https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • h

    high-holiday-63390

    11/24/2021, 10:45 AM
    Nevermind - I was not passing the arguments in an object form
  • b

    bulky-painting-12886

    11/24/2021, 12:44 PM
    hello good people, I've stumbled on that cloudfront-certificate-must-be-in-us issue. Basically, my infrastructure is in europe
    eu-central-1
    , and I need to attach a certificate to cloudfront, which requires the certificate to be in
    us-east-1
    . I've solved this issue creating a dedicate stack for it and exporting the certificate's arn. But I wonder if it is the recommended way . Wonder if I can programmatically (and without many hacks) create the certificate in us while my stack is in europe.
    b
    • 2
    • 2
  • s

    sparse-gold-10561

    11/24/2021, 2:45 PM
    Trying to setup a Simple Autoscaling Policy for aws.autoscaling.Policy.. Is the name parameter listed here the alarm name that triggers the autoscaling? It is not clear what 
    The name of the dimension.
     is or what the the trigger value should be https://www.pulumi.com/registry/packages/aws/api-docs/autoscaling/policy/#name_python Does anyone know what the correct parameters should be?
    a
    • 2
    • 7
  • m

    many-salesmen-89069

    11/24/2021, 4:25 PM
    Hi, I’m looking for best practices on using Pulumi on dev machines with temporary AWS credentials (specifically, I’m using temp credentials via aws ccli sso login). Any pointers would be appreciated 🙏
    r
    l
    • 3
    • 4
  • n

    numerous-printer-41511

    11/24/2021, 6:21 PM
    Pulumi importing an IAM role does not import any of it’s policy attachments. Is there any way around this?
    r
    • 2
    • 1
  • c

    cool-tailor-89931

    11/25/2021, 8:16 AM
    Hi all, how do you debug “ResourceNotReady: exceeded wait attempts” ? I have created a trail and can see the retries but not much more, I have tried adding resources I think is missing but I am in the dark on what is the actual problem. It happens when changing “ECS” to “CODE_DEPLOY” in a Fargate deploymentController. Changing it back resolves the problem.
  • b

    brave-nightfall-19158

    11/25/2021, 10:31 AM
    Hey team! I'm struggling a bit with setting up ClientVPN as with AWS you specify the security groups and associated VPC but there are no options for that in aws.ec2clientvpn.endpoint. Does anybody know where that configuration is?
    l
    • 2
    • 2
  • h

    high-holiday-63390

    11/25/2021, 11:23 AM
    Hello. I am using the following code to setup an AWS Elastic Beanstalk environment which creates some EC2 instances. Those may not be immediately available, and I have other resources that need an instance ID. How can I make this work so the script completes even if the instances are not available yet?
  • h

    high-holiday-63390

    11/25/2021, 11:23 AM
    const environment = new aws.elasticbeanstalk.Environment(appName, {
            name: appName,
            application: application.name,
            solutionStackName: solutionStack.name,
            settings: devSettings,
        })
    
        const instance = aws.ec2.getInstance({
            instanceId: environment.instances[0]
        }).then(instance => instance.privateDns)
    l
    • 2
    • 11
  • h

    high-holiday-63390

    11/25/2021, 11:23 AM
    This second block will fail if the instances are not ready yet.
  • b

    brainy-window-77332

    11/25/2021, 11:47 AM
    Hi I'm struggling using a s3 bucket to store the pulumi stack
  • b

    brainy-window-77332

    11/25/2021, 11:47 AM
    aws s3api create-bucket --bucket paulcarlton-pulumi-bucket --region eu-west-2 --create-bucket-configuration LocationConstraint=eu-west-2
    {
      
