https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • s

    stocky-petabyte-29883

    03/31/2022, 12:43 PM
    Hi I am trying to export outputs from resources created inside a loop using typescript. However the accountOutput is always empty. I am wondering whats the right approach to do this.
    let accountDetails = [
        {name: 'test', email: '<mailto:testt@example.io|testt@example.io>', environment: 'test', billingInfoAccess: 'ALLOW'}
    ];
    
    var accountOutput: { accountName: string, accountId: string }[] = [];
    
    for (const accountDetail of accountDetails) {
        const account = new aws.organizations.Account(accountDetail.name, {
            email: accountDetail.email,
            iamUserAccessToBilling: accountDetail.billingInfoAccess,
            name: accountDetail.name,
            tags: {
                Environment: accountDetail.environment
            },
        });
    
        account.arn.apply(arn => {
            console.log(arn);
            accountOutput.push({accountName: accountDetail.name, accountId: arn})
        })
    };
    
    
    export const outputs = {
        accountInfo: accountOutput,
    }
  • l

    lively-waitress-2524

    04/01/2022, 1:21 AM
    Hi, I was wondering about some unexpected behavior I'm seeing from
    pulumi stack output
    inside of Github actions. When I run
    pulumi stack output website_url
    on my local, it prints the bucket URL with the AWS region
    us-west-2
    included (
    <http://s3-website-bucket-1234567.s3-website-us-west-2.amazonaws.com|s3-website-bucket-1234567.s3-website-us-west-2.amazonaws.com>
    ) while my Github action sets the region as `***`:
    s3-website-bucket-1234567.s3-website-***.<http://amazonaws.com|amazonaws.com>
    . My Github action uses
    steps.<id>.outputs.website_url
    to access the value (
    run: echo ${{ steps.publish_website.outputs.website_url }}
    , but I don't know why it would be different. I thought this was worth mentioning because the preceding
    curl
    test succeeds with the same value, almost as if it's using a different URL than what I'm seeing in the Github web console logs. The test reads
    curl -I s3-website-bucket-4ac29a1.s3-website-***.<http://amazonaws.com|amazonaws.com>
    . For reference, the project is the S3 static website on AWS Python tutorial and the Github Action is the push workflow for Python.
  • q

    quaint-guitar-13446

    04/01/2022, 1:38 AM
    Is there any way to update
    ephemeralStorage
    for a
    FargateTaskDefinition
    ? https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-task-storage.html
    • 1
    • 1
  • w

    witty-park-12681

    04/01/2022, 9:29 PM
    Hey yall - running into an issue after refactoring a deployment to use it's own VPC - now I'm running into a problem when trying to update the environment.
    error: 1 error occurred:
    	* updating urn:pulumi:STAGE::rms-strata::aws:lb:ApplicationLoadBalancer$aws:lb/loadBalancer:LoadBalancer::strata-lb-stage: 1 error occurred:
    	* failure Setting LB Security Groups: InvalidConfigurationRequest: Security group 'sg-08d526aacc421c6e8' does not belong to VPC 'vpc-ee8dcb97'
    	status code: 400, request id: a925e681-199d-48a8-bd0d-31ce8344a40e
    Hoping to find a way around this since there is data in this environment that can't be lost. I don't want to tear down the entire thing. What options do I have to get around this?
    b
    • 2
    • 5
  • w

