https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • b

    broad-dog-22463

    04/19/2022, 10:54 PM
    Hi all, We are looking to find a few of our community users to help give us some feedback on the new changes we are adding the pulumi-awsx. If we have some users of AWSX or some people waiting to use AWSX then please do let us know and we can talk
    l
    f
    +2
    • 5
    • 8
  • g

    glamorous-camera-26392

    04/20/2022, 6:39 AM
    i’ve been running in to an issue with awsx.ecs. initial deployments work fine, but when we try to push new versions the task definition is being marked as
    inactive
    , but the task is not stopped, so the new definition is never used to create new tasks. relevant ecs code looks like
    const cluster = new awsx.ecs.Cluster('mycluster', { vpc });
    const myecs = new awsx.ecs.EC2Service('myservice', {
      cluster,
      securityGroups,
      taskDefinitionArgs: {
        containers: {
          flyway: {
            image: 'my/flyway:latest',
            entryPoint: ['/bin/sh'],
            command: ['-c', 'flyway -url=${JDBC_URL} -user=${POSTGRES_USER} -password=${POSTGRES_PASSWORD} migrate'],
            cpu: 1,
            memory: 1024,
            essential: false,
            environment: [
              { 'name': 'POSTGRES_PASSWORD', 'value': dbPassword },
              { 'name': 'JDBC_URL', 'value': jdbcUrl },
              { 'name': 'POSTGRES_USER', 'value': dbUsername },
            ],
          },
          myservice: {
            image: 'my/service:latest',
            cpu: 2,
            memory: 2750,
            environment: [
              { 'name': 'JDBC_PASSWORD', 'value': dbPassword },
              { 'name': 'JDBC_URL', 'value': jdbcUrl },
              { 'name': 'JDBC_USER', 'value': dbUsername },
            ],
            portMappings: [web],
            essential: true,
            dependsOn: [{
              containerName: 'flyway',
              condition: 'SUCCESS'
            }],
          },
        },
      },
    });
  • b

    billowy-horse-79629

    04/20/2022, 8:41 AM
    Hey guys, Does someone have an idea how to activate MFA on AWS account for pulumi ? Also using github actions, so if someone know about good Action to use it could be great. Thanks 🙂
    b
    • 2
    • 12
  • f

    fancy-eve-82724

    04/20/2022, 8:48 PM
    I've upgraded to the pulumi-aws 5.1.3 provider from an older 4.26.0 version I was using previously. I'm now encountering a few deprecation warnings re S3 Buckets and BucketObjects:
    warning: bucket is deprecated: Use the aws_s3_object resource instead
    ➕ 1
  • f

    fancy-eve-82724

    04/20/2022, 8:49 PM
    Any recommendations on how to migrate my Pulumi config forward without having to recreate my buckets and objects therin?
    m
    • 2
    • 2
  • m

    miniature-oxygen-33318

    04/21/2022, 3:46 PM
    Hi I’m using python and aws and need to unit test some functions which use
    pulumi_aws.apigateqway.RestApi
    I have a class which has an input arg `api`type
    pulumi_aws.apigateway
    (`api:
    pulumi_aws.apigateway
    )and I need to test the values of
    api.id
    and `api.id.apply`but I’m struggling to work out how to mock this up. I found this https://www.pulumi.com/docs/guides/testing/unit/ but I can’t work out how to apply it to my case - is there more documentation; or preferably more complex examples to follow? Thanks!
  • a

    acoustic-truck-53557

    04/21/2022, 7:15 PM
    I'm trying to enable AWS Inspector using Pulumi, but I can't get it working. AWS Classic provider seems to have only the classic Inspector, while AWS Native Provider seems incomplete, with only the Filter class https://www.pulumi.com/registry/packages/aws-native/api-docs/inspectorv2/ Does anyone know how to enable AWS Inspector using Pulumi?
  • f

    fierce-manchester-32400

    04/21/2022, 7:16 PM
    hi, new to pulumi, how can I do an import over my whole aws deployment vs individual resources?
    p
    • 2
    • 1
  • s

    stocky-petabyte-29883

    04/22/2022, 10:01 AM
    Hi Do you guys have any general examples of creating aws aurora cluster and instances via pulumi aws classic? Thanks
    g
    • 2
    • 4
  • m