    "Location": "<http://paulcarlton-pulumi-bucket.s3.amazonaws.com/>"
    }
    (venv) *paulc@paulc*:*~/go/src/github.com/githubcustomers/Apple-ACI-AWSInfra/ghes-cluster*$ pulumi --non-interactive login <s3://ghe-cluster/paulcarlton-pulumi-bucket>
    Logged in to paulc.local as paulc (<s3://ghe-cluster/paulcarlton-pulumi-bucket>)
    (venv) *paulc@paulc*:*~/go/src/github.com/githubcustomers/Apple-ACI-AWSInfra/ghes-cluster*$ pulumi --non-interactive stack select -c paulcarlton
    error: failed to load checkpoint: blob (key ".pulumi/stacks/paulcarlton.json") (code=Unknown): BucketRegionError: incorrect region, the bucket is not in 'eu-west-2' region at endpoint ''
    status code: 301, request id: , host id:
  • h

    high-holiday-63390

    11/25/2021, 11:51 AM
    @brainy-window-77332 try removing the
    ghe-cluster
    prefix from the bucket name
    🤦‍♂️ 1
  • b

    brainy-window-77332

    11/25/2021, 11:57 AM
    Thanks @high-holiday-63390
  • t

    thankful-father-68341

    11/26/2021, 4:29 AM
    Hi Guys - has anybody configured the CodeDEploy Role on AWS using Pulumi - Can u please help how I can set the policy for AmazonEC2RoleforAWSCodeDeploy and AmazonEC2FullAccess, AWSCodeDeployFullAccess, AdministratorAccess, AWSCodeDeployRole managed polocies??? I am trying to create roles
  • t

    thankful-father-68341

    11/26/2021, 5:05 AM
    IGNORE guys, I got it working
  • b

    brave-nightfall-19158

    11/26/2021, 1:17 PM
    hey all, qq - if I am using the same account but a different region, e.g. I have a certificate in a different region, do I need to instantiate a whole new provider just to use a different region?
    m
    • 2
    • 2
  • t

    thankful-father-68341

    11/28/2021, 6:24 AM
    https://abvijaykumar.medium.com/platform-engineering-with-pulumi-episode-1-building-the-aws-landing-zone-with-pulumi-67b559523c78
  • w

    wide-whale-78548

    11/28/2021, 5:58 PM
    Hi everyone, Does anyone know if it is possible to manually tag an image before pushing to ECR? Something like this for instance, but unfortunately the 
    tag
     option does not exist in 
    buildAndPushImage
     method:
    const repo = new awsx.ecr.Repository(....);       
    
            const img = repo.buildAndPushImage( {
                context: "path/to/app",
                tag: "some-app/v.some-version",
            });
    When I check the command it generates, it adds an auto generated tag, so then I cannot overwrite it even using
    extraOptions
    if I use
    DockerBuild
    in it. I want to use the hash value of a folder as the value of the tag, so then I can check if anything in it that folder has actually changed before building a new image and pushing it again to ECR and then making ECS to go through it’s lengthy life-cycle even for non relevant pushes 😄 I can build the Docker image locally in the pipeline and push the image, but I’m looking for a way to do it all in Pulumi, also without having to manually provide repository details/credentials using
    docker.Image(…)
     🤔
    s
    • 2
    • 6
  • b

    bored-bird-56147

    11/29/2021, 6:10 AM
    Hi, I am using Pulumi AWS WAFv2 in our setup. (Pulumi v3.18.1 on macbook pro) I am able to create a WebACL with rules in it, however after creating one, whenever I try to run ‘pulumi up’ (with no changes made), I am consistently seeing the same differences (with rules) shown and asks me to update. Ideally, there should be NO updates. (I don’t see this happen with other Pulumi AWS features). I was wondering if anyone has seen this issue, and how did you resolve it. I see this behavior with the example given in the doc (https://www.pulumi.com/registry/packages/aws/api-docs/wafv2/webacl/#example-usage) Here’s a snap from my terminal runs of ‘pulumi up’
    #1. Creating the WebAcl with a single rule
    
    Previewing update (my-test):
         Type                 Name            Plan
     +   pulumi:pulumi:Stack  test-my-test  create
     +   └─ aws:wafv2:WebAcl  example         create
    
