Hello! quick newbie question, ive deployed some network infra in aws and non of the resource have names? I would have thought that "resource name" would have populated that field? is there something I am missing?

Hi Guys, quick question regarding pulumi stack delete. I am putting state in s3 of kubernetes deployment but someone deleted this bucket accidentally. is there way to import or recover existing resources?

Hi I am hitting this

Could not include required dependency '@aws-sdk/client-codepipeline' in '/Users/toni/code/link/infrastructure'.

I am not entirely sure why it would happen, while the same stack used to use '@aws-sdk/client-codebuild' The code using it it's an 'inline lambda' done with

new awsx.apigateway.API

How is that possible? there's a closed github issue but it doesn't seem related, what could be the culprit? Do I need to define a 'standard' lambda to circumvent this? Latest versions of all packages, just updated. Not sure if it matters but using a monorepo structure, with this dependency/stack inside a folder.

I’m trying to run a ‘fire and forget’ ECS Fargate task. The task starts a docker container which runs some database migrations and exits. I’m attempting to do something like:

taskDefinition.run({cluster})

However, when I run

pulumi up

I get:

error: Error: Cannot call '.get' during update or preview.
    To manipulate the value of this Output, use '.apply' instead.
        at Proxy.get (.../node_modules/@pulumi/pulumi/output.js:173:15)
        at FargateTaskDefinition.run (.../node_modules/@pulumi/ecs/taskDefinition.ts:229:39)

Any ideas? I think I need to wrap this is an async function somehow, but some guidance would be appreciated. The sample code shows this working in response to an API gateway handler, but I’d like it to execute when the pulumi program runs.

Has anyone been able to get a WAFv2 orStatement rule to work with Pulumi? I’m able to get the same working from console but not with pulumi. It always returns the error: Error creating WAFv2 RuleGroup: WAFInvalidParameterException: Error reason: You haven’t met a minimum requirement for a threshold setting. Examples include a rule group capacity setting that’s too low and an OR statement with only one nested statement. The capacity I set to 2 which is what gets generated with the console. rules: [{ name:

${environmentName}-waf-cf-default-web-geo-rule

, priority: 1, action: { allow: {} }, statement: { orStatement: { statements: [{ geoMatchStatement: { countryCodes: [ “US”, “CA” ] }, ipSetReferenceStatement: { arn: cfIpSetWhiteList.arn } }] } }, visibilityConfig: { cloudwatchMetricsEnabled: false, metricName:

${environmentName}-waf-cf-default-web-geo-rule-metric

, sampledRequestsEnabled: false } }

hi!!! I’m trying to deploy a task in ECS and everything works smooth but the containers are in a continious pending>provisioning>running process, so I suppose that they are crashing for some reason. I want to access to logs but I don’t have access to any Log. Any idea how to configure logs in ECS to work with Pulumi?

Hello I've hit this error: 1 error occurred: * [WARN] A duplicate Security Group rule was found on (sg-0efacad6396f23609). This may be a side effect of a now-fixed Terraform issue causing two security groups with identical attributes but different source_security_group_ids to overwrite each other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more information and instructions for recovery. Error message: the specified rule "peer: 0.0.0.0/0, TCP, from port: 443, to port: 443, ALLOW" already exists What's the recommended way to get out of this situation in pulumi? I just refactored some code (ECS cluster built with awsx package) and I am sharing that security group between two different apps/tasks that need https on the way in from the alb. My code seems legit, the only think I can think of is to explicitly create the SG in the cluster

I am running into what seems to be a bug in

aws.lb.listener

? Has anyone seen this behavior before? Keeps saying

You cannot specify a target group weight on load balancers of type 'network'

and my group definition looks like:

const fileUploadListener = new aws.lb.Listener('fileUploadListener',
    {
      defaultActions: [
        {
          type: 'forward',
          forward: {
            targetGroups: [{ arn: fileUploadTargetGroup.arn }],
          },
        },
      ],
      loadBalancerArn: // some ARN,
      port: 8084,
      protocol: 'TCP',
    },
  )

Has anyone got a working AWS RDS read replica setup I could look at? I keep getting the following error when attempting to create a read replica:

Error creating DB Instance: InvalidDBInstanceState: Automated backups are not enabled for this database instance. To enable automated backups, use ModifyDBInstance to set the backup retention period to a non-zero value.

This is my code:

const replicaDbSubnets = new aws.rds.SubnetGroup("replica-db-subnets", {
    subnetIds: vpc.publicSubnetIds,
});
const isolatedDbReplica = new aws.rds.Instance(`${name}-isolated-db-replica`, {
    instanceClass: "db.t2.micro",
    allocatedStorage: 10,

    dbSubnetGroupName: replicaDbSubnets.name,
    vpcSecurityGroupIds: [isolatedReplicaSg.id],

    skipFinalSnapshot: true,
    publiclyAccessible: true,
    replicateSourceDb: isolatedDb.identifier,
    backupRetentionPeriod: 0
});

My understanding is that backups should be only enabled for the source db?

Hi!! I’m developing some microservices in AWS using ECS and when I perform a

pulumi up

everything works nice. I automatically upload the docker image to the ERS and I have a new container definition each time I perform a

pulumi up

. My issue is that in spite the

container_definition

is new inside the task, tasks are not updated and in consequence the services are not updated. Any idea about how to force the service update forcing a rolling update in the service??

