The solution here: https://github.com/hashicorp/terraform/issues/532 is to use

create_before_destroy

as a flag in the configuration section

When I run

pulumi up

I'm getting issues with getting this error:

error: failed to discover plugin requirements: 'dotnet build -nologo .' exited with non-zero exit code: 1

Here's my verbose log... EDIT: Nvm I figured out I was doing weird stuff with my dependencies.

hey, i asked this question in general channel without feedback. Since it is related to AWS terraform statefile parsing with pulumi. I reposted it here for more feedbacks. Thanks!

Is there a way to improve the usefulness of outputs from

pulumi preview --diff

with regard to IAM policies? It's basically unreadable in default form =\

This is the result just adding one additional service to an allow clause in a single statement =\

Hello, I wanted to try graviton on Fargate, we build our docker images with buildAndPushImage, is there a flag I can't find in the docs to build them in arm64 format ( I assume that's what I need to do at least) on top of launching the tasks with the right flags. thanks

Hi Team - I have a quick question - Is there a way I can access Pulumi state (to get the exact ARNs/Configuration) from my application code? for example when I create a DynamoDB it creates a unique ARN, I need that ARN in my application code - What is hte best practice

Anyone have experience with AWS websockets? I'm trying to follow their demo but using Pulumi and I'm running into an issue: Single character "payload" works fine and gets routed properly to my Lambda; however, multi-character payloads return a 500 error and don't appear to make it to my lambda function. I'm not sure if I'm not translating it properly from serverless template.yaml or not. I'll thread a few images and snippets to help demonstrate / explain.

Hi, I would like to create a vpc with awsx.ec2.Vpc but I would like to create my own subnet's to be able to share RouteTables between some of them. How can I do that?

FYI: us-east-1 is having a bit of a day

Wondering if any folks have ideas about how to achieve the patching / modification of the aws-vpc-cni component when installing EKS. I'm trying to specify a service account / annotation so that it uses IRSA (as per best practise). When specifying

useDefaultVpcCni: false

it still gets installed 😕 Which, OK fine. But then I also can't 'import' it inline and annotate it without manual intervention (once to import without the annotation, then add the annotation, then run

up

again).

I'm trying to upgrade the vpc-cni addon to >= 1.9.0 so I can use the Prefix networking mentioned here https://aws.amazon.com/blogs/containers/amazon-vpc-cni-increases-pods-per-node-limits/ - It seems like eks - 1.21 has 1.10.1 as the default version, but I still end up with 1.7.5 (

aws eks describe-addon-versions --addon-name vpc-cni --kubernetes-version 1.21

) at least outputs v1.10.1, Default: true. Any hints for how to achive this?

one of my roles managed by pulumi is missing a policy, the other roles created by the same code are all fine.

the policy exists in the pulumi state also, but doesnt exist on aws anymore for some reason.

whats the most recommended way to fix it?

actually the policy exist on aws console, just the role-policy attachment is not there

Does Pulumi support AWS managed grafana? don't see it in the API docs or in GH (not even a support / roadmap issue for it?)

Hey folks - I was using pulumi to deploy some lambdas and api gateways but ran into an issue where the

stack.up()

output is now empty. Before i'd get the gateway url when deploying gateway + 2 lambdas. Now when deploying gateway + 4 lambdas i get an empty

Outputs: {}

Any ideas?

hello, I'm trying to create a new EKS cluster with pulumi, this is my code

eks = Cluster(
    'eks-locust',
    vpc_id=vpc.id,
    public_subnet_ids=[subnet.id for subnet in dmz_subnets],
    private_subnet_ids=[subnet.id for subnet in private_subnets],
    cluster_security_group=sg,
    kubernetes_service_ip_address_range='192.168.0.0/16',
    vpc_cni_options=VpcCniOptionsArgs(cni_custom_network_cfg=True),
    node_group_options=ClusterNodeGroupOptionsArgs(
        min_size=2,
        max_size=150,
        node_associate_public_ip_address=False,
        node_security_group=sg),
    provider_credential_opts=KubeconfigOptionsArgs(
        profile_name='671822246166_Admin'),
    tags=common_tags
)

but I keep getting the error

Setting nodeGroupOptions, and any set of singular node group option(s) on the cluster, is mutually exclusive. Choose a single approach.

I read through the source and can't figure out what's conflicting with

node_group_options

, anyone got any ideas what I'm doing wrong? https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cluster.ts#L361-L375

Hi, I got an error when deploying API Gateway

Type                          Name                        Status                  Info                                                                                                                                                                                     
     pulumi:pulumi:Stack           control_api-staging  **failed**              1 error                                                                                                                                                                                  
 -   └─ aws:apigateway:Deployment  control_api          **deleting failed**     1 error                                                                                                                                                                                  
                                                                                                                                                                                                                                                                                
Diagnostics:                                                                                                                                                                                                                                                                    
  aws:apigateway:Deployment (control_api):                                                                                                                                                                                                                               
    error: deleting urn:pulumi:staging::control_api::aws:apigateway:x:API$aws:apigateway/deployment:Deployment::control_api: 1 error occurred:                                                                                                                    
        * error deleting API Gateway Deployment (5ad3rk): BadRequestException: Active stages pointing to this deployment must be moved or deleted                                                                                                                               
                                                                                                                                                                                                                                                                                
  pulumi:pulumi:Stack (control_api-staging):                                                                                                                                                                                                                             
    error: update failed

Has anyone experienced this and knows how to fix it?

