purple-megabyte-83002
02/19/2022, 5:50 PMpurple-megabyte-83002
02/19/2022, 5:51 PMcrooked-pillow-11944
02/20/2022, 9:25 PMName
tags without causing Pulumi to treat the tags as changes?cool-glass-63014
02/21/2022, 12:28 PMaws:ecs:Service (backend):
error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
even though I have several profiles, and for the stack I have the proper AWS profile configured in the yaml file. And it seems like it can build and push the docker image but it cannot edit the Fargate task definition or something? I am not savvy with either AWS or Pulumi and this is something I've inherited, but I can't wrap my head around this. I also followed the linked and repeated the setup and yet nothing.
EDIT: I can't seem to restore the state of whatever it is I've managed to bork up at all? I haven't changed any credentials or keys to begin with so this feels like such a weird curve ball? 🤔 Any ideas?rough-intern-34947
02/21/2022, 2:52 PMaws.secretsmanager.getSecret()
works, but aws.secretsmanager.getSecretVersion()
doesn’t for some reason, it throws the following error:
error: Error: Invoke of 'aws:secretsmanager/getSecretVersion:getSecretVersion' failed: Missing required argument: The argument "secret_id" is required, but no definition was found. ()
at deserializeResponse (./node_modules/@pulumi/runtime/invoke.ts:227:15)
at ./node_modules/@pulumi/runtime/invoke.ts:169:16
at Generator.next (<anonymous>)
at fulfilled (./node_modules/@pulumi/pulumi/runtime/invoke.js:18:58)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
There is no secret_id
specified in the TypeScript defintions - only secretId
which is used on the example page as well.
This is the code:
const credentials = aws.secretsmanager.getSecretVersion({
secretId: mySecret.id,
})
https://www.pulumi.com/registry/packages/aws/api-docs/secretsmanager/getsecretversion/
https://www.pulumi.com/registry/packages/aws/api-docs/secretsmanager/getsecret/cool-glass-63014
02/21/2022, 3:10 PMpulumi up
just spinning for 16 minutes? I feel like every other time when there's a bunch of updates to do, it just gets stuck? This is AWSincalculable-midnight-8291
02/21/2022, 8:04 PMkubeletExtraArgs
on a managed nodegroup for eks?
I see it in the docs, but I cant add it
https://www.pulumi.com/registry/packages/eks/api-docs/managednodegroup/#clusternodegroupoptionsbumpy-laptop-30846
02/22/2022, 10:19 AMreturn new eks.Cluster(
getClusterName(),
{
name: getClusterName(),
vpcId: vpc.id,
publicSubnetIds: vpc.publicSubnetIds,
privateSubnetIds: vpc.privateSubnetIds,
nodeAssociatePublicIpAddress: false,
instanceType: 'c5.xlarge',
nodeRootVolumeSize: 50,
desiredCapacity: 3,
minSize: 2,
maxSize: 8,
but when I add a deployment it does not increase the number of nodes.
Is there something to do to have autoscaling working when using the cluster default nodegroup?fancy-lighter-60600
02/22/2022, 12:37 PMstocky-petabyte-29883
02/23/2022, 1:53 PMhigh-grass-3103
02/23/2022, 3:28 PMcrooked-pillow-11944
02/24/2022, 2:35 AMAttributeError: 'ServiceStatus' object has no attribute 'loadBalancer'
incalculable-midnight-8291
02/24/2022, 2:41 PMcluster.clusterSecurityGroup
• nodeSecurityGroup with who knows, available as cluster.nodeSecurityGroup
• and eks-cluster-sg-cluster-name, where I actually need to add rules to expose for example nodeports.
