Hi all, I am working on deploying a container on Lambda with an override (code snippet below) and need to include a CMD override. I can pass in an entrypoint, but can't get it to pass in a CMD override. Any thoughts on how this could work? arc_process_lambda = aws.lambda_.Function("arc_process_lambda", image_uri=image_address, role=process_lambda_role.arn, package_type = 'Image', image_config=aws.lambda_.FunctionImageConfigArgs(entry_points=["functions.process_nclimgrid_files"]) )

👋 hi - I'm trying to update alerts definition using aws-native provider but I'm seeing NPE exception. Not sure how to get around that. It does seem like a bug. I'll post error details in the thread

Hello! I am frequently seeing an error message when trying to update my stack (using

pulumi up

) after correcting an issue with the configuration of an autoscaling group: error: 1 error occurred: * updating urn😛ulumi:dev::codicy-main::awsx:x:ecs:Cluster$awsx❌autoscaling:AutoScalingGroup$aws:cloudformation/stack:Stack::JupyterHub-AutoScalingGroup: 1 error occurred: * error updating CloudFormation stack (arn:aws:cloudformation:ap-southeast-1:415375321442:stack/jupyterhub-autoscalinggroup-586cf84/2e25ca40-45d2-11ec-af4b-0af0cb546522): ValidationError: Stack:arn:aws:cloudformation:ap-southeast-1:415375321442:stack/jupyterhub-autoscalinggroup-586cf84/2e25ca40-45d2-11ec-af4b-0af0cb546522 is in ROLLBACK_COMPLETE state and can not be updated. status code: 400, request id: 6c7e567b-4d0c-4903-afa1-876ea218fa1b Does anyone have any suggestions?

I'm using the @pulumi/aws and @pulumi/awsx libraries in TypeScript.

Hello, I’m trying to run a docker container to aws fargate, This is how I run the container in docker ->

docker run -p 80:3000 container-id

How do I add the container port 3000 it to the fargate task definition, currently I’m doing:

const listener = new awsx.lb.ApplicationListener("pulumi-ecs-primary", {
  external: true,
  port: 80
});

const taskDefinition = new awsx.ecs.FargateTaskDefinition("sample", {
  containers: {
    sampleapp: {
      image: awsx.ecs.Image.fromDockerBuild(sample, {
        context: "./app/",
        dockerfile: "./app/Dockerfile",
      }),
      portMappings: [listener]
    },
  },
});

Hey you lovely folks, is there a pulumi equivalent to the

NewDBClusterIdentifier

parameter of the JS SDK v3 ModifyDBClusterCommand? It seems that simply changing the physical name of the resource in my pulumi script (i.e., changing the

clusterIdentifier

parameter of the

aws.rds.Cluster

resource) leads to a complete replacement, not a simple renaming. Any ideas?

Is it possible to automate the 'Block public access' settings on an S3 bucket when creating the bucket from pulumi_aws ? I'm using the 'private' ACL but that doesn't set the

Block public access

setting.

It looks like there is no way in Pulumi to read or manage SSO principals (users or groups), is this correct?

Hi, does someone here managed to authenticate to EKS, via Okta's assume role? A dedicated IAM user ( 'pulumi' ) created the EKS cluster itself.

Has anyone run into this bug and/or worked around it without having to monkey patch? https://github.com/pulumi/pulumi-awsx/issues/716

Hey y'all. I'm trying to import an AWS IAM Role however it looks like the import does not work properly / does not compare the import code vs the existing role correctly. For example, I have a role that I have managed policies added for sake of argument, app mesh full access and administrator access. In my Pulumi code, I have only added inline policies and no managed policies at all. When I do the import, it says that the role can be imported no problem even though my code does not include the 2 managed policies. However, if I add one of the managed policies to my code, when I do the import, it complains that there is one managed policy missing which is what I would expect. Anyone encountered this bug?

