brief-ram-15160
07/20/2022, 10:40 AMcloudfront
security headers policy in Pulumi?alert-spoon-97538
07/20/2022, 8:43 PMA Profile was specified along with the environment variables "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY". The Profile is now used instead of the environment variable credentials. This may lead to unexpected behavior.
I do set the config aws:profile locally and I tried removing that in the CI prior to up
and re-adding it after though that didn't change the log line above. Is this an issue or a red herring?adorable-summer-21974
07/21/2022, 8:42 AMaws:ec2:SecurityGroupRule (wiki-https-external-0-egress):
error: 1 error occurred:
* [WARN] A duplicate Security Group rule was found on (sg-002096ed4ca1220a3). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, TCP, from port: 443, to port: 443, ALLOW" already exists
status code: 400, request id: 1b6001e7-2dc7-437f-aa56-c92a32fa707b
modern-evening-83482
07/21/2022, 5:32 PMdeployment_controller=aws.ecs.ServiceDeploymentControllerArgs(
type="CODE_DEPLOY",
)
However I dont see any changes on the ecs service side. Am I missing something? My goal is to get a blue green for an ecs service backed by ec2quaint-match-50796
07/22/2022, 12:18 PMpolite-napkin-90098
07/22/2022, 6:12 PM{[key: string]: string}
block described here https://www.pulumi.com/registry/packages/aws/api-docs/alb/getloadbalancer/#usingbored-vase-40478
07/22/2022, 6:22 PMopts=ResourceOptions(custom_timeouts=CustomTimeouts(create='30m'))
early-keyboard-41388
07/24/2022, 2:46 PMgetAllAliases
for a lambda. So to keep all created ones, and don’t delete existing ones.icy-pilot-31118
07/26/2022, 1:51 AMaloof-dress-1001
07/26/2022, 2:48 PMgorgeous-ability-71963
07/26/2022, 7:27 PMencryptedSecret
on the stack outputs?
I’ve tried this:
const lbUser = new aws.iam.User("lbUser", {path: "/system/"});
const lbAccessKey = new aws.iam.AccessKey("lbAccessKey", {
user: lbUser.name,
});
export const secret = lbAccessKey.encryptedSecret;
But this does not exports the secret. The pgpKey
parameter is required? If so, how do I generate one?helpful-account-44059
07/27/2022, 3:12 AMhelpful-account-44059
07/27/2022, 6:31 AMCheck that your input satisfies the regular expression [0-9A-Za-z]*
2. I change the Sid to AllowPublishAlarms
error creating IAM Policy sns-access-policy: MalformedPolicyDocument: Policy document should not specify a principal
const snsAccessPolicy = new aws.iam.Policy("sns-access-policy", {
name: "sns-access-policy",
policy: {
Version: "2012-10-17",
Statement: [
{
Sid: "Allow_Publish_Alarms",
Effect: "Allow",
Principal: {
Service: "<http://aps.amazonaws.com|aps.amazonaws.com>",
},
Action: ["sns:Publish", "sns:GetTopicAttributes"],
Resource: "arn:aws:sns:ap-southeast-1:482414749843:amp-sns-topic",
Condition: {
StringEquals: {
"AWS:SourceAccount": "482414749843",
},
ArnEquals: {
"aws:SourceArn":
"arn:aws:aps:ap-southeast-1:482414749843:workspace/ws-be6e741f-d8ac-4330-b0fb-6a0c0aa92d6f",
},
},
},
],
},
});
busy-helicopter-97413
07/27/2022, 3:56 PMrpc error: code = Unknown desc = invocation of aws:ec2/getAmi:getAmi returned an error: unrecognized data function (Invoke): aws:ec2/getAmi:getAmi
I am thinking the reason why is that there are two versions of getAMI
as one is deprecated (https://www.pulumi.com/registry/packages/aws/api-docs/getami/ vs https://www.pulumi.com/registry/packages/aws/api-docs/ec2/getami/) I am running this automation on multiple versions of k8s, so is it possible that somehow the wrong implementation of getAMI is being called depending on the version?adorable-summer-21974
07/28/2022, 9:46 AMaloof-dress-1001
07/28/2022, 1:00 PMglamorous-spring-30202
07/29/2022, 3:35 AMregisterAutoTags
as described here. After that I notice that my lambda resources are losing its policies, and I am puzzled as to why this is happening. I use pulumi to create a lambda, add a role, and policy attachments to it. After a successful pulumi up
, after a few seconds my lambdas do not work, permission issues. I go look in AWS console, and they do not have my custom policy attachment anymore. If I pulumi refresh
, I see the removed policies/attachments, and if I pulumi up
again, it will create them. But on next re-deploy, the lambdas lose their policies again. I am thinking that there is something going on with the stack transformations I am trying to apply, but honestly, I have no good idea why this is happening, apart from the only change before this started, being the tagging. If anyone ever faced this issue or has some pointers on where I should look, it would be much appreciated. Thank yourhythmic-branch-12845
07/29/2022, 8:52 AMrhythmic-branch-12845
07/29/2022, 9:34 AMpulumi import
) and then pasting the code into my file, and when I try to run pulumi up
again using the same code, Pulumi claims that there is a diff in the user data when the strings are the same?
Type Name Plan Info
pulumi:pulumi:Stack test-dev
~ └─ aws:ec2:Instance api update [diff: ~userData]
Resources:
~ 1 to update
1 unchanged
Do you want to perform this update? details
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:dev::test::pulumi:pulumi:Stack::test-dev]
~ aws:ec2/instance:Instance: (update) đź”’
[id=i-0a1fd51cf5f02a8b4]
[urn=urn:pulumi:dev::test::aws:ec2/instance:Instance::api]
[provider=urn:pulumi:dev::test::pulumi:providers:aws::default_5_10_0::bdc3a497-cbed-47f9-98ef-99acbed1740f]
~ userData: "85de5fdec580fbc6617d9b2bfbddbae346a45ef4" => "85de5fdec580fbc6617d9b2bfbddbae346a45ef4"
rough-jewelry-40643
07/29/2022, 3:10 PMPulumi.stack.yml
and thus building all the stack resources in us-east-1?most-lighter-95902
07/30/2022, 11:15 PMmost-lighter-95902
07/30/2022, 11:15 PMerror: Running program '/app' failed with an unhandled exception:
Error: invocation of aws:index/getCallerIdentity:getCallerIdentity returned an error: unable to validate AWS credentials
most-lighter-95902
07/30/2022, 11:16 PMthankful-horse-13152
08/01/2022, 4:45 PMbrief-baker-41837
08/01/2022, 7:50 PM* multiple EC2 Subnets matched; use additional constraints to reduce matches to a single EC2 Subnet
I cant seem to figure out the cause specially when this is occurring in preview itself. Please help.fast-river-57630
08/01/2022, 7:55 PMlittle-soccer-5693
08/02/2022, 4:22 PMmain.go:365:11: cannot use pulumi.Any(uploadBucket.Arn