Hello Everyone - I am trying to understand how should I write the runtime code of AWS lambda in Pulumi. I have a code which consists of several user-defined modules in typescript. However, when I try to deploy the lambda using pulumi, the whole deployment process is stuck in the preview phase. I did read the documentation regarding function serialization in https://www.pulumi.com/docs/intro/concepts/function-serialization/ however I didn't quite understand what I should or should not do when approaching the task of writing a lambda code. What modules can I import? Should they only come from folder node_modules? Can these modules import other user-defined modules themselves? Can I write the code in TypeScript entirely (i.e. using enums, classes, interfaces etc.) ?   Can one of you guys shed a bit more light on how to do this task?   Thank you all!

Hi, i'm trying to launch a docker on fargate with a custom start command, but I cant find how in the documentation. Is it possible ? or should I build an image that start the way I want with no custom command ?

I'm trying to get our Redis deployment files updated and when I run pulumi up I am getting this error back. I have tried to export my state for the stack and remove the

"snapshotArns": [],

and reimport the state. I am not sure what is causing this to break as it has worked before.

aws:elasticache:Cluster (redis-temp):                                                                        
    error: unmarshaling urn:pulumi:temp::aws-us-east-1-redis::aws:elasticache/cluster:Cluster::redis-temp's instance state: could not read field snapshot_arns: '' expected type 'string', got unconvertible type '[]interface {}', value: '[]'

I’m trying to add an additional user to an aurora serverless cluster . I’m thinking this requires a lifecycle hook that isn’t implemented yet. If there’s a way to do this in Pulumi let me know otherwise we’ll script it later.

Howdy. I’m trying to retrieve the default security group using

aws.ec2.get_security_group

. I’m able to export the default vpc id and default SG id but it’s throwing an error. Any ideas?

# Retrieve the Default VPC
defaultvpc = aws.ec2.get_vpc(
    default=True
    )

# Retrieve the Default Security Group
default_sg = aws.ec2.get_security_group(name='default')

Diagnostics:
    ValueError: unexpected input of type GetSecurityGroupResult
    error: an unhandled error occurred: Program exited with non-zero exit code: 1
 
Outputs:
  + default_sg          : "sg-9ac15fe8"
  + vpc_id              : "vpc-595e9c4g"

and if I run pulumi up again w/o changing anything, it’s a different error.

RuntimeError: Event loop is closed
    exception calling callback for <Future at 0x10ffc1e20 state=finished returned RegisterResourceResponse>
    Traceback (most recent call last):
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/concurrent/futures/_base.py", line 328, in _invoke_callbacks
        callback(self)
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/asyncio/futures.py", line 374, in _call_set_state
        dest_loop.call_soon_threadsafe(_set_state, destination, source)
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/asyncio/base_events.py", line 764, in call_soon_threadsafe
        self._check_closed()
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/asyncio/base_events.py", line 508, in _check_closed
        raise RuntimeError('Event loop is closed')
    RuntimeError: Event loop is closed

Outputs:
  + default_sg          : "sg-9ac15fe8"
  + vpc_id              : "vpc-595e9c4g"

Hi folks, is there a way to add a label in aws/eks to the default namespace in golang?

I’m trying to create an EC2 Spot instance and I’m running into 2 problems. 1. The tags are assigned to the spot request, but not the instance itself. How can I create a spot instance that is tagged?

tags_all

doesn’t seem to do anything in my tests. 2. When I delete the resource (remove the code from pulumi and

pulumi up

) — the spot request is cancelled, but the underlying EC2 instance continues to run. How do I get pulumi to shut down the EC2 instance as well?

import pulumi           
import pulumi_aws as aws

test_instance = aws.ec2.SpotInstanceRequest(
    "test_spot_instance",
    ami="ami-09e67e426f25ce0d7",
    spot_price='0.55',
    spot_type='one-time',
    subnet_id='subnet-302a5579',
    associate_public_ip_address=True,
    ebs_optimized=True,
    ebs_block_devices=[ebs],
    iam_instance_profile="ecsInstanceRole",
    instance_type="m5.xlarge",
    key_name="test-keypair",
    source_dest_check=True,
    tags={
        "Name": "TestSpot",
    },
    tags_all={
        "Name": "TestSpotAll",
        "tags_all": "yes",
    },
)

I have this example. It's one route with a method type post

new aws.apigatewayv2.Route(
     test-route,
    {
      apiId: apigw.id,
      routeKey: "POST /api/pets",
      target: pulumi.interpolate`integrations/${integration.id}`,
    },
    { provider },
  );

But, I need to create a route to pass a parameter to the endpoint

new aws.apigatewayv2.Route(
     test-route,
    {
      apiId: apigw.id,
      routeKey: "GET /api/pets/3",
      target: pulumi.interpolate`integrations/${integration.id}`,
    },
    { provider },
  );

How do I create the route that receives a parameter in the url of 

/api/pets/$id

? Could it be something like that? 

routeKey: "GET /api/pets/{id}",

Typescript EKS IaC & CI/CD pipeline in progress. I think that I want to take the kubeconfig output and push that to an s3 bucket that I've added to my index.ts Willing to hear alternative suggestions for where/how to output that kubeconfig. Presuming I continue with this course of action, are there examples of this kind of thing? Taking a resulting output and saving it to file on an s3 that I can learn from?

