https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • m

    mammoth-art-6111

    02/04/2022, 6:01 PM
    hey all, i've been enjoying pulumi crosswalk for aws so far, and i've been having a pretty productive morning, but for some reason (i'm not sure why), pulumi has stopped detecting updates in my lambda function whenever i call
    pulumi up
  • m

    mammoth-art-6111

    02/04/2022, 6:48 PM
    this is coming out when i do
    pulumi up -r
    , seems like it notices there's a code change, but doesn't actually update
  • m

    mammoth-art-6111

    02/04/2022, 6:48 PM
    aws:lambda:Function           github-release-webhook                              [diff: ~code]
  • m

    mammoth-art-6111

    02/04/2022, 7:07 PM
    is there a way to force pulumi to refresh the lambda?
  • m

    mammoth-art-6111

    02/04/2022, 7:28 PM
    honestly, really confused. was working seamlessly for a while.
  • m

    mammoth-art-6111

    02/04/2022, 8:04 PM
    ah, ok
  • m

    mammoth-art-6111

    02/04/2022, 8:04 PM
    i accidentally created an index.js file by running
    typescript
  • b

    better-activity-84090

    02/07/2022, 8:20 AM
    Since the WAFv2 is not idempotent (see https://github.com/pulumi/pulumi-aws/issues/1423), is there any workaround to this so every
    pulumi up
    doesn’t update the resource ?
  • p

    polite-pillow-78450

    02/07/2022, 11:01 PM
    I am having issues with the Native provider and StackSet resource from a delegated administrator account for CloudFormation. Creation (if everything is valid) works. However, I believe that Pulumi is not recording the
    call_as
    property with the resource, and many subsequent operations fail because the StackSet is not able to be described when
    call_as
    is not DELEGATED_ADMIN in this scenario. Has anyone else encountered this?
  • s

    sparse-apartment-71989

    02/08/2022, 4:09 PM
    In the docs at https://www.pulumi.com/registry/packages/aws/installation-configuration/ it says if multiple profiles are configured,
    In this case, you will need to set the AWS_PROFILE environment variable to the name of the profile to use.
    However, later in the docs, an alternative method is offered:
    After creating your project, run pulumi config set aws:profile <profilename>
    If these differ, which takes precedence, the env var or the config setting? In general will this order of precedence always be true for configuration in Pulumi?
    l
    • 2
    • 4
  • r

    ripe-shampoo-80285

    02/09/2022, 3:16 AM
    I am trying to get VPC defautl securitygroup with the following code, but I am getting this error. What am I doing wrong? sgNames := vpc.Vpc.DefaultSecurityGroupId.ApplyT(func(sg string) pulumi.StringArray { return goStringArrayToPulumiStringArray([]string{sg}) }).(pulumi.StringArrayOutput) panic: applier must have 1 input parameter assignable from interface {}
  • r

    ripe-shampoo-80285

    02/09/2022, 3:28 AM
    Change the above code to this, I got different error: sgNames := vpc.Vpc.DefaultSecurityGroupId.ApplyT(func(sg interface{}) pulumi.StringArray {             return goStringArrayToPulumiStringArray([]string{sg.(string)})         }).(pulumi.StringArrayOutput) panic: runtime error: invalid memory address or nil pointer dereference
    b
    • 2
    • 5
  • n

    numerous-spoon-56858

    02/09/2022, 10:26 AM
    after importing an existing image pipline. im trying to update it and getting
    The value supplied for parameter 'distributions[0]' is not valid.
    any idea why?
  • p

    prehistoric-beach-79855

    02/09/2022, 8:19 PM
    Hello all, I am trying to import a key pair resource with: key=pulumi_aws.ec2.KeyPair.get(“myKeyPairs”, id=‘key-00789edf16bef11xx’) but pulumi up is giving: “error: Preview failed: resource ‘key-00789edf16bef11xx’ does not exist”. While I can see this Key pair in console > EC2 > Key pairs, under ID column. Am I missing something?
    l
    • 2
    • 7
  • a

