https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • f

    fast-river-57630

    03/07/2022, 8:48 PM
    My IAM policy is listed as 'delete' with no replacement even though I still have it defined. Is that just a UI quirk?
    l
    • 2
    • 4
  • b

    bumpy-restaurant-1466

    03/08/2022, 12:47 AM
    If starting a new Python-based AWS project from scratch, can/should I be using only the AWS Native provider and not the older one?
    q
    • 2
    • 1
  • a

    adorable-waitress-13708

    03/08/2022, 4:21 AM
    Is it ok to seek a pulumi developer for a simple paid task here?
    b
    • 2
    • 2
  • m

    mysterious-dusk-52695

    03/08/2022, 10:07 AM
    Hello, with the aws-native provider, I get the message "AWS::EC2::Subnet is not yet supported via Cloud Control API", but on the page https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/supported-resources.html it says it is a supported resource. Is Subnet supposed to be working with the native aws provider?
    g
    • 2
    • 1
  • m

    millions-furniture-75402

    03/08/2022, 3:58 PM
    How can I declare a KMS Key with a policy that references the ID of the declared key? e.g.
    // KMS
      // <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html>
      const cloudTrailKmsKey: aws.kms.Key = new aws.kms.Key(`${appName}-kms-trail-key`, {
        deletionWindowInDays: 7,
        description: "CloudTrail Trail key",
        policy: accountId.apply(awsAccountId => {
          return JSON.stringify({
            Version: "2012-10-17",
            Statement: [
              {
                Sid: "AllowRootForKms",
                Effect: "Allow",
                Principal: { AWS: `arn:aws:iam::${awsAccountId}:root` },
                Action: "kms:*",
                Resource: "*",
              },
              {
                Sid: "AllowCloudTrailDecryptLogs",
                Effect: "Allow",
                Principal: { Service: "<http://cloudtrail.amazonaws.com|cloudtrail.amazonaws.com>" },
                Action: "kms:Decrypt",
                Resource: "${cloudTrailKmsKey.arn} GOES HERE",
                Condition: {
                  Null: { "kms:EncryptionContext:aws:cloudtrail:arn": "false" },
                },
              },
            ],
          });
        }),
      });
  • j

    jolly-alligator-19698

    03/08/2022, 4:25 PM
    Hello. I'm trying to create a cloudwatch EventTarget and am getting this less-than-helpful error message:
    Creating EventBridge Target failed: ValidationException: Parameter(s) EcsParameters not supported for target
    Here's the resource code. Is there an error in the code? Or a way to get more information about the failure? Thank you.
    const eventTarget = pulumi.all([subnetIds.ids, taskDefinition.taskDefinition.arn, deadLetterQueue.arn])
        .apply(([subnetIds, taskDefinitionArn, deadLetterQueueArn]) => new aws.cloudwatch.EventTarget("event-target", {
            arn: deadLetterQueueArn,
            name: `${pulumi.getProject()}-event-target`,
            description: genericDescription,
            ecsTarget: {
                taskDefinitionArn: taskDefinitionArn,
                enableEcsManagedTags: true,
                enableExecuteCommand: true,
                group: pulumi.getProject(),
                launchType: "FARGATE",
                networkConfiguration: {
                    assignPublicIp: false,
                    securityGroups: [securityGroupId],
                    subnets: subnetIds,
                },
                platformVersion: "1.4.0",
                taskCount: 1,
            },
            eventBusName: "default",
            retryPolicy: {
                maximumEventAgeInSeconds: 60,
                maximumRetryAttempts: 1,
            },
            rule: eventRule.name,
        }, {provider: targetAwsProvider}));
    ✅ 1
    s
    • 2
    • 10
  • p

    prehistoric-kite-30979

    03/08/2022, 5:43 PM
    Hi all, I’m trying to use the new local Command provider to create an AWS profile which I can then consume in the aws provider. However, I keep getting errors…
    • 1
    • 7
  • h

    happy-grass-868

    03/09/2022, 9:02 PM
    Hi all, I’m working to create a lambda function in js from an image I push to ECR. I’m noticing 2 issues: 1. If I make any changes to the lambda handler code that the
    Dockerfile
    is pulling in, the changes are not reflected in the Image in ECR. 2. The lambda does not seem to be getting created and it fails when my code tries to attach my permissions to the lambda, I get a
    Error adding new Lambda Permission for donor-score-lambda-dev: ResourceNotFoundException: Function not found
    . The code is in the thread below. Thank you!
    • 1
    • 1
  • b

