pulumi-community #aws

Docs

Join the conversation Join Slack

aws

high-holiday-63390

11/24/2021, 10:45 AM

Nevermind - I was not passing the arguments in an object form

bulky-painting-12886

11/24/2021, 12:44 PM

hello good people, I've stumbled on that cloudfront-certificate-must-be-in-us issue. Basically, my infrastructure is in europe

eu-central-1

, and I need to attach a certificate to cloudfront, which requires the certificate to be in

us-east-1

. I've solved this issue creating a dedicate stack for it and exporting the certificate's arn. But I wonder if it is the recommended way . Wonder if I can programmatically (and without many hacks) create the certificate in us while my stack is in europe.

sparse-gold-10561

11/24/2021, 2:45 PM

Trying to setup a Simple Autoscaling Policy for aws.autoscaling.Policy.. Is the name parameter listed here the alarm name that triggers the autoscaling? It is not clear what

The name of the dimension.

is or what the the trigger value should be https://www.pulumi.com/registry/packages/aws/api-docs/autoscaling/policy/#name_python Does anyone know what the correct parameters should be?

many-salesmen-89069

11/24/2021, 4:25 PM

Hi, I’m looking for best practices on using Pulumi on dev machines with temporary AWS credentials (specifically, I’m using temp credentials via aws ccli sso login). Any pointers would be appreciated 🙏

numerous-printer-41511

11/24/2021, 6:21 PM

Pulumi importing an IAM role does not import any of it’s policy attachments. Is there any way around this?

cool-tailor-89931

11/25/2021, 8:16 AM

Hi all, how do you debug “ResourceNotReady: exceeded wait attempts” ? I have created a trail and can see the retries but not much more, I have tried adding resources I think is missing but I am in the dark on what is the actual problem. It happens when changing “ECS” to “CODE_DEPLOY” in a Fargate deploymentController. Changing it back resolves the problem.

brave-nightfall-19158

11/25/2021, 10:31 AM

Hey team! I'm struggling a bit with setting up ClientVPN as with AWS you specify the security groups and associated VPC but there are no options for that in aws.ec2clientvpn.endpoint. Does anybody know where that configuration is?

high-holiday-63390

11/25/2021, 11:23 AM

Hello. I am using the following code to setup an AWS Elastic Beanstalk environment which creates some EC2 instances. Those may not be immediately available, and I have other resources that need an instance ID. How can I make this work so the script completes even if the instances are not available yet?

high-holiday-63390

11/25/2021, 11:23 AM

const environment = new aws.elasticbeanstalk.Environment(appName, {
        name: appName,
        application: application.name,
        solutionStackName: solutionStack.name,
        settings: devSettings,
    })

    const instance = aws.ec2.getInstance({
        instanceId: environment.instances[0]
    }).then(instance => instance.privateDns)

high-holiday-63390

11/25/2021, 11:23 AM

This second block will fail if the instances are not ready yet.

brainy-window-77332

11/25/2021, 11:47 AM

Hi I'm struggling using a s3 bucket to store the pulumi stack

brainy-window-77332

11/25/2021, 11:47 AM

aws s3api create-bucket --bucket paulcarlton-pulumi-bucket --region eu-west-2 --create-bucket-configuration LocationConstraint=eu-west-2

"Location": "<http://paulcarlton-pulumi-bucket.s3.amazonaws.com/>"

(venv) *paulc@paulc*:*~/go/src/github.com/githubcustomers/Apple-ACI-AWSInfra/ghes-cluster*$ pulumi --non-interactive login <s3://ghe-cluster/paulcarlton-pulumi-bucket>

Logged in to paulc.local as paulc (<s3://ghe-cluster/paulcarlton-pulumi-bucket>)

(venv) *paulc@paulc*:*~/go/src/github.com/githubcustomers/Apple-ACI-AWSInfra/ghes-cluster*$ pulumi --non-interactive stack select -c paulcarlton

error: failed to load checkpoint: blob (key ".pulumi/stacks/paulcarlton.json") (code=Unknown): BucketRegionError: incorrect region, the bucket is not in 'eu-west-2' region at endpoint ''

status code: 301, request id: , host id:

high-holiday-63390

11/25/2021, 11:51 AM

@brainy-window-77332 try removing the

ghe-cluster

prefix from the bucket name

🤦‍♂️ 1

brainy-window-77332

11/25/2021, 11:57 AM

Thanks @high-holiday-63390

thankful-father-68341

11/26/2021, 4:29 AM

Hi Guys - has anybody configured the CodeDEploy Role on AWS using Pulumi - Can u please help how I can set the policy for AmazonEC2RoleforAWSCodeDeploy and AmazonEC2FullAccess, AWSCodeDeployFullAccess, AdministratorAccess, AWSCodeDeployRole managed polocies??? I am trying to create roles

thankful-father-68341

11/26/2021, 5:05 AM

IGNORE guys, I got it working

brave-nightfall-19158

11/26/2021, 1:17 PM

hey all, qq - if I am using the same account but a different region, e.g. I have a certificate in a different region, do I need to instantiate a whole new provider just to use a different region?