    acceptable-oil-81004

    02/10/2022, 3:47 AM
    Hey there, can some one explain me what does that button actually do? My EPs only work after hitting it (without any changes) and deploying. I'm getting 500, and lambdas are not being invoked. I'm not sure what I'm missing pulumi-side. But before posting my whole scenario, a simple tip may just do the trick. Thanks!
  • v

    victorious-fountain-7689

    02/10/2022, 5:27 AM
    Hello! I observed that I can not update
    maintenanceWindowStartTime
    in
    aws.mq.Broker
    . After doing a
    pulumi up
    with the updated value, the AWS Console still shows the old value. Doing a
    pulumi refresh
    afterwards will restore the stack to the old value. The weird thing is that changing it from the AWS Console works. I did that that to manually sync Pulumi code and the MQ broker. Is this a known issue? I see in the Terraform Docs (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#maintenance_window_start_time) that updating is not supported. Could this be related to this?
  • c

    clever-dog-35937

    02/11/2022, 6:32 PM
    When pulumi updates a route53 record does it do so intelligently (convert to set > create additional record > delete old > revert set), or should I expect a dns outage while it's modifying/updating?
  • c

    clever-dog-35937

    02/11/2022, 6:32 PM
    maybe not even in that manner, but without interruption
  • p

    purple-megabyte-83002

    02/11/2022, 6:42 PM
    hello how to invalidate Cloudfront distribution cache after updating S3 files ?
    l
    • 2
    • 8
  • l

    little-soccer-5693

    02/11/2022, 7:29 PM
    i'm struggling getting pulumi to leverage the iam role attached to my ec2 instance for credentials. i am getting this error:
    Diagnostics:
    aws:acm:Certificate (Bopmatic-wwwcert):
    error: 1 error occurred:
    * error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
    Please see <https://registry.terraform.io/providers/hashicorp/aws>
    for more information about providing credentials.
    Error: NoCredentialProviders: no valid providers in chain
    caused by: EnvAccessKeyNotFound: failed to find credentials in the environment.
    SharedCredsLoad: failed to load profile, .
    EC2RoleRequestError: no EC2 instance role found
    caused by: RequestCanceled: EC2 IMDS access disabled via AWS_EC2_METADATA_DISABLED env var
    I have aws😒kipMetadataApiCheck: "false" in my Pulumi.dev.yaml and when i create a non-default provider I have:
    aws.NewProvider(ctx, "us-east-1-provider", &aws.ProviderArgs{
    Region: pulumi.String("us-east-1"),
    SkipMetadataApiCheck:      pulumi.Bool(false),
    })
    any idea what else i need to do to fix this?
    b
    b
    s
    • 4
    • 22
  • c

    curved-pharmacist-41509

    02/12/2022, 11:29 AM
    Is there a plan to upgrade
    @pulumi/aws
    for nodejs to use v3 of the aws-sdk?
    q
    • 2
    • 2
  • w

    worried-xylophone-86184

    02/12/2022, 7:53 PM
    Hi all ! I am trying to setup a simple EKS cluster using the
    pulumi-eks
    with a NodeGroup. Whenever I am trying to launch it throws this error:
    Exception: Setting nodeGroupOptions, and any set of singular node group option(s) on the cluster, is mutually exclusive. Choose a single approach.
    I looked at a few threads in this channel to figure out what the issue would possibly be and reached this code snippet where the check happens: link. I want to restrict the configurations to the NodeGroup as I have to create multiple NodeGroups for our usecase. Can anyone guide me as to what am I missing here? Adding code in thread.
    • 1
    • 3
  • l

    little-soccer-5693

    02/13/2022, 6:21 PM
    anyone else running into problems with iam.NewPolicyAttachment() during an update? i'm seeing an initial deployment with 'pulumi up' work fine but then a subsequent update will detach the policy from the role despite not changing the resource.
  • w