    brainy-furniture-43093

    03/10/2022, 10:46 PM
    Hello everyone, My situation: I built a CodePipeline project in my DEV environment that on a push to a specific branch in my source code repo is kicked off, it immediately launches a CodeBuild environment that downloads Go and Pulumi, runs unit tests, builds my source code into a zip file then deploys my now built code and all of my Pulumi infrastructure to my dev environment, modifying dev resources on that DEV account. I have given that CodeBuild a specific IAM role with access to the s3 bucket that Pulumi uses for state, my bucket with my source code and all other resources Pulumi modifies during deployment. So far all works great. My Problem: Next, after a manual approval step I attempt to deploy my Pulumi infrastructure in my prod environment. This environment is in a PROD account, and I am trying to modify those resources from my CodeBuild in my DEV account where the CodePipeline runs. To try and accomplish this I have attempted to create an IAM role in my PROD account that I can assume in my DEV account. Prod account:
    CodeBuildProdRole:
        Type: AWS::IAM::Role
        Properties:
          RoleName: !Sub ${ProjectName}-codepipeline-deploy-prod-role
          Description: CodePipeline role to deploy dev artifacts and infrastructure changes to production
          AssumeRolePolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Principal:
                  AWS: !Sub arn:aws:iam::${DevAccountId}:role/${ProjectName}-codepipeline-deploy-prod-role
                Action: sts:AssumeRole
          Path: /
          Policies:
            - PolicyName: !Sub ${ProjectName}-codepipeline-deploy-prod-role-policy
              PolicyDocument:
                Version: "2012-10-17"
                Statement:
                - Effect: Allow
                  Resource: !Sub arn:aws:iam::${DevAccountId}:role/${ProjectName}-codepipeline-deploy-prod-role
                  Action: sts:AssumeRole
                - Effect: Allow
                  Action:
                  - s3:*
                  Resource:
                  - arn:aws:s3:::PROD s3 bucket for Pulumi state
                  - arn:aws:s3:::PROD s3 bucket for Pulumi state/*
                ...
    DEV account:
    CodeBuildProdRole:
        Type: AWS::IAM::Role
        Properties:
          RoleName: !Sub ${ProjectName}-codepipeline-deploy-prod-role
          Description: CodePipeline role to deploy dev artifacts and infrastructure changes to production
          AssumeRolePolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Principal:
                  Service: <http://codebuild.amazonaws.com|codebuild.amazonaws.com>
                Action:
                  - sts:AssumeRole
          Policies:
            - PolicyName: !Sub ${ProjectName}-codepipeline-deploy-prod-role-policy
              PolicyDocument:
                Version: "2012-10-17"
                Statement:
                  - Effect: Allow
                    Action: sts:AssumeRole
                    # The role I want to assume from the PROD account
                    Resource: !Sub arn:aws:iam::${ProdAccountId}:role/${ProjectName}-codepipeline-deploy-prod-role
                ...
    When I run Pulumi login (PROD s3 bucket for Pulumi state) I get this access denied error
    [Container] 2022/03/10 20:58:23 Running command pulumi login s3://(PROD s3 bucket for Pulumi state)
    Logged in to (id) as root (s3://(PROD s3 bucket for Pulumi state))
    
    [Container] 2022/03/10 20:58:23 Running command pulumi stack select prod
    error: failed to load checkpoint: blob (key ".pulumi/stacks/prod.json") (code=Unknown): AccessDenied: Access Denied
    I would imagine I need to do the equivalent of
    export AWS_PROFILE="PROD"
    which I do in my terminal to switch account for my user, but I would like to do this for a role. I would rather not start generating credentials on the fly and dynamically populate them as environment variables into CodeBuild. So is there a way I can tell Pulumi to assume a certain role in another account if the role it is currently using is the Principal to the role I want it to use, also making sure it modifies resources in the PROD account although it is running in the DEV account? Any help is much appreciated. Thank you! Ado
    b
    l
    • 3
    • 6
  • b

    billowy-horse-79629

    03/13/2022, 1:59 PM
    Hey guys, I want to create an eks nodepool that will have spot ec2 instances for my development environment. This is what i’m trying to do, and for some reason failing to achieve my goal. This is how I fetch the spot price:
    let spotPrice = aws.ec2.getSpotPriceOutput({instanceType: eksInstanceType}).get()
    and this is the cluster node-pool options:
    {
            instanceType: instanceType,
            desiredCapacity:desiredCapacity,
            minSize: minSize,
            maxSize: maxSize,
            ...(spotPrice) && {spotPrice: spotPrice},
    
