After creating an EKS cluster is it possible to get the public IP addresses of all of the nodes? Or should I try to do that via the Kubernetes provider?

So, I keep trying to run

pulumi import

on a lambda function, but I keep getting the following error:

Preview failed: diffing urn:pulumi:local_test_stack::foobarfoo::aws:lambda/function:Function::foo: handler and runtime must be set when PackageType is Zip

What am I missing?

Is there documentation on how to scale ECS fargate tasks? or is this done automatically?

Does anybody know how to pass param from one project to another? Let’s say we use VPC and RDS. I want to deploy rds to that vpc using vpc ID. In terraform it’s possible to use terraform_remote_state resource to grab the output value. Do we have smth similar in Pulumi?

Is there a way to enable multicast and create a domain on a transit gateway?

Anybody get an example for setting up cloudwatch logging for SNS success and failure delivery status?

Hi all - I'm sure this has been answered at some point, so please feel free to link me to another thread. It seems that my deployment is out of sync with API Gateway due to a manual edit on AWS (deleting a resource). I only learned now that doing manual updates on AWS is a big no-no, so looking for a fix to re-sync my deployments. Thanks!

Hey all… Everything works perfectly before, but now when I am build new service with

pulumi 3

, I keep getting the following error after running

pulumi up

, even in a fresh

aws-typescript

template………….

Type                 Name            Plan       Info
 +   pulumi:pulumi:Stack  playground-dev  create     
     └─ aws:s3:Bucket     newtestbucket              1 error
 
Diagnostics:
  aws:s3:Bucket (newtestbucket):
    error: could not validate provider configuration: 1 error occurred:
        * Invalid or unknown key

My configs

// Pulumi.yaml
name: playground
runtime: nodejs
description: A minimal AWS TypeScript Pulumi program
template:
  config:
    aws:region:
      description: The AWS region to deploy into
      default: us-east-1

// Pulumi.dev.yaml
config:
  aws:accesskey: ...
  aws:region: us-east-1
  aws:secretKey:
    secure: ...

Anyone can give me some clues?

Never mind… I found the typo:

accesskey

->

accessKey

Hi everyone. I have an error:

error: post-step event returned an error: failed to verify snapshot: child resource urn:pulumi:dev2::api-notifications::aws:sqs/queue:Queue$aws:sqs:QueueEventSubscription::mkt-sqs-event-report-dev2 refers to missing parent urn:pulumi:dev2::api-notifications::aws:sqs/queue:Queue::mkt-post-consultation-report-sqs-dev2

anyone know the cause of this error?

Hi everyone. I have another problem hehe. 😞 I am trying to import a table from dynamodb but I run into this error:

pulumi import aws:dynamodb/table:Table test-dev  test-dev

Type                   Name                                              Plan       Info
pulumi:pulumi:Stack    api-test-dev2                                       1 error
=   └─ aws:dynamodb:Table  test-dev  import     1 error

Diagnostics:
aws:dynamodb:Table (test-dev):
error: Preview failed: diffing urn:pulumi:dev2::test::aws:dynamodb/table:Table::test-dev: 1 error occurred:
 * all attributes must be indexed. Unused attributes: ["field1" "field2" "field3" "field4"]

pulumi:pulumi:Stack (test-dev2):
error: preview failed

do some research and I think this issue is related to what I want to do Does anyone know how to resolve this issue?

Hi!!! I currently have a ECS cluster with several services running on it smoothly thanks to pulumi. The load balancer URL that we are getting is a

http

any idea how to change that to a

https

?

Hey has anyone successfully hooked up x-ray with pulumi’s magic function lambdas in typescript? With the traditional sdk xray integration looks something like this

import Lambda from 'aws-sdk/clients/lambda';
import { captureAWSClient } from 'aws-xray-sdk-core';

const client = captureAWSClient(new Lambda());

However since our lambda functions are managed through pulumi, there isn’t an easy way to apply this wrapper. Or if there is, I’ve completely missed it. I checked out the pulumi docs on the functiontracingconfig parameter, which gives me a high level trace (lambda execution time), but doesn’t go into the subcalls within the lambda like the capture client normally would.

Hello everyone, How can I validate so that it does not create the table when it already exists? My problem is:

error: update failed

 

  aws:dynamodb:Table (test-db-dev):

    error: 1 error occurred:

Hey you lovely people! In Typescript, trying to use

@pulumi/postgresql

to create a role on an Aurora postgresql database after its creation, much like shown in this blog post for mysql and an RDS instance (second example). Unfortunately, I have no luck and run into a timeout error:

postgresql:index:Role (<role name>):
    error: could not start transaction: dial tcp xx.x.x.xxx:5432: connect: operation timed out

Found an issue on Github that seemed related, but wasn't able to derive a solution for my case from it. This is the part of the program that is supposed to create the role:

this.postgresProvider = new postgresql.Provider('aurora-postgresql', {
    expectedVersion: this.cluster.engineVersion,
    host: this.cluster.endpoint,
    password: this.password.result,
    port: this.cluster.port,
    username: this.cluster.masterUsername
}, {
    parent: this.cluster
});

this.postgresUser = new postgresql.Role(<role name>, {
    createDatabase: true,
    createRole: true,
    login: true,
    name: <role name>,
    roles: ['rds_iam']
}, {
    parent: this.postgresProvider,
    provider: this.postgresProvider
});

