lemme anonymize the relevant parts

@refined-vegetable-66224 https://gist.github.com/baronfel/cfbadf9de44e6501ebfd9467b7131d42

Thanks, @rhythmic-camera-25993 I see what you mean, I'm still unclear on how to set up the Fargate Service though? Are you using the

loadBalancers

property or the

applicationListener

in the container definition? Loadbalancing ref: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/ecs/#FargateServiceArgs applicationListener ref: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/ecs/#Container

sorry for the delay, I mean in the

portMappings

property, you can specify it like

portMappings: [ appServerTargetGroup ]

Perfect, thanks for your help!

Hi, would someone mind pointing me in the right direction: Using Python pulumi_aws, going really well, but I'm stuck on something: I'm trying to kick off a Cloudformation stack that uses

Outputs

from another stack, for example, this CFN stack has some EC2's with SGs:

VpcId:
        Fn::ImportValue: !Sub '${Env}-vpc'

However, I'm unsure how to inject these into

cloudformation.Stack()

as it no longer nested

Any chance that greengrass support will land in pulumi before terraform?

Hi All, Quick question: I'm using Python,

pulumi_aws.lambda_.*Function*()

and getting the error:

aws:lambda:Function (AlarmLambda):
    error: filename or s3_* attributes must be set

My code:

def generate_zip():
    zf = zipfile.ZipFile('lambda.zip', mode='w')
    zf.writestr('index.py', data='''def lambda_handler(event, context): \n\treturn "Hello, world!"''')
    zf.close()
    return zf.fp    


alarm_lambda = aws_lambda.Function(
        'AlarmLambda',
        name=f'{Env}-alarm-consumer',
        description='CloudWatch alarm consumer',
        environment={
            'Variables': {
                'LOGLEVEL': 'INFO'
            }
        },
        code=generate_zip(),
        handler='index.handler',
        role=alarm_lambda_role.arn,
        runtime='python3.6',
        timeout=60
    )

In the docs I do not see a param called

filename

and I'd rather not use the s3_* bits - any thoughts? Thanks!

Hi, I am trying out pulumi w/ AWS but I can't even get the first example up. Pulumi up is just stuck. Was able to get the logs

▶ pulumi up --logtostderr -v=9 2> out.txt
Previewing update (dev):

     Type                 Name             Plan        
     pulumi:pulumi:Stack  pulumi-demo-dev  running

Hi all, how do I configure Fargate Auto Scaling policies with Pulumi? I can't seem to find any reference in the docs Is it done similar to the EC2 example found here? --> https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/autoscaling/#scaling-policies

Bumping this here, in case someone can help

I'm having some issues with Pulumi destroy - it seems to leave some aws resources behind (igw, instance profile...). Is this normal with Pulumi?

How to set property "rotation_enabled" for Secrets Manager entity in Pulumi AWS Python SDK? https://github.com/pulumi/pulumi-aws/blob/master/sdk/python/pulumi_aws/secretsmanager/secret.py When trying to create this property I get error:

__init__() got an unexpected keyword argument 'rotation_enabled'

I have one issue with Pulumi and AWS EKS. If I create an AWS EKS entity like this (#1):

#1
        self.my_cluster = eks.Cluster(self.my_name,
                                      name = self.my_name,
                                      role_arn = self.my_role.arn,
                                      vpc_config = self.my_vpc_config,
                                      tags = self.my_eks_tags)

... EKS gets created just fine and EKS creates a security group which it adds into self.my_cluster.vpc_config dict. So far so good. I have now EKS and if I add some new piece of code (#2):

#2
self.my_cluster.vpc_config["clusterSecurityGroupId"]

... I can access that security group. But the problem is here. If I try to create EKS (#1) and access that security group value (#2) in the same "pulumi up" run I get an error:

KeyError: 'clusterSecurityGroupId'

How do I access that security group id since I need it in later steps?