    magnificent-church-42829

    04/22/2022, 5:55 PM
    Hi, I am a relatively new user of Pulumi and IaC in general, but i’m loving the experience. I have a question about pulumi destroy and the order of steps when deleting resources. I create an internet gateway and map 2 public subnets to it via routetableassociation but when i execute pulumi destroy i get an error about not being able to detach the internet gateway from the VPC because there are still public subnet addresses mapped to it. Here is the error message:
    p
    • 2
    • 6
  • m

    magnificent-church-42829

    04/22/2022, 5:58 PM
    the same problem with a security group. That security group is the source for another security group so presumably there is an issue with the ordering of destroy steps
  • i

    icy-controller-6092

    04/24/2022, 12:59 AM
    when creating customer api keys for api gateway, would I do that through Pulumi or does it make more sense to use the AWS Console
  • w

    worried-terabyte-60325

    04/24/2022, 7:50 AM
    Hi folks, I met an issue on creating aws serviceRole with pulumi, some code example needs to be updated. In pulumi's doc, rolePolicy string is
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "AllowAssumeRole",
          "Effect": "Allow",
          "Principal": "<http://ec2.amazonaws.com|ec2.amazonaws.com>",
          "Action": "sts:AssumeRole"
        }
      ]
    }
    Which is different from AWS' doc
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
          },
          "Action": "sts:AssumeRole"
        }
      ]
    }
    Different schema on
    Principal
    field. And that will cause error like:
    Error creating IAM Role xxx-role-53da5df: MalformedPolicyDocument: Syntax error at position (6,41)
    .
  • w

    worried-terabyte-60325

    04/24/2022, 10:42 AM
    Is there a solution to attach
    ExtraNodeSecurityGroups
    to a NodeGroup? I met the same issue as https://github.com/pulumi/pulumi-eks/issues/616, have got any luck to solve it by my own😢
  • q

    quaint-book-39362

    04/25/2022, 10:37 PM
    is there an example of using a aws*.lambda.*Function with crosswalk apigateway? i want to invoke a container image lambda function with aws_proxy integration mode so that the lambda function can be a rest api with routing
  • q

    quaint-book-39362

    04/25/2022, 10:38 PM
    i believe i do need aws_proxy for this, but https://www.pulumi.com/docs/guides/crosswalk/aws/api-gateway/ has no examples of it
  • a

    average-school-38756

    04/26/2022, 7:11 PM
    i created an EventTarget for an event bus with a CloudWatch LogGroup as the ARN, but there are no logs being written to it. This pattern works when the target is defined from the console. i thought at first that the console might have transparently made some IAM changes, but that's not so - there are no new roles or policies created. Is it possible to write this implementation with Pulumi?
    v
    • 2
    • 3
  • t

    thousands-area-40147

    04/26/2022, 9:01 PM
    Heyo, any timeline on when Aurora Serverless v2 will be supported by the AWS Classic provider? Cheers!
    b
    • 2
    • 6
  • m

    magnificent-church-42829

    04/26/2022, 10:41 PM
    i have a postgres hosted in an ec2 instance on a private subnet. I need to copy over and run some intialization scripts to open connections, create a database and user, etc. How would i go about copying over files and running commands for an instance in a private subnet? i know of the
    command.remote.ConnectionArgs
    ,
    command.remote.CopyFile
    , and
    command.remote.Command
    but this wouldn’t work if the instance is in a private subnet.
    b
    l
    g
    • 4
    • 4
  • g

    green-daybreak-91402

    04/28/2022, 10:40 AM
    Hello! Using the
    @pulumi/awsx
    package for API Gateway, how are subroutes setup? Im trying to setup a route like this:
    /test/{proxy+}
    but get this error:
    Unable to create resource at path '/{proxy+}/{proxy+}': Cannot create a child of a resource with a greedy path variable: {proxy+}
    I cant find an example of how to setup subroutes, this is how Ive setup my routes:
    {
                path: '/test/{proxy+}',
                apiKeyRequired: false,
                method: 'ANY',
                eventHandler: functions.testFunction,
              },
              {
                path: '/{proxy+}',
                method: 'ANY',
                apiKeyRequired: true,
                target: apiServerTarget,
              },
  • g

