Hey guys, I’m creating an Eks cluster with a managed node group, and it has a scaling config attribute to add to the code. for some reason i can’t find how to add metrics to use for the scaling config that will actually decide when the scaling occurs. this is the pulumi code for the nodegroup:

eks_node_group = aws.eks.NodeGroup(
    'eks-node-group',
    cluster_name=eks_cluster,
    node_group_name='pulumi-eks-nodegroup',
    node_role_arn=iam.ec2_role.arn,
    opts=pulumi.ResourceOptions(depends_on=[eks_cluster]),
    subnet_ids=[
        vpc.subnet_ids[1],
        vpc.subnet_ids[2],
        ],
    tags={
        'Name': 'pulumi-cluster-nodeGroup',
    },
    scaling_config=aws.eks.NodeGroupScalingConfigArgs(
        desired_size=2,
        max_size=10,
        min_size=1,
    ),
)

as of now, the scaling does not happen when the node reaches high cpu usage, so we need to add one node manually. can someone help me figure out how to create the scaling the right way? in a managed node group im not using any launch templates that are using an auto scaling group.

Hey folks, hi ! I have a small pulumi lambda to which I have now added a kinesis stream creation (I am validating an idea, nothing to be production-ready, so don't focus on the creation inside the function 😄 ), and so I added:

new aws.kinesis.Stream("events", {
        shardCount: 1
    });

Of course I was already using

aws

via

import * as aws from "@pulumi/aws

. The problem is that I have the following error while I try to execute the lambda:

ERROR   Uncaught Exception      {"errorType":"Runtime.ImportModuleError","errorMessage":"Error: Cannot find module '@pulumi/aws/kinesis/index.js'\nRequire stack:\n- /var/task/__index.js\n- /var/runtime/UserFunction.js\n- /var/runtime/index.js","stack":["Runtime.ImportModuleError: Error: Cannot find module '@pulumi/aws/kinesis/index.js'","Require stack:","- /var/task/__index.js","- /var/runtime/UserFunction.js","- /var/runtime/index.js","    at _loadUserApp (/var/runtime/UserFunction.js:100:13)","    at Object.module.exports.load (/var/runtime/UserFunction.js:140:17)","    at Object.<anonymous> (/var/runtime/index.js:43:30)","    at Module._compile (internal/modules/cjs/loader.js:999:30)","    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)","    at Module.load (internal/modules/cjs/loader.js:863:32)","    at Function.Module._load (internal/modules/cjs/loader.js:708:14)","    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)","    at internal/main/run_main_module.js:17:47"]}

To the best of my understanding it's not finding the

kinesis

module, but I have nothing to install, or I am wrong ?

Years ago when I was using ECS on EC2 I used the ASG TERMNATING lifecycle hook to setup a "graceful" termination operation which would drain the ec2 container instance of containers before terminating it. Is this still required with ECS on EC2 in 2022? Or is there more integration between ECS and ASG now?

I’m following the instructions to add a custom domain to an api gateway, and it has me creating a new Route 53 hosted zone for “api.my.domain” … I’m running pulumi up, and now it’s taking a long time to validate an SSL cert because the DNS records don’t appear to be propagating. Is this because it’s a new zone, or could it be because I also have another hosted zone under “my.domain” ?

Hello team👋 I'm trying to create a websockets gateway using Pulumi in typescript. I'm getting some frustrating errors such as

ConflictException: Route with key $disconnect already exists for this API

. Is there any full example on how to create this kind of gateway? Thanks for the help🤞

Hi all! Do you know if there’s a good way to add a key pair to an aws ec2 instance when deploying it? I am currently deploying all my infrastructure using my own key pair but I’d like it to be created with the key pair of my colleague also. Thanks a lot! 🐛

Hello, I am trying to solve an issue to setup our AWS profile correctly due to a change in v5.0.0: https://github.com/pulumi/pulumi-aws/issues/1897 How can one now pass AWS credentials during CI/CD to the AWS profile if not setting them as Env variables?

Hello! I'm trying to run pulumi import awsglue/catalogTableCatalogTable where the table is a GrokSerDe table and I continue to receive this error: error: internal error: Error: Invalid template control keyword \s%{NOTSPACE:UNWANTED})\nINSIDE_BRACKETS ([^\\]]*)\nINSIDE_QS ([^\\\"]*)\nS3_FIELDS_2019_001 (%{NOTSPACE:host_id} %{SIGNATURE_VERSION:signature_version} %{NOTSPACE:cipher_suite} %{NOTSPACE:auth_type} %{NOTSPACE:header})\nS3_FIELDS_2019_002 (%{S3_FIELDS_2019_001} %{TLS_VERSION:tls_version})\nSIGNATURE_VERSION (SigV\\d+|-)\nTLS_VERSION (TLS.+|-)", "S3_FIELDS_2019_002" is not a valid template control keyword. It appears that this error is related to a terraform escaping issue, if I'm understanding the error correctly. Is there a way around this error or a way to have pulumi print what it's discovered so far, the error message indicates that it's pulled some of the table definition? It's a complicated table and I'm hoping to not need to rebuild it manually in code.

