https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • l

    little-summer-88406

    09/29/2021, 10:07 AM
  • l

    little-summer-88406

    09/29/2021, 10:10 AM
  • l

    little-summer-88406

    09/29/2021, 10:10 AM
    nvm found how.
  • g

    green-intern-27665

    09/29/2021, 1:18 PM
    Hi!!! one question. I want to add autoscalling to my ECS fargate tasks. I have trying to dig into the documentation and all the examples that I have seen are related to EC2 instances but I haven’t found information about Fargate tasks. Any idea or resource to check?
    c
    l
    • 3
    • 7
  • l

    little-summer-88406

    09/29/2021, 2:05 PM
    https://aws.amazon.com/premiumsupport/knowledge-center/ecs-fargate-service-auto-scaling/ ? seems you just need to tie into a cloudwatch metric, either one you get out the box, our make your own cloudwatch metric from log output parsing
  • l

    little-summer-88406

    09/29/2021, 2:07 PM
    Id be tempted to ignore the out the box metrics and find something more symbolic - ttfb for each request over 5 minutes exceeding 0.5seconds or something
  • f

    full-artist-27215

    09/29/2021, 4:20 PM
    I'm automating the setup of a Hashicorp Vault server, and setting up an AWS secrets backend (https://www.vaultproject.io/docs/secrets/aws) Part of that entails passing the secret key and access key of an IAM user to allow Vault to interact with AWS. I can use a
    pulumi_vault.aws.SecretBackend
    (https://www.pulumi.com/docs/reference/pkg/vault/aws/secretbackend/) along with a
    pulumi_aws.iam.User
    (https://www.pulumi.com/docs/reference/pkg/aws/iam/user/) and a
    pulumi_aws.iam.AccessKey
    (https://www.pulumi.com/docs/reference/pkg/aws/iam/accesskey/) to do the initial setup. The wrinkle comes in where Vault allows you to automatically rotate the credentials with
    vault write -f aws/config/rotate-root
    (https://www.vaultproject.io/api-docs/secret/aws#rotate-root-iam-credentials). This changes what Pulumi thinks it knows about the state of the world. Things are fine as long as you continue to
    pulumi up
    , but once you run
    pulumi refresh
    , the difference is discovered, steps are taken to remediate the situation, and things get messy. Initially, I was thinking I could use Pulumi to do the initial setup, then remove the
    pulumi_aws.iam.AccessKey
    resource (after I had Vault rotate it the first time), and add an
    ignore_changes
    (https://www.pulumi.com/docs/intro/concepts/resources/#ignorechanges) option on the
    pulumi_vault.aws.SecretBackend
    . However, when I run
    pulumi refresh
    after having Vault rotate the key, it still shows that an update needs to happen. The diff doesn't show anything, but if I compare the stack outputs before and after (using
    pulumi stack export
    ) I see a bunch of ciphertext changes that I'm having trouble making heads or tails of. I'm curious if anyone else has had any success with a similar setup in Pulumi. Is there a better way to do this using Pulumi? Or would it be better to manually create these things outside of Pulumi, and then perhaps adopt the resources into Pulumi? Thanks.
    r
    • 2
    • 38
  • f

    fast-river-57630

    09/30/2021, 2:47 AM
    Hrm. just renaming a aws:ec2:SecurityGroupRule seems to hit "A duplicate Security Group rule was found on" / https://github.com/hashicorp/terraform/pull/2376 / "Error message: the specified rule ... already exists". The actual terraform github link seems like a red herring. Of course... wow. just nuked all the rules sitting in front of my db
    l
    a
    • 3
    • 9
  • f

    fast-river-57630

    09/30/2021, 2:52 AM
    "At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.". I hit that when trying to work around it, ofc
    l
    • 2
    • 2
  • f

    flat-appointment-12338

    09/30/2021, 2:21 PM
    Does anyone know how to register multiple target groups with a Fargate definition? Ive tried passing an array of target groups into the container definitions'
    portMappings
    field but it only associates the task with one of the target groups.
    • 1
    • 4
  • f

    freezing-van-87649

    10/01/2021, 1:42 AM
    Has anyone used Pulumi with the python step function sdk? I’m jealous of the CDK step function user experience
    b
    h
    • 3
    • 15
  • a

    ambitious-father-68746

    10/01/2021, 8:50 AM
    Pulumi team, great work on the new Pulumi AWS Native provider. Kudos to you!
    ❤️ 3
  • r

    ripe-shampoo-80285

    10/01/2021, 5:18 PM
    With recent announcement of aws native provider, do we need to migrate from current aws provider to this new native provider? what exactly needs to be done? What are main benefits of doing this? https://www.pulumi.com/blog/announcing-aws-native/
    b
    f
    • 3
    • 3
  • p

