https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • f

    full-sugar-56177

    01/11/2022, 8:52 PM
    Is it better to set the AWS IAM Assumed Role as a configuration option or as a new provider inside the program to deploy my resources?
    b
    • 2
    • 1
  • l

    lemon-salesclerk-6224

    01/11/2022, 10:07 PM
    Any ideas why when I pass a name to
    aws.lambda.Function()
    that name gets used exactly when the lambda is spun up, but when I pass a name to
    aws.lambda.CallbackFunction()
    a hash is appended to the end of the name? For example if I pass
    test-callback
    to the callback function, the lambda spun up from the callback function will be something like
    test-callback-9283a32
    g
    • 2
    • 3
  • n

    nice-pharmacist-5320

    01/12/2022, 5:57 AM
    Hello everyone, I have created an EKS cluster and installed ALB controller in it. I have defined an ingress of class
    alb
    which brings up a loadbalancer in AWS with dns name something like
    <http://k8s-kubesyst-octestal-f8d469242e-698581751.ap-south-1.elb.amazonaws.com|k8s-kubesyst-octestal-f8d469242e-698581751.ap-south-1.elb.amazonaws.com>
    const albIngress = new k8s.networking.v1beta1.Ingress(`${projectName}-alb-ingress`, {
        metadata: {
            name: `${projectName}-alb-ingress`,
            namespace: 'kube-system',
            annotations: {
                '<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>': 'alb',
                '<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>': 'internet-facing',
                '<http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type>': 'ip',
            },
        },
        spec: {
            rules: [
                {
                    http: {
                        paths: [
                            {
                                path: '/*',
                                backend: { serviceName: ingressNginxService.metadata.name, servicePort: 80 }
                            }
                        ]
                    }
                }
            ]
        },
    }, { provider: cluster.provider });
    
    const www = new aws.route53.Record("www", {
        zoneId: '<Redacted>',
        name: 'dev-server',
        type: 'A',
        aliases: [{
            name: albIngress.status.loadBalancer.ingress[0].hostname, // <http://k8s-kubesyst-octestal-f8d469242e-698581751.ap-south-1.elb.amazonaws.com|k8s-kubesyst-octestal-f8d469242e-698581751.ap-south-1.elb.amazonaws.com>
            zoneId: exampleZone.zoneId, // <---------------------------------- how do i get the zone id?
            evaluateTargetHealth: true,
        }],
    });
    The problem is when creating a route53 record for this loadbalancer, i need a
    zoneId
    , where do i get it from? Any help is appreciated
    b
    b
    p
    • 4
    • 17
  • m

    magnificent-lifeguard-15082

    01/12/2022, 9:41 PM
    Is there any way to signal to pulumi that all resources of a certain type, or with a shared parent, should be deleted before others created? Wonder if this is non computable in terms of dependencies. The problem I have is re-naming an ApiGateway Route, where the newly named resource clashes because the old one is not yet deleted. Naming ofc doesn't change too often but it's a nice problem to solve at the platform level if possible for more "throw away and change things quickly" dev environments.
    b
    m
    • 3
    • 3
  • c

    colossal-boots-62227

    01/13/2022, 8:34 AM
    Is it possible to specify a
    serial-number
    and
    token-code
    when assuming a role in the AWS Classic provider? It does not appear so from the Pulumi AWS installation-configuration and provider documentation. This is to allow using YubiKey MFA to assume more privileged role as described in this AWS tutorial.
    b
    • 2
    • 5
  • m

    magnificent-lifeguard-15082

    01/13/2022, 3:44 PM
    Has anyone had any issues with
    sourceHash
    on
    s3.BucketObject
    ? Is pulumi overriding it with the
    FileArchive
    source
    reference? The path (ie. the .zip) I pass is not deterministic so this is a little bit of an issue.
  • s

    swift-ambulance-7102

    01/14/2022, 7:43 PM
    Trying to add the default tags to my IAC here, but its not applying tags and I am not sure what I am missing here.
    b
    • 2
    • 5
  • f

    fast-river-57630

    01/14/2022, 8:29 PM
    Fighting to adapt an existing aws.ec2.Vpc to awsx.ecs.Cluster. I built the compatible object via
    new awsx.ec2.Vpc('...', {vpc})
    . (ExistingVpcArgs) but the cluster won't provision because the subnets I've configured arent part of the compatible vpc (awsx) object. Oh I can probably use ExistingVpcIdArgs and pass it my existing privateSubnetIds/publicSubnetIds.
    • 1
    • 1
  • r

    ripe-shampoo-80285

    01/14/2022, 10:36 PM
    Anybody knows how can I disable s3 ACL? I'm using Golang. There is a func s3.NewBucketOwnershipControls that I can use to change ownership control: &s3.BucketOwnershipControlsArgs{ Bucket: bucket.ID(), Rule: &s3.BucketOwnershipControlsRuleArgs{ ObjectOwnership: pulumi.String("BucketOwnerPreferred"), }, } But there doesn't like there is a way that I can disable ACL with this function. By default, the ACL is enabled when Bucket is created.
  • r