        }
    The error that I get is pretty clear, I need to add more filter to the getSpotPriceOutput function. I wonder whether there’s a better way to set the spot price instead of fetching the live spot price, can’t I just set the nodepool to be Spot, without configuring the price ? Thanks guys 🙂
  • p

    purple-plumber-90981

    03/15/2022, 9:27 PM
    hi folks... is there an AWS Sytems Manager Application Mmanager wrapper in pulumi ?
    s
    • 2
    • 5
  • h

    helpful-book-29233

    03/16/2022, 12:21 AM
    Hey all, I was wondering if anyone knows of a way to add cache behaviours and origins to an existing cloudfront.Distribution resource so that different stacks can add behaviours/origins to the same distribution? Ideally I was thinking of something analogous to apigatewayv2.Route which attaches a route to an existing gateway, but this doesn't seem to exist for CloudFront distribution behaviours/origins.
    b
    • 2
    • 2
  • m

    millions-furniture-75402

    03/16/2022, 9:06 PM
    What is the "Pulumi native" way to handle getParameter when one does not exist? I can handle it with the SDK:
    const ssmClient = new aws.sdk.SSM();
    ssmClient.getParameter({ Name: "does-not-exist" }, function (err: any, data: any) {
      if (err) {
        new aws.ssm.Parameter("foo", {
          type: "String",
          value: "bar",
        });
      }
    });
    but it errors when I try to handle one not existing with getParameter:
    pulumi.output(
        aws.ssm.getParameter({
          name: "does-not-exist",
        }),
      ) ||
      new aws.ssm.Parameter("foo", {
        type: "String",
        value: "bar",
      });
    Error: invocation of aws:ssm/getParameter:getParameter returned an error: invoking aws:ssm/getParameter:getParameter: 1 error occurred:
            * Error describing SSM parameter (doesn-not-exist): ParameterNotFound:
    s
    l
    • 3
    • 5
  • r

    rhythmic-whale-48997

    03/17/2022, 9:19 AM
    Anyone has an example using cloudinit or userdata with managed node group? I'm struggling to create everything, and I need to modify
    resolv.conf
    on the worker nodes. I'm using Typescript. Launch template is killing me
  • b

    busy-lion-51883

    03/18/2022, 12:45 PM
    tldr issue: stacks created via codebuild are not tagged with github/vcs tags _________________________ more detail: I am using the following pulumi cli commands in my codebuild buildspec:
    - pulumi stack select -c -s <my fully qualified stack name>
    - pulumi up -s <my fully qualified stack name> --skip-preview --yes
    if the stack doesn’t exist yet, it is successfully created (due to the -c flag in the stack select). But the correct vcs and github tags are not created. In particular it looks I should expect the following to be set:
    gitHub:owner
    gitHub:repo
    vcs:kind
    vcs:owner
    vcs:repo
    I have found a work around by manually adding these tags after the
    pulumi up
    , but is there something I can do to have these tags auto generated?
    l
    • 2
    • 1
  • q

    quiet-gold-81036

    03/21/2022, 11:00 AM
    hi all, we’re trying to switch to AWS SSO but when using Pulumi’s S3 backend, it keeps throwing
    SharedConfigErr: only one credential type may be specified per profile: source profile, credential source, credential process, web identity token, or sso
    we have to use
    credential_process
    for the SDK so I tried to create a separate profile for Pulumi:
    [pulumi-tst]
    region = us-east-1
    sso_start_url = <https://d-XXXX.awsapps.com/start>
    sso_region = us-east-1
    sso_account_id = XXXXAccountId
    sso_role_name = XXXRole
    but the backend doesn’t seem to respect
    aws:profile
    config form the stack, it only works if I specify it as an env variable
    AWS_PROFILE
    which isn’t very ergonomic for developers to manage separate profiles for the appand Pulumi. would love any pointers you have may
    i
    l
    b
    • 4
    • 7
  • e

    echoing-actor-55539

    03/22/2022, 7:48 PM
    using pulumi typescript and setting the attemptDurationSeconds on my batch job definition however job timeout does appear to be getting set in aws. anybody else experience / notice this?
  • q

    quaint-guitar-13446

    03/23/2022, 11:31 PM
    I've recently upgraded to an M1 Mac, and my docker builds are ARM64 which doesn't work on default Fargate. Would this be considered a bug? If I'm targeting Fargate shouldn't my docker builds target the correct platform?
    p
    g
    • 3
    • 5
  • c