Hi, how do I format a tag on a NodeGroup for EKS? I believe I need to put

<http://kubernetes.io/cluster/|kubernetes.io/cluster/><name>

as a tag, but I can't see any example of how to do that with the Key -> Value pair

Hi, This looks like a bug. Getting

ConflictsWith: "network_interface"

when creating instance with

source_dest_check=

aws.ec2.Instance("romlaz_frog_1",
                  instance_type="t2.micro",
                  availability_zone="eu-west-1a",
                  root_block_device=root_block_device_,
                  ami=instance["ami"], tags=instance.get("tags", None), key_name=instance["key_name"],
                  network_interfaces=[{"device_index": 0,
                           "network_interface_id": "eni-0f74fbfd28bc...."}],
                  source_dest_check=True, # <<< same issue when False is used
                  )

>pulumi up
Previewing update (simple):
     Type                 Name                Plan     Info
     pulumi:pulumi:Stack  aws_project-simple
     └─ aws:ec2:Instance  romlaz_frog_1                1 error

Diagnostics:
  aws:ec2:Instance (romlaz_frog_1):
    error: aws:ec2/instance:Instance resource 'romlaz_frog_1' has a problem: ConflictsWith: "network_interface": conflicts with source_dest_check. Examine values at 'Instance.NetworkInterfaces'.


warning: A new version of Pulumi is available. To upgrade from version '3.7.0' to '3.7.1'

Note that this works fine when not using

source_dest_check=

, and that default is True for that setting.

Hi, found bug in aws ec2 pulumi when having

aws:

in tag as key This is not possible to create/change/import in pulumi:

>pulumi up
Previewing update (simple):
     Type                 Name                Plan       Info
     pulumi:pulumi:Stack  aws_project-simple             15 messages
 ~   └─ aws:ec2:Instance  romlaz_frog_1       update     [diff: ~tags]


Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:simple::aws_project::pulumi:pulumi:Stack::aws_project-simple]
    ~ aws:ec2/instance:Instance: (update)
        [id=i-052b6a60438596375]
        [urn=urn:pulumi:simple::aws_project::aws:ec2/instance:Instance::romlaz_frog_1]
        [provider=urn:pulumi:simple::aws_project::pulumi:providers:aws::default_4_6_0::561a80d6-caf9-44d9-95a7-df4210902d44]
      ~ tags: {
          + aws:a_bug: "not creating or importing when tag Key starts with 'aws:'"
        }

Do you want to perform this update? yes
Updating (simple):
     Type                 Name                Status                  Info
     pulumi:pulumi:Stack  aws_project-simple  **failed**              1 error
 ~   └─ aws:ec2:Instance  romlaz_frog_1       **updating failed**     [diff: ~tags]; 1 error

Diagnostics:
  aws:ec2:Instance (romlaz_frog_1):
    error: 1 error occurred:
        * updating urn:pulumi:simple::aws_project::aws:ec2/instance:Instance::romlaz_frog_1: 1 error occurred:
        * error updating tags: error tagging resource (i-052b6a60438596375): InvalidParameterValue: Value ( '' ) for parameter Tag key is invalid. Tag key cannot be null or empty.
        status code: 400, request id: d7950a12-e85f-4bfa-bb88-ad5c6766c9a5

  pulumi:pulumi:Stack (aws_project-simple):
    error: update failed

Is there a better way to auto-tag than maintaining the list of taggable resources? I'm mostly curious about multi-provider combinations, say AWS and Azure https://github.com/joeduffy/aws-tags-example/blob/master/autotag-py/taggable.py At the moment I add propagate the default tags from the config object and then add those to each resource explicitly. I've considered provider tags but this issue https://github.com/hashicorp/terraform-provider-aws/issues/19204 makes it unusable

Hi!!! I have one question about DynamoDb tables. I’m creating a dynamoDB table and passing this TTL configuration:

ttl=aws.dynamodb.TableTtlArgs(
            attribute_name="TimeToExist",
            enabled=False,
        ))

I can create the tablet without any issue but if I redeploy my stack I get and error informing that

ttl

is already defined. Any idea about how can I execute this statement just the first time that I create the table and not the rest of the times that I update the stack?