In the container example, is it possible to use Fargate without load balancer?

//const lb = new awsx.lb.NetworkListener("nginx", { port: 80 });
const service = new awsx.ecs.FargateService("nginx", {
    // cluster,
    taskDefinitionArgs: {
        containers: {
            nginx: {
                image: image,
                memory: 512,
                portMappings: [ ?? ],
            },
        },
    },
    desiredCount: 1,
});

I have created an Ingress using the following code. The cluster is defined elsewhere.

import * as k8s from "@pulumi/kubernetes";

const httpsIngressResource = new k8s.extensions.v1beta1.Ingress(
    "rwingress",
    {
        metadata: {
            namespace: "platform",
            annotations: {
                "<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "alb",
                "<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>": "internet-facing",
                "<http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>": "arn:aws:acm:us-east-1:111111111111:certificate/12345678-90ab-cdef-1234-567890abcdef",
                "<http://alb.ingress.kubernetes.io/aws-load-balancer-backend-protocol|alb.ingress.kubernetes.io/aws-load-balancer-backend-protocol>": "http",
                "<http://alb.ingress.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled|alb.ingress.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled>": "true",
                "<http://alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports|alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports>": "https"
            },
            labels: { app: "rw" }
        },
        spec: {
            rules: [
                {
                    http: {
                        paths: [
                            {
                                path: "/admin*",
                                backend: { serviceName: "rec-app", servicePort: 80 }
                            },
                            {
                                path: "/*",
                                backend: { serviceName: "rw", servicePort: 80 }
                            }
                        ]
                    }
                }
            ]
        }
    },
    { provider: cluster.provider }
);

It correctly creates an ALB with a single https/443 listener with rules that direct to new target groups pointing to the mentioned services. THE ISSUE: I can't seem to figure out how to add an http/80 listener that redirects to https/443. The api doesn't seem to allow me to add any other rules even with annotations like

"<http://alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports|alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports>": "https"

removed.

hey all, having trouble getting an ecs service definition to work using pulumi/awsx in js. my service definition looks like:

let appVpc = aws.ec2.getVpc({id: "my-vpc-id"});

const webServerLoadBalancer = new awsx.lb.ApplicationLoadBalancer("web-server-lb-" + userEnv, {
    securityGroups: [],
    vpc: appVpc,
    subnets: ["subnet-1", "subnet-2", "subnet-3"]
});

const webServerLoadBalancerListener = webServerLoadBalancer.createListener("ws-https-" + userEnv, {
    port: 443,
    protocol: "HTTPS",
    certificateArn: "my-cert-arn"
});

const webServerLoadBalancerRedirectToHttpsListener = webServerLoadBalancer.createListener("ws-redirect-to-https", {
    port: 80,
    protocol: "HTTP",
    defaultAction: {
        type: "redirect",
        redirect: {
            protocol: "HTTPS",
            port: "443",
            statusCode: "HTTP_301"
        }
    }
});

const webServerCluster = new awsx.ecs.Cluster("web-server-" + userEnv, {
    securityGroups: ["sg-1"],
    vpc: appVpc
});

const webServerFargateService = new awsx.ecs.FargateService("web-server-" + userEnv, {
    cluster: webServerCluster,
    networkConfiguration: {
        subnets: ["subnet-1", "subnet-2", "subnet-3"]
    },
    taskDefinitionArgs: {
        containers: {
            webServer: {
                image: "my-org/web-server:" + userEnv,
                portMappings: [
                    webServerLoadBalancerListener
                ],
                healthCheck: {...healthCheckArgs}
            }
        }
    }
});

the error I’m receiving is that

error: aws:ecs/service:Service resource 'web-server-dev' has a problem: "network_configuration.0.subnets": required field is not set

