millions-umbrella-34765
10/20/2021, 8:28 PMimport * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// pulumi import aws:organizations/organization:Organization myOrg o-4pxk9chgfxyz
const myOrg = new aws.organizations.Organization(
"myOrg",
{
awsServiceAccessPrincipals: [
"<http://ram.amazonaws.com|ram.amazonaws.com>",
"<http://sso.amazonaws.com|sso.amazonaws.com>",
"<http://reporting.trustedadvisor.amazonaws.com|reporting.trustedadvisor.amazonaws.com>",
"<http://cloudtrail.amazonaws.com|cloudtrail.amazonaws.com>",
"<http://guardduty.amazonaws.com|guardduty.amazonaws.com>"
],
featureSet: "ALL"
},
{
protect: true
}
);
//Configure GuardDuty for the organization
//creating a detector in the master acct enables GuardDuty
const masterAcctDetector = new aws.guardduty.Detector("masterAcctDetector", {});
//delegate the GuardDuty admin account to the security account (<mailto:aws-security@my.com|aws-security@my.com>)
const securityAccountId = "405739590713";
const guardDutyOrganizationAdminAccount = new aws.guardduty.OrganizationAdminAccount("guardDutyOrganizationAdminAccount", {adminAccountId: securityAccountId}, {
dependsOn: [myOrg],
});
But GD is only per region by the organization is not specific to a region. To create a GD master account, I need to run this for each region so I'll create a new stack for the region. Is it an issue the org is defined in this file and doesn't apply to a region?millions-umbrella-34765
10/20/2021, 9:19 PMpulumi up
to create a bunch of GuardDuty members and it created them. But I immediatly ran pulumi preview
with no code changes and it says it's going to replace a member. Why would that be?purple-plumber-90981
10/21/2021, 4:47 AMmysterious-piano-98161
10/21/2021, 5:07 AMvictorious-fountain-7689
10/21/2021, 5:23 AMawsx.ec2.Vpc
object using awsx.ec2.Vpc.fromExistingIds
?
Eventhough I passed in vpcId
, publicSubnetIds
and privateSubnetIds
, the output of .getSubnets("public")
seems to be an empty list.mysterious-piano-98161
10/21/2021, 6:16 AMearly-keyboard-41388
10/21/2021, 6:30 AMnew
aws.cloudformation.Stack
, but having a lot of issues when using the templateBody
and adding data (ids or ips) from other resources created on same pulumi update run.
I end up with this error on every output:
Calling [toJSON] on an [Output<T>] is not supported. To get the value of an Output as a JSON value or JSON string consider either: 1: o.apply(v => v.toJSON()) 2: o.apply(v => JSON.stringify(v)) See <https://pulumi.io/help/outputs> for more details. This function may throw in a future version of @pulumi/pulumi.
Thanks.brave-nightfall-19158
10/21/2021, 8:10 AMearly-keyboard-41388
10/21/2021, 11:58 AMaws-sdk
, with the lambda.invoke
, my main doubt is with the naming for the other lambda, as Pulumi adds extra numbering to the name.
Maybe something on the pulumi up
process to add in the lambda’s env data or any other option?enough-leather-70274
10/22/2021, 10:03 AMapi_mapping_key
but that links to the API gateway WS docs of all things. I'm assuming that's the path I want to provide (esp. given the CF example) but should the docs not link to the aforementioned page rather than WS docs?millions-furniture-75402
10/22/2021, 2:46 PMgreen-park-28305
10/25/2021, 3:00 PMcluster:eks.Cluster = eks.Cluster(f"{cluster_name}-cluster",
name=cluster_name,
....
node_group_options=eks.ClusterNodeGroupOptionsArgs(
cloud_formation_tags={
"Name": "EKS Worker Node"
},
encrypt_root_block_device=True,
),
...
)
eks.ManagedNodeGroup(f"{cluster_name}-node-group-" + str(i),
cluster=cluster.core,
node_group_name=f"{cluster_name}-managed-node-group-" + str(i),
....
))
witty-belgium-75866
10/25/2021, 3:52 PMweb-identity
.
how can I do it via pulmi?
thx!mysterious-wolf-74677
10/25/2021, 6:06 PM"unimport"
feature that can simply remove things from the pulumi stack without changing anything in AWS?bitter-policeman-94135
10/26/2021, 12:07 AMwitty-belgium-75866
10/26/2021, 9:18 AMkubeconfig
of an EKS cluster?
I want to pass it to the k8s.Provider
object in order to deploy stuff on the cluster.
thx!tall-beard-99429
10/26/2021, 4:08 PMearly-keyboard-41388
10/27/2021, 10:34 AMnew aws.lambda.Alias(
`alias-${stageSanitized}-new`,
{
name: 'SER001',
functionVersion: lambdaFN.version,
functionName: lambdaFN.name,
description: 'Alias for SER001 environment',
},
{ parent: lambdaFN, protect: true },
);
I already have an alias created for a given version of the same Lambda. But when I make pulumi update
, I get that the existing Alias will get deleted. What am I missing? So both Alias have different names: one for the env
, like dev
, and the other, simulating a feature (SER001
).
I even added the protected flag…astonishing-quill-88807
10/27/2021, 8:30 PMripe-shampoo-80285
10/28/2021, 2:30 PMripe-shampoo-80285
10/28/2021, 2:31 PMripe-shampoo-80285
10/28/2021, 2:37 PMripe-shampoo-80285
10/28/2021, 2:38 PMripe-shampoo-80285
10/28/2021, 7:06 PMbrave-nightfall-19158
10/29/2021, 3:35 PMtall-beard-99429
10/29/2021, 3:43 PMCould not set VPC CNI options: kubectl is missing
with EKS?brave-nightfall-19158
10/30/2021, 3:13 PM${_name_}-domain-name
, {
domainName: args.customDomainName,
domainNameConfiguration: {
certificateArn: args.certifcateArn,
endpointType: 'REGIONAL',
securityPolicy: 'TLS_1_2'
}
}, { deleteBeforeReplace: true, parent: this });brave-nightfall-19158
10/30/2021, 3:14 PMsparse-tomato-5980
11/01/2021, 7:35 PMsparse-tomato-5980
11/01/2021, 7:39 PMsparse-tomato-5980
11/01/2021, 7:39 PM