thankful-father-68341

11/28/2021, 6:24 AM

https://abvijaykumar.medium.com/platform-engineering-with-pulumi-episode-1-building-the-aws-landing-zone-with-pulumi-67b559523c78

wide-whale-78548

11/28/2021, 5:58 PM

Hi everyone, Does anyone know if it is possible to manually tag an image before pushing to ECR? Something like this for instance, but unfortunately the

tag

option does not exist in

buildAndPushImage

method:

const repo = new awsx.ecr.Repository(....);       

        const img = repo.buildAndPushImage( {
            context: "path/to/app",
            tag: "some-app/v.some-version",
        });

When I check the command it generates, it adds an auto generated tag, so then I cannot overwrite it even using

extraOptions

if I use

DockerBuild

in it. I want to use the hash value of a folder as the value of the tag, so then I can check if anything in it that folder has actually changed before building a new image and pushing it again to ECR and then making ECS to go through it’s lengthy life-cycle even for non relevant pushes 😄 I can build the Docker image locally in the pipeline and push the image, but I’m looking for a way to do it all in Pulumi, also without having to manually provide repository details/credentials using

docker.Image(…)

🤔

bored-bird-56147

11/29/2021, 6:10 AM

Hi, I am using Pulumi AWS WAFv2 in our setup. (Pulumi v3.18.1 on macbook pro) I am able to create a WebACL with rules in it, however after creating one, whenever I try to run ‘pulumi up’ (with no changes made), I am consistently seeing the same differences (with rules) shown and asks me to update. Ideally, there should be NO updates. (I don’t see this happen with other Pulumi AWS features). I was wondering if anyone has seen this issue, and how did you resolve it. I see this behavior with the example given in the doc (https://www.pulumi.com/registry/packages/aws/api-docs/wafv2/webacl/#example-usage) Here’s a snap from my terminal runs of ‘pulumi up’

#1. Creating the WebAcl with a single rule

Previewing update (my-test):
     Type                 Name            Plan
 +   pulumi:pulumi:Stack  test-my-test  create
 +   └─ aws:wafv2:WebAcl  example         create

Resources:
    + 2 to create

Do you want to perform this update? details
+ pulumi:pulumi:Stack: (create)
    [urn=urn:pulumi:my-test::test::pulumi:pulumi:Stack::test-my-test]
    + aws:wafv2/webAcl:WebAcl: (create)
        [urn=urn:pulumi:my-test::test::aws:wafv2/webAcl:WebAcl::example]
        [provider=urn:pulumi:my-test::test::pulumi:providers:aws::default_4_14_0::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
        defaultAction   : {
            block     : {
            }
        }
        description     : "Example of a rate based statement."
        name            : "example-3d63aac"
        rules           : [
            [0]: {
                action          : {
                    count     : {
                    }
                }
                name            : "rule-1"
                priority        : 1
                statement       : {
                    rateBasedStatement: {
                        aggregateKeyType  : "IP"
                        limit             : 10000
                        scopeDownStatement: {
                            geoMatchStatement: {
                                countryCodes: [
                                    [0]: "US"
                                    [1]: "NL"
                                ]
                            }
                        }
                    }
                }
                visibilityConfig: {
                    cloudwatchMetricsEnabled: false
                    metricName              : "friendly-rule-metric-name"
                    sampledRequestsEnabled  : false
                }
            }
        ]
        scope           : "REGIONAL"
        tags            : {
            Tag1      : "Value1"
            Tag2      : "Value2"
        }
        visibilityConfig: {
            cloudwatchMetricsEnabled: false
            metricName              : "friendly-metric-name"
            sampledRequestsEnabled  : false
        }

Do you want to perform this update? yes
Updating (my-test):
     Type                 Name            Status
 +   pulumi:pulumi:Stack  test-my-test  created
 +   └─ aws:wafv2:WebAcl  example         created

Resources:
    + 2 created

Duration: 6s

#2. Running pulumi up with NO updates to code

Previewing update (my-test):
     Type                 Name            Plan       Info
     pulumi:pulumi:Stack  test-my-test
 ~   └─ aws:wafv2:WebAcl  example         update     [diff: ~rules]

Resources:
    ~ 1 to update
    1 unchanged

Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:my-test::test::pulumi:pulumi:Stack::test-my-test]
    ~ aws:wafv2/webAcl:WebAcl: (update)
        [id=68b9d3ca-a861-4444-a0dc-f8e1bc1087ab]
        [urn=urn:pulumi:my-test::test::aws:wafv2/webAcl:WebAcl::example]
        [provider=urn:pulumi:my-test::test::pulumi:providers:aws::default_4_14_0::1ccfdc6b-98c8-4b5c-a404-0c2def7f8b96]
      ~ rules: [
          ~ [0]: {
                  + name            : "rule-1"
                  + priority        : 1
                  ~ statement       : {
                      ~ rateBasedStatement: {
                          + aggregateKeyType  : "IP"
                          + limit             : 10000
                          ~ scopeDownStatement: {
                              ~ geoMatchStatement: {
                                  ~ countryCodes: [
                                      + [0]: "US"
                                      + [1]: "NL"
                                    ]
                                }
                            }
                        }
                    }
                  ~ visibilityConfig: {
                      + cloudwatchMetricsEnabled: false
                      + metricName              : "friendly-rule-metric-name"
                      + sampledRequestsEnabled  : false
                    }
                }
        ]

