I am having an issue with loading the AWS plugin on Apple M1. I enter this:

pulumi plugin install resource aws v3.32.0

and I get this:

error: [resource plugin aws-3.32.0] downloading from : 403 HTTP error fetching plugin from <https://get.pulumi.com/releases/plugins/pulumi-resource-aws-v3.32.0-darwin-arm64.tar.gz>

CLI v3.5.1, using typescript npm modules: pulumi 2.22 and aws 3.32

Hey all! How can I work with AWS resources in different regions with Pulumi? Most of my resources is in the same region, but there is one specific resource (SES) that needs to be configured in a different one, due to feature availability..

Hi, is there a way to preserve a bucket object? I'm trying to replicate behaviour of

eb cli

that zips and uploads the app directory to S3 bucket and references that to EB environment When I use this with

pulumi

it will manage the object and when it changes it deletes the old one and uploads a new version instead of preserving the old object. Do I need to write my own function with aws sdk to zip the file and upload or can pulumi do that for me? Thank you

eb_app_archive = s3.BucketObject(
        f"app-archive-{ver}",
        bucket=eb_s3_bucket.id,
        key=f"jan-{ver}.zip",
        source=pulumi.FileArchive("../app"),
    )

Anyone have an example of an EKS cluster with aws-ebs-csi-driver enabled? Mostly struggling with the oidc service account part.

Any chance someone can re-trigger the aws provider publish github action ? goreleaser failed there, potentially due to a transient error: https://github.com/pulumi/pulumi-aws/actions/runs/961483494 Thanks a ton !

I seem to be getting unnecessary updates issued on S3.BucketObjects, whose file assets hashes haven't changed. Perhaps bug?

Hey all - wondering if I am missing something in the docs. Is it possible to specify image tags when pushing to ECR using

awsx.ecr.buildAndPushImage

?

enableExecuteCommand

does not appear to be available on

FargateService

type. According to https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html it should be available as long as you're using platform version 1.4.0

Hi, I just opened an issue addressing a multiple aws account setup with chained providers: https://github.com/pulumi/pulumi-aws/issues/1544 can somehow please have a look at it?

How do I set log retention on EC2 Instances that are part of an autoscaling group? With a single EC2 Instance I handle it like so:

const myEc2 = new aws.ec2.Instance(...);

myEc2.id.apply(
  myEc2Id =>
    new aws.cloudwatch.LogGroup(`${appName}-ec2-lg`, {
      name: `/custom/ec2/${appName}/${myEc2Id}`,
      retentionInDays: 14,
    }),
);

I would think I could retrieve a collection of EC2 Instances from the autoscaling group, but I’m not finding that to be true. https://www.pulumi.com/docs/reference/pkg/aws/autoscaling/group/#outputs

I’m not sure why I get this error:

Type                       Name                                 Plan     Info
     pulumi:pulumi:Stack        outbound-proxy-sandbox.eu-central-1           
     └─ aws:ec2:LaunchTemplate  outbound-proxy-launch-template                1 error
 
Diagnostics:
  aws:ec2:LaunchTemplate (outbound-proxy-launch-template):
    error: aws:ec2/launchTemplate:LaunchTemplate resource 'outbound-proxy-launch-template' has a problem: Expected Object Type: Expected object, got string. Examine values at 'LaunchTemplate.IamInstanceProfile'.

I am declaring the object:

const outboundProxyIamInstanceProfile = new aws.iam.InstanceProfile(`${appName}-instance-profile`, {
  role: outboundProxyInstanceRole,
});

const outboundProxyLaunchTemplate = new aws.ec2.LaunchTemplate(
  `${appName}-launch-template`,
  {
    namePrefix: `${appName}-`,
    iamInstanceProfile: outboundProxyIamInstanceProfile,
    ...
  },
  { dependsOn: outboundProxyIamInstanceProfile },
);

I can define it inline as an object… but then… lol…

aws:iam:InstanceProfile (outbound-proxy-instance-profile):
    error: Duplicate resource URN 'urn:pulumi:sandbox.eu-central-1::outbound-proxy::aws:iam/instanceProfile:InstanceProfile::outbound-proxy-instance-profile'; try giving it a unique name

Hi, I've just started to use the handy

new awsx.ecs.FargateService

therefore I am building docker images via pulumi, I am on an M1 mac, which means that if I try to build and push to ECR/ECS an image it will be in the wrong architecture to run in ECS later on. Do you know if there's a way to force buildx to build for a certain architecture? Or a way to pass the flag to pulumi? Thanks

Hi, does anyone have tips on why

pulumi up

is building and pushing a new image for a containerized lambda when there are no changes to the image? The image builds quickly enough but it takes over 20 minutes 😱 to push the image to ECR (determined from viewing Diagnostics logs during deployment). Some avenues I’ve explored: • I’m not sure if there’s a disconnect between ECR’s layer caches.. am I’m inadvertently building an entirely new lambda each time rather than updating the image tag? • Why would pulumi find changes to the image when no source code was changed? • https://github.com/pulumi/pulumi-docker/issues/32 Are there any workarounds for this? The lambda built from a docker image (same design pattern as https://www.pulumi.com/blog/aws-lambda-container-support/)

export const myLambda = new aws.lambda.Function('myName', {
  packageType: 'Image',
  imageUri: image.imageValue,
  }
);

Thanks!