    Resources:
        + 2 to create
    
    Do you want to perform this update? details
    + pulumi:pulumi:Stack: (create)
        [urn=urn:pulumi:my-test::test::pulumi:pulumi:Stack::test-my-test]
        + aws:wafv2/webAcl:WebAcl: (create)
            [urn=urn:pulumi:my-test::test::aws:wafv2/webAcl:WebAcl::example]
            [provider=urn:pulumi:my-test::test::pulumi:providers:aws::default_4_14_0::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
            defaultAction   : {
                block     : {
                }
            }
            description     : "Example of a rate based statement."
            name            : "example-3d63aac"
            rules           : [
                [0]: {
                    action          : {
                        count     : {
                        }
                    }
                    name            : "rule-1"
                    priority        : 1
                    statement       : {
                        rateBasedStatement: {
                            aggregateKeyType  : "IP"
                            limit             : 10000
                            scopeDownStatement: {
                                geoMatchStatement: {
                                    countryCodes: [
                                        [0]: "US"
                                        [1]: "NL"
                                    ]
                                }
                            }
                        }
                    }
                    visibilityConfig: {
                        cloudwatchMetricsEnabled: false
                        metricName              : "friendly-rule-metric-name"
                        sampledRequestsEnabled  : false
                    }
                }
            ]
            scope           : "REGIONAL"
            tags            : {
                Tag1      : "Value1"
                Tag2      : "Value2"
            }
            visibilityConfig: {
                cloudwatchMetricsEnabled: false
                metricName              : "friendly-metric-name"
                sampledRequestsEnabled  : false
            }
    
    Do you want to perform this update? yes
    Updating (my-test):
         Type                 Name            Status
     +   pulumi:pulumi:Stack  test-my-test  created
     +   └─ aws:wafv2:WebAcl  example         created
    
    Resources:
        + 2 created
    
    Duration: 6s
    #2. Running pulumi up with NO updates to code
    
    Previewing update (my-test):
         Type                 Name            Plan       Info
         pulumi:pulumi:Stack  test-my-test
     ~   └─ aws:wafv2:WebAcl  example         update     [diff: ~rules]
    
    Resources:
        ~ 1 to update
        1 unchanged
    
    Do you want to perform this update? details
      pulumi:pulumi:Stack: (same)
        [urn=urn:pulumi:my-test::test::pulumi:pulumi:Stack::test-my-test]
        ~ aws:wafv2/webAcl:WebAcl: (update)
            [id=68b9d3ca-a861-4444-a0dc-f8e1bc1087ab]
            [urn=urn:pulumi:my-test::test::aws:wafv2/webAcl:WebAcl::example]
            [provider=urn:pulumi:my-test::test::pulumi:providers:aws::default_4_14_0::1ccfdc6b-98c8-4b5c-a404-0c2def7f8b96]
          ~ rules: [
              ~ [0]: {
                      + name            : "rule-1"
                      + priority        : 1
                      ~ statement       : {
                          ~ rateBasedStatement: {
                              + aggregateKeyType  : "IP"
                              + limit             : 10000
                              ~ scopeDownStatement: {
                                  ~ geoMatchStatement: {
                                      ~ countryCodes: [
                                          + [0]: "US"
                                          + [1]: "NL"
                                        ]
                                    }
                                }
                            }
                        }
                      ~ visibilityConfig: {
                          + cloudwatchMetricsEnabled: false
                          + metricName              : "friendly-rule-metric-name"
                          + sampledRequestsEnabled  : false
                        }
                    }
            ]
    
    Do you want to perform this update? no
    confirmation declined, not proceeding with the update
  • c

    colossal-boots-62227

    11/29/2021, 11:11 AM
    Regarding “EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.” (from here) - what solutions or workarounds are people using?
  • s

    salmon-raincoat-19475

    11/29/2021, 12:55 PM
    Is there a way with Pulumi to export dynamodb tables to s3 (similar to the aws CLI method
    aws dynamodb export-table-to-point-in-time
    ) ?
    b
    b
    • 3
    • 12
  • m

    microscopic-animal-41955

    11/29/2021, 7:37 PM
    Hm, is it just me or does pulumi not support m6i instance types? https://github.com/pulumi/pulumi-aws/blob/8cdca73c8c37d91ad9bcdc2e6b616926df730ea2/provider/resources.go#L3170-L3186 I'm surprised, they have been out for a couple months
    r
    • 2
    • 14
  • f

    freezing-umbrella-5483

    11/30/2021, 6:34 PM
    Is there an in-depth analysis available that compares Pulumi with CDK?
    b
    g
    • 3
    • 19
  • w