    proud-pizza-80589

    10/03/2021, 10:56 AM
    Is there a way to get the public key out of a KMS key created via
    aws.kms.Key
    ? The UI has it and via the aws-sdk, but i can’t seem to find the field. (not using the native provider yet)
    b
    • 2
    • 2
  • c

    crooked-pillow-11944

    10/04/2021, 5:41 PM
    Can I hardcode the contents of the buildspec.yml into a CodeBuild project in the resource?
    • 1
    • 2
  • c

    crooked-pillow-11944

    10/04/2021, 8:23 PM
    How can I get just the secret name of a Secrets Manager secret from the secret resource?
    id
    is returning the arn of the secret which is not working with codebuild environment variables
    m
    • 2
    • 2
  • q

    quaint-portugal-34880

    10/05/2021, 11:16 AM
    I suddenly start to get a very strange error with my s3 state bucket
    /tmp/pulumi % pulumi up
    error: failed to load checkpoint: blob (key ".pulumi/stacks/test-stack.json") (code=Unknown): ExpiredToken: The provided token has expired.
    status code: 400, request id: WD9TGHZYT1S0D2DA, host id: LG3ktEVsZRP1DTG47uiEWrC+ez4t4X0COr65CqkGxTTMiKhpygCnWbQKUhBI3TSMIYf6nqSTdNo=
    I have logged in with pulumi login s3://my-state-bucket And cmds like aws s3 --profile my-profile ls s3://my-state-bucket works fine The only AWS env variable is AWS_PROFILE=my-profile I get the same error with all my stacks and it started suddenly Running latest version of Pulumi
    g
    • 2
    • 8
  • c

    crooked-pillow-11944

    10/05/2021, 12:13 PM
    CodeBuild project is failing to update with
    * Error creating CodeBuild project: InvalidInputException: Invalid project source: location must be a valid S3 source
    The bucket is created and I've added the root prefix
    /
    after the id. I've confirmed that I can set this in the UI
    r
    • 2
    • 3
  • l

    loud-nest-15724

    10/06/2021, 3:27 PM
    Hi all, has anyone used Pulumi to setup an AWS account vending machine? i.e. an automated way for teams to create and manage AWS accounts themselves for the components they own I've had a quick look at AWS Control Tower, and org-formation, but I'd prefer to do this with Pulumi
    b
    b
    f
    • 4
    • 7
  • f

    fast-river-57630

    10/06/2021, 6:27 PM
    ECS attached to EventBridge cron? Is it just aws.cloudwatch.EventTarget with a task definition arn?
    c
    • 2
    • 9
  • b

    brainy-helmet-80249

    10/06/2021, 8:33 PM
    Has anyone run into this error:
    panic: interface conversion: interface {} is []interface {}, not *schema.Set
    while deploying with GitHub actions? Full diagnostics:
    Diagnostics:
        aws:lambda:Function (****-handler-lambda-function-dev):
          error: transport is closing
       
        aws:s3:BucketObject (****-handler-deployment-dev.zip):
          error: transport is closing
       