    witty-pharmacist-42636

    04/03/2022, 1:06 PM
    Hi guys! I’m new to pulumi, but with help of docs I’ve managed to build infrastructure as I wanted. Now I try to move it to Github Actions and in preview I get this error after docker image is successfully built. This doesn’t happen locally. I’ve been googling for few hours now and I don’t have a clue of what is going on. I’ve created a dedicated AWS user for Pulumi with full access and I’m using this users access key id and secret access key in my GH Actions. It looks like Pulumi can’t push an image to ECR. Here is my job setup:
    preview_iaac:
        name: Preview IaaC
        runs-on: ubuntu-latest
        steps:
          - uses: actions/checkout@v2
          - uses: actions/setup-python@v2
            with:
              python-version: 3.8
          - name: Configure AWS Credentials
            uses: aws-actions/configure-aws-credentials@v1
            with:
              aws-access-key-id: ${{ secrets.PULUMI_AWS_ACCESS_KEY_ID }}
              aws-secret-access-key: ${{ secrets.PULUMI_AWS_SECRET_ACCESS_KEY }}
              aws-region: ${{ secrets.STAGING_AWS_DEFAULT_REGION }}
          - run: pip install pipenv && pipenv lock -r > requirements.txt && pip install -r requirements.txt
          - uses: pulumi/actions@v3
            with:
              command: preview
              stack-name: ***/dev
            env:
              PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
    Here is an output that I get:
    docker:image:Image ***-api-dev-django-dockerimage  Successfully built 481a2e057dd2
          docker:image:Image ***-api-dev-django-dockerimage  Successfully tagged ***.dkr.ecr.***.<http://amazonaws.com/***-api-dev-ecr-repo-5b4a376:latest|amazonaws.com/***-api-dev-ecr-repo-5b4a376:latest>
          pulumi:pulumi:Stack ***-dev running error: Program failed with an unhandled exception:
          pulumi:pulumi:Stack ***-dev running error: Traceback (most recent call last):
          pulumi:pulumi:Stack ***-dev running error: an unhandled error occurred: Program exited with non-zero exit code: 1
          pulumi:pulumi:Stack ***-dev  3 errors
       
      Diagnostics:
        pulumi:pulumi:Stack (***-dev):
          error: Program failed with an unhandled exception:
          error: Traceback (most recent call last):
            File "/opt/hostedtoolcache/pulumi/3.28.0/x64/pulumi-language-python-exec", line 107, in <module>
              loop.run_until_complete(coro)
            File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
              return future.result()
            File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 126, in run_in_stack
              await run_pulumi_func(lambda: Stack(func))
            File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 51, in run_pulumi_func
              await wait_for_rpcs()
            File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 110, in wait_for_rpcs
              raise exception
            File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pulumi/output.py", line 98, in is_value_known
              return await is_known and not contains_unknowns(await future)
            File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pulumi/output.py", line 214, in run
              return await cast(Awaitable[U], transformed)
            File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pulumi_docker/docker.py", line 243, in build_and_push_image
              build_result = await build_image(base_image_name, path_or_build, log_resource, cache_from)
            File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pulumi_docker/docker.py", line 444, in build_image
              raise ResourceError(
          pulumi_docker.docker.ResourceError: No digest available for image ***.dkr.ecr.***.<http://amazonaws.com/***-api-dev-ecr-repo-5b4a376|amazonaws.com/***-api-dev-ecr-repo-5b4a376>
          error: an unhandled error occurred: Program exited with non-zero exit code: 1
       
      
      
       stderr: 
       err?: 
      
      (node:1766) UnhandledPromiseRejectionWarning: Error: ENOENT: no such file or directory, stat '/tmp/automation-logs-preview-pp2jEL/eventlog.txt'
      (node:1766) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see <https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode>). (rejection id: 2)
      (node:1766) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
    g
    s
    • 3
    • 5
  • m

    mammoth-art-6111

    04/04/2022, 8:02 PM
    ive noticed that pulumi will import AWS managed policies without issue; this raised a couple of questions in my mind. 1) isn't that problematic? you can't really change them 2) how would you normally refer to an aws-managed resource in pulumi? are there helper libs for that?
    m
    l
    • 3
    • 4
  • d

    dry-teacher-74595

    04/04/2022, 8:16 PM
    whats the recommended way of deleting a aws certificate? im removing a elasticbeanstalk application and moving it to EKS, while trying to delete the existing stack it fails to delete the certificate created
  • d

    dry-teacher-74595

    04/04/2022, 8:16 PM
    saying it’s in use
    b
    • 2
    • 1
  • w

    witty-park-12681

    04/05/2022, 3:33 AM
    Hey y'all question for Pulumi for RDS. Documentation states the following.
    snapshotIdentifier
    string
    
    Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05.
    Is this the
    snapshot name
    ? There is nothing in aws RDS specifically called
    snapshot ID
    .. there is
    ARN
    curious if this documentation should be updated?
    l
    • 2
    • 3
  • b

    best-train-86003

    04/05/2022, 12:07 PM
    Hi Guys -
  • b

    best-train-86003

    04/05/2022, 12:08 PM
    Hi Guys - i really need your help here - i opened an issue https://github.com/pulumi/pulumi-aws/issues/1893 deployment runs fail on timeout. Can someone help me out on this? i truly don't know what else to do
    b
    • 2
    • 2
  • d

    dry-teacher-74595

    04/05/2022, 7:04 PM
    running pulumi up, and theres a change
    ├─ aws:acm:Certificate               frontend-dev-cert                                                                                      [diff: +__defaults]
    while actually running this, this tries to delete the certificate, and after waiting like half a hr, it gives me an error saying
    certificates in use
  • d

    dry-teacher-74595

    04/05/2022, 7:05 PM
    i didnt actually make any changes to this cert, but i added more things into the hosted zone.
    l
    • 2
    • 1
  • d

    dry-teacher-74595

    04/05/2022, 7:05 PM
    is there a way to get around this?
  • q

    quaint-guitar-13446

    04/06/2022, 12:45 AM
    Using
    cloud-aws
    : • What is the best way to get a secret into a
    RouteHandler
    ? • Is there authentication for
    API
    ?
    m
    • 2
    • 4
  • q

    quaint-guitar-13446

    04/06/2022, 7:13 AM
    Additionally, with Pulumi Cloud, is there a way (or future plans for a way) to access the underlying generated infrastructure? Like at some point could you easily "eject" from Pulumi Cloud?
    m
    • 2
    • 4
  • a

    aloof-dress-1001

    04/06/2022, 9:01 AM
    Hey guys, Quick question, i'm trying to deploy a Glue data catalog table with pulumi (using python deployment). I'm creating a glue schema, and i cant figure out how to base my table on the schema inside pulumi. how can i use the supporting types that are seen in the documenation?
    g
    • 2
    • 4
  • a

    aloof-dress-1001

    04/06/2022, 9:02 AM
    glue_schema_for_affected_entities = aws.glue.Schema("schema-for-glue-ent",
    schema_name="affected_entities",
    registry_arn=f"arn:aws:glue:{aws_region.id}:{user_id.id}:registry/default-registry",
    data_format="JSON",
    compatibility="NONE",
    schema_definition=entities_data
    )
    aws_glue_catalog_table = aws.glue.CatalogTable("glue-table",
    database_name="glue-for-xm-database",
    name="glue-table",
    opts=pulumi.ResourceOptions(depends_on=[aws_glue_catalog_database])
    )
  • a

    aloof-dress-1001

    04/06/2022, 9:02 AM
    This is the pulumi python code for the schema and table
  • r

    rapid-keyboard-69273

    04/07/2022, 8:23 AM
    Hello guys. I need to create an aws.acm.Certificate after creating self signed certificate with new pvk.SelfSignedCert call. At the first pulumi up, the aws.acm.Certificate call fails with the following error: "* error importing ACM Certificate: ValidationException: The certificate is valid in the future. You can Import a certificate only during its validity period." If I retry the with 'pulumi update' after a few seconds, everything goes fine and the acm certificate is correctly created. Any suggestion..?....thanks so much.
    g
    • 2
    • 8
  • p

    prehistoric-london-9917

    04/08/2022, 2:47 AM
    Hi! Hoping the Pulumi hive mind can help me here. A while back I created a stack using a KMS key as the secrets manager. I removed all the stack resources, but didn’t delete the stack itself. Fast forward a few months and I replaced the KMS key that I’d used, but reused the same alias. Now, when I try to remove the stack created with the old KMS key (but same alias), I get:
    error: constructing secrets manager of type "cloud": secrets (code=Unknown): AccessDeniedException: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.
    	status code: 400, request id: bda7408f-f87b-43a1-86bd-bf0671c0346d
    I have no issues creating/removing a new stack with the same KMS alias as the backing key still exists. Any idea how I can remove that stack? I can just nuke it from the state bucket, but I’m wondering if there’s a more idiomatic way.
    l
    • 2
    • 2
  • f

    faint-balloon-33174

    04/11/2022, 2:30 PM
    I have gotten into a situation where I cannot destroy my stack due to an ALB being in use by a listener or a rule and a security group being in use. Should I manually delete these objects or will I get into an even worse state?
    b
    • 2
    • 3
  • f

