https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • q

    quick-stone-19389

    07/06/2022, 4:21 PM
    Hey - we’re trying to explicitly create the security groups for an eks cluster (+ nodes) but I’m struggling to see how to define then in code. the first one I’ve tried is creating the security group that appears as “cluster security group” on the control panel for EKS, but placing a security group in the argument
    cluster_security_group
    in a
    pulumi_eks.eks.cluster
    object doesn’t seem to have the desired effect. The same is roughly true for the “additional security group” (as it appears on the control panel, and there doesn’t seem to be a kwarg for that) and the node too. tl;dr: 4 security groups are getting made when creating eks clusters, and we’d like to have more control over them but not sure how
  • l

    limited-rain-96205

    07/06/2022, 7:39 PM
    What’s the equivalent of this for Pulumi? (From https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html)
    eksctl create iamserviceaccount \
        --name my-service-account \
        --namespace my-namespace \
        --cluster my-cluster \
        --role-name "my-role-name" \
        --attach-policy-arn arn:aws:iam::111122223333:policy/my-iam-policy \
        --approve \
        --override-existing-serviceaccounts
    b
    • 2
    • 1
  • f

    fresh-notebook-40503

    07/07/2022, 6:59 PM
    Having an issue with
    eks.Cluster
    . The EC2 instances are being created, but they are not being associated with the EKS cluster. Specifically, the default node group is not being created. Also, the OIDC provider is created, but it is not associated with the EKS cluster. Everything was working earlier, but then I created a new AWS account and started using AWS profiles to stand up infrastructure in the new account. All other components are being created properly in the new AWS account
    const eksCluster = new eks.Cluster("eks-cluster", {
        vpcId: vpc.id,
        publicSubnetIds: vpc.publicSubnetIds,
        privateSubnetIds: vpc.privateSubnetIds,
        nodeAssociatePublicIpAddress: false,
        instanceType: "m5.large",
        desiredCapacity: 2,
        minSize: 2,
        maxSize: 4,
        createOidcProvider: true,
        roleMappings: [
          {
            groups: ["system:masters"],
            roleArn: clusterAdminRole.arn,
            username: "pulumi:admin-user",
          }
        ],
        providerCredentialOpts: {
          profileName: aws.config.profile,
        }
      });
    Has anyone run into this problem before?
    b
    f
    • 3
    • 7
  • s

    sticky-match-71841

    07/08/2022, 11:12 AM
    We recently upgraded the aws provider from 5.9.1 to 5.9.2 and got this problem: https://github.com/pulumi/pulumi-aws/issues/2043. How does pulumi exactly behave in this situation? I believe that
    output<string>
    in this case will eventually resolve to the same value as is stored in the state, but does that mean pulumi will then not execute the update? When is the decision to execute a replace made? Is it during the initial preview phase or does it also happen after outputs are resolved?
    • 1
    • 2
  • b

    bitter-france-47214

    07/10/2022, 10:03 PM
    Problem:
    Could not include required dependency '@aws-sdk/client-cognito-identity-provider'
    This causes
    new CognitoIdentityProviderClient()
    to be undefined (see screenshot from lambda) Situation: I am defining a lambda function with
    new aws.lambda.CallbackFunction()
    . Within that I am using a module from the
    @aws-sdk/client-cognito-identity-provider
    . I expect this function to build and include dependecies used that I defined in the
    callback
    . This does not happen. Instead I get a warning (see Problem). Question What do I have to do so that dependencies are included?
    • 1
    • 1
  • b

    bitter-france-47214

    07/10/2022, 10:04 PM
  • s

    stocky-petabyte-29883

    07/11/2022, 9:39 AM
    Hi Guys I want to read a remote file(possibly using remoteasset) and then use the file contents for creating an iam policy.
    const albPolicy = new aws.iam.Policy("alb-policy", {
        name: "AWSLoadBalancerControllerIAMPolicy",
        policy: new pulumi.asset.RemoteAsset("<https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.0/docs/install/iam_policy.json>"),
        tags: {
            Environment: stack,
        },
    });
    The code I sent doesn't work, but is there any way to achieve this?
    l
    • 2
    • 3
  • f