Anyone got any idea how I can get the id of the third one through pulumi? Is it hidden in some object?strong-printer-79519
02/25/2022, 12:41 PMexpected runtime to be one of [nodejs nodejs4.3 nodejs6.10 nodejs8.10 nodejs10.x nodejs12.x nodejs14.x java8 java8.al2 java11 python2.7 python3.6 python3.7 python3.8 python3.9 dotnetcore1.0 dotnetcore2.0 dotnetcore2.1 dotnetcore3.1 nodejs4.3-edge go1.x ruby2.5 ruby2.7 provided provided.al2]
When will you update the supported list? Is there a workaround?bored-table-20691
02/25/2022, 9:35 PMawsProvider, err := aws.NewProvider(ctx, "aws-provider", &aws.ProviderArgs{
AssumeRole: &aws.ProviderAssumeRoleArgs{
RoleArn: awsAssumeRoleArn,
SessionName: pulumi.Sprintf("%s-tenant-%s", awsAssumeRoleSessionName, tenant.name),
},
SkipMetadataApiCheck: pulumi.Bool(false),
})
When the session name is longer than 64 characters (which is invalid for the AWS API), the error we get from Pulumi is:
error: an unhandled error occurred: 1 error occurred:
* rpc error: code = Unknown desc = invocation of aws:index/getCallerIdentity:getCallerIdentity returned an error: 1 error occurred:
* error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::xxxxxxx:role/CI) cannot be assumed.
There are a number of possible causes of this - the most common are:
* The credentials used in order to assume the role are invalid
* The credentials do not have appropriate permission to assume the role
* The role ARN is not valid
Error: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
If I run this manually via the AWS CLI, I get a proper error:
> aws sts assume-role --role-arn arn:aws:iam::xxxxxxx:role/CI --role-session-name abcd-xvy-asdjh-adfdfsdfsdfdfdfAda-sdfhsfbhbdfjsdjjajdadasdsadada-asdhajdhjashdjhajfhjahf
An error occurred (ValidationError) when calling the AssumeRole operation: 1 validation error detected: Value 'abcd-xvy-asdjh-adfdfsdfsdfdfdfAda-sdfhsfbhbdfjsdjjajdadasdsadada-asdhajdhjashdjhajfhjahf' at 'roleSessionName' failed to satisfy constraint: Member must have length less than or equal to 64
Is this a Terraform issue that we don’t get a proper error, or is this fixable? This led us down a wild goose chase on whether our pod IAM role was wrong so we couldn’t assume, etc, but we eventually narrowed it down to the length. We’ll fix that issue on our end, but it would be nice if this returned a better error.big-potato-91793
02/28/2022, 9:22 PMbig-potato-91793
02/28/2022, 9:22 PMconst gitRunnerAllowFile = new pulumi.asset.StringAsset("file.json");
big-potato-91793
02/28/2022, 9:23 PMerror: aws:iam/rolePolicy:RolePolicy resource 'Gitrunner-Allow-Access' has a problem: "policy" contains an invalid JSON policy. Examine values at 'RolePolicy.Policy'.
strong-printer-79519
03/02/2022, 6:50 AMaws:lambda/function:Function resource ’name-of-lambda has a problem: expected runtime to be one of [nodejs nodejs4.3 nodejs6.10 nodejs8.10 nodejs10.x nodejs12.x nodejs14.x java8 java8.al2 java11 python2.7 python3.6 python3.7 python3.8 python3.9 dotnetcore1.0 dotnetcore2.0 dotnetcore2.1 dotnetcore3.1 nodejs4.3-edge go1.x ruby2.5 ruby2.7 provided provided.al2], got dotnet6. Examine values at ‘Function.Runtime’.