    green-daybreak-91402

    04/28/2022, 11:55 AM
    I think I know the issue.
    awsx.apigateway
    is appending a
    {proxy+}
    route to all created paths, so it is duplicating paths. I see this happening no matter the integration type i select for my path/route. Any way to specify a route and match exactly the path without creating a
    {proxy+}
    sub-resource?
  • d

    delightful-monkey-90700

    04/28/2022, 5:38 PM
    Howdy. I'm migrating some code from CDK to Pulumi. It's a simple application using Lambda and DynamoDB. In the CDK, I grant access to the DynamoDB tables using "`<tableObject>.grantReadWrite(<lambdaObject>)`" -- but I'm having a hard time finding an equivalent in Pulumi. Any insights ?
    b
    • 2
    • 7
  • p

    polite-napkin-90098

    04/28/2022, 6:17 PM
    I'm trying to get an EKS cluster to work with the efs csi driver. https://www.pulumi.com/blog/persisting-kubernetes-workloads-with-amazon-efscsi-volumes-using-pulumi-sdks/ this suggests using the helm chart as the other advice there is out of date. But when I tried that I ran into an issue where the driver is already in the cluster and thus pulumi fails to install it, which I wrote up here: https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/685 but I closed that issue as the helm chart works fine if I use helm to install it and not pulumi, and pulumi gives the hooks warning so I assume the hooks are what is deleting the already existing driver from the cluster so the chart can install a new one (and it does as the timestamp on the driver updated when I installed the chart with helm. So, how can I fake up what the helm hooks are doing? Is there a way in pulumi for me to delete the csidriver which it seems EKS installs by default? I could obviously do it using kubectl, but it would be nicer if I could capture that in the pulumi code so future me can follow the breadcrumbs
    b
    • 2
    • 3
  • q

    quaint-guitar-13446

    04/29/2022, 4:54 AM
    I'm having a weird issue with multiple
    portMappings
    on a
    awsx.ecs.FargateService
    container. I want both port 80 and 443 forwarded to the fargate service. For some reason, only the first target group gets a registered target
  • q

    quaint-guitar-13446

    04/29/2022, 4:55 AM
    const service = new awsx.ecs.FargateService(n('caddy-service'), {
      cluster,
      taskDefinitionArgs: {
        container: {
          image: caddyImage,
          environment: getCaddyEnvironment(),
          portMappings: targetGroups,
        },
        volumes: [
          {
            name: 'certificates',
            efsVolumeConfiguration: {
              fileSystemId: certificatesEfs.efs.id,
              authorizationConfig: {
                accessPointId: certificatesEfs.ap.id,
                iam: 'ENABLED',
              },
              transitEncryption: 'ENABLED',
            },
          },
        ],
        executionRole: ecsExecutionRole,
        taskRole: createFargateTaskRole('caddy', [certificatesEfs.mountPolicy]),
      },
      waitForSteadyState: false,
    });
  • q

    quaint-guitar-13446

    04/29/2022, 4:56 AM
    const httpListener = loadBalancer.createListener(n('http'), {
        vpc,
        port: 80,
        protocol: 'TCP',
        loadBalancer,
        targetGroup: {
          vpc,
          port: 80,
          protocol: 'TCP',
          targetType: 'ip',
          loadBalancer,
        }
      });
    
      const httpsListener = loadBalancer.createListener(n('https'), {
        vpc,
        port: 443,
        protocol: 'TCP',
        loadBalancer,
        targetGroup: {
          vpc,
          port: 443,
          protocol: 'TCP',
          targetType: 'ip',
          loadBalancer,
        },
  • q

    quaint-guitar-13446

    04/29/2022, 4:57 AM
    I originally was passing the listeners directly to
    portMappings
    . I also tried creating the target groups separately. In this code I'm passing
    listener.defaultTargetGroup
  • q

    quaint-guitar-13446

    04/29/2022, 6:00 AM
    To follow up, the task definition looks correct.
    "portMappings": [
                    {
                        "containerPort": 80,
                        "hostPort": 80,
                        "protocol": "tcp"
                    },
                    {
                        "containerPort": 443,
                        "hostPort": 443,
                        "protocol": "tcp"
                    }
                ],
    It's just that it does not register both entries into a target group
    p
    • 2
    • 1
  • k

    kind-keyboard-17263

    04/29/2022, 4:59 PM
    Hi folks ! I am starting now with Pulumi on AWS, and I am trying to execute this, straight from https://www.pulumi.com/docs/guides/crosswalk/aws/lambda/:
    const pulumi = require("@pulumi/pulumi");
    const aws = require("@pulumi/aws");
    const awsx = require("@pulumi/awsx");
    