Hello again, any reason this:

new aws.iam.RolePolicy(
        pulumi.interpolate`${this.service.taskDefinition.executionRole.name}-ssm-policy`,
        {

might be giving this error? Argument of type ‘Output<string>’ is not assignable to parameter of type ‘string’

Hi everyone. I am getting this error. aws cli issue: https://github.com/aws/aws-cli/issues/6920 pulumi fix pr: https://github.com/pulumi/pulumi-eks/pull/690 I don’t know how can I fix this issue for my self. could you help me?

Hi, I'm trying to import manually created EC2 launch templates to Pulumi state following this guide. However, I'm getting this warning during import:

$ pulumi import aws:ec2/launchTemplate:LaunchTemplate internal-services lt-xxxxx
Previewing import (internal-services-dev):
     Type                       Name                                               Plan       Info
     pulumi:pulumi:Stack        internal-services-internal-services-dev             
 =   └─ aws:ec2:LaunchTemplate  internal-services                                  import     3
 
Diagnostics:
  aws:ec2:LaunchTemplate (internal-services):
    warning: One or more imported inputs failed to validate. This is almost certainly a bug in the `aws` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
    warning: aws:ec2/launchTemplate:LaunchTemplate resource 'internal-services' has a problem: expected metadata_options.0.http_protocol_ipv6 to be one of [disabled enabled], got . Examine values at 'LaunchTemplate.MetadataOptions.HttpProtocolIpv6'.
    warning: aws:ec2/launchTemplate:LaunchTemplate resource 'internal-services' has a problem: expected metadata_options.0.instance_metadata_tags to be one of [disabled enabled], got . Examine values at 'LaunchTemplate.MetadataOptions.InstanceMetadataTags'.
 

Do you want to perform this import?

When I copy/paste the generated code, it doesn't pass the validations during

pulumi up

because of these values:

...    
    metadata_options=aws.ec2.LaunchTemplateMetadataOptionsArgs(
        http_endpoint="enabled",
        http_protocol_ipv6="",  <-- needs to be either "disabled" or "enabled"
        instance_metadata_tags="",  <-- needs to be either "disabled" or "enabled"
    )
...

I'm not sure how to proceed. I'd manually change the values for existing launch template, but there doesn't seem to be an option to specify these values in AWS console nor using AWS CLI. So I'd either need to bypass the Pulumi checks for matching inputs with the existing resource's values (while specifying `enabled`/`disabled` for the corresponding metadata options) or disable validations using

pulumi up

(while leaving the metadata options empty to match the existing resource's values). Is any of these possible or is there any other way how to proceed?

Hi, I had a question about

pulumi

with

aws-ssm

. I am creating the resource for the Parameter store in SSM but pulumi keeps adding extra unique identification number to the name of the resource and hence changes the name of the

key

in the Parameter store. How can I get rid of the extra (unique id attached to each resource's name)? eg. my key would be

"/abc/def"

but pulumi adds this resource instead

"/abc/def-aj39872"

, so it becomes impossible to get the key-value pair from the parameter store

I'm getting an error when trying to make an Access Point for an EFS drive. The error is

aws-native:efs:AccessPoint (TestinfluxAP):
    error: operation CREATE failed with "InvalidRequest": Invalid request

I'll post my code in the thread.

Anyone using the 5.x

pulumi-aws

provider with MFA enforce assume roles? We use a wrapper script that sets the AWS environment variables based on the

~/.aws/sso/

cache (https://github.com/pulumi/pulumi-aws/issues/1366). Works just fine with

4.x

but with the new MAJOR, I receive:

error configuring Terraform AWS Provider: loading configuration: assume role with MFA enabled, but AssumeRoleTokenProvider session option not set

I have created AWS Organizations with SSO service specified as principal: org = aws.organizations.Organization("org", aws_service_access_principals=[ "cloudtrail.amazonaws.com", "config.amazonaws.com", "sso.amazonaws.com" ], feature_set="ALL") Is there a way to enable AWS SSO through Pulumi? I could enable it through Console and continue using Pulumi for setting up account assignments, but would like to avoid this manual step.

Hey, I have created an EC2 Service under ECS and I want my EC2 instance (that runs multiple containers) to have an Elastic IP assigned to it. From what I've read and tried there is no way to retrieve the EC2 instance id under the service/taskDefintion. Is there any way to achieve this without using tags and searching for the same tags? (If this is not possible for any other AWS related reasons I'd also like to know) Thanks

I'm creating an ECR repository and I'd like to push an image to it on creation but not after. Use case is so task definitions have an image to pull but once its created I don't want it to push an image every time I run

up

. How would I go about adding that conditional?