    future-refrigerator-88869

    07/11/2022, 10:41 PM
    I am having a problem with the pulumi spot fleet request, maybe someone can help. Everything works as expected, except when i try to destroy the stack. Because pulumi doesn't wait for the ec2 instances of the spot request to be deleted, it starts romoving the VPC which removes the internet gateway and all other associated resources. It then waits until the subnet can be deleted which happens after the actual instance is terminated. Becuase of this behaviour, the ec2 instance cannot trigger an http call that I have configured on termination. (no internet gateway, no security group to allow any traffic). Anyone has any ideas how to tell pulumi to basically remove spot fleet request, then maybe wait 2 minutes, then continue to remove the vpc and its resources?
  • g

    gorgeous-insurance-82079

    07/12/2022, 6:39 PM
    Hey guys, I wonder if there is a more easy way to check what are the whole package of AWS Policy Permissions I need to add to my CI user in order to do both preview+deploy resources with Pulumi. The current situation causes me to do multiple cycles of permissions update -> run ci -> ci fails -> permissions update (and go on). If there is a solution/tools for that I’d be happy to try Thanks!
    l
    f
    +4
    • 7
    • 14
  • r

    rhythmic-branch-12845

    07/13/2022, 9:20 AM
    Is anybody using
    aws-native
    here? do you know if you need to consult different documentation from
    aws
    ? I’ve been using https://www.pulumi.com/registry/packages/aws/api-docs/, and I assume that that’s the right place to look at for
    aws
    l
    g
    • 3
    • 5
  • c

    clean-tomato-15613

    07/13/2022, 11:02 AM
    Hi all, 2 Questions about Lambdas. 1. How do I change the retention of the log group a lambda generates for its logs? In the docs I found https://www.pulumi.com/registry/packages/aws/api-docs/lambda/function/#cloudwatch-logging-and-permissions, but when I do the same it does not work - the log group for the lambda created has a
    never expire
    retention policy - to be more specific, the log group I create manually does get a retention policy, but the logs for the lambda are being registered into the default log group the lambda generates which is marked as
    never expire
    2. How to I disable tracing/xray for Lambdas? In the tracing options (https://www.pulumi.com/registry/packages/aws/api-docs/lambda/function/#functiontracingconfig), mode can only be
    Pass Through
    or
    Active
    and there’s no mentioning what is the default. When I try to set it to
    Disabled
    I get an error from Pulumi. Truly appreciate assistance with these Thanks!
  • p

    polite-napkin-90098

    07/13/2022, 8:49 PM
    I'm having fun trying to make my EKS cluster work with ALB. There's some docs here https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html I'm adding in the roles I need for that and installing the controller from the helm chart in the same pulumi typescript script which creates the EKS cluster. When I try to get the name of the cluster to pass into the helm chart using
    cluster.name
    I get a compile error saying:
    TSError: ⨯ Unable to compile TypeScript:
        index.ts(427,24): error TS2339: Property 'name' does not exist on type 'Cluster'.
    but looking in the docs https://www.pulumi.com/registry/packages/eks/api-docs/cluster/#name_nodejs it has name as an input and all inputs are outputs, so why doesn't that work. To prove it wasn't some other issue, like the cluster var being the wrong type of object or something I tried
    cluster.core.vpcId
    and then the TS compiles fine but obviously the ClusterName is set wrong in the helm chart.
    b
    • 2
    • 15
  • r

    ripe-shampoo-80285

    07/14/2022, 1:03 AM
    I’m trying to upgrade golang plumi-aws/sdk from v4 to v5. Anybody know why I am getting the following errors: # infra ./main.go:193:19: cannot use iam.RoleArray{…} (value of type “github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam”.RoleArray) as type “github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam”.RoleArrayInput in struct literal: “github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam”.RoleArray does not implement “github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam”.RoleArrayInput (wrong type for ToRoleArrayOutput method) have ToRoleArrayOutput() “github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam”.RoleArrayOutput want ToRoleArrayOutput() “github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam”.RoleArrayOutput ./main.go:238:19: cannot use &awseks.NodeGroupScalingConfigArgs{…} (value of type *“github.com/pulumi/pulumi-aws/sdk/v5/go/aws/eks”.NodeGroupScalingConfigArgs) as type “github.com/pulumi/pulumi-aws/sdk/v4/go/aws/eks”.NodeGroupScalingConfigPtrInput in struct literal: *“github.com/pulumi/pulumi-aws/sdk/v5/go/aws/eks”.NodeGroupScalingConfigArgs does not implement “github.com/pulumi/pulumi-aws/sdk/v4/go/aws/eks”.NodeGroupScalingConfigPtrInput (wrong type for ToNodeGroupScalingConfigPtrOutput method) have ToNodeGroupScalingConfigPtrOutput() “github.com/pulumi/pulumi-aws/sdk/v5/go/aws/eks”.NodeGroupScalingConfigPtrOutput want ToNodeGroupScalingConfigPtrOutput() “github.com/pulumi/pulumi-aws/sdk/v4/go/aws/eks”.NodeGroupScalingConfigPtrOutput ./main.go:244:19: cannot use nodeRole (variable of type *“github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam”.Role) as type “github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam”.RoleInput in struct literal: *“github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam”.Role does not implement “github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam”.RoleInput (wrong type for ToRoleOutput method) have ToRoleOutput() “github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam”.RoleOutput want ToRoleOutput() “github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam”.RoleOutput
  • r

