https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • o

    orange-lunch-7899

    01/23/2020, 4:42 PM
  • r

    rhythmic-camera-25993

    01/24/2020, 8:18 PM
    I'm running into something interesting here with my two fargate services that I wanted to see if anyone else was seeing. I'm building two http services from a single multi-stage dockerfile, but with different targets. I have created two `awsx.ecs.Image`s from docker builds that specify each target individually. I have created two
    FargateServices
    , one using each image. Sometimes, when I run
    pulumi up
    to build and deploy the images both services end up using the image for the 'later' of the two docker image targets, ie. the one that is further down the Dockerfile. Does anyone else have a similar problem? I'd like to not have to split up the build stages in the Dockerfile because they both build off of a shared 'fetch dependencies and prereqs' stage. I've worked around it in the meantime by managing the images and their backing ECR repositories manually, pushing those before I do the
    pulumi up
    operation, but it was nice to let pulumi manage that for me :D
  • f

    flat-insurance-25294

    01/25/2020, 3:52 AM
    Hmm, is there a way to use STS or assume role instead of a pretty permissive Role with access token for CI? It would be cool to support https://github.com/99designs/aws-vault
    w
    • 2
    • 4
  • w

    worried-painting-67291

    01/29/2020, 9:04 PM
    Hey all, I'm trying to figure out why my private hosted zone was created with a suffix.
  • w

    worried-painting-67291

    01/29/2020, 9:05 PM
    I have a public zone:
    <http://foo.com|foo.com>
    , and I wanted to create a private zone:
    <http://i.foo.com|i.foo.com>
    but it created
    i.foo.com--b24be8c
  • w

    worried-painting-67291

    01/29/2020, 9:07 PM
    I supplied the name to the function call, and supplied only the
    vpcs
    to the ZoneArgs.. I'll try it again, explicitly setting
    name
    in the ZoneArgs
    h
    r
    • 3
    • 3
  • c

    calm-parrot-72437

    01/31/2020, 10:36 PM
    anyone figure out how to generate your cluster oidc provider url with the pulumi sdk? i..e, the equivalent of this command
    aws eks describe-cluster --name cluster_name --query "cluster.identity.oidc.issuer" --output text
    Trying to enable iam roles for service accounts on my cluster..
    b
    m
    • 3
    • 21
  • s

    shy-greece-98380

    02/01/2020, 3:00 AM
    Hey all, is there a way to remove object if it already exists? for example I have subnets with tags. I want to change tag but I'm getting the following error:
    Diagnostics:
      pulumi:pulumi:Stack (pulumi-sandbox-dev):
        error: update failed
     
      aws:ec2:Subnet (Subnet_0):
        error: Error creating subnet: InvalidSubnet.Conflict: The CIDR '10.0.0.0/20' conflicts with another subnet
        	status code: 400, request id: 089dfb4e-16db-4edf-87a8-f63a599ae4e9
     
      aws:ec2:Subnet (Subnet_1):
        error: Error creating subnet: InvalidSubnet.Conflict: The CIDR '10.0.16.0/20' conflicts with another subnet
        	status code: 400, request id: 91e98039-a031-4b54-b9ff-79ea16c00d2e
  • h

    hundreds-portugal-17080

    02/01/2020, 8:04 AM
    Hi, Maybe it is a very basic question, I have a input map and can vary with any number of key value inside map. I am trying to pass the map as tags input. I am not able to see the aws tags. can you please help.
    Untitled
    w
    • 2
    • 3
  • m

    many-garden-84306

    02/02/2020, 1:49 AM
    I have encountered what seems like a bug in aws.rds.Cluster, at least with Aurora and in Python. If you specify an engine_version of, say '5.7' it will happily create the cluster for you. But from that point on, on any update it thinks that the cluster version has changed and tries to update it, and the update fails because the resource says that you cannot change to the same version. It seems to only work properly if a fully qualified version string is supplied; e.g., '5.7.mysql_aurora.2.07.1'
  • c

    calm-parrot-72437

    02/04/2020, 12:47 AM
    is there a way to specify the trust relationship when creating an iam role? or is there another way to go about it? trying to link an iam role with a eks serviceaccount..
    w
    m
    m
    • 4
    • 21
  • b

    big-caravan-87850

    02/06/2020, 6:06 AM
    the msk module doesn't provide an api to get the full list of the broker in a cluster. only the bootstrap servers property is available, which only returns 3 brokers. it would be nice to have all the brokers that belong to a cluster as it's possible that the 3 bootstrap servers may not be available in a large cluster.
  • b

    billions-scientist-31826

    02/06/2020, 9:35 PM
    I was looking through the docs this morning and I couldn't find an option to enable root drive encryption for my nodegroups. What am I missing?
    w
    • 2
    • 2
  • v

    victorious-hydrogen-52050

    02/07/2020, 10:43 AM
    Is there anyone has tried
    aws-ts-airflow
    example? https://github.com/pulumi/examples/tree/master/aws-ts-airflow I tried it, but it couldn't work well because the
    airflowcontroller
    task exit with a error.
    airflowcontroller
    task's log ended with this message.
    ERROR - No response from gunicorn master within 120 seconds
    Anyone has ideas? Thanks.
  • i

    incalculable-dream-27508

    02/09/2020, 10:50 AM
    I'll forward it here as well, since I'm not sure which place is the correct one for discussion about that
  • i