Do you want to perform this update? no
confirmation declined, not proceeding with the update

colossal-boots-62227

11/29/2021, 11:11 AM

Regarding “EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.” (from here) - what solutions or workarounds are people using?

salmon-raincoat-19475

11/29/2021, 12:55 PM

Is there a way with Pulumi to export dynamodb tables to s3 (similar to the aws CLI method

aws dynamodb export-table-to-point-in-time

) ?

microscopic-animal-41955

11/29/2021, 7:37 PM

Hm, is it just me or does pulumi not support m6i instance types? https://github.com/pulumi/pulumi-aws/blob/8cdca73c8c37d91ad9bcdc2e6b616926df730ea2/provider/resources.go#L3170-L3186 I'm surprised, they have been out for a couple months

freezing-umbrella-5483

11/30/2021, 6:34 PM

Is there an in-depth analysis available that compares Pulumi with CDK?

witty-morning-22479

11/30/2021, 6:52 PM

I’m fairly new to working with AWS and as well Pulumi. Currently trying to create a stack and when running

pulumi up

I get the following errors. Any other errors i was receiving previously were fairly easy to figure out but this sorta just started happening today and was not occuring yesterday and has me scratching my head. Feels like theres a possible permission issue / not hitting AWS at all? Any help would be much appreciated.

aws-native:lambda:Function (ads-test-plugin-version-request):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: acf5e848-7707-4f3c-b8e3-e229d791ec10, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
 
  aws-native:lambda:Function (ads-test-core-cms-request):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 11843833-346b-4514-a8a0-23e97f9b615c, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
 
  aws-native:lambda:Function (ads-test-host-floors-request):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 71641273-1da1-4641-9be6-5d588d41d8f2, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
 
  aws-native:lambda:Function (ads-test-site-ads-request):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 049f7e82-b7bf-4500-894c-c8bb3806904b, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
 
  aws-native:lambda:Function (ads-test-site-css-origin-request):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: fd6c1a3a-e49f-41ad-9734-be6c712e2d7d, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
 
  aws-native:lambda:Function (ads-test-site-viewer-request):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 6cfa949b-b296-49a9-9e8f-7bea09a13909, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
 
  aws-native:iam:Role (ads-test-site-origin-request-lambda-role):
    error: operation UPDATE failed with "AccessDenied": User: arn:aws:iam::634658137083:user/dev-cli is not authorized to perform: iam:UpdateAssumeRolePolicy on resource: role ads-test-site-origin-request-lambda-role-ad97022 (Service: Iam, Status Code: 403, Request ID: 7d0d9e7f-d1f9-47fe-8af4-6933f900c77f, Extended Request ID: null)
 
  pulumi:pulumi:Stack (ad-code-infrastructure-test):
    error: update failed
 
  aws-native:lambda:Function (ads-test-plugin-insertion-request):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 5290468a-a418-47ff-a032-e59fb58164d8, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
 
  aws-native:lambda:Function (ads-test-core-esp-request):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: d52a1bcc-1da6-4d6a-ab7a-e5a2174a411c, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
 
  aws-native:lambda:Function (ads-test-core-origin-request):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 3ba1f5fb-f49b-4cd3-90b0-58553f4b41b9, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
 
  aws-native:apigateway:Resource (APIResource):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 546656f4-6bfd-4c82-bb42-486a8f6bcadf, UnsupportedActionException: Resource type AWS::ApiGateway::Resource does not support UPDATE action
 
  aws-native:lambda:Function (ads-test-marmalade-request):
    error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: ba7a2a00-f918-4a18-a2b9-56788556b2da, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code

lemon-television-29125

12/01/2021, 1:14 PM

lemon-television-29125

12/01/2021, 1:27 PM

so, whithout changing anything on my side, this one keep changing:

aws:cloudformation:Stack    xxxxx  update     [diff: ~templateBody]

it look like this issue, https://github.com/hashicorp/terraform-provider-aws/issues/6662

lemon-television-29125

12/01/2021, 1:27 PM

so, every time i do a pulumi up, resources keep updating. does anyone observe similar behaviour

lemon-television-29125

12/01/2021, 2:42 PM

ok, my bad, it’s on my side 🙂

😅 1

tall-beard-99429

12/02/2021, 12:54 PM

How would I set the

create_before_destroy

lifecycle in terraform on the

eks.Cluster

cluster.createNodeGroup

since it causes problems at the moment with the autogenerated Launch Configuration:

error deleting Autoscaling Launch Configuration

Title

tall-beard-99429

12/02/2021, 12:54 PM

How would I set the

create_before_destroy

lifecycle in terraform on the

eks.Cluster

cluster.createNodeGroup

since it causes problems at the moment with the autogenerated Launch Configuration:

error deleting Autoscaling Launch Configuration

View count: 3