Heelo, I created successfully a VPC using const vpc = new awsx.ec2.Vpc.....how I can retrieve the default securitygroup Id..?...thanks

is there an example in the wild of using a resource's .arn output inside of an iam policy? I want to authorize the specific resource by arn rather than Resources: [ "*" ], but everything I try has failed in one way or another (eg getPolicyDocument expects a string rather than an Output<string>)

I created a VPC like this:

new awsx.ec2.Vpc("vpc-dev-1", {
        cidrBlock: "10.0.0.0/16",
        instanceTenancy: "default",
        numberOfAvailabilityZones: 3,
        numberOfNatGateways: 2,
});

I now realize I need some tags on each public and private subnet. Is there a way to easily go back and add those tags to each subnet without destroying and re-creating the entire stack?

Hi - is anyone else seeing issues standing up an EKS cluster via Pulumi/Python? We have code which has worked for months that is suddenly sporadically throwing this error:

details = "Setting nodeGroupOptions, and any set of singular node group option(s) on the cluster, is mutually exclusive. Choose a single approach."

We hit a number of failures on Friday, it began working again this weekend, and is now not working again. Our code in question is here: • https://github.com/nginxinc/kic-reference-architectures/blob/master/pulumi/aws/eks/__main__.py#L61-L65 • https://github.com/nginxinc/kic-reference-architectures/blob/master/pulumi/aws/eks/__main__.py#L73-L83 There is nothing being set outside of the node options that should cause this error (based on the logic in https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cluster.ts#L361-L375). The output looks like this: • https://gist.github.com/qdzlug/931c07928dca1c3ad6097d89227edc16 This issue started following the issues with AWS, but I don’t know if it’s related. This is under Pulumi v3.19.0 and all current versions of the pulumi python modules.

Hey all, I have a question re: ECSx and AutoScaling with a Capacity Provider. The Capacity Provider has no problem Auto Scaling up to my max when the scaling policy demands it. However, the instances that come online do not receive a service task. They remain idle. So far I've tried adjusting my cluster to give it a

defaultCapacityProviderStrategies

with a base of 1 and weight of 100, while adjusting my service definition from a testing

desiredCount

of 1 to no

desiredCount

entry at all. I'm wondering which resource configuration I should be paying attention to. Any insights that may lead me to water are greatly appreciated!

What's the status of crosswalk for AWS? I would like to jump into learning it, but I see that the latest release was 3 months ago, so I want to make sure it's not a legacy feature. How high is it on the priority list? Will it be updated for AWS native? Are there any ETAs for Python? In general, if there is a public roadmap available, it'd be very helpful if someone pointed me to it (I couldn't find one). Thanks in advance.

I've just had an update of an ssoadmin:ManagedPolicyAttachment fail with the error doesn't support update. I'm guessing that the correct fix is to add opt replaceOnChanges: ["*"]. For similar resources, Pulumi has always known when a replace was needed; is that supposed to happen here? Should I raise an issue?

I have

aws_native.ecs.Service

and I added

replaceOnChanges: ["*"]

and the pulumi have been trying to create a replacement Service for more than 30 minutes and nothing is happening.

anybody aware why we get such a behavior (and how we can debug the source)?

++aws:ec2/flowLog:FlowLog: (create-replacement)
                [id=fl-XXX]
                [urn=urn:pulumi:staging::XXX-vpc::XXX:AWS:Network$aws:ec2/vpc:Vpc$aws:ec2/flowLog:FlowLog::stusea1-XXX-vpc-flowlog]
                [provider=urn:pulumi:staging::XXX-vpc::pulumi:providers:aws::default_4_26_0::XXX]
              + iamRoleArn: "arn:aws:iam::XXX:role/stusea1-XXX-vpc-flowlog-role-972cb33"
            +-aws:ec2/flowLog:FlowLog: (replace)
                [id=fl-XXX]
                [urn=urn:pulumi:staging::XXX-vpc::XXX:AWS:Network$aws:ec2/vpc:Vpc$aws:ec2/flowLog:FlowLog::stusea1-XXX-vpc-flowlog]
                [provider=urn:pulumi:staging::XXX-vpc::pulumi:providers:aws::default_4_26_0::XXX]
              + iamRoleArn: "arn:aws:iam::XXX:role/stusea1-XXX-vpc-flowlog-role-972cb33"
            --aws:ec2/flowLog:FlowLog: (delete-replaced)
                [id=fl-XXX]
                [urn=urn:pulumi:staging::XXX-vpc::XXX:AWS:Network$aws:ec2/vpc:Vpc$aws:ec2/flowLog:FlowLog::stusea1-XXX-vpc-flowlog]
                [provider=urn:pulumi:staging::XXX-vpc::pulumi:providers:aws::default_4_26_0::XXX]

seems pulumi wants to replace the ARN (which is the same) and this fails cause the resource already exist this happens on every up

^^^^ for those having the same issue with flowlog, it seems the native provider works correctly, and a quick look at it show they changed a bit the API rewording some args, this is probably why pulumi is passing something which is not registered and it wants to push it again to AWS all the time