    witty-morning-22479

    11/30/2021, 6:52 PM
    I’m fairly new to working with AWS and as well Pulumi. Currently trying to create a stack and when running
    pulumi up
    I get the following errors. Any other errors i was receiving previously were fairly easy to figure out but this sorta just started happening today and was not occuring yesterday and has me scratching my head. Feels like theres a possible permission issue / not hitting AWS at all? Any help would be much appreciated.
    aws-native:lambda:Function (ads-test-plugin-version-request):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: acf5e848-7707-4f3c-b8e3-e229d791ec10, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
     
      aws-native:lambda:Function (ads-test-core-cms-request):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 11843833-346b-4514-a8a0-23e97f9b615c, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
     
      aws-native:lambda:Function (ads-test-host-floors-request):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 71641273-1da1-4641-9be6-5d588d41d8f2, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
     
      aws-native:lambda:Function (ads-test-site-ads-request):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 049f7e82-b7bf-4500-894c-c8bb3806904b, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
     
      aws-native:lambda:Function (ads-test-site-css-origin-request):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: fd6c1a3a-e49f-41ad-9734-be6c712e2d7d, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
     
      aws-native:lambda:Function (ads-test-site-viewer-request):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 6cfa949b-b296-49a9-9e8f-7bea09a13909, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
     
      aws-native:iam:Role (ads-test-site-origin-request-lambda-role):
        error: operation UPDATE failed with "AccessDenied": User: arn:aws:iam::634658137083:user/dev-cli is not authorized to perform: iam:UpdateAssumeRolePolicy on resource: role ads-test-site-origin-request-lambda-role-ad97022 (Service: Iam, Status Code: 403, Request ID: 7d0d9e7f-d1f9-47fe-8af4-6933f900c77f, Extended Request ID: null)
     
      pulumi:pulumi:Stack (ad-code-infrastructure-test):
        error: update failed
     
      aws-native:lambda:Function (ads-test-plugin-insertion-request):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 5290468a-a418-47ff-a032-e59fb58164d8, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
     
      aws-native:lambda:Function (ads-test-core-esp-request):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: d52a1bcc-1da6-4d6a-ab7a-e5a2174a411c, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
     
      aws-native:lambda:Function (ads-test-core-origin-request):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 3ba1f5fb-f49b-4cd3-90b0-58553f4b41b9, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
     
      aws-native:apigateway:Resource (APIResource):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 546656f4-6bfd-4c82-bb42-486a8f6bcadf, UnsupportedActionException: Resource type AWS::ApiGateway::Resource does not support UPDATE action
     
      aws-native:lambda:Function (ads-test-marmalade-request):
        error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: ba7a2a00-f918-4a18-a2b9-56788556b2da, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code
    b
    • 2
    • 4
  • l

    lemon-television-29125

    12/01/2021, 1:14 PM
    o/
  • l

    lemon-television-29125

    12/01/2021, 1:27 PM
    so, whithout changing anything on my side, this one keep changing:
    aws:cloudformation:Stack    xxxxx  update     [diff: ~templateBody]
    it look like this issue, https://github.com/hashicorp/terraform-provider-aws/issues/6662
  • l

    lemon-television-29125

    12/01/2021, 1:27 PM
    so, every time i do a pulumi up, resources keep updating. does anyone observe similar behaviour
  • l

    lemon-television-29125

    12/01/2021, 2:42 PM
    ok, my bad, it’s on my side 🙂
    😅 1
  • t

    tall-beard-99429

    12/02/2021, 12:54 PM
    How would I set the
    create_before_destroy
    lifecycle in terraform on the
    eks.Cluster
    cluster.createNodeGroup
    since it causes problems at the moment with the autogenerated Launch Configuration:
    error deleting Autoscaling Launch Configuration
Powered by Linen
Title
t

tall-beard-99429

12/02/2021, 12:54 PM
How would I set the
create_before_destroy
lifecycle in terraform on the
eks.Cluster
cluster.createNodeGroup
since it causes problems at the moment with the autogenerated Launch Configuration:
error deleting Autoscaling Launch Configuration
View count: 3