        pulumi:pulumi:Stack (****-dev):
          error: update failed
       
          panic: interface conversion: interface {} is []interface {}, not *schema.Set
          goroutine 438 [running]:
          <http://github.com/terraform-providers/terraform-provider-aws/aws.resourceAwsLambdaFunctionUpdate(0xc001bf6480|github.com/terraform-providers/terraform-provider-aws/aws.resourceAwsLambdaFunctionUpdate(0xc001bf6480>, 0x6d569e0, 0xc0015f6c00, 0x0, 0x0)
          	/home/runner/go/pkg/mod/github.com/pulumi/terraform-provider-aws@v1.38.1-0.20211004122636-8966d24576a0/aws/resource_aws_lambda_function.go:1199 +0x522d
          <http://github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xc000717110|github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xc000717110>, 0x8963f18, 0xc00012c018, 0xc001bf6480, 0x6d569e0, 0xc0015f6c00, 0x0, 0x0, 0x0)
          	/home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/v2@v2.0.0-20210629210550-59d24255d71f/helper/schema/resource.go:342 +0x1ee
          <http://github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc000717110|github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc000717110>, 0x8963f18, 0xc00012c018, 0xc0023278f0, 0xc00139a4c0, 0x6d569e0, 0xc0015f6c00, 0x8, 0x10, 0x7fa1682565b8, ...)
          	/home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/v2@v2.0.0-20210629210550-59d24255d71f/helper/schema/resource.go:454 +0x390
          <http://github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2.v2Provider.Apply(0xc00107a1e0|github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2.v2Provider.Apply(0xc00107a1e0>, 0x7cc8d72, 0x13, 0x8964e68, 0xc002251340, 0x898b330, 0xc00139a4c0, 0x0, 0x898b330, 0xc00139a4c0, ...)
          	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v3@v3.8.2-0.20210930033847-5bba386a0e79/pkg/tfshim/sdk-v2/provider.go:112 +0x210
          <http://github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.(*Provider).Update(0xc00000a3c0|github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.(*Provider).Update(0xc00000a3c0>, 0x8963f88, 0xc001bc2630, 0xc001b0d380, 0xc00000a3c0, 0x6ca9101, 0xc002243080)
          	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v3@v3.8.2-0.20210930033847-5bba386a0e79/pkg/tfbridge/provider.go:1038 +0x9a3
          <http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler.func1(0x8963f88|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler.func1(0x8963f88>, 0xc001bc2630, 0x7a70020, 0xc001b0d380, 0x7a24600, 0xd580058, 0x8963f88, 0xc001bc2630)
          	/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.13.2/proto/go/provider.pb.go:2638 +0x8b
          <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x8963f88|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x8963f88>, 0xc001bc20c0, 0x7a70020, 0xc001b0d380, 0xc00132f1a0, 0xc001562c00, 0x0, 0x0, 0x8876e20, 0xc000400a70)
          	/home/runner/go/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645/go/otgrpc/server.go:57 +0x30a
          <http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler(0x7b63f20|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler(0x7b63f20>, 0xc00000a3c0, 0x8963f88, 0xc001bc20c0, 0xc0010555c0, 0xc00145b800, 0x8963f88, 0xc001bc20c0, 0xc0009b4c00, 0xadc)
          	/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.13.2/proto/go/provider.pb.go:2640 +0x150
          <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc0003cb6c0|google.golang.org/grpc.(*Server).processUnaryRPC(0xc0003cb6c0>, 0x898bcf8, 0xc0015a6180, 0xc0024af440, 0xc0015316b0, 0xd53aa30, 0x0, 0x0, 0x0)
          	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.37.0/server.go:1217 +0x52b
          <http://google.golang.org/grpc.(*Server).handleStream(0xc0003cb6c0|google.golang.org/grpc.(*Server).handleStream(0xc0003cb6c0>, 0x898bcf8, 0xc0015a6180, 0xc0024af440, 0x0)
          	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.37.0/server.go:1540 +0xd0c
          <http://google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000ea8050|google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000ea8050>, 0xc0003cb6c0, 0x898bcf8, 0xc0015a6180, 0xc0024af440)
          	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.37.0/server.go:878 +0xab
          created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1>
          	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.37.0/server.go:876 +0x1fd
    b
    l
    +4
    • 7
    • 26
  • l

    late-lock-17022

    10/07/2021, 7:56 PM
    Hi just started out using pulumi and am playing around with pulumi. I want to use a second ebs volume as a persistent storage for an ec2 instance. So i’ve set it up like this.
    data_volume = ebs.Volume("Ghost Data",
                             availability_zone=default_az,
                             size=10,
                             type="gp3",
                             tags={
                                 "Name": "Ghost data"
                             }
                             )
    
    ghost_instance = ec2.Instance("Ghost",
                                  instance_type="t4g.small",
                                  ami=default_ami.id,
                                  root_block_device=ec2.InstanceRootBlockDeviceArgs(
                                      delete_on_termination=True,
                                      volume_type="gp3",
                                      tags={
                                          "Name": "Ghost root device"
                                      }
                                  ),
                                  availability_zone=default_az,
                                  vpc_security_group_ids=[
                                      security_groups.sg_web_access.id,
                                      security_groups.sg_ssh_access.id,
                                      security_groups.sg_all_outbound.id
                                  ],
                                  key_name="chipnibbles-aws-keys",
                                  tags={
                                      "Name": "Ghost Instance"
                                  }
                                  )
    
    second_disk = ec2.VolumeAttachment("Second Disk",
                                       device_name="/dev/sdh",
                                       volume_id=data_volume.id,
                                       instance_id=ghost_instance.id,
                                       force_detach=True
                                       )
    The problem I’m facing right now is when I’m trying to update the
    ghost_instance
    pulumi fails on the Volume Attachment replacement.
    View Live: <https://app.pulumi.com/Regrau/chipnibbles-infrastructure/dev/updates/26>
    