    worried-xylophone-86184

    02/14/2022, 5:08 AM
    x-posting incase anyone has any thoughts about this https://pulumi-community.slack.com/archives/C84L4E3N1/p1644810760786549
  • n

    nice-father-44210

    02/14/2022, 4:43 PM
    Hello! When creating a
    aws.route53.ResolverEndpoint
    , if I pass a
    subnet_id
    into the
    ResolverEndpointIpAddressArgs
    constructor, is there a way for me to obtain an
    Output
    that represents the IP address that AWS assigned to the endpoint? Thanks in advance.
    • 1
    • 1
  • g

    gentle-piano-19726

    02/14/2022, 8:49 PM
    Anyone have an example setting up public RDS with vpc? I'm using Node
    l
    • 2
    • 22
  • c

    cool-glass-63014

    02/15/2022, 9:18 AM
    Hello! Does anybody here have any resources on how to migrate a database? And by that I mean from one VM to another, keeping the data itself. For example when updating postgres versions or upgrading the size of the VM instance and so on
  • t

    thousands-area-40147

    02/15/2022, 2:17 PM
    Heyo, on destroying a stack that had Lambda functions created as described in the Crosswalk for AWS section, how can I make it so the implicitly generated Cloudwatch log groups for these Lambdas are destroyed as well?
    b
    p
    • 3
    • 6
  • b

    bored-barista-23480

    02/15/2022, 3:09 PM
    Hi folks! I'm trying to deploy a setup to an EKS cluster. A service is made public via an Application Load Balancer set up by the Load Balancer Controller in my setup. But
    pulumi destroy
    never works, it always hangs on the Ingress resource. Manually deleting the finalizer set on the Ingress by the LBC while
    destroy
    is ongoing works. But even when I explicitly make the Ingress depend on the Helm chart of the LBC the LBC pods get destroyed before the Ingress, and most important: before the finalizer was removed from the Ingress by the LBC. So the destroy-operation always needs manual intervention. Does anyone have an idea what causes this behavior or even how to solve it?
    i
    • 2
    • 7
  • b

    boundless-telephone-75738

    02/17/2022, 4:34 PM
    Hi folks, I'm deploying a eks cluster, and trying to use a custom node group with only private ip's. I've set the api endpoint to be available in both private and public subnets, but the nodes still don't register with the cluster. Any hints as to what I'm doing wrong, or which log I need to look at to see why it fails to register, it worked with the default node group as long as I kept nodeAssociatePublicIpAddress to true, but setting that to false (a requirement from our security team) the nodes fails to register. I've been banging my head against this for a while now, and I'm sure I'm missing something stupid
    export const cluster = new eks.Cluster(clusterName, {
        storageClasses: {
            'gp2-encrypted': { type: 'gp2', encrypted: true },
        },
        instanceRoles: [stdNodegroupIamRole, spotNodegroupIamRole],
        name: clusterName,
        vpcId: vpcId,
        privateSubnetIds: privateSubnetIds,
        publicSubnetIds: publicSubnetIds,
        userMappings: createUserMapping(),
        useDefaultVpcCni: true,
        createOidcProvider: true,
        nodeAssociatePublicIpAddress: false,
        encryptionConfigKeyArn: keyAlias.then((k) => k.targetKeyArn),
        vpcCniOptions: {
            enablePrefixDelegation: true,
        },
        clusterTags: {
            Pulumi: 'true',
        },
        skipDefaultNodeGroup: true,
        clusterSecurityGroupTags: { ClusterSecurityGroupTag: 'true' },
        nodeSecurityGroupTags: { NodeSecurityGroupTag: 'true' },
        endpointPublicAccess: true,
        endpointPrivateAccess: true,
    });
    
    cluster.createNodeGroup('standard-ng', {
        nodeAssociatePublicIpAddress: false,
        minSize: 1,
        maxSize: 6,
        desiredCapacity: 2,
        instanceType: standardInstance,
        bootstrapExtraArgs:
            "--use-max-pods false --kubelet-extra-args '--max-pods=110'",
        instanceProfile: new aws.iam.InstanceProfile('ng-standard', {
            role: stdNodegroupIamRole.name,
        }),
        nodeSubnetIds: privateSubnetIds,
        labels: {
            ondemand: 'true',
        },
    });
    w
    • 2
    • 4
Powered by Linen
Title
b