    clever-dog-35937

    03/24/2022, 4:04 PM
    Is there a way to generate a signed url for an s3 object and provide as output that I'm missing?
    s
    • 2
    • 2
  • w

    worried-city-86458

    03/25/2022, 10:58 PM
    I'm hitting an issue with https://github.com/pulumi/pulumi-aws/releases/tag/v5.0.0 with the change to eks cluster certificate authorities
    • 1
    • 10
  • w

    wonderful-twilight-70958

    03/28/2022, 5:41 PM
    Any good way of debugging this? (trying to create a pretty vanilla EKS cluster)
    error: TypeError: Cannot read properties of undefined (reading 'data')
            at /home/john/projects/pulumi-quicktest/node_modules/@pulumi/cluster.ts:567:105
            at /home/john/projects/pulumi-quicktest/node_modules/@pulumi/output.ts:383:31
            at Generator.next (<anonymous>)
            at /home/john/projects/pulumi-quicktest/node_modules/@pulumi/pulumi/output.js:21:71
            at new Promise (<anonymous>)
            at __awaiter (/home/john/projects/pulumi-quicktest/node_modules/@pulumi/pulumi/output.js:17:12)
            at applyHelperAsync (/home/john/projects/pulumi-quicktest/node_modules/@pulumi/pulumi/output.js:229:12)
            at /home/john/projects/pulumi-quicktest/node_modules/@pulumi/output.ts:302:65
            at runMicrotasks (<anonymous>)
            at processTicksAndRejections (node:internal/process/task_queues:96:5)
    That
    cluster.ts
    doesn't exist at that location, and the
    cluster.js
    in the
    eks
    directory doesn't have anything meaningful on line 567
  • w

    wonderful-twilight-70958

    03/28/2022, 5:41 PM
    Also
    -v 10
    doesn't seem to do anything 👀 (I get no additional debugging output)
    g
    b
    • 3
    • 6
  • a

    ambitious-father-68746

    03/28/2022, 5:44 PM
    Hi, I'm trying to switch to v5.1.0 of the Pulumi AWS provider, but I'm hitting a problem with RDS Instaces. The documentation says that
    name
    has been deprecated in favor of
    db_name
    . Indeed, this shows up when I run Pulumi:
    ├─ aws:rds:Instance         db1              [diff: +name-dbName]; 1 warning
    warning: name is deprecated: Use db_name instead
    But when I actually make the code change to
    db_name
    , Pulumi wants to replace all my databases:
    +-  ├─ aws:rds:Instance           db1                 replace     [diff: +dbName]
    I'm not sure how to progress from here, I've checked the state file and it mentions
    dbName
    , not
    name
    , so I wonder why it complains. Thank you.
    b
    a
    • 3
    • 5
  • b

    breezy-diamond-32138

    03/29/2022, 9:35 AM
    Hi, I’m using EKS, and want to migrate from the default node group to a managed node group. How do I link the new nodes to the same security group as the old nodes? This was my previous code that generates the cluster and nodes:
    // Create an EKS cluster with the default configuration.
    export const cluster = new eks.Cluster(addPrefix("cluster"), {
      vpcId: stampVpc.id,
      privateSubnetIds: stampVpc.privateSubnetIds,
      publicSubnetIds: stampVpc.publicSubnetIds,
      nodeAssociatePublicIpAddress: false,
      encryptRootBlockDevice: true,
      version: config.require("eks.version"),
    
      desiredCapacity: config.requireNumber("eks.desiredCapacity"),
      minSize: config.requireNumber("eks.minSize"),
      maxSize: config.requireNumber("eks.maxSize"),
      instanceType: config.require<aws.ec2.InstanceType>("eks.instanceType"),
      nodeAmiId: config.get("eks.ami") ?? latestAmiId,
    
      enabledClusterLogTypes: ["api", "audit", "authenticator", "controllerManager", "scheduler"],
      endpointPublicAccess: true, // TODO: Change this...
      endpointPrivateAccess: true,
      createOidcProvider: true,
    
      roleMappings: [
        {
          groups: ["system:masters"],
          roleArn: deployerAdminRole.arn,
          username: "argocd-deployer"
        }
      ],
    