I'm trying to create an EC2 instance that has an extra data volume attached. I have used

Instance

,

Volume

and

VolumeAttachment

to do this. I'm now trying to figure out how to init the volume and mount it within the instance. I'm doing this via instance user data. However, when I make changes to

userData

and re-run

pulumi up

I get this error

* Error attaching volume (vol-0170f920a526fb90d) to instance (i-003ab040459a35189), message: "vol-0170f920a526fb90d is already attached to an instance", code: "VolumeInUse"

I think this isn't working because the volume is still attached to the old instance. Can pulumi handle detaching the volume?

Hey, does anyone have an example of

ClusterCreationRoleProvider

and how to use it to assume-role?

I have a need to provision resources in multiple aws accounts. How do we do this in pulumi? Any examples?

I have a single pulumi project with multiple lambda services nested in subdirectories that leverage

lambda.CallbackFunction

magic functions. My issue is that every lambda ends up including the entire project’s

node_modules

directory. I traced the behavior to codePaths.ts and found that read-package-tree searches for the

package.json

in the project root (where the yaml files live). It seems that the api gives us the option to define the packages we want excluded via

CodePathOptions

, but the default behavior is to include every package. Is there an elegant way to only include specified package on a per lambda basis, or perhaps to tell the callback function which

package.json

to use without creating multiple pulumi projects? I know one option is to use manual function resources but I like the closure serialization and dev friendliness of magic functions. I dabbled with the idea adding a

package.json

directory path as a parameter into the api so that

readPackageTree

could use a dynamic path rather than hardcoding it to the root Just wanted to gauge if the community has encountered similar problems and / or how other people handle lambda packaging. If this is an issue that more teams run into, I’d be happy to put up a PR.

@faint-table-42725 Is it possible to get a release of awsx? So that we can use this feature, https://github.com/pulumi/pulumi-awsx/pull/676

It is currently impossible to use EKS clusters, some api versioning issue: https://github.com/pulumi/pulumi-eks/issues/600

Does anyone know if deleting ACM validation R53 record invalidates the certificate? I have a component resource that creates a ACM certificate and validates it in R53. The problem is if I create another certificate with the same domain name in another region it generates the same CNAME -> https://github.com/hashicorp/terraform-provider-aws/issues/7918 One of the options suggested was to use

allow_overwrite=True

with

r53.Record()

Assume:

<http://cert.domain.com|cert.domain.com>

- is the name 1) create the certificate in region

eu-west-1

for

<http://cert.domain.com|cert.domain.com>

, this generates validation CNAME:

<http://1234.aws.validate.com|1234.aws.validate.com>

, creates CNAME in r53 2) create the certificate in region

us-east-1

for

<http://cert.domain.com|cert.domain.com>

, this generates validation CNAME:

<http://1234.aws.validate.com|1234.aws.validate.com>

, overwrites CNAME in r53 3) delete the certificate from step 2) - removes CNAME from r53 however cert in step 1) may still require this CNAME to be preset or does the CertificateValidation takes care of recreation?

Hi all, has anyone encountered this issue that when pulumi up, it automatically install the resource plugin but try to find another version of it And I believe it’s similar to this https://github.com/pulumi/pulumi/issues/5641#issuecomment-735867087

How can I get default provider object so I can use it as a parameter in a function? how can I do this?

if provider.region != "wanted region":
   raise ValueError("provider has bad region")

I cannot write a statement above because it's an Output again and there is no way I know to test output for conditions

How does one update the version of the

plugin for aws provider

we are stuck on

3.32.0

and there is not apple/arm version of that plug-in. We’d like to update to

3.38.1

and we did so in the package.json file, but we are still getting:

error: could not load plugin for aws provider 'urn:pulumi:master::alphamap::pulumi:providers:aws::default_3_32_0': no resource plugin 'aws-v3.32.0' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource aws v3.32.0`

If you've got an EC2 instance and a NetworkInterface, is there a way to tell Pulumi to transfer that interface to the new instance when it's being replaced?

Hi, I'm using

awsx.ec2.Vpc

and need to modify the routing tables for VPC peering. I'm wondering what's the best way to go about this? I can't seem to find a routing table option in the

awsx.ec2.Vpc

arguments

Hi! I want to access the value from an existing secret in AWS SecretsManager but I don’t want Pulumi to manage it, is that possible?

Hey All, consider +1'ing this issue to allow configuration of the circuit breaker min failures https://github.com/aws/containers-roadmap/issues/1247 which will help prevent pulumi from timing out at 15min during failing service deployments.

Is it possible to convert or use this module https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest in pulumi? If so, how would one go about that? Thank you

Hi all! It seems the setting for AWS API-Gateway (aws.cloudwatch.apigateway) Cloudwatch logging is missing in Pulumi - could that be the case? There is only the possibility to specify the custom access logging and the x-ray logging, but no option to enable general Cloudwatch logging (see image)?