How do I look up an existing resource in a different region than the one currently set in the pulumi config?

Has anyone else ever encountered this error:

* Error creating Cloudwatch log subscription filter: ResourceNotFoundException: The specified log group does not exist.

We basically have a CW log subscription filter, which subscribes to a CW log, this is all on a lambda, when we create the lambda+log+subscription for the first time (before any invocation of the lambda) it always fails. It's nothing too fancy, code is here:

const logGroup = new aws.cloudwatch.LogGroup(`log-group-${functionName}`, {
        name: `/aws/lambda/${functionName}`,
        retentionInDays: 30,
        tags,
      })
      new aws.cloudwatch.LogSubscriptionFilter(`log-sub-${functionName}`, {
        name: `log-sub-${functionName}`,
        logGroup: logGroup,
        filterPattern: '',
        destinationArn: `arn:aws:lambda:${region}:998119384210:function:datadog-ForwarderStack-C97LY7AXPME-Forwarder-1I6FZ9UCEMET2`,
      })

Once you invoke the function then the filter works, everything is fine

since upgrading to pulumi 3, i haven't been able to get my CD to do AWS lambda deployments, i keep getting:

while waiting for function (*****) update: ResourceNotReady: exceeded wait attempts

, i presume this is an IAM permission issue with some new polling call (can reproduce if use CD creds locally) that has been introduced as it works just fine with my personal credentials (root) locally, but it is hard to debug this issue as I don't seem to get any useful output doing

pulumi up -v=9 -p 1 --yes

I see that in

awsx/ec2/metrics.ts

there is a comment regarding AutoScalingGroupName as an option to provide as a dimension. However, It doesn't look the metric() function actually sets the Property. Is this intended? I'm trying to create a CPU Utilization metric for ASG instances.

Hi, I am trying to create a

aws.secretsmanager.Secret

and then use this secret in the

environment

for a

Container

but I am not sure how to achieve this as the

aws.ecs.Secret.valueFrom

property only accepts a string rather than an

Input

\`Output` - is there a way to resolve the ARN output from the secret I created so that I may pass it into

valueFrom

?

I have a monorepo setup with a core infra package which creates my vpc and ecs cluster that i need to reference in order to create fargate services in other stacks. I can't find any way to reference these resources to create a service, even using stack reference I am only able to access outputs, not resources. Is there any documentation on how to setup pulumi with a mono repo / reuse resources across stacks

Hi, We have a problem with autoscaling destroy process on pulumi , unlike Terrafrom after we created the autoscaling resource on pulumi, and the desired count of instances is greater than 0, it’s failed to delete the autoscaling resource because we have a running instances.(without error message) it’s just keep running and failed on timeout exception. What we need to do to remove autoscaling with running instances ?

Anyone has any ideas how to solve this error?

Error reading file 'infra/package.json' when computing package dependencies. Error: ENOENT: no such file or directory, open '/infra/package.json'

My dir:

- project
    ...
    - infra
        - Pulumi.yaml
        - tsconfig.json
        ...
    - src
       ...
   - package.json
   - tsconfig.json

I need to have the package.json at that place in my directory. Any help or alternatives to solve the problem will be welcome. I'm using 

@pulumi/pulumi: "^3.4.0"

this error occurs when i run 

pulumi preview --cwd infra

  I run that command in the root of my project. the problem occurs when I try to use  

aws.lambda.CallbackFunction

Please let me know if pulumi provides any implementation of adding arn:aws:states:::lambda:invoke.waitForTaskToken in state machine AWS. Thanks

What is the input

path

in User resource? https://www.pulumi.com/docs/reference/pkg/aws/iam/user/#path_python

I'm trying to create programmatically managed SMTP credentials https://www.pulumi.com/docs/reference/pkg/aws/iam/accesskey/#ses_smtp_password_v4_python Am I able to get the credentials without PGP? Here is my code

smtp_user = iam.User("smtp-user")
    access_key = iam.AccessKey("smtp-user-accesskey", user=smtp_user)
    pulumi.export("smtp-secret", access_key.encrypted_secret.ses_smtp_password_v4)

but it results in

AttributeError: 'NoneType' object has no attribute 'ses_smtp_password_v4'
`

Hi all, getting some strange updates/diff when running pulumi refresh that includes some RouteTableAssociations

gatewayId : undefined => ""

I'm using the automation api and the

expect_no_changes

flag which causes an error. Any idea what causes these properties changes? Thanks!

Given a

LogMetricFilter

, e.g.

const yada = new aws.cloudwatch.LogMetricFilter("yada", {
    pattern: "",
    logGroupName: dada.name,
    metricTransformation: {
        name: "EventCount",
        namespace: "YourNamespace",
        value: "1",
    },
});

How do I create a cloudwatch alarm with this? With regular metrics, I can use awsx an

.createAlarm()

but even falling back to the

aws

package for the

LogMetricFilter

it’s unclear to me. https://www.pulumi.com/docs/reference/pkg/aws/cloudwatch/metricalarm/

having trouble figuring out how to create a rds instance from a snapshot via pulumi. I see modules for creating or getting snapshots, but have yet to figure out how to spin up a new instance from an existing snapshot

Hi all. Has anyone run into this issue that when creating an IAM OIDC Provider for EKS using a cluster's OIDC issuer URL, you also need the thumbprint which is not an output of the created cluster?