    // Create a public HTTP endpoint (using AWS APIGateway)
    const endpoint = new awsx.apigateway.API("hello", {
        routes: [
            // Serve a simple REST API on `GET /name` (using AWS Lambda)
            {
                path: "/source",
                method: "GET",
                eventHandler: (req: any, ctx: any, cb: any) => {
                    cb(undefined, {
                        statusCode: 200,
                        body: Buffer.from(JSON.stringify({ name: "AWS" }), "utf8").toString("base64"),
                        isBase64Encoded: true,
                        headers: { "content-type": "application/json" },
                    })
                }
            }
        ]
    });
    
    // Export the public URL for the HTTP service
    exports.url = endpoint.url;
    but I am having the following error:
    Type                             Name             Status                  Info
         pulumi:pulumi:Stack              store_event-dev  **failed**              1 error; 2 warnings            └─ aws:apigateway:x:API          hello
     ~      ├─ aws:apigateway:RestApi     hello            updated
     +      └─ aws:apigateway:Deployment  hello            **creating failed**     1 error
    
    Diagnostics:
      aws:apigateway:Deployment (hello):
        error: 1 error occurred:
            * Error creating API Gateway Deployment: BadRequestException: The REST API doesn't contain any methods
    
      pulumi:pulumi:Stack (store_event-dev):
        warning: resource plugin aws is expected to have version >=5.3.0, but has 5.2.0; the wrong version may be on your path, or this may be a bug in the plugin
        warning: resource plugin aws is expected to have version >=5.3.0, but has 5.2.0; the wrong version may be on your path, or this may be a bug in the plugin
        error: update failed
    
    Resources:
        ~ 1 updated
        13 unchanged
    
    Duration: 4s
    Which I am not able to find much about 😕
    b
    • 2
    • 11
  • g

    green-crowd-42127

    04/29/2022, 8:37 PM
    Hey all. Quick question on aws crosswalk load balancers and target groups. When creating an ApplicationLoadBalancer and a subsequent
    ApplicationLoadBalancerTargetGroup
    , it looks like I don't have the ability to set the
    loadBalancingAlgorithmType
    even though is only a setting available to
    ApplicationLoadBalancerTargetGroups
    . Example Code:
    const loadBalancer = new awsx.lb.ApplicationLoadBalancer(`${resourcePrefix}ALB`, { securityGroups: [ sg ] }, { replaceOnChanges: ['*'] });
    
        const targetGroup = loadBalancer.createTargetGroup(
            `${resourcePrefix}Group`, { 
                targetType: "instance", 
                healthCheck: { ... },
                // Would expect loadBalancingAlgorithmType to be set here
                //     but it is not a property of type: ApplicationTargetGroupArgs
            }, { replaceOnChanges: ['*']  });
    It's creating each target group as a
    round_robin
    which isn't ideal for what I'm building. Any work arounds besides going into the console and editing it?
    • 1
    • 1
Powered by Linen
Title
g

green-crowd-42127

04/29/2022, 8:37 PM
Hey all. Quick question on aws crosswalk load balancers and target groups. When creating an ApplicationLoadBalancer and a subsequent
ApplicationLoadBalancerTargetGroup
, it looks like I don't have the ability to set the
loadBalancingAlgorithmType
even though is only a setting available to
ApplicationLoadBalancerTargetGroups
. Example Code:
const loadBalancer = new awsx.lb.ApplicationLoadBalancer(`${resourcePrefix}ALB`, { securityGroups: [ sg ] }, { replaceOnChanges: ['*'] });

    const targetGroup = loadBalancer.createTargetGroup(
        `${resourcePrefix}Group`, { 
            targetType: "instance", 
            healthCheck: { ... },
            // Would expect loadBalancingAlgorithmType to be set here
            //     but it is not a property of type: ApplicationTargetGroupArgs
        }, { replaceOnChanges: ['*']  });
It's creating each target group as a
round_robin
which isn't ideal for what I'm building. Any work arounds besides going into the console and editing it?
Package versions:
"@pulumi/awsx @ 0.30.0"
"@pulumi/aws @ 5.3.0"
View count: 3