Channels
#aws
- h
high-holiday-63390
11/24/2021, 10:45 AMNevermind - I was not passing the arguments in an object form - b
bulky-painting-12886
11/24/2021, 12:44 PMhello good people, I've stumbled on that cloudfront-certificate-must-be-in-us issue. Basically, my infrastructure is in europe
, and I need to attach a certificate to cloudfront, which requires the certificate to be ineu-central-1
. I've solved this issue creating a dedicate stack for it and exporting the certificate's arn. But I wonder if it is the recommended way . Wonder if I can programmatically (and without many hacks) create the certificate in us while my stack is in europe.us-east-1b- 2
- 2
- s
sparse-gold-10561
11/24/2021, 2:45 PMTrying to setup a Simple Autoscaling Policy for aws.autoscaling.Policy.. Is the name parameter listed here the alarm name that triggers the autoscaling? It is not clear what
is or what the the trigger value should be https://www.pulumi.com/registry/packages/aws/api-docs/autoscaling/policy/#name_python Does anyone know what the correct parameters should be?The name of the dimension.a- 2
- 7
- m
many-salesmen-89069
11/24/2021, 4:25 PMHi, I’m looking for best practices on using Pulumi on dev machines with temporary AWS credentials (specifically, I’m using temp credentials via aws ccli sso login). Any pointers would be appreciated 🙏rl- 3
- 4
- n
numerous-printer-41511
11/24/2021, 6:21 PMPulumi importing an IAM role does not import any of it’s policy attachments. Is there any way around this?r- 2
- 1
- c
cool-tailor-89931
11/25/2021, 8:16 AMHi all, how do you debug “ResourceNotReady: exceeded wait attempts” ? I have created a trail and can see the retries but not much more, I have tried adding resources I think is missing but I am in the dark on what is the actual problem. It happens when changing “ECS” to “CODE_DEPLOY” in a Fargate deploymentController. Changing it back resolves the problem. - b
brave-nightfall-19158
11/25/2021, 10:31 AMHey team! I'm struggling a bit with setting up ClientVPN as with AWS you specify the security groups and associated VPC but there are no options for that in aws.ec2clientvpn.endpoint. Does anybody know where that configuration is?l- 2
- 2
- h
high-holiday-63390
11/25/2021, 11:23 AMHello. I am using the following code to setup an AWS Elastic Beanstalk environment which creates some EC2 instances. Those may not be immediately available, and I have other resources that need an instance ID. How can I make this work so the script completes even if the instances are not available yet? - h
high-holiday-63390
11/25/2021, 11:23 AMCopy codeconst environment = new aws.elasticbeanstalk.Environment(appName, { name: appName, application: application.name, solutionStackName: solutionStack.name, settings: devSettings, }) const instance = aws.ec2.getInstance({ instanceId: environment.instances[0] }).then(instance => instance.privateDns)l- 2
- 11
- h
high-holiday-63390
11/25/2021, 11:23 AMThis second block will fail if the instances are not ready yet. - b
brainy-window-77332
11/25/2021, 11:47 AMHi I'm struggling using a s3 bucket to store the pulumi stack - b
brainy-window-77332
11/25/2021, 11:47 AMaws s3api create-bucket --bucket paulcarlton-pulumi-bucket --region eu-west-2 --create-bucket-configuration LocationConstraint=eu-west-2{"Location": "<http://paulcarlton-pulumi-bucket.s3.amazonaws.com/>"}(venv) *paulc@paulc*:*~/go/src/github.com/githubcustomers/Apple-ACI-AWSInfra/ghes-cluster*$ pulumi --non-interactive login <s3://ghe-cluster/paulcarlton-pulumi-bucket>Logged in to paulc.local as paulc (<s3://ghe-cluster/paulcarlton-pulumi-bucket>)(venv) *paulc@paulc*:*~/go/src/github.com/githubcustomers/Apple-ACI-AWSInfra/ghes-cluster*$ pulumi --non-interactive stack select -c paulcarltonerror: failed to load checkpoint: blob (key ".pulumi/stacks/paulcarlton.json") (code=Unknown): BucketRegionError: incorrect region, the bucket is not in 'eu-west-2' region at endpoint ''status code: 301, request id: , host id: - h
high-holiday-63390
11/25/2021, 11:51 AM@brainy-window-77332 try removing the
prefix from the bucket nameghe-cluster🤦♂️ 1 - b
brainy-window-77332
11/25/2021, 11:57 AMThanks @high-holiday-63390 - t
thankful-father-68341
11/26/2021, 4:29 AMHi Guys - has anybody configured the CodeDEploy Role on AWS using Pulumi - Can u please help how I can set the policy for AmazonEC2RoleforAWSCodeDeploy and AmazonEC2FullAccess, AWSCodeDeployFullAccess, AdministratorAccess, AWSCodeDeployRole managed polocies??? I am trying to create roles - t
thankful-father-68341
11/26/2021, 5:05 AMIGNORE guys, I got it working - b
brave-nightfall-19158