The instances on the cluster are set to not be publicly accessible, in case that has anything to do with it. Any help and pointers would be greatly appreciated! Cheers ✌️

hey guys, I want to specify the subnet id in RouteTable Association obtained from subnet object array:

const subnet_public = []
 
for (let it = 1; it <= 2; it++) {
    subnet_public.push(new aws.ec2.Subnet(`${name}-public-${it}`, {
      vpcId: vpc.id,
      cidrBlock: `10.0.${2+it}.0/24`,
      availabilityZone: azs.then(azs => azs.names[`${it}`]),
      tags: {
        'Name': `${name}-public-${it}`,
        '<http://kubernetes.io/role/elb|kubernetes.io/role/elb>': '1',
        [`<http://kubernetes.io/cluster/pulumi-${environment}`|kubernetes.io/cluster/pulumi-${environment}`>]:  'shared',
        [`<http://kubernetes.io/cluster/pulumi-${environment}`|kubernetes.io/cluster/pulumi-${environment}`>]:  'shared',
      },
    }));
  }
....
  const publicRouteTableAssociation = new         aws.ec2.RouteTableAssociation("publicRouteTableAssociation", {
    routeTableId: publicRouteTable.id,
    subnetId: pulumi.all(subnet_public[0,1]),
  });

what is the proper way you may suggest of specifying -

subnetId: pulumi.all(subnet_public[0,1])

Cheers

Hey all, I’m looking at adding VPC peering to my Pulumi-based AWS lab infrastructure. The potential problem I see is that I use region-based stacks (i.e., one stack for us-west-2, one stack for us-east-2, etc.), and I’m not really clear how I could add VPC peering to this sort of configuration (since I’d need to know information from two different stacks). I suppose possibly a StackReference to pull the “remote” VPC ID might work? Any thoughts here? (I’m writing in Golang, if that makes any difference.)

Hello, not sure if this is the best place to post this. But I am creating a aws:cloudwatch:EventRule and have provided a Name and eventBusName to it. Similar to the attached code. I have noticed that pulumi automatically creates an resource with a id in the format of

EventBusName/name

The problem I am having is that when I open the resource in aws it throws a validation error on the auto generated Id because presumably it contains a "/" . Is there something I'm doing wrong or a limitation within pulumi?

Hi, Is there a way to set Environment variables on Lambda functions, directly while deploying through Pulumi? I saw this but can someone please help me with a small code-snippet of how to use it. Thanks! https://www.pulumi.com/docs/reference/pkg/aws/lambda/function/#functionenvironment

Can pulumi manage S3 Intelligent-Tiering configuration (ie configuring the transition to

ARCHIVE

and

DEEP_ARCHIVE

( https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html )

I need to deploy basically the same stack to the US and EU-- two different AWS regions. The correct way to do this is to have a multiple stack config files like

Pulumi.us-Production

and

Pulumi.eu-Production

right? The other way is to do it in code but I don’t think that fits nicely with the existing configuration model.

In my stack, I have an ACM certificate that is utilized by a CloudFront distribution. When resources are being replaced, the certificate is always attempting to be deleted before the distribution, which fails because obviously the distro still depends on the cert. Shouldn't the distribution be deleted or updated and then the certificate deleted? Happy to file an issue if needed, just wondering if anyone else has experienced this.

What kind of approaches do you use when creating AWS Lambda functions with Pulumi that require dependencies? Let's say I have for example a Lambda function created with NodeJS. Running npm install and adding node_module directory inside Pulumi project doesn't look like a good idea. Kind a same thing if I would like to use Lambda layers.

I was excited to get an email from Pulumipus about how aws crosswalk makes managing VPCs easier... however, I was disappointed to find getting a subnet type in a particular AZ is still based on the order of the array. e.g.

pulumi.ouput(vpc.publicSubnetIds)[0]

would get the public subnet from the "first" AZ.

Could I get some eyes? Pretty pretty please? I want to create an alias with the functionVersion being what it is now. Is there a way to fetch the current version so it doesn't get changed each time I

pulumi up

?

const lambdaAlias = new aws.lambda.Alias("DEV", {
      functionName: routeKey + "DEV",
   // functionVersion: "1", // how do I get this to pull from the current alias instead of overriding with "1" each time I pulumi up?
  });

(side note, our devops is going to change the function version outside of this project when we canary deploy, so we don't want it overriding)

Following up on this message (https://pulumi-community.slack.com/archives/CRH5ENVDX/p1629414866112800) so that I can be sure my understanding is correct: I was able to use a third stack to manage the VPC peering. The reason this worked is because having the third stack create the VPC peering relationship (the requester and the accepter), add routes to an existing route table, add rules to existing security groups, etc., is because this third stack wasn’t actually changing anything in the “base” infrastructure stacks it was referencing via StackReferences. (Those are read-only, correct?) Instead, due to the way the AWS APIs work and the way the provider is written, these are “new resources” associated with existing (read-only) resources (like a route linked to a route table, or a security group rule linked to a security group). Is that a reasonable explanation of what’s happening here?

Hello Folks, I am currently using Pulumi for AWS Lambda infra provisioning. I am not sure whether Pulumi supports updating the Lambda function app code. Can someone please suggest to me the various ways to update the Lambda function app code?