Hi all. I’m using Pulumi Crosswalk for AWS to build & push a Docker image to ECR. This works fine locally, but fails in GitLab CI (presumably because the

pulumi-nodejs

image I’m using doesn’t contain the docker binary). What’s the best practice for dealing with this setup? I’d like to use the

pulumi-nodejs

image if possible, so should I manually install docker in the CI script? Or is it better to use the

docker

image and install Pulumi?

Hey there. When I update my launch configuration attached to an EC2 autoscaling group, it causes an update to the auto scaling group. As such, it creates a new launch configuration which creates a new instance and terminates the old instance. However, it doesn't wait for the new instance to be healthy before terminating the old one. Is there a way to make that happen? Many thanks!

Gday folks... Dunno if anyone else is hitting any issues, but overnight my Pulumi in GH Actions was upgraded to 3.18.0, and deployments are randomly failing during

pulumi up

In this particular case, it's around nil pointers in lambda, but i also just had several fails with pushing to ECS which also seemed similar.

hey all! Any guides on how to manage assuming IAM roles for specific accounts in order to

pulumi up

against a specific AWS account (for a specific env)?

Is there a better way than just manually running

aws sts assume-role

and then exporting the key/secret/token before each

pulumi up/apply

?

Hello, is there a way to export ECS Fargate container's public IP?

Hello good people, I've created an EKS cluster using the python package

python-aws

. With one node group, which the minimum of two instances. However , I noted the two instances are hooked at the same sub-net. how do i make sure the instances will be in different sub-nets?

follows the code snippet with the node definition that I used:

from pulumi import ResourceOptions
from pulumi_aws import eks

cluster = eks.Cluster("cluster-dev",
                       role_arn=cluster_role.arn,
                       vpc_config=cluster_vpc_config,
                       version="1.20",
                       tags={"Name": "cluster-dev"},
                       opts=ResourceOptions(depends_on=cluster_subnets))

eks.NodeGroup("my-node",
              capacity_type="SPOT",
              cluster_name=cluster.name,
              node_role_arn=node_role.arn,
              subnet_ids=[public_subnet_a.id,
                          public_subnet_b.id],
              scaling_config=eks.NodeGroupScalingConfigArgs(
                  desired_size=2,
                  max_size=4,
                  min_size=2),
              tags={"Name": "my-node"},
              opts=ResourceOptions(parent=cluster))

Hello everyone! I am struggling to create a serverless fargate eks cluster on AWS through pulumi. After the creation of eks cluster through pulumi, I am trying to create fargateprofile for eks cluster but it says that fargateprofile component is not supported. Any guide on how to resolve this.

When creating an Ingress on EKS via the kubernetes-pulumi sdk, is it possible to get the resulting endpoint of the loadbalancer? I am hoping to use this to automatically update a DNS record on Route53 within the same project

is the only way to specify default credentials for the AWS provider to use env vars or

.aws/credentials

?

no way to programmatically do this?

Hi everyone. I want to create a secret in the AWS system manager, and also add a few key/value items. Does creating a custom resource that creates the Secret itself and then uses the AWS SDK to add the items, sound logical? thx

Hey team. Having a problem deleting a security group that was built with Cloudformation - I've deleted the CF stack with the SG deletion policy set as "retain". I've imported the SG in Pulumi and have now done an operation that requires a replacement of the SG. "Pulumi up" now fails and timesouts with no reason. When I try and delete the SG manually via console I get an error as attached. I would have thought that Pulumi should handle this gracefully and provide AWS API error?

Is there any support for opensearch outside of the AWS Native Provider? This is the only documentation I have found so far https://www.pulumi.com/registry/packages/aws-native/api-docs/opensearchservice/domain/

Just to make sure I'm not missing something, am I correct in my reading here that the S3 native provider doesn't support configuring a bucket policy (yet)? https://www.pulumi.com/registry/packages/aws-native/api-docs/s3/bucket/

Hi All, if I’m running a Pulumi build from a dedicated ci-cd account, and the build machine assumes an admin role in my target account, is there a way for me to resolve the target account ID in code? In this situation

pulumi_aws.get_caller_identity().account_id

seems to return the ci-cd account.

Hello! Docs say that

aws.ec2.getInstance

should take an

instanceId

argument