quick-stone-19389
07/06/2022, 4:21 PMcluster_security_group
in a pulumi_eks.eks.cluster
object doesn’t seem to have the desired effect.
The same is roughly true for the “additional security group” (as it appears on the control panel, and there doesn’t seem to be a kwarg for that) and the node too.
tl;dr: 4 security groups are getting made when creating eks clusters, and we’d like to have more control over them but not sure howlimited-rain-96205
07/06/2022, 7:39 PMeksctl create iamserviceaccount \
--name my-service-account \
--namespace my-namespace \
--cluster my-cluster \
--role-name "my-role-name" \
--attach-policy-arn arn:aws:iam::111122223333:policy/my-iam-policy \
--approve \
--override-existing-serviceaccounts
fresh-notebook-40503
07/07/2022, 6:59 PMeks.Cluster
. The EC2 instances are being created, but they are not being associated with the EKS cluster. Specifically, the default node group is not being created. Also, the OIDC provider is created, but it is not associated with the EKS cluster.
Everything was working earlier, but then I created a new AWS account and started using AWS profiles to stand up infrastructure in the new account. All other components are being created properly in the new AWS account
const eksCluster = new eks.Cluster("eks-cluster", {
vpcId: vpc.id,
publicSubnetIds: vpc.publicSubnetIds,
privateSubnetIds: vpc.privateSubnetIds,
nodeAssociatePublicIpAddress: false,
instanceType: "m5.large",
desiredCapacity: 2,
minSize: 2,
maxSize: 4,
createOidcProvider: true,
roleMappings: [
{
groups: ["system:masters"],
roleArn: clusterAdminRole.arn,
username: "pulumi:admin-user",
}
],
providerCredentialOpts: {
profileName: aws.config.profile,
}
});
Has anyone run into this problem before?sticky-match-71841
07/08/2022, 11:12 AMoutput<string>
in this case will eventually resolve to the same value as is stored in the state, but does that mean pulumi will then not execute the update? When is the decision to execute a replace made? Is it during the initial preview phase or does it also happen after outputs are resolved?bitter-france-47214
07/10/2022, 10:03 PMCould not include required dependency '@aws-sdk/client-cognito-identity-provider'
This causes new CognitoIdentityProviderClient()
to be undefined (see screenshot from lambda)
Situation:
I am defining a lambda function with new aws.lambda.CallbackFunction()
. Within that I am using a module from the @aws-sdk/client-cognito-identity-provider
. I expect this function to build and include dependecies used that I defined in the callback
. This does not happen. Instead I get a warning (see Problem).
Question
What do I have to do so that dependencies are included?bitter-france-47214
07/10/2022, 10:04 PMstocky-petabyte-29883
07/11/2022, 9:39 AMconst albPolicy = new aws.iam.Policy("alb-policy", {
name: "AWSLoadBalancerControllerIAMPolicy",
policy: new pulumi.asset.RemoteAsset("<https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.0/docs/install/iam_policy.json>"),
tags: {
Environment: stack,
},
});
The code I sent doesn't work, but is there any way to achieve this?future-refrigerator-88869
07/11/2022, 10:41 PMgorgeous-insurance-82079
07/12/2022, 6:39 PMrhythmic-branch-12845
07/13/2022, 9:20 AMaws-native
here? do you know if you need to consult different documentation from aws
? I’ve been using https://www.pulumi.com/registry/packages/aws/api-docs/, and I assume that that’s the right place to look at for aws
clean-tomato-15613
07/13/2022, 11:02 AMnever expire
retention policy - to be more specific, the log group I create manually does get a retention policy, but the logs for the lambda are being registered into the default log group the lambda generates which is marked as never expire
2. How to I disable tracing/xray for Lambdas? In the tracing options (https://www.pulumi.com/registry/packages/aws/api-docs/lambda/function/#functiontracingconfig), mode can only be Pass Through
or Active
and there’s no mentioning what is the default. When I try to set it to Disabled
I get an error from Pulumi.