Version 4.38.0 does contain dotnet 6:
export declare const Runtime: {
readonly DotnetCore2d1: “dotnetcore2.1”;
readonly DotnetCore3d1: “dotnetcore3.1";
readonly Dotnet6: “dotnet6”; <————— HERE
readonly Go1dx: “go1.x”;
readonly Java8: “java8”;
readonly Java8AL2: “java8.al2";
readonly Java11: “java11”;
readonly Ruby2d5: “ruby2.5";
readonly Ruby2d7: “ruby2.7”;
readonly NodeJS10dX: “nodejs10.x”;
readonly NodeJS12dX: “nodejs12.x”;
readonly NodeJS14dX: “nodejs14.x”;
readonly Python2d7: “python2.7”;
readonly Python3d6: “python3.6";
readonly Python3d7: “python3.7”;
readonly Python3d8: “python3.8";
readonly Custom: “provided”;
readonly CustomAL2: “provided.al2";
};
Can anyone help for a quick fix?salmon-musician-20405
03/02/2022, 5:38 PMIn the middle of building stack the provider assumes a different role ( or provider is switched to different account, Eg: below code
provider = Provider(
resource_name="different_account",
region="eu-west-1",
assume_role=ProviderAssumeRoleArgs(role_arn=role_arn),
)
BucketObject( resource_name=f"{name}-glue-job-script",
opts=ResourceOptions(depends_on=[self._rolePolicy], provider=provider),
bucket=destination_bucket.name,
key=f"glue-job-scripts/{glue_script.split('/')[-1]}",
source=FileAsset(glue_script))
Fails while doing above operation and following error occurs - Access denied error
aws:s3:BucketObject test-ab40dc-glue-job-script creating failed '
'Diagnostics:'
Error uploading object to S3 bucket (test-ab40dc-curated): '
'AccessDenied: Access Denied'
The same code works at 3.22.1
Provider assume role doesnt seem to work for latest codebusy-lion-51883
03/02/2022, 7:18 PMawsx.ec2.Vpc.fromExistingIds()
method:
const vpc = awsx.ec2.Vpc.fromExistingIds("vpcFromId", {
vpcId: configData.vpcId,
},{provider: provider})
When I run this code against one aws provider, it executes as expected. Against another aws provider, connected to a different account profile, I get the following error:
error: Error: invocation of aws:ec2/getVpc:getVpc returned an error: invoking aws:ec2/getVpc:getVpc: 1 error occurred:
* no matching EC2 VPC found
This is very strange because I can verify that the vpc does exist for this provider (both from the aws console and also from the aws cli)
What would cause this behavior?polite-tailor-82854
03/03/2022, 2:58 PMCallbackFunction
?wonderful-twilight-70958
03/03/2022, 11:02 PMeks.createManagedNodeGroup()
args:
launchTemplate: {
id: pulumi.interpolate`${myLaunchTemplate.id}`,
version: "1",
},
When the node group comes up, it says on the EKS page that it's using mine, but on the instances themselves in the ASG, it's using an auto-created one. Is this a bug? Or am I missing something fundamental?busy-lion-51883
03/04/2022, 1:23 PMmammoth-art-6111
03/04/2022, 5:29 PM* error reading CodePipeline: ValidationException: 1 validation error detected: Value at 'name' failed to satisfy constraint: Member must satisfy regular expression pattern: [A-Za-z0-9.@\-_]+
magnificent-lifeguard-15082
03/04/2022, 5:41 PMbusy-lion-51883
03/04/2022, 8:06 PMpulumi.Config("aws").require("region")
to confrom to type Region. For example:
const region = new pulumi.Config("aws").require('region');
const codepipelinesProvider = new aws.Provider("codepipelinesProvider", {
profile: CODEPIPELINES_PROFILE_ID,
region: region,
});
in this case I get a type mismatch error: Type string is not assignable to Type Input
happy-window-22449
03/05/2022, 11:46 AMaws:ecs/taskDefinition:TaskDefinition: (replace)
and aws:ecs/service:Service: (update)
I can see the task definition in the service change, but why doesn’t Pulumi also delete/stop the old task?ripe-lifeguard-34041
03/06/2022, 1:07 PMbillowy-horse-79629
03/07/2022, 1:21 PMarn:aws:iam::111111111:user/pulumi-dev is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::111111111:user/pulumi-dev
I created a group for this user, gave it the sufficient permissions, also created a role that have this as the trust relationship :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::076477451822:user/pulumi-dev"
},
"Action": "sts:AssumeRole"
}
]
}
can you guys refer me to the right way to do this ?
Thanks, Raz.billowy-horse-79629
03/07/2022, 1:21 PMarn:aws:iam::111111111:user/pulumi-dev is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::111111111:user/pulumi-dev
I created a group for this user, gave it the sufficient permissions, also created a role that have this as the trust relationship :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::076477451822:user/pulumi-dev"
},
"Action": "sts:AssumeRole"
}
]
}
can you guys refer me to the right way to do this ?
Thanks, Raz.quiet-wolf-18467
03/07/2022, 4:32 PMlittle-cartoon-10569
03/07/2022, 6:17 PMbillowy-horse-79629
03/08/2022, 10:45 AM