Could anyone share a few benchmarks for how long it takes to create AWS resources... for instance an RDS instance, ECS cluster, or VPC?

I am trying to create ecr repo using pulumi typescript used basic example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = new aws.ecr.Repository("foo", {
    imageScanningConfiguration: {
        scanOnPush: true,
    },
    imageTagMutability: "MUTABLE",
});

but when my repo gets created i am expecting name to be foo but it creates repo with random id foo-719afa7 how to create repo without random id ?

I am trying to move o ur pulumi infra deployments into a Codefresh pipeline. I am getting plugin version errors from one day to the next as plugin versions seem to be changing quite frequently. Is it possible to avoid these errors when running in a pipeline? For example in the output logs from the pipeline I see the plugins are downloading and installing as defined in the pipeline template. When it comes time to do the pulumi up I get the following:

pulumi:providers:aws default_4_12_0  error: no resource plugin 'aws-v4.12.0' found in the workspace or on your $PATH, install the plugin using pulumi plugin install resource aws v4.12.0

. Above that I see that we have installed v4.11.0 as defined in our config which worked late last week when I testing against this method.

Executing command: pulumi plugin install resource aws v4.11.0                                          
[resource plugin aws-4.11.0] installing                                                                
Downloading plugin: 75.91 MiB / 75.91 MiB  100.00% 1s

How do we avoid this and/or is it possible to have the

pulumi plugin install

command always pull the latest version rather than manually specifying a version on run time? The pipeline is pulling the pulumi/pulumi:3.6.1 docker image to run in.

Pulling image pulumi/pulumi:v3.6.1                                                                     
Digest: sha256:28c72d280cf89401cbc5600be57d15372c43483702a170edcdb772907288f6f1                        
Status: Image is up to date for pulumi/pulumi:v3.6.1

hi all I’m tring to create a lambda function with no success. I have an handler function in a handler.py in an handler.zip and this code:

but a generic error occours:

I enabled trace and debug. No additional info on that

what could be?

hello

Hi all, I am setting up our IoT infra in aws, and there seems to be quite a bit missing from the pulumi_aws package (provisioning, things group, job template), just making sure I did not miss something?

Hi, is this a bug or a feature for

aws.ec2.get_instance

:

import pulumi_aws as aws
imported_instance = aws.ec2.get_instance(
                                         #instance_id="i-08e44dd991ede45a8",
                                         filters=[{'Name': 'tag:Name', 'Values': ["my_ec2_instanceName"]}])
print("::::::::instance_id")
print(imported_instance.instance_id)
print("::::::::id")
print(imported_instance.id)

Please note that results differ:

::::::::instance_id
None  //getting None when not using 'instance_id="i-08e44dd991ede45a8"
::::::::id
i-08e44dd991ede45a8

and when using

instance_id="i-08e44dd991ede45a8"

Results are:

::::::::instance_id
i-08e44dd991ede45a8  //getting 'i-08e44dd991ede45a8' when using 'instance_id="i-08e44dd991ede45a8"
::::::::id
i-08e44dd991ede45a8

For an eks cluster created with pulumi/eks i see 2 eip’s created. I want to have a fixed IP for a loadbalancer but i’m unisure how to either use one the exisitng or create a new one so i can use ‘service.beta.kubernetes.io/aws-load-balancer-eip-allocations’. Anyone have an example of that around?

So I got an postgresql rds.Instance up and running, now I want to define an extra database inside this instance, so I configure a pg.Provider

const pgProvider = (db: rds.Instance, pw: string) => {
        return new pg.Provider(`${name}-db-provider`, {
            port: db.port,
            host: db.address,
            password: pw,
            username: db.username,
            superuser: true
        });
}

but that causes pulumi to try to connect to the rds.Instance private ip. and I end up with

error: error detecting capabilities: error PostgreSQL version: dial tcp: lookup <privateip>

when trying to define a role. Is there a way to use aws.rds to create roles and databases in addition to the initialDatabase created when using

aws.rds.Instance('name', config)

From the docs it's not clear to me how to do this. Which is the reason why I moved to the postgresql package, and tried to define a provider to tell it about my rds instance. I found https://www.pulumi.com/blog/managing-your-mysql-databases-with-pulumi/ for mysql, but the pg.Provider does not accept an endpoint, I tried using endpoint for the host property, but that causes a double

:PORT:PORT

I'm using aws crosswalk to deploy my image to a custom repo i made in ECR but it always seems to create a new repo instead with the format

${name}-{id}

command I'm using is

awsx.ecs.Image.fromPath("test", "./")

where

test

is a repo i already defined with custom rules. Anyone else experience this? Not sure if it's a bug or i'm doing something wrong

hello everyone-

Hello Everyone - I am trying to do

pulumi preview -r

and i see it get stuck for some reason. How can i know what resource makes it stuck? how do i fix this issue?

I am trying to set up a s3 bucket to SNS topic notification using Golang, following example here: https://www.pulumi.com/docs/reference/pkg/aws/s3/bucketnotification/ But I am keep on getting this error, anybody know what I am doing wrong? * error putting S3 Bucket Notification Configuration: InvalidArgument: Unable to validate the following destination configurations

For anybody experience the same issue. The documentation has wrong policy I think. I changed it from this:

\"Resource\": \"arn:aws:sqs:*:*:s3-event-notification-queue\",

to this, the error went away:

\"Resource\": \"*\",