         Type                         Name                            Status                   Info
         pulumi:pulumi:Stack          infrastructure-dev  **failed**               1 error
     +-  └─ aws:ec2:VolumeAttachment  Second Disk                     **replacing failed**     [diff: ~instanceId]; 1 error
     
    Diagnostics:
      aws:ec2:VolumeAttachment (Second Disk):
        error: 1 error occurred:
            * Error attaching volume (vol-07e61ae7f6062403f) to instance (i-002f5a8d58c0bb000), message: "vol-07e61ae7f6062403f is already attached to an instance", code: "VolumeInUse"
    I’m still not quite sure if the problem is with pulumi or AWS itself. I get the error code, but it seems wrong that pulumi does not detach the volume before changing the attached instance id. Why is that a limitation and are there any workarounds? Can anybody help me out here please? It is worth mentioning that I want to mount the second ebs volume for database storage. I’d use EFS but it would be to slow for that purpose.
    l
    w
    • 3
    • 6
  • p

    prehistoric-kite-30979

    10/07/2021, 10:40 PM
    Could someone point me in the direction of the magic lambda function code implementation, I’ve been looking the the pulumi-aws repo but cant find it 😅. I’m trying to build a workaround for https://github.com/pulumi/pulumi/issues/2661
    c
    l
    • 3
    • 11
  • h

    hallowed-tomato-78073

    10/08/2021, 4:14 AM
    Hi! I’m trying to use the new
    aws-native
    package in typescript to create an Amazon Managed Prometheus workspace, and running into the following error when running `pulumi up`:
    error: could not get AWS account ID: operation error STS: GetCallerIdentity, exceeded maximum number of attempts, 3, failed to sign request: failed to retrieve credentials: no EC2 IMDS role found, operation error ec2imds: GetMetadata, exceeded maximum number of attempts, 3, request send failed, Get "<http://X/latest/meta-data/iam/security-credentials/>": dial tcp X:80: connect: host is down
    In the Pulumi.yaml file,
    aws:profile: Y
    and
    aws-native:profile: Y
    are both set. If I remove the code that uses
    aws-native
    , keeping only the
    aws
    code, the error does not appear and the update works as expected. Any advice/tips/etc… appreciated!
    s
    • 2
    • 3
  • s

    swift-planet-53281

    10/08/2021, 12:44 PM
    I'm having a problem when updating loadbalancer data. Situation before: • 1 loadbalancer • 1 target group • 1 listener for the loadbalancer, forwarding to the target group. Problematic actions: 1. I updated something in the loadbalancer (added EIPs), such that it needed to be replaced 2. The pulumi tries to replace the listener as well 3. Then I get the following error:
    error creating ELBv2 Listener (arn:aws:elasticloadbalancing:eu-west-1:###########:loadbalancer/net/Pulumi-LB-f7b33b7/53038cb254ec917f): TargetGroupAssociationLimit: The following target groups cannot be associated with more than one load balancer: arn:aws:elasticloadbalancing:eu-west-1:############:targetgroup/datahub-tg-8e3c646/06da054467749336
    This seems to be caused by the fact that a new listener is created first (before the old one is removed), leading to a temporary invalid situation. How should I go about this? NB: Relevant part of source code is in thread below.
    • 1
    • 1
  • s

    swift-planet-53281

    10/08/2021, 1:16 PM
    Ah I just found out about deleteBeforeReplace...
    👏 1
  • b

    bumpy-laptop-30846

    10/08/2021, 2:19 PM
    Hi! Is there a way to wait for aws.route53.Record to be actually served ? Or, is there a generic ‘wait for an http endpoint to be present’ and pass it as dependsOn for another ressource?
    l
    • 2
    • 1
  • b

    brainy-helmet-80249

    10/08/2021, 8:38 PM
    I have a AWS Fargate service behind a simple VPC, and that service needs to access S3 (not behind VPC). Is the following enough to expose s3?
    new aws.ec2.VpcEndpoint(`s3-vpc-endpoint-${stack}`, {
        serviceName: `com.amazonaws.${region}.s3`,
        vpcId: vpc.id
      });
    b
    • 2
    • 1
  • b

    broad-dog-22463

    10/08/2021, 9:50 PM
    There's a slight regression in v4.24.0 of pulumi-aws for ALB TargetGroup - I am preparing a PR to fix it now and hope to have it patched this evening
  • b

    broad-dog-22463

    10/08/2021, 10:06 PM
    The issue is being tracked here - https://github.com/pulumi/pulumi-aws/issues/1660
Powered by Linen
Title
b

broad-dog-22463

10/08/2021, 10:06 PM
The issue is being tracked here - https://github.com/pulumi/pulumi-aws/issues/1660
View count: 1