https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • r

    rhythmic-camera-25993

    02/10/2020, 3:31 PM
    lemme anonymize the relevant parts
  • r

    rhythmic-camera-25993

    02/10/2020, 3:34 PM
    @refined-vegetable-66224 https://gist.github.com/baronfel/cfbadf9de44e6501ebfd9467b7131d42
  • r

    refined-vegetable-66224

    02/10/2020, 3:54 PM
    Thanks, @rhythmic-camera-25993 I see what you mean, I'm still unclear on how to set up the Fargate Service though? Are you using the
    loadBalancers
    property or the
    applicationListener
    in the container definition? Loadbalancing ref: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/ecs/#FargateServiceArgs applicationListener ref: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/ecs/#Container
  • r

    rhythmic-camera-25993

    02/10/2020, 4:13 PM
    sorry for the delay, I mean in the
    portMappings
    property, you can specify it like
    portMappings: [ appServerTargetGroup ]
  • r

    rhythmic-camera-25993

    02/10/2020, 4:14 PM
    https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/ecs/#Container-portMappings
  • r

    refined-vegetable-66224

    02/10/2020, 4:24 PM
    Perfect, thanks for your help!
  • b

    billions-forest-38488

    02/11/2020, 4:43 PM
    Hi, would someone mind pointing me in the right direction: Using Python pulumi_aws, going really well, but I'm stuck on something: I'm trying to kick off a Cloudformation stack that uses
    Outputs
    from another stack, for example, this CFN stack has some EC2's with SGs:
    VpcId:
            Fn::ImportValue: !Sub '${Env}-vpc'
    However, I'm unsure how to inject these into
    cloudformation.Stack()
    as it no longer nested
    m
    • 2
    • 7
  • a

    adventurous-jordan-10043

    02/12/2020, 9:11 AM
    Any chance that greengrass support will land in pulumi before terraform?
  • b

    billions-forest-38488

    02/12/2020, 10:07 AM
    Hi All, Quick question: I'm using Python,
    pulumi_aws.lambda_.*Function*()
    and getting the error:
    aws:lambda:Function (AlarmLambda):
        error: filename or s3_* attributes must be set
    My code:
    def generate_zip():
        zf = zipfile.ZipFile('lambda.zip', mode='w')
        zf.writestr('index.py', data='''def lambda_handler(event, context): \n\treturn "Hello, world!"''')
        zf.close()
        return zf.fp    
    
    
    alarm_lambda = aws_lambda.Function(
            'AlarmLambda',
            name=f'{Env}-alarm-consumer',
            description='CloudWatch alarm consumer',
            environment={
                'Variables': {
                    'LOGLEVEL': 'INFO'
                }
            },
            code=generate_zip(),
            handler='index.handler',
            role=alarm_lambda_role.arn,
            runtime='python3.6',
            timeout=60
        )
    In the docs I do not see a param called
    filename
    and I'd rather not use the s3_* bits - any thoughts? Thanks!
  • r

    rapid-oyster-28892

    02/12/2020, 1:36 PM
    Hi, I am trying out pulumi w/ AWS but I can't even get the first example up. Pulumi up is just stuck. Was able to get the logs
    ▶ pulumi up --logtostderr -v=9 2> out.txt
    Previewing update (dev):
    
         Type                 Name             Plan        
         pulumi:pulumi:Stack  pulumi-demo-dev  running
    b
    • 2
    • 39
  • r

    refined-vegetable-66224

    02/12/2020, 1:52 PM
    Hi all, how do I configure Fargate Auto Scaling policies with Pulumi? I can't seem to find any reference in the docs Is it done similar to the EC2 example found here? --> https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/autoscaling/#scaling-policies
  • a

    abundant-author-13372

    02/13/2020, 12:44 PM
    Bumping this here, in case someone can help
  • q

    quiet-painter-30539

    02/17/2020, 9:39 PM
    I'm having some issues with Pulumi destroy - it seems to leave some aws resources behind (igw, instance profile...). Is this normal with Pulumi?
    w
    • 2
    • 2
  • q