11/26/2021, 1:17 PMhey all, qq - if I am using the same account but a different region, e.g. I have a certificate in a different region, do I need to instantiate a whole new provider just to use a different region?m- 2
- 2
- t
thankful-father-68341
11/28/2021, 6:24 AM - w
wide-whale-78548
11/28/2021, 5:58 PMHi everyone, Does anyone know if it is possible to manually tag an image before pushing to ECR? Something like this for instance, but unfortunately the
option does not exist intag
method:buildAndPushImageCopy code
When I check the command it generates, it adds an auto generated tag, so then I cannot overwrite it even usingconst repo = new awsx.ecr.Repository(....); const img = repo.buildAndPushImage( { context: "path/to/app", tag: "some-app/v.some-version", });
if I useextraOptions
in it. I want to use the hash value of a folder as the value of the tag, so then I can check if anything in it that folder has actually changed before building a new image and pushing it again to ECR and then making ECS to go through it’s lengthy life-cycle even for non relevant pushes 😄 I can build the Docker image locally in the pipeline and push the image, but I’m looking for a way to do it all in Pulumi, also without having to manually provide repository details/credentials usingDockerBuild
🤔docker.Image(…)s- 2
- 6
- b
bored-bird-56147
11/29/2021, 6:10 AMHi, I am using Pulumi AWS WAFv2 in our setup. (Pulumi v3.18.1 on macbook pro) I am able to create a WebACL with rules in it, however after creating one, whenever I try to run ‘pulumi up’ (with no changes made), I am consistently seeing the same differences (with rules) shown and asks me to update. Ideally, there should be NO updates. (I don’t see this happen with other Pulumi AWS features). I was wondering if anyone has seen this issue, and how did you resolve it. I see this behavior with the example given in the doc (https://www.pulumi.com/registry/packages/aws/api-docs/wafv2/webacl/#example-usage) Here’s a snap from my terminal runs of ‘pulumi up’Copy code#1. Creating the WebAcl with a single rule Previewing update (my-test): Type Name Plan + pulumi:pulumi:Stack test-my-test create + └─ aws:wafv2:WebAcl example create Resources: + 2 to create Do you want to perform this update? details + pulumi:pulumi:Stack: (create) [urn=urn:pulumi:my-test::test::pulumi:pulumi:Stack::test-my-test] + aws:wafv2/webAcl:WebAcl: (create) [urn=urn:pulumi:my-test::test::aws:wafv2/webAcl:WebAcl::example] [provider=urn:pulumi:my-test::test::pulumi:providers:aws::default_4_14_0::04da6b54-80e4-46f7-96ec-b56ff0331ba9] defaultAction : { block : { } } description : "Example of a rate based statement." name : "example-3d63aac" rules : [ [0]: { action : { count : { } } name : "rule-1" priority : 1 statement : { rateBasedStatement: { aggregateKeyType : "IP" limit : 10000 scopeDownStatement: { geoMatchStatement: { countryCodes: [ [0]: "US" [1]: "NL" ] } } } } visibilityConfig: { cloudwatchMetricsEnabled: false metricName : "friendly-rule-metric-name" sampledRequestsEnabled : false } } ] scope : "REGIONAL" tags : { Tag1 : "Value1" Tag2 : "Value2" } visibilityConfig: { cloudwatchMetricsEnabled: false metricName : "friendly-metric-name" sampledRequestsEnabled : false } Do you want to perform this update? yes Updating (my-test): Type Name Status + pulumi:pulumi:Stack test-my-test created + └─ aws:wafv2:WebAcl example created Resources: + 2 created Duration: 6sCopy code#2. Running pulumi up with NO updates to code Previewing update (my-test): Type Name Plan Info pulumi:pulumi:Stack test-my-test ~ └─ aws:wafv2:WebAcl example update [diff: ~rules] Resources: ~ 1 to update 1 unchanged Do you want to perform this update? details pulumi:pulumi:Stack: (same) [urn=urn:pulumi:my-test::test::pulumi:pulumi:Stack::test-my-test] ~ aws:wafv2/webAcl:WebAcl: (update) [id=68b9d3ca-a861-4444-a0dc-f8e1bc1087ab] [urn=urn:pulumi:my-test::test::aws:wafv2/webAcl:WebAcl::example] [provider=urn:pulumi:my-test::test::pulumi:providers:aws::default_4_14_0::1ccfdc6b-98c8-4b5c-a404-0c2def7f8b96] ~ rules: [ ~ [0]: { + name : "rule-1" + priority : 1 ~ statement : { ~ rateBasedStatement: { + aggregateKeyType : "IP" + limit : 10000 ~ scopeDownStatement: { ~ geoMatchStatement: { ~ countryCodes: [ + [0]: "US" + [1]: "NL" ] } } } } ~ visibilityConfig: { + cloudwatchMetricsEnabled: false + metricName : "friendly-rule-metric-name" + sampledRequestsEnabled : false } } ] Do you want to perform this update? no confirmation declined, not proceeding with the update - c
colossal-boots-62227
11/29/2021, 11:11 AMRegarding “EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.” (from here) - what solutions or workarounds are people using? - s
salmon-raincoat-19475
