attributes cannot be set, but a value was set for "vpc_config.0.vpc_id".. Examine values at 'Function.VpcConfig.VpcId'

My configuration is very simple (doesn’t work even if I hardcode string IDS for everything):

vpcConfig: {
    vpcId: vpc.id,
    subnetIds: vpc.publicSubnetIds,
    securityGroupIds: ['sg-a123123123'],
  }

square-dress-80180

06/03/2021, 11:04 PM

I ran into a weird issue where trying to

pulumi destroy

an rds instance and related subnet group ran into a problem where it seemed like pulumi thought it had stopped the rds instance, but actually hadn’t. So was receiving an error like this:

InvalidDBSubnetGroupStateFault: Cannot delete the subnet group 'cookie-db-sng-9fd6b64' because at least one database instance: cookie-db-rds05a1a02 is still using it.

So, stopped and deleted the rds instance manually since it was no longer “in” pulumi state from what I could tell. Tried to

pulumi refresh

and

pulumi destroy

again but no luck. I have been able to use

pulumi destroy

to successfully delete the infra resources - internet gateway, subnets, vpc. But still the subnet group insists there is an rds instance still up and it is in use. Any ideas on how to proceed?

Title

square-dress-80180

06/03/2021, 11:04 PM

I ran into a weird issue where trying to

pulumi destroy

an rds instance and related subnet group ran into a problem where it seemed like pulumi thought it had stopped the rds instance, but actually hadn’t. So was receiving an error like this:

InvalidDBSubnetGroupStateFault: Cannot delete the subnet group 'cookie-db-sng-9fd6b64' because at least one database instance: cookie-db-rds05a1a02 is still using it.

So, stopped and deleted the rds instance manually since it was no longer “in” pulumi state from what I could tell. Tried to

pulumi refresh

and

pulumi destroy

again but no luck. I have been able to use

pulumi destroy

to successfully delete the infra resources - internet gateway, subnets, vpc. But still the subnet group insists there is an rds instance still up and it is in use. Any ideas on how to proceed?

It gets weirder … if I

pulumi state delete

the resource urn for the subnet group that comes directly with the error message above, I get the following:

no such resource exists in current state

little-cartoon-10569

06/03/2021, 11:31 PM

Looks like the error is coming only form AWS and not Pulumi? Pulumi is all clean but the SubnetGroup and RDS instance are still in AWS?

square-dress-80180

06/07/2021, 4:29 PM

those resources were deleted manually in the aws console though. Are you saying @little-cartoon-10569 that Pulumi is getting the error from an api call to aws to confirm that the subnet group can be deleted? I am not clear whether it is pulumi

state

or aws

state

that is the referenced state in

InvalidDBSubnetGroupStateFault

nm - It seems like I had only “stopped” the rds instance and not actually “deleted” it. Once deleted the

pulumi destroy

cmd worked fine.

It still is confusing to me why pulumi would think it had deleted the rds instance if it wasn’t actually deleted and then try to move on to the related subnets.

little-cartoon-10569

06/07/2021, 8:56 PM

This is the downside of fully async systems. RDS databases can take a long time to delete, and in many cases, simply will not delete (e.g. if multiAZ is on) but won't tell you immediately. How long does Pulumi wait to find out?

I think most of the time, Pulumi works off the response to the initial request. If Pulumi sends a "delete" request to RDS, and RDS responds with "right-o, I'll get right on that", then Pulumi may have to assume that the DB will eventually be deleted...

square-dress-80180

06/22/2021, 3:39 PM

(A very belated) Thanks @little-cartoon-10569 for the info!

👍 1

View count: 1