    quiet-painter-30539

    02/18/2020, 10:48 AM
    How to set property "rotation_enabled" for Secrets Manager entity in Pulumi AWS Python SDK? https://github.com/pulumi/pulumi-aws/blob/master/sdk/python/pulumi_aws/secretsmanager/secret.py When trying to create this property I get error:
    __init__() got an unexpected keyword argument 'rotation_enabled'
    g
    • 2
    • 2
  • q

    quiet-painter-30539

    02/18/2020, 5:46 PM
    I have one issue with Pulumi and AWS EKS. If I create an AWS EKS entity like this (#1):
    #1
            self.my_cluster = eks.Cluster(self.my_name,
                                          name = self.my_name,
                                          role_arn = self.my_role.arn,
                                          vpc_config = self.my_vpc_config,
                                          tags = self.my_eks_tags)
    ... EKS gets created just fine and EKS creates a security group which it adds into self.my_cluster.vpc_config dict. So far so good. I have now EKS and if I add some new piece of code (#2):
    #2
    self.my_cluster.vpc_config["clusterSecurityGroupId"]
    ... I can access that security group. But the problem is here. If I try to create EKS (#1) and access that security group value (#2) in the same "pulumi up" run I get an error:
    KeyError: 'clusterSecurityGroupId'
    How do I access that security group id since I need it in later steps?
  • b

    breezy-agency-15661

    02/18/2020, 9:57 PM
    In the container example, is it possible to use Fargate without load balancer?
    //const lb = new awsx.lb.NetworkListener("nginx", { port: 80 });
    const service = new awsx.ecs.FargateService("nginx", {
        // cluster,
        taskDefinitionArgs: {
            containers: {
                nginx: {
                    image: image,
                    memory: 512,
                    portMappings: [ ?? ],
                },
            },
        },
        desiredCount: 1,
    });
    w
    • 2
    • 1
  • s

    salmon-ghost-86211

    02/20/2020, 4:24 PM
    I have created an Ingress using the following code. The cluster is defined elsewhere.
    import * as k8s from "@pulumi/kubernetes";
    
    const httpsIngressResource = new k8s.extensions.v1beta1.Ingress(
        "rwingress",
        {
            metadata: {
                namespace: "platform",
                annotations: {
                    "<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "alb",
                    "<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>": "internet-facing",
                    "<http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>": "arn:aws:acm:us-east-1:111111111111:certificate/12345678-90ab-cdef-1234-567890abcdef",
                    "<http://alb.ingress.kubernetes.io/aws-load-balancer-backend-protocol|alb.ingress.kubernetes.io/aws-load-balancer-backend-protocol>": "http",
                    "<http://alb.ingress.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled|alb.ingress.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled>": "true",
                    "<http://alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports|alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports>": "https"
                },
                labels: { app: "rw" }
            },
            spec: {
                rules: [
                    {
                        http: {
                            paths: [
                                {
                                    path: "/admin*",
                                    backend: { serviceName: "rec-app", servicePort: 80 }
                                },
                                {
                                    path: "/*",
                                    backend: { serviceName: "rw", servicePort: 80 }
                                }
                            ]
                        }
                    }
                ]
            }
        },
        { provider: cluster.provider }
    );
    It correctly creates an ALB with a single https/443 listener with rules that direct to new target groups pointing to the mentioned services. THE ISSUE: I can't seem to figure out how to add an http/80 listener that redirects to https/443. The api doesn't seem to allow me to add any other rules even with annotations like
    "<http://alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports|alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports>": "https"
    removed.
    • 1
    • 1
  • i

    incalculable-portugal-13011

    02/20/2020, 6:56 PM
    hey all, having trouble getting an ecs service definition to work using pulumi/awsx in js. my service definition looks like:
    let appVpc = aws.ec2.getVpc({id: "my-vpc-id"});
    