Truly appreciate assistance with these
Thanks!polite-napkin-90098
07/13/2022, 8:49 PMcluster.name
I get a compile error saying:
TSError: ⨯ Unable to compile TypeScript:
index.ts(427,24): error TS2339: Property 'name' does not exist on type 'Cluster'.
but looking in the docs
https://www.pulumi.com/registry/packages/eks/api-docs/cluster/#name_nodejs
it has name as an input and all inputs are outputs, so why doesn't that work.
To prove it wasn't some other issue, like the cluster var being the wrong type of object or something I tried cluster.core.vpcId
and then the TS compiles fine but obviously the ClusterName is set wrong in the helm chart.ripe-shampoo-80285
07/14/2022, 1:03 AMripe-shampoo-80285
07/14/2022, 1:04 AMripe-shampoo-80285
07/14/2022, 1:04 AMstocky-petabyte-29883
07/14/2022, 8:30 AMenough-pager-36335
07/14/2022, 8:37 AMlemon-salesclerk-6224
07/15/2022, 1:20 AMbuildAndPushImage
function to the container image parameter in a aws.ecs.TaskDefinition
container definition block and keep running into this error Container.image repository should be 255 characters or less
. This seems to happen with any Output<string> type. Is this a known issue?helpful-account-44059
07/15/2022, 9:33 AMsparse-intern-71089
07/15/2022, 4:51 PMenough-pager-36335
07/17/2022, 8:58 AMhelpful-account-44059
07/18/2022, 8:27 AMInvalidParameterCombination: Can't create a Multi-AZ DB cluster because there aren't enough Availability Zones (AZs).
gray-translator-86978
07/18/2022, 10:23 AMbest-appointment-51810
07/18/2022, 5:34 PMerror: unable to validate AWS credentials - see <https://pulumi.io/install/aws.html> for details on configuration
I already tested that the aws cli can see the credentialsclever-dog-35937
07/18/2022, 10:45 PMvpc.get...
functions aren't able to be used to reference the subnets/routetables/etc. because they don't get resolved, but also lack apply()
to force a resolveswift-planet-53281
07/19/2022, 5:36 AMmodern-evening-83482
07/19/2022, 3:16 PMpulumi up
Previewing update (network.staging):
Type Name Plan Info
pulumi:pulumi:Stack pulumi-staging-infrastructure-network.staging
+ ├─ pulumi:providers:aws provider create
+- ├─ aws:ec2:Vpc vpc-staging replace [diff: +enableDnsSupport,instanceTenancy~__defaults,protect,provider]
+- └─ aws:ec2:Subnet public_subnet_stvk replace [diff: +assignIpv6AddressOnCreation,enableDns64,enableResourceNameDnsARecordOnLaunch,ena
Resources:
+ 1 to create
+-2 to replace
3 changes. 1 unchanged
witty-monitor-18849
07/20/2022, 9:33 AMwitty-monitor-18849
07/20/2022, 9:34 AMnew route53.Record(domain, {
name: domain,
zoneId: zoneId,
type: 'A',
aliases: [
{
name: cloudFrontDist.domainName,
zoneId: cloudFrontDist.**NO ZONE ID**,
evaluateTargetHealth: true
}
]
})
adorable-wall-67745
07/20/2022, 9:47 AMpulumi up
, it always throws an exception unable to validate AWS credentials - see <https://pulumi.io/install/aws.html> for details on configuration
I tested the command aws sts get-caller-identity
and it can works.
Documentation which I followed is: https://www.pulumi.com/docs/get-started/aws/create-project/adorable-wall-67745
07/20/2022, 9:47 AMpulumi up
, it always throws an exception unable to validate AWS credentials - see <https://pulumi.io/install/aws.html> for details on configuration
I tested the command aws sts get-caller-identity
and it can works.
Documentation which I followed is: https://www.pulumi.com/docs/get-started/aws/create-project/narrow-barista-48437
09/28/2022, 6:03 PM