boundless-telephone-75738

02/17/2022, 4:34 PM
Hi folks, I'm deploying a eks cluster, and trying to use a custom node group with only private ip's. I've set the api endpoint to be available in both private and public subnets, but the nodes still don't register with the cluster. Any hints as to what I'm doing wrong, or which log I need to look at to see why it fails to register, it worked with the default node group as long as I kept nodeAssociatePublicIpAddress to true, but setting that to false (a requirement from our security team) the nodes fails to register. I've been banging my head against this for a while now, and I'm sure I'm missing something stupid
export const cluster = new eks.Cluster(clusterName, {
    storageClasses: {
        'gp2-encrypted': { type: 'gp2', encrypted: true },
    },
    instanceRoles: [stdNodegroupIamRole, spotNodegroupIamRole],
    name: clusterName,
    vpcId: vpcId,
    privateSubnetIds: privateSubnetIds,
    publicSubnetIds: publicSubnetIds,
    userMappings: createUserMapping(),
    useDefaultVpcCni: true,
    createOidcProvider: true,
    nodeAssociatePublicIpAddress: false,
    encryptionConfigKeyArn: keyAlias.then((k) => k.targetKeyArn),
    vpcCniOptions: {
        enablePrefixDelegation: true,
    },
    clusterTags: {
        Pulumi: 'true',
    },
    skipDefaultNodeGroup: true,
    clusterSecurityGroupTags: { ClusterSecurityGroupTag: 'true' },
    nodeSecurityGroupTags: { NodeSecurityGroupTag: 'true' },
    endpointPublicAccess: true,
    endpointPrivateAccess: true,
});

cluster.createNodeGroup('standard-ng', {
    nodeAssociatePublicIpAddress: false,
    minSize: 1,
    maxSize: 6,
    desiredCapacity: 2,
    instanceType: standardInstance,
    bootstrapExtraArgs:
        "--use-max-pods false --kubelet-extra-args '--max-pods=110'",
    instanceProfile: new aws.iam.InstanceProfile('ng-standard', {
        role: stdNodegroupIamRole.name,
    }),
    nodeSubnetIds: privateSubnetIds,
    labels: {
        ondemand: 'true',
    },
});
w

worried-xylophone-86184

04/09/2022, 4:57 PM
Hi Christoper ! Did you manage to fix this by any chance?
I am facing a similar issue 😅
I am making use of a managed node group to get
eks_cluster = eks.Cluster(
    cluster_name,
    name=cluster_name,
    public_subnet_ids=list(public_subnets.values()),
    private_subnet_ids=list(private_subnets.values()),
    tags={"Name": cluster_name, "Stack": stack_name},
    vpc_id=vpc_id,
    version="1.21",
    instance_role=eks_ec2_role,
    skip_default_node_group=True,
)


node_group = eks.ManagedNodeGroup(
    node_group_name,
    cluster=eks_cluster.core,
    capacity_type="SPOT",
    instance_types=["t3a.medium"],
    node_group_name=node_group_name,
    node_role=eks_ec2_role,
    tags={"Name": cluster_name, "Stack": stack_name},
    subnet_ids=list(private_subnets.values()),
    scaling_config=pulumi_aws.eks.NodeGroupScalingConfigArgs(
        desired_size=1,
        min_size=1,
        max_size=3,
    ),
)
b

boundless-telephone-75738

04/19/2022, 9:06 AM
Hi Sushant, sorry, I've had my slack notifications on mute for a long Easter holiday. I ended up having to allocate a public ip to my nodes for now, we've added an exception to our security rules for the one port that's being exposed by traefik for terminating https traffic. So no good solution found I'm afraid
View count: 11