    const webServerLoadBalancer = new awsx.lb.ApplicationLoadBalancer("web-server-lb-" + userEnv, {
        securityGroups: [],
        vpc: appVpc,
        subnets: ["subnet-1", "subnet-2", "subnet-3"]
    });
    
    const webServerLoadBalancerListener = webServerLoadBalancer.createListener("ws-https-" + userEnv, {
        port: 443,
        protocol: "HTTPS",
        certificateArn: "my-cert-arn"
    });
    
    const webServerLoadBalancerRedirectToHttpsListener = webServerLoadBalancer.createListener("ws-redirect-to-https", {
        port: 80,
        protocol: "HTTP",
        defaultAction: {
            type: "redirect",
            redirect: {
                protocol: "HTTPS",
                port: "443",
                statusCode: "HTTP_301"
            }
        }
    });
    
    const webServerCluster = new awsx.ecs.Cluster("web-server-" + userEnv, {
        securityGroups: ["sg-1"],
        vpc: appVpc
    });
    
    const webServerFargateService = new awsx.ecs.FargateService("web-server-" + userEnv, {
        cluster: webServerCluster,
        networkConfiguration: {
            subnets: ["subnet-1", "subnet-2", "subnet-3"]
        },
        taskDefinitionArgs: {
            containers: {
                webServer: {
                    image: "my-org/web-server:" + userEnv,
                    portMappings: [
                        webServerLoadBalancerListener
                    ],
                    healthCheck: {...healthCheckArgs}
                }
            }
        }
    });
    the error I’m receiving is that
    error: aws:ecs/service:Service resource 'web-server-dev' has a problem: "network_configuration.0.subnets": required field is not set
    , which doesn’t make sense to me. per the docs, I’m setting the
    networkConfiguration
    property of the service, and I’m tried both wrapping that property in an array and as an object. no dice either way. any thoughts? (edited)
  • f

    fresh-daybreak-17893

    02/20/2020, 8:14 PM
    our team is running python packages
    pulumi = ">=1.10.1"
    pulumi-aws = ">=1.0.0"
    with pulumi version 1.10.1. pulumi is reporting that it cannot find aws credentials:
    -  aws:ebs:Volume prometheus_volume **deleting failed** error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
        pulumi:pulumi:Stack prometheus-dev running error: update failed
        pulumi:pulumi:Stack prometheus-dev **failed** 1 error
     
    Diagnostics:
      aws:ebs:Volume (prometheus_volume):
        error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
     
      pulumi:pulumi:Stack (prometheus-dev):
        error: update failed
    but the command
    aws --profile=<profile name> ec2 describe-instances
    works as expected.
    <profile name>
    from the preceding command is also configured in the application's Pulumi.dev.yaml I tend to think this is a case of user error. Is there some combination of package versions that I should be using to avoid this behavior? additionally, our team recently changed our convention surrounding aws profile names. Is it possible that pulumi is trying to use old names that are cached somewhere?
  • c

    colossal-plastic-46140

    02/21/2020, 4:06 PM
    Does the Pulumi CLI work directly with temporary credentials that are provided by STS? Or do I need to write something to wrap the credentials that aws`sts assume-role` generates?
    s
    w
    • 3
    • 7
  • b

    bitter-zebra-93800

    02/22/2020, 2:04 AM
    Hello all, just playing with the Pulumi getting started sample here https://www.pulumi.com/docs/get-started/aws/review-project/ - running pulumi up with that code reports it created the bucket but I cant see it in the s3 console, when I follow the link on the app page it shows it but says Error Access Denied. What am I missing?
    b
    • 2
    • 3
  • c

    colossal-ram-89482

    02/24/2020, 1:00 AM
    The Terraform AWS Lambda Function resource supports use of either a) S3 or b)
    filename
    arguments to supply the code deployment package. In Pulumi, in both TS/JS and Python, only the S3 option seems to be available. A couple of questions: 1) Why is this the case? 2) My understanding is that the Pulumi providers are usually auto-generated from the corresponding Terraform provider. Where is the logic that removes the
    filename
    argument in this case? (Or is auto-generation not used?)
    g
    • 2
    • 7
  • a