11/29/2021, 12:55 PMIs there a way with Pulumi to export dynamodb tables to s3 (similar to the aws CLI method
) ?aws dynamodb export-table-to-point-in-timebb- 3
- 12
- m
microscopic-animal-41955
11/29/2021, 7:37 PMHm, is it just me or does pulumi not support m6i instance types? https://github.com/pulumi/pulumi-aws/blob/8cdca73c8c37d91ad9bcdc2e6b616926df730ea2/provider/resources.go#L3170-L3186 I'm surprised, they have been out for a couple monthsr- 2
- 14
- f
freezing-umbrella-5483
11/30/2021, 6:34 PMIs there an in-depth analysis available that compares Pulumi with CDK?bg- 3
- 19
- w
witty-morning-22479
11/30/2021, 6:52 PMI’m fairly new to working with AWS and as well Pulumi. Currently trying to create a stack and when running
I get the following errors. Any other errors i was receiving previously were fairly easy to figure out but this sorta just started happening today and was not occuring yesterday and has me scratching my head. Feels like theres a possible permission issue / not hitting AWS at all? Any help would be much appreciated.pulumi upCopy codeaws-native:lambda:Function (ads-test-plugin-version-request): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: acf5e848-7707-4f3c-b8e3-e229d791ec10, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code aws-native:lambda:Function (ads-test-core-cms-request): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 11843833-346b-4514-a8a0-23e97f9b615c, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code aws-native:lambda:Function (ads-test-host-floors-request): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 71641273-1da1-4641-9be6-5d588d41d8f2, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code aws-native:lambda:Function (ads-test-site-ads-request): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 049f7e82-b7bf-4500-894c-c8bb3806904b, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code aws-native:lambda:Function (ads-test-site-css-origin-request): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: fd6c1a3a-e49f-41ad-9734-be6c712e2d7d, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code aws-native:lambda:Function (ads-test-site-viewer-request): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 6cfa949b-b296-49a9-9e8f-7bea09a13909, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code aws-native:iam:Role (ads-test-site-origin-request-lambda-role): error: operation UPDATE failed with "AccessDenied": User: arn:aws:iam::634658137083:user/dev-cli is not authorized to perform: iam:UpdateAssumeRolePolicy on resource: role ads-test-site-origin-request-lambda-role-ad97022 (Service: Iam, Status Code: 403, Request ID: 7d0d9e7f-d1f9-47fe-8af4-6933f900c77f, Extended Request ID: null) pulumi:pulumi:Stack (ad-code-infrastructure-test): error: update failed aws-native:lambda:Function (ads-test-plugin-insertion-request): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 5290468a-a418-47ff-a032-e59fb58164d8, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code aws-native:lambda:Function (ads-test-core-esp-request): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: d52a1bcc-1da6-4d6a-ab7a-e5a2174a411c, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code aws-native:lambda:Function (ads-test-core-origin-request): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 3ba1f5fb-f49b-4cd3-90b0-58553f4b41b9, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Code aws-native:apigateway:Resource (APIResource): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 546656f4-6bfd-4c82-bb42-486a8f6bcadf, UnsupportedActionException: Resource type AWS::ApiGateway::Resource does not support UPDATE action aws-native:lambda:Function (ads-test-marmalade-request): error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: ba7a2a00-f918-4a18-a2b9-56788556b2da, api error ValidationException: [REPLACE Operation] noSuchPath in source, path provided : //Codeb- 2
- 4
- l
lemon-television-29125
12/01/2021, 1:14 PMo/ - l
lemon-television-29125
12/01/2021, 1:27 PMso, whithout changing anything on my side, this one keep changing:Copy code
it look like this issue, https://github.com/hashicorp/terraform-provider-aws/issues/6662aws:cloudformation:Stack xxxxx update [diff: ~templateBody] - l
lemon-television-29125
12/01/2021, 1:27 PMso, every time i do a pulumi up, resources keep updating. does anyone observe similar behaviour - l
lemon-television-29125
12/01/2021, 2:42 PMok, my bad, it’s on my side 🙂😅 1 - t
tall-beard-99429
12/02/2021, 12:54 PMHow would I set the
lifecycle in terraform on thecreate_before_destroyeks.Cluster
since it causes problems at the moment with the autogenerated Launch Configuration:cluster.createNodeGrouperror deleting Autoscaling Launch Configuration