    faint-balloon-33174

    04/12/2022, 2:51 PM
    How can I make it so Pulumi creates a new WebACL and associates it with resources (a CloudFront Distribution) before deleting the old one?
    Error deleting WAFv2 WebACL: WAFAssociatedItemException: AWS WAF couldn't perform the operation because your resource is being used by another resource or it's associated with another resource.
    b
    • 2
    • 2
  • s

    stocky-petabyte-29883

    04/12/2022, 2:52 PM
    Hi I am using pulumi/eks to create a cluster and nodegroup. We use aws sso to switch between profiles. We logged with sso to the corresponding account and fetched our credentials. We then set the profile using
    export AWS_PROFILE=XXXX
    to set our profile. When we run pulumi up we are getting an error.
    Error: It looks like you're using AWS profiles. Please specify this profile in providerCredentialOpts
    I think this issue only happens when using crossrails EKS and not aws-classic(could be wrong here). I know there is a profile key in providerCredentialOpts I can add, but we can't ensure everyone who uses pulumi uses the same naming for their aws profiles. Am I missing something here?
    b
    • 2
    • 1
  • m

    millions-umbrella-34765

    04/12/2022, 9:09 PM
    I'm looking at provisioning a WAF/Web ACL, I'm not clear how you can refer to managed rule groups like "Core rule set" to add to the web acl. Any examples?
    v
    • 2
    • 11
  • s

    some-kitchen-64615

    04/13/2022, 7:13 PM
    UnsupportedActionException: The resource AWS::S3::Bucket is not yet supported via Cloud Control API
    - is it true or I'm doing something completely wrong?
    b
    m
    • 3
    • 10
  • a

    ambitious-forest-23664

    04/14/2022, 9:36 AM
    The pulumi article on Lambda Function URL doesn’t contain a working example. I can’t call the URL that is created because the Lambda is lacking a critical permission (
    lambda:InvokeFunctionUrl
    ) and I don’t know how to add it because I don’t know how to add the necessary condition using the classic
    aws.lambda.Permission
    resource. Any help?
    v
    • 2
    • 12
  • g

    great-sunset-355

    04/14/2022, 10:56 AM
    Hi we are using ECS Service deployed via pulumi https://www.pulumi.com/registry/packages/aws/api-docs/ecs/service/ with enabled the circuit breaker and roll back but it never kicks in It looks like the root cause is this issue: https://github.com/aws/containers-roadmap/issues/1206#issuecomment-840124853 Are there any workarounds you'd suggest?
  • n

    nice-father-44210

    04/14/2022, 2:11 PM
    Is there support for this feature yet by chance? https://aws.amazon.com/blogs/aws/new-additional-checksum-algorithms-for-amazon-s3/
    h
    • 2
    • 1
  • b

    bitter-eve-53295

    04/17/2022, 6:57 PM
    Has anyone used SSM sessions manager to ssh tunnel to private instances from a pulumi program? I'm thinking about creating a dynamic provider and I'm curious if anyone else has ever tried something like that
    p
    g
    • 3
    • 5
Powered by Linen
Title
b

bitter-eve-53295

04/17/2022, 6:57 PM
Has anyone used SSM sessions manager to ssh tunnel to private instances from a pulumi program? I'm thinking about creating a dynamic provider and I'm curious if anyone else has ever tried something like that
p

polite-napkin-90098

04/18/2022, 1:25 PM
No, but it does sound interesting to me, please keep us posted :-)
👍 1
g

green-musician-49057

04/19/2022, 4:48 PM
I am looking into this currently as well. We're using Golang and dynamic providers in Go are not supported yet 😢 We're thinking of using the
Command
pkg to use the aws CLI to use SendCommand. Verbose, but it should work?
👍 1
b

bitter-eve-53295

04/19/2022, 5:05 PM
That's one way I was thinking of doing it but couldn't use command in Python
g

green-musician-49057

04/19/2022, 5:08 PM
Really? The repo says its usable in any pulumi language https://github.com/pulumi/pulumi-command
b

bitter-eve-53295

04/19/2022, 7:29 PM
I don't remember what the problem was exactly, I think I gave it all of 5 minutes. Keep me posted if you get that tho
View count: 8