    aloof-psychiatrist-4562

    02/24/2020, 6:16 PM
    👋 hullo. i’d like to make some contribution’s to
    pulumi-awsx
    for python. i didn’t see an issue raised about it; is this something that would be a ‘nice to have’?
    w
    • 2
    • 6
  • s

    salmon-ghost-86211

    02/24/2020, 9:44 PM
    I have created a Kubernetes Ingress using the following code.
    import * as k8s from "@pulumi/kubernetes";
    
    const httpsIngressResource = new k8s.extensions.v1beta1.Ingress(...
    An ALB is created with an HTTPS/443 listener and the rules I have specified, but the problem is there is no HTTP/80 listener that redirects to HTTPS. The Ingress call doesn't look like it supports that either. It looks like I could do something like
    import * as aws from "@pulumi/aws";
    
    const httpListener = new aws.lb.Listener("httpListener", {
    but I'm not sure how to reference the load balancer created above. The only piece of data that seems to cross over between AWS and Pulumi is the URL. Can someone provide assistance with either the
    Listener
    object or maybe
    Ingress
    or
    IngressList
    to solve this problem?
  • s

    salmon-ghost-86211

    02/24/2020, 9:50 PM
    Is it possible to import an existing ALB so that Pulumi manages it? The only example I could find for
    import
    was on
    <https://www.pulumi.com/blog/adopting-existing-cloud-resources-into-pulumi/>
    , but I have no idea how to extend that example. I'm confused as to why I would need to specify the cidrBlock for a VPC. Can't Pulumi read that in? What details are required for importing different types of objects?
    w
    • 2
    • 2
  • l

    late-advantage-85073

    02/26/2020, 12:37 AM
    Hi all, just getting started with Pulimi, is there a good example in TypeKit that would specifically show creating a simple VPC with basic networking and dropping and ec2 instance with attached EBS in it? Just to use as a guide getting started?
  • s

    salmon-account-74572

    02/26/2020, 1:17 AM
    This is a bit more complex than you asked for, but it should give you an idea of how to go about it: https://github.com/scottslowe/learning-tools/blob/master/pulumi/aws-k8s-infra/index.ts
    l
    • 2
    • 2
  • c

    calm-parrot-72437

    02/26/2020, 8:51 PM
    i need create a client vpn endpoint, but can't seem to find the pulumi code that does that. can someone point me to the right place?
    • 1
    • 2
  • a

    aloof-psychiatrist-4562

    02/27/2020, 4:34 AM
    Friends, if I adopt an unmanaged resource into my plmi stack, is there ever a way to dereference it?
    w
    • 2
    • 2
  • b

    billions-forest-38488

    02/28/2020, 1:17 PM
    Hi, quick question regarding S3 bucket creation. I've been creating/destroying the same stack frequently... is there a way when creating a bucket it adds a random string to the end, like cloudformation does? I suppose I could add a random string to the config each time, but was wondering if there was a built-in for this? Thanks,
    g
    • 2
    • 5
Powered by Linen
Title
b

billions-forest-38488

02/28/2020, 1:17 PM
Hi, quick question regarding S3 bucket creation. I've been creating/destroying the same stack frequently... is there a way when creating a bucket it adds a random string to the end, like cloudformation does? I suppose I could add a random string to the config each time, but was wondering if there was a built-in for this? Thanks,
I think I just need to use
bucket_prefix
instead of
bucket
g

gentle-diamond-70147

02/28/2020, 4:25 PM
If you omit
bucket
, Pulumi will do this for you automatically and use the logical name that you provide as the bucket prefix.
Pulumi's default behavior is to add a random suffix to all resources.
More on that at https://www.pulumi.com/docs/intro/concepts/programming-model/#autonaming.
b

billions-forest-38488

02/28/2020, 5:52 PM
Nice one ^ thanks
View count: 1