      publicAccessCidrs: CNC_IPS,
      encryptionConfigKeyArn: clusterEncryptionKey.arn,
      providerCredentialOpts: {
        profileName: AWS_PROFILE,
        roleArn: AWS_ROLE_ARN
      }
    });
    And this is the new code:
    cluster = new eks.Cluster(addPrefix("cluster"), {
      skipDefaultNodeGroup: true,
      vpcId: stampVpc.id,
      privateSubnetIds: stampVpc.privateSubnetIds,
      publicSubnetIds: stampVpc.publicSubnetIds,
      nodeAssociatePublicIpAddress: false,
      encryptRootBlockDevice: true,
      instanceRole: instanceRole,
      version: config.require("eks.version"),
    
      enabledClusterLogTypes: ["api", "audit", "authenticator", "controllerManager", "scheduler"],
      endpointPublicAccess: true, // TODO: Change this...
      endpointPrivateAccess: true,
      createOidcProvider: true,
    
      roleMappings: [
        {
          groups: ["system:masters"],
          roleArn: deployerAdminRole.arn,
          username: "argocd-deployer"
        }
      ],
    
      publicAccessCidrs: CNC_IPS,
      encryptionConfigKeyArn: clusterEncryptionKey.arn,
      providerCredentialOpts: {
        profileName: AWS_PROFILE,
        roleArn: AWS_ROLE_ARN
      },
    });
    
    // Create a simple AWS managed node group using a cluster as input.
    managedNodeGroup = eks.createManagedNodeGroup("my-cluster-ng", {
      cluster: cluster,
      nodeGroupName: "aws-managed-ng1",
      nodeRole: instanceRole,
      amiType: "AL2_x86_64",
      instanceTypes: [config.require<aws.ec2.InstanceType>("eks.instanceType")],
      // releaseVersion: config.get("eks.ami") ?? latestAmiId,
      // labels: { "ondemand": "true" },
      scalingConfig: {
        minSize: config.requireNumber("eks.minSize"),
        maxSize: config.requireNumber("eks.maxSize"),
        desiredSize: config.requireNumber("eks.desiredCapacity")
      },
    }, cluster);
    However the security group of the nodes changes and other resources that take the
    cluster.nodeSecurityGroup.id
    get messed up. How do I link the same security group with the new nodes? Thanks
    b
    • 2
    • 2
  • r

    rhythmic-whale-48997

    03/29/2022, 1:46 PM
    Is there a way to prevent NodeGroup to create EC2 instances with public ip? I'm creating a new NodeGroup, and my EC2 instances have public ip and public dns. If I create ManagedNodeGroup, then EC2 are private
    b
    p
    • 3
    • 15
  • a

    astonishing-quill-88807

    03/29/2022, 2:28 PM
    Has anyone been able to use an instance profile on an EC2 instance for authenticating with the default AWS provider? It seems like it defaults to disabling the EC2 metadata access and validating credentials. I was able to override those values and get things working on <5.0 but I'm hitting the same set of errors again after the update.
    b
    b
    • 3
    • 11
  • q

    quaint-air-36266

    03/30/2022, 3:49 AM
    Hey Pulumi - got a question about AWS Security Groups. If I create a security group with an egress rule that doesn’t contain a
    cidrBlock
    (screenshot), Pulumi creates an empty security group in AWS without an egress rule. But, in Pulumi’s stack output, it says that the egress rule exists. Even after a refresh the state is not updated. Only when I create an egress (or ingress) rule with a
    cidrBlock
    does Pulumi function as expected. Any idea why this would be happening?
    b
    l
    • 3
    • 2
  • q

    quiet-architect-91246

    03/30/2022, 10:20 AM
    Hi everyone, im trying to get the folowing setup working with pulumi: • create a EventRule in EventBridge bus that matches certain events and forwards them to a sqs queue • the sqs then triggers a lambda function Whats working so far: • if I create an event in the sqs manually it trigges the lambda • the initial event reaches the eventbus (checked with another eventrule that prints to CloudWatch loggroup) Problem: • it seems the event is not being forwarded from EventBridge to sqs Additional: I managed to "resolve" the issue by running a clean pulumi up, then creating an additional target in the EventRule that matches exactly the already configured target (and therefore ioverwrites it in aws) in the aws console. Only then is the event forwarded from EventBridge to sqs. Interestingly if I run a pulumi up after doing the change in the console pulumi doesnt detect any changes its trying to overwrite. This obviously is no permanent solution. Any help would be great!
  • s