    incalculable-dream-27508

    02/09/2020, 4:16 PM
    Huh, I can't really find any examples on how to add to
    awsx.lb.ApplicationLoadBalancer
    any health checks
    r
    • 2
    • 23
  • i

    incalculable-dream-27508

    02/09/2020, 4:17 PM
    Right now mostly trying to extend https://github.com/pulumi/infrastructure-as-code-workshop/blob/master/labs/02-app-arch/code/01-provisioning-vms/step4.ts
  • i

    incalculable-dream-27508

    02/09/2020, 4:18 PM
    Already had to make some changes, since security groups as defined there apparently allow port 80 to instances, not only to LB
  • m

    melodic-byte-32771

    02/09/2020, 4:42 PM
    Hey guys, I stucked with custom domain registration in aws. Somehow pulumi just reaches a point where it waits but nothing happens. I used the example https://github.com/pulumi/examples/blob/master/aws-ts-static-website/index.ts This is my output:
    Previewing update (production):
    
     +  pulumi:pulumi:Stack aws-project-production create 
     +  pulumi:providers:aws east create 
     +  aws:s3:Bucket aws-project-requestLogs create 
     +  aws:s3:Bucket aws-project-contentBucket create 
    @ previewing update....
    and here it just hang off
  • i

    incalculable-dream-27508

    02/09/2020, 4:55 PM
    you could try adding something like
    -d -v=5
    to get some debug output, maybe see what's going on
    m
    • 2
    • 8
  • r

    refined-vegetable-66224

    02/10/2020, 2:58 PM
    Hi all I'm new to Pulumi, so I apologize in advance if this is a basic question... I'm trying to launch an ECS cluster on AWS of a dockerized express.js app. I can't seem to figure out how to appropriately set the load balancer to default to HTTPS traffic. Here is a snippet from my index.ts file.
    const alb = new awsx.elasticloadbalancingv2.ApplicationLoadBalancer(
    ``net-lb-${envName}`, { external: true, securityGroups: cluster.securityGroups });` `const web = alb.createListener(
    web-${envName}
    , {`
    port: 80,
    external: true,
    defaultAction: {
    type: "redirect",
    redirect: {
    protocol: "HTTPS",
    port: "443",
    statusCode: "HTTP_301",
    },
    },
    });
    But, when trying to "pulumi up" I'm getting the following error :
    Error: [Listener] was not connected to a [defaultAction] that can provide [portMapping]s
    I couldn't find anything in the Pulumi docs: https://www.pulumi.com/docs/reference/pkg/python/pulumi_aws/elasticloadbalancingv2/ Any help would be appreciated
  • r

    rhythmic-camera-25993

    02/10/2020, 3:16 PM
    you'll also need another listener that listens on https/443 and forwards to a target group
  • r

    rhythmic-camera-25993

    02/10/2020, 3:18 PM
    alb.createListener("blah", { 
      port: 443, 
      protocol: "HTTPS", 
      external: true, 
      defaultAction: { 
        type: "forward", 
        targetGroupArn: "your target group arn here" 
      }, 
      certificateArn: "your certificate arn here"
    });
  • r

    refined-vegetable-66224

    02/10/2020, 3:24 PM
    Ah I see, thank you. And when I define my service, do I reference both listeners in the portMappings? i.e. `const httpPort = alb.createListener(
    web-${envName}
    , {`
    port: 80,
    external: true,
    protocol: "HTTP",
    defaultAction: {
    type: "redirect",
    redirect: {
    protocol: "HTTPS",
    port: "443",
    statusCode: "HTTP_301",
    },
    },
    });
    const httpsPort = alb.createListener("blah", { 
      port: 443, 
      protocol: "HTTPS", 
      external: true, 
      defaultAction: { 
        type: "forward", 
        targetGroupArn: "your target group arn here" 
      }, 
      certificateArn: "your certificate arn here"
    });
    `const appService = new awsx.ecs.FargateService(
    express-svc-${envName}
    , {`
    cluster,
    taskDefinitionArgs: {
    container: {
    image: img,
    cpu: 102 /*10% of 1024*/,
    memory: 1000 /*MB*/,
    portMappings: [ httpPort, httpsPort ],
    },
    },
    desiredCount: 5,
    });
  • r

    rhythmic-camera-25993

    02/10/2020, 3:28 PM
    no, I only did the https one for my fargate services
  • r

    rhythmic-camera-25993

    02/10/2020, 3:28 PM
    well, here's the actual deal
  • r

    rhythmic-camera-25993

    02/10/2020, 3:28 PM
    my listeners terminate SSL, so the listener itself needs to be configured for ssl, but then it forwards traffic to a backend service that only listens on http/80
  • r

    rhythmic-camera-25993

    02/10/2020, 3:29 PM
    my services use the
    targetGroup
    they belong to as the source of the portMappings rather than the listener
  • r

    rhythmic-camera-25993

    02/10/2020, 3:29 PM
    but if yours are configured to accept ssl with the same cert as the listener, I believe that you could just use the listener directly
  • r

    refined-vegetable-66224

    02/10/2020, 3:30 PM
    Any way you can provide me with a snapshot of your config?
Powered by Linen
Title
r

refined-vegetable-66224

02/10/2020, 3:30 PM
Any way you can provide me with a snapshot of your config?
View count: 1