    ripe-shampoo-80285

    07/14/2022, 1:04 AM
    Here is my golang input: “github.com/pulumi/pulumi-aws/sdk/v5/go/aws” “github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2” awseks “github.com/pulumi/pulumi-aws/sdk/v5/go/aws/eks” “github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam” “github.com/pulumi/pulumi-aws/sdk/v5/go/aws/rds” “github.com/pulumi/pulumi-aws/sdk/v5/go/aws/route53” “github.com/pulumi/pulumi-eks/sdk/go/eks”
  • r

    ripe-shampoo-80285

    07/14/2022, 1:04 AM
    It looks like “github.com/pulumi/pulumi-eks/sdk/go/eks” is not compatible with pulumi-aws/sdk/v5
  • s

    stocky-petabyte-29883

    07/14/2022, 8:30 AM
    Hi Looking at awsx vpc package This document mentions about a natgateway strategy, (https://www.pulumi.com/docs/guides/crosswalk/aws/vpc/) However this doesn't seem to be available in the package, only fields found regarding nats are numberOfNatGateways. Am I looking at the wrong place?
  • e

    enough-pager-36335

    07/14/2022, 8:37 AM
    When I update an ecs service (EC2 or Fargate) using pulumi up, what is the sequence of operations happening under the hood? is the service being updated (like in the aws console) or anything a bit more complex happening?
    b
    • 2
    • 2
  • l

    lemon-salesclerk-6224

    07/15/2022, 1:20 AM
    Hi there, I'm trying to pass an image created by the ecr repository
    buildAndPushImage
    function to the container image parameter in a
    aws.ecs.TaskDefinition
    container definition block and keep running into this error
    Container.image repository should be 255 characters or less
    . This seems to happen with any Output<string> type. Is this a known issue?
    q
    r
    b
    • 4
    • 9
  • h

    helpful-account-44059

    07/15/2022, 9:33 AM
    Hi there, the aws,lambda.EventSourceMapping nut support SNS topic?
  • s

    sparse-intern-71089

    07/15/2022, 4:51 PM
    This message was deleted.
  • e

    enough-pager-36335

    07/17/2022, 8:58 AM
    I'm trying to add the DeleteBeforeReplace flag when I'm constructing a new awsx.ecs.EC2Service (or Fargate) but that doesn't seem to work, is there any option to force it other than giving the resource a name? that also doesn't seem to work
    l
    • 2
    • 9
  • h

    helpful-account-44059

    07/18/2022, 8:27 AM
    Hi. i'm trying to create AWS RDS Multi AZ cluster, got this error, i have tryied the availabilityZones with null or [ ap-southeast-1a, ap-southeast-1b, ap-southeast-1c] , my region is ap-southeast-1
    InvalidParameterCombination: Can't create a Multi-AZ DB cluster because there aren't enough Availability Zones (AZs).
    b
    l
    • 3
    • 7
  • g

    gray-translator-86978

    07/18/2022, 10:23 AM
    I am trying to set up Elasticache/Redis with auth and encryption. Is that possible? I am using TypeScript I can't see any options for those in the type definition (or the online docs!)
    b
    • 2
    • 29
  • b

    best-appointment-51810

    07/18/2022, 5:34 PM
    Hey Ive been trying to get pulumi to run in github codespaces I got the binary to work but then I always get:
    error: unable to validate AWS credentials - see <https://pulumi.io/install/aws.html> for details on configuration
    I already tested that the aws cli can see the credentials
    l
    a
    • 3
    • 46
  • c