    stocky-petabyte-29883

    03/30/2022, 2:40 PM
    Hi Question around best practices. We are currently upscaling to multi region deployments and creating our stack from scratch. We created an AWS organisation and we will be creating different accounts here for different prod accounts. We have existing iam admin users in our management AWS account and they will be used for assuming a role for different test/prod accounts to interact with those accounts I am wondering what is the best practice with pulumi. How we are visualising our suite at present is to have projects with multiple stacks where each stack is pointing to an environment. However regarding the creds for the AWS account we are under a slight dilemma. We have considered two options, both we like and dislike at the same time. 1. Create iam users in the child AWS accounts aswell and use those credentials for pulumi. However with a growing number of regions this means a fair amount of creds to store and switch between each stack deployment. 2. Use the iam user in the management account, use the single set of credentials of the user for all resources and stacks by creating a provider which assumes the role and making the account id configurable, however this means we will need to pass in the provider across every resources we create and if someone misses using the provider it ll be devastating. I am wondering if there is any best practices that pulumi suggests in this scenario.
    b
    • 2
    • 9
  • b

    best-train-86003

    03/30/2022, 2:50 PM
    Hi Everyone i am trying to update my pulumi version from 2.20.0 into 3.27.0. i also updated pulumi-aws from 3.28.1 to 5.1.0. While deploying the stack i saw errors like: error: 1 error occurred: * updating urn😛ulumi:dev::backend-stacks::aws:sqs/queue:Queue::Leads-dev-SqsLeadsFallback: 1 error occurred: * error waiting for SQS Queue (**) attributes to update: timeout while waiting for state to become 'equal' (last state: 'notequal', timeout: 2m0s) is any of you guys familiar with this kind of error?
    b
    • 2
    • 7
Powered by Linen
Title
b

best-train-86003

03/30/2022, 2:50 PM
Hi Everyone i am trying to update my pulumi version from 2.20.0 into 3.27.0. i also updated pulumi-aws from 3.28.1 to 5.1.0. While deploying the stack i saw errors like: error: 1 error occurred: * updating urn😛ulumi:dev::backend-stacks::aws:sqs/queue:Queue::Leads-dev-SqsLeadsFallback: 1 error occurred: * error waiting for SQS Queue (**) attributes to update: timeout while waiting for state to become 'equal' (last state: 'notequal', timeout: 2m0s) is any of you guys familiar with this kind of error?
b

billowy-army-68599

03/30/2022, 3:26 PM
we've had another issue for this in the last 24 hours if I recall, could you open an issue at github.com/pulumi/pulumi-aws with a repro please
b

best-train-86003

04/03/2022, 4:52 PM
i didn't manage to reproduce it in any other environment other than the one i am working on. i also tried to increase the timeouts by setting
customTimeouts
property but it didn't help. The timeouts remain on 2m. what else can i do?
@billowy-army-68599 now i deleted the resources from the stack state using
pulumi state delete
However, it failed again on creation and not update. the timeout there is still "2m"
@billowy-army-68599 i opened issue in github like you instructed me to do: https://github.com/pulumi/pulumi-aws/issues/1893
b

billowy-army-68599

04/04/2022, 3:23 PM
@best-train-86003 can you please add code to allow us to repro the issue
b

best-train-86003

04/05/2022, 10:28 AM
@billowy-army-68599 here is the code:
import * as aws from "@pulumi/aws";


const q = new aws.sqs.Queue('Experts-CS-dev-Experts-CSLambda20220404121254156400000016', {
    kmsDataKeyReusePeriodSeconds: 300,
    maxMessageSize: 10240,
    messageRetentionSeconds: 604800,
    namePrefix: 'Experts-CS-dev-Experts-CSLambda',
    policy: '{"Statement":[{"Action":["sqs:SendMessage"],"Condition":{"ArnEquals":{"aws:SourceArn":"arn:aws:sns:eu-west-1:225051786593:Experts-CS-dev-f8eba3f"}},"Effect":"Allow","Principal":{"Service":"<http://sns.amazonaws.com|sns.amazonaws.com>"},"Resource":"*"}]}',
    redrivePolicy: '{"deadLetterTargetArn":"arn:aws:sqs:eu-west-1:225051786593:Experts-CS-dev-Experts-CSLambda-dlq-8672972","maxReceiveCount":10}',
    tags: {
        costCenter: 'operations',
        org: 'cliotechweb',
        project: 'backend-stacks',
        stack: 'dev'
    },
    visibilityTimeoutSeconds: 30
})

exports.queueName = q.id;
i will add it also to the issue
View count: 26