    ripe-shampoo-80285

    01/14/2022, 10:36 PM
    Thanks for any help.
  • r

    ripe-shampoo-80285

    01/14/2022, 11:18 PM
    Looks like setting the ObjectOwnership to BucketOwnerEnforced will do the trick, but Pulumi doesn't seem to support that.
  • r

    ripe-shampoo-80285

    01/14/2022, 11:18 PM
    Untitled.txt
  • r

    ripe-shampoo-80285

    01/14/2022, 11:30 PM
    I created a ticket for the issue: https://github.com/pulumi/pulumi/issues/8763
  • s

    swift-ambulance-7102

    01/15/2022, 8:59 PM
    Kinda curious what others are doing but I am wondering how much you guys are using the conf file for your environments? I have a bunch of stuff in my conf file for each environment and I am thinking about pulling some of it back into the main.py (Python) file instead. Still playing with options but curious what others are doing? I come from a heavy Terraform (tfvars) world so putting a lot of the environment-specific info in the conf file makes sense.
    f
    b
    +2
    • 5
    • 15
  • s

    stale-king-21470

    01/16/2022, 5:41 PM
    Hello, I'm very new to Pulumi and I'm trying to implement this https://www.pulumi.com/registry/packages/aws/how-to-guides/video-thumbnailer however I run into the following issue when running `pulumi up`:
    #5 29.97 Collecting pip
        #5 30.17   Downloading <https://files.pythonhosted.org/packages/da/f6/c83229dcc3635cdeb51874184241a9508ada15d8baa337a41093fab58011/pip-21.3.1.tar.gz> (1.7MB)
        #5 30.79     Complete output from command python setup.py egg_info:
        #5 30.79     Traceback (most recent call last):
        #5 30.79       File "<string>", line 1, in <module>
        #5 30.79       File "/tmp/pip-build-hQd70M/pip/setup.py", line 7
        #5 30.79         def read(rel_path: str) -> str:
        #5 30.79                          ^
        #5 30.79     SyntaxError: invalid syntax
        #5 30.79
        #5 30.79     ----------------------------------------
        #5 30.82 Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-hQd70M/pip/
        #5 31.38 You are using pip version 8.1.1, however version 21.3.1 is available.
        #5 31.38 You should consider upgrading via the 'pip install --upgrade pip' command.
        #5 ERROR: executor failed running [/bin/sh -c apt-get update &&     apt-get install python-dev python-pip -y &&     apt-get clean && pip install --upgrade pip]: exit code: 1
        ------
         > [2/4] RUN apt-get update &&     apt-get install python-dev python-pip -y &&     apt-get clean && pip install --upgrade pip:
        ------
        executor failed running [/bin/sh -c apt-get update &&     apt-get install python-dev python-pip -y &&     apt-get clean && pip install --upgrade pip]: exit code: 1
    My code is identical to the one in the article, Docker is running, I'm on MacOS 12.1.
    b
    • 2
    • 2
  • l

    little-cartoon-10569

    01/16/2022, 9:30 PM
    I'm working on a project that uses (as far as I can tell) only the default AWS provider, configured in the default manner. When I use env vars AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN, things work. But when I unset those vars and use only AWS_PROFILE (correctly set it), Pulumi complains with
    Error: invocation of aws:index/getRegion:getRegion returned an error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
    b
    • 2
    • 8
  • n

    nice-pharmacist-5320

    01/17/2022, 10:09 AM
    Hello everyone, I have run into a weird issue. I am creating a EKS cluster which works fine, but on destroy pulumi tries to delete the security groups created for the node groups which fails because there is a network interface attached to it. I am guessing this network interface is attached by AWS/EKS when I bring up a loadbalancer and hence pulumi does not know about it which cause the destroy to fail. I have to manually go and delete the network interface, so the the destroy can proceed with deleting the security group and everything after that. Does anyone know about this?
    b
    • 2
    • 6
  • g

    green-daybreak-91402

    01/17/2022, 6:48 PM
    Hello! Question about Pulumi and AWS Parameter Store values. Can one create a param store resource with Pulumi and only have it create it if it does not exist, but we manually set its values? So no subsequent deploy affects the value we manually set.
    m
    • 2
    • 1
  • m

    magnificent-lifeguard-15082

    01/18/2022, 10:55 AM
    Given I have a known cidr space (/18) and know how that is partitioned across subnets (using awsx logic), how can I use getIPV4Address(value) to create some private fixed addresses in my network? Unsure what
    value: number
    is here.
    l
    • 2
    • 4
  • i

    incalculable-midnight-8291

    01/18/2022, 1:03 PM
    do we have any examples of how to update eks kubernetes version or how to trigger ami upgrade on managed nodegroup?
    👀 1
  • g