, which doesn’t make sense to me. per the docs, I’m setting the

networkConfiguration

property of the service, and I’m tried both wrapping that property in an array and as an object. no dice either way. any thoughts? (edited)

our team is running python packages

pulumi = ">=1.10.1"
pulumi-aws = ">=1.0.0"

with pulumi version 1.10.1. pulumi is reporting that it cannot find aws credentials:

-  aws:ebs:Volume prometheus_volume **deleting failed** error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
    pulumi:pulumi:Stack prometheus-dev running error: update failed
    pulumi:pulumi:Stack prometheus-dev **failed** 1 error
 
Diagnostics:
  aws:ebs:Volume (prometheus_volume):
    error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
 
  pulumi:pulumi:Stack (prometheus-dev):
    error: update failed

but the command

aws --profile=<profile name> ec2 describe-instances

works as expected.

<profile name>

from the preceding command is also configured in the application's Pulumi.dev.yaml I tend to think this is a case of user error. Is there some combination of package versions that I should be using to avoid this behavior? additionally, our team recently changed our convention surrounding aws profile names. Is it possible that pulumi is trying to use old names that are cached somewhere?

Does the Pulumi CLI work directly with temporary credentials that are provided by STS? Or do I need to write something to wrap the credentials that aws`sts assume-role` generates?

Hello all, just playing with the Pulumi getting started sample here https://www.pulumi.com/docs/get-started/aws/review-project/ - running pulumi up with that code reports it created the bucket but I cant see it in the s3 console, when I follow the link on the app page it shows it but says Error Access Denied. What am I missing?

The Terraform AWS Lambda Function resource supports use of either a) S3 or b)

filename

arguments to supply the code deployment package. In Pulumi, in both TS/JS and Python, only the S3 option seems to be available. A couple of questions: 1) Why is this the case? 2) My understanding is that the Pulumi providers are usually auto-generated from the corresponding Terraform provider. Where is the logic that removes the

filename

argument in this case? (Or is auto-generation not used?)

👋 hullo. i’d like to make some contribution’s to

pulumi-awsx

for python. i didn’t see an issue raised about it; is this something that would be a ‘nice to have’?

I have created a Kubernetes Ingress using the following code.

import * as k8s from "@pulumi/kubernetes";

const httpsIngressResource = new k8s.extensions.v1beta1.Ingress(...

An ALB is created with an HTTPS/443 listener and the rules I have specified, but the problem is there is no HTTP/80 listener that redirects to HTTPS. The Ingress call doesn't look like it supports that either. It looks like I could do something like

import * as aws from "@pulumi/aws";

const httpListener = new aws.lb.Listener("httpListener", {

but I'm not sure how to reference the load balancer created above. The only piece of data that seems to cross over between AWS and Pulumi is the URL. Can someone provide assistance with either the

Listener

object or maybe

Ingress

or

IngressList

to solve this problem?

Is it possible to import an existing ALB so that Pulumi manages it? The only example I could find for

import

was on

<https://www.pulumi.com/blog/adopting-existing-cloud-resources-into-pulumi/>

, but I have no idea how to extend that example. I'm confused as to why I would need to specify the cidrBlock for a VPC. Can't Pulumi read that in? What details are required for importing different types of objects?

Hi all, just getting started with Pulimi, is there a good example in TypeKit that would specifically show creating a simple VPC with basic networking and dropping and ec2 instance with attached EBS in it? Just to use as a guide getting started?

This is a bit more complex than you asked for, but it should give you an idea of how to go about it: https://github.com/scottslowe/learning-tools/blob/master/pulumi/aws-k8s-infra/index.ts

i need create a client vpn endpoint, but can't seem to find the pulumi code that does that. can someone point me to the right place?

Friends, if I adopt an unmanaged resource into my plmi stack, is there ever a way to dereference it?

Hi, quick question regarding S3 bucket creation. I've been creating/destroying the same stack frequently... is there a way when creating a bucket it adds a random string to the end, like cloudformation does? I suppose I could add a random string to the config each time, but was wondering if there was a built-in for this? Thanks,