    clever-dog-35937

    07/18/2022, 10:45 PM
    https://www.pulumi.com/docs/guides/crosswalk/aws/vpc/#configuring-security-groups-for-a-vpc this Crosswalk example is broken, and it appears that the
    vpc.get...
    functions aren't able to be used to reference the subnets/routetables/etc. because they don't get resolved, but also lack
    apply()
    to force a resolve
    l
    • 2
    • 4
  • s

    swift-planet-53281

    07/19/2022, 5:36 AM
    Hey guys, we're currently building a prototype deployment with pulumi for microservice. We recognize 3 general parts in our cloud deployment: 1. General infrastructure (VPC, subnets, EKS cluster, etc) 2. Per service: required infrastructure/resources (S3 bucket, Database, ECR repos, etc) 3. Per service: deployment resources (pipelines, kubernetes deployments, services, ingress etc) We are wondering what is the best practice with regard to separating these parts over different pulumi projects. We're pretty sure it is a good idea to have a separate project for 1 (general infra). However, we are wondering where 2 and 3 should be split up in two pulumi projects, where number 3 will update automatically in a deployment pipeline, and 2 won't, or whether we should make it 1 project, reducing the amount of pulumi projects to maintain. Any suggestions or best practices?
    b
    • 2
    • 1
  • m

    modern-evening-83482

    07/19/2022, 3:16 PM
    Hello Everyone, After importing a aws resource(subnet) into pulumi I would like to modify the properties. This leads to replacement. Is this a pulumi thing or an aws thing? I would like to change few properties on the resource...
    pulumi up
    Previewing update (network.staging):
         Type                     Name                                           Plan        Info
         pulumi:pulumi:Stack      pulumi-staging-infrastructure-network.staging              
     +   ├─ pulumi:providers:aws  provider                                       create      
     +-  ├─ aws:ec2:Vpc           vpc-staging                                    replace     [diff: +enableDnsSupport,instanceTenancy~__defaults,protect,provider]
     +-  └─ aws:ec2:Subnet        public_subnet_stvk                             replace     [diff: +assignIpv6AddressOnCreation,enableDns64,enableResourceNameDnsARecordOnLaunch,ena
     
    Resources:
        + 1 to create
        +-2 to replace
        3 changes. 1 unchanged
    b
    • 2
    • 7
  • w

    witty-monitor-18849

    07/20/2022, 9:33 AM
    Morning, I'm creating a Cloudfront distribution with the aws-native provider and an alias route53 record pointing to it with the aws-classic provider. While writing the latter, I noticed a distinct lack of outputs/exports from the aws-native's Cloudfront distribution, which were present in the aws-classic Cloudfront distribution. i.e. zoneId Is this by design and I'm using the aws-native provider incorrectly?
  • w

    witty-monitor-18849

    07/20/2022, 9:34 AM
    new route53.Record(domain, {
            name: domain,
            zoneId: zoneId,
            type: 'A',
    
            aliases: [
                {
                    name: cloudFrontDist.domainName,
                    zoneId: cloudFrontDist.**NO ZONE ID**,
                    evaluateTargetHealth: true
                }
            ]
        })
  • a

    adorable-wall-67745

    07/20/2022, 9:47 AM
    Hi guys, I have encountered a strange problem that has been bothering me for a long time. I followed the documentation of Pulumi to create a demo, but when I run to
    pulumi up
    , it always throws an exception
    unable to validate AWS credentials - see <https://pulumi.io/install/aws.html> for details on configuration
    I tested the command
    aws sts get-caller-identity
    and it can works. Documentation which I followed is: https://www.pulumi.com/docs/get-started/aws/create-project/
    n
    • 2
    • 1
Powered by Linen
Title
a

adorable-wall-67745

07/20/2022, 9:47 AM
Hi guys, I have encountered a strange problem that has been bothering me for a long time. I followed the documentation of Pulumi to create a demo, but when I run to
pulumi up
, it always throws an exception
unable to validate AWS credentials - see <https://pulumi.io/install/aws.html> for details on configuration
I tested the command
aws sts get-caller-identity
and it can works. Documentation which I followed is: https://www.pulumi.com/docs/get-started/aws/create-project/
n

narrow-barista-48437

09/28/2022, 6:03 PM
Hi Ethan, I`m with very similar problem.. Did you find a solution?
View count: 1