Hi everyone. I am still getting this error. Can someone help me? I asked same question 3 days ago. previous message

I'm converting some AWS CDK code to Pulumi. One of the things I do is conditionally modify the environment variables for a Lambda, like so:

node.addEnvironment('ENDPOINT_API', `https://${loadbalancerDomain}/api`);

What's the equivalent in Pulumi ? The

node

object is an instance of a Lambda Function

I'm converting some AWS CDK code to Pulumi, another thing I'm trying to do is something basic... call a Lambda Function (alias) from API Gateway as a REST API, like so:

const restAPI = new AWSAPIGateway.LambdaRestApi(stack, 'restAPI', {
		handler: nodeAlias,
		proxy: true,
		restApiName: `xxx-http-${environment}`,
		deploy: true,
		deployOptions: {
			stageName: 'api'
		},
		endpointConfiguration: {
			types: [AWSAPIGateway.EndpointType.REGIONAL]
		}
	});

I tried using

@pulumi/aws-apigateway

but I can't figure out how to make the handler refer to a Lambda Function's alias, and also how to make it a regional API

Can I update the properties of the default AWS (classic) Provider without having to pass it as an option to every resource declaration? Dynamically in the plan, not hardcoded into the configuration file.

Is it possible to fix the version of the aws provider ? We are seeing some weird issues on our CI where the error message is

pulumi:providers:aws default_5_2_0  error: no resource plugin 'pulumi-resource-aws' found in the workspace at version v5.2.0 or on your $PATH, install the plugin using `pulumi plugin install resource aws v5.2.0`

Knowing that at the start of the deploy I have this message

Logged in to ubuntu as ubuntu (<s3://xxx>)
Previewing update (xxxx.staging):
[resource plugin aws-5.4.0] installing

I can clearly see the mismatch but I have no clue why it happens

Hey Folks! Recently, I was struggling with AWS infrastructure deployment and had the idea to create a tool. If you know how to code but are not familiar with clouds then this is a great way for you-just use Cloudy templates which are actually based on Pulumi. https://github.com/cloudytool/cloudy And I created AWS Pulumi template: https://github.com/cloudytool/pulumi-aws-cluster

Hey all! Question about ElasticIPs, network interfaces and security groups. If i create a security group inside a VPC, 2 network interfaces are created (on for each of the public subnets). I want to associated some elastic IPs with those interfaces. How can i get the interfaces that are created automatically? Or is there an easier way of associating an IP address with these security group created interfaces?

How do people generally upload their static site files to s3?

Hi all, is there an example somewhere how to use other AWS accounts as providers? I basically create new AWS accounts and then I would need to access them and do some stuff in each account (e.g. delete default VPC, create admin IAM users etc.). I think it can be done by creating a Provider for each of those accounts and passing them as parameters. But no clue how to use that. Any documentation on this? Thanks!

heyho, is anyone actively working on upgrading the AWS provider to the latest TF provider? I want to use AWS RDS Serverless V2 in my project which needs that upgrade. I've seen this issue but just wondering what's the approximate timeline to solve this https://github.com/pulumi/pulumi-aws/issues/1929#issuecomment-1114894458 .

Hello - I have a question re: EKS multi-stacks setup. I created an EKS cluster with no nodes via pulumi, and want to have a separate Pulumi stack to create Managed Node Groups in that cluster. The snippet of code used:

ref = pulumi.StackReference('eks_cluster', cluster_name)
core = ref.get_output('core')

eks.ManagedNodeGroup(
    'mng',
    cluster=core,
    node_role=ec2_role,
    node_group_name=...

I get this error:

grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
    	status = StatusCode.UNKNOWN
    	details = "Cannot read properties of undefined (reading 'map')"
    	debug_error_string = "{"created":"@1652304221.921855000","description":"Error received from peer ipv4:127.0.0.1:49189","file":"src/core/lib/surface/call.cc","file_line":953,"grpc_message":"Cannot read properties of undefined (reading 'map')","grpc_status":2}"

Do I need to set

parent

to the cluster Output from the reference? or am I missing something?

Hello, I’m trying to create an integration to an existing aws websockets gateway route unsuccessfully.

error creating API Gateway v2 route: ConflictException: Route with key $connect already exists for this API

The problem is when i create the

aws.apigatewayv2.Api

resource, The $connect route creates automatically. The only way to create an integration request to a route, is to create the

aws.apigatewayv2.Route

resource in pulumi, and set the integration resource in it. But again, i can’t create the route, because it is already exist.

const exampleApi = new aws.apigatewayv2.Api("exampleApi", {protocolType: "WEBSOCKET"});
const exampleIntegration = new aws.apigatewayv2.Integration("exampleIntegration", {
    apiId: exampleApi.id,
    integrationType: "HTTP_PROXY",
    integrationMethod: "ANY",
    integrationUri: "<https://example.com/{proxy}>",
});
const exampleRoute = new aws.apigatewayv2.Route("exampleRoute", {
    apiId: exampleApi.id,
    routeKey: "$connect",
    target: pulumi.interpolate`integrations/${exampleIntegration.id}`,
});

me and @purple-answer-54279 looking for answers for a long time without any feedback! last time @great-queen-39697 managed to help us. How can we solve it?

Hello, I posted a message in #golang about a problem with AWS crosswalk for EKS which may be better suited for this channel. I share a link to it here to avoid cross-posting.