    green-daybreak-91402

    01/19/2022, 2:42 PM
    Question about awsx/ec2/vpc. There are 3 subnet types: public, private, isolated. If I use isolated, can I still setup the instances inside this subnet to be reachable via a bastion and custom egress/ingress rules?
    l
    • 2
    • 2
  • w

    wide-finland-25364

    01/20/2022, 7:19 AM
    I installed AWS Load Balancer Controller via Helm chart. Since initial installation, whenever I do
    pulumi up
    , the certs in
    Secrets kube-system/aws-load-balancer-tls
    get replaced. I even tried "keepTLSSecret: true," but no-go. I see that
    kubernetes:<http://admissionregistration.k8s.io/v1:MutatingWebhookConfiguration|admissionregistration.k8s.io/v1:MutatingWebhookConfiguration>
    and
    kubernetes:<http://admissionregistration.k8s.io/v1:ValidatingWebhookConfiguration|admissionregistration.k8s.io/v1:ValidatingWebhookConfiguration>
    gets updated too. Is there a way to mitigate this? This is the code
    // Install AWS Load Balancer Controller via Helm chart
    const awslbcontroller = new k8s.helm.v3.Chart("aws-load-balancer-controller", {
      chart: "aws-load-balancer-controller",
      version: "1.3.3",
      namespace: "kube-system",
      fetchOpts:{
          repo: "<https://aws.github.io/eks-charts>",
      },
      values: {
        clusterName: clusterName,
        keepTLSSecret: true,
      }
    }, {provider: cluster.provider});
    w
    • 2
    • 3
  • b

    brainy-window-77332

    01/20/2022, 2:14 PM
    I'm struggling to find how to get pulumi python to list AWS resources, specifically I want to list R53 hosted zones associated with a specific vpc?
    f
    • 2
    • 2
  • s

    stale-king-21470

    01/20/2022, 8:56 PM
    Sorry to bring this up again but I can't resolve this issue, if someone has an idea: https://pulumi-community.slack.com/archives/CRH5ENVDX/p1642354916102400
    l
    p
    • 3
    • 4
  • h

    high-grass-3103

    01/21/2022, 12:56 AM
    I'm trying to create a bastion host:EC2 instance with two subnets - one public and one private. My public subnet is:
    export const infra_public = new awsn.ec2.Subnet('infra_public', {
        tags: nativeTags({ ...tags, Name: `infra_pub` }),
        cidrBlock: '10.0.0.16/28',
        vpcId,
        availabilityZone,
        mapPublicIpOnLaunch: true,
    });
    But when I launch an instance:
    const nic0 = new aws.ec2.NetworkInterface('nic0', {
        subnetId: infra_public.id,
        tags,
        securityGroups: [sg_ssh.id],
    });
    
    const nic1 = new aws.ec2.NetworkInterface('nic1', {
        subnetId: infra_private.id,
        tags,
        securityGroups: [sg_priv.id],
    });
    
    
    const bastion_node = new aws.ec2.Instance('bastion', {
        keyName,
        tags: { ...tags, Name: `${pulumi.getStack()}-bastion` },
        instanceType: aws.ec2.InstanceType.T4g_Nano,
        ami: ami.id,
        networkInterfaces: [
            {
                deviceIndex: 0,
                networkInterfaceId: nic0.id,
            }, {
                deviceIndex: 1,
                networkInterfaceId: nic1.id,
            }
        ],
        creditSpecification: { cpuCredits: 'standard' },
        monitoring: true,
        availabilityZone,
    });
    the AWS console reports NO public IPv4 address. Am I missing something?
    l
    • 2
    • 6
  • f

    future-window-78560

    01/21/2022, 9:28 AM
    Hello Everyone! I am facing an issue on deploying a sample Nginx application on AWS that whenever I tried to expose service with type "LoadBalancer" It provision Classic LoadBalancer with no Targets. So It doesn't know where to route traffic. that's why the service is not accessible on the browser even with the Right Security Group setting. I need assistance on this issue.
  • f

    future-window-78560

    01/21/2022, 12:35 PM
    To solve this issue I am trying to create alb controller, followed this https://github.com/jaxxstorm/pulumi-awsloadbalancercontroller but the installation is giving the following error
    m
    b
    • 3
    • 4
  • b

    big-potato-91793

    01/21/2022, 7:40 PM
    is there a way to tell pulumi to not way on the resource modifcation? I’m deploying an opensearch resources and the updates take time because of the rollout procedure and make my ci pipeline to nuts. If yes, does it’s a bad practice?
    m
    • 2
    • 2
  • r

    ripe-shampoo-80285

    01/22/2022, 11:12 PM
    I am trying to combine eks cluster securitygroup and node securitygroup in to an array with the following Golang pulumi code, but I am getting the error below. What am I doing wrong?
    b
    • 2
    • 1
  • r

    ripe-shampoo-80285

    01/22/2022, 11:12 PM
    Untitled.txt
Powered by Linen
Title
r

ripe-shampoo-80285

01/22/2022, 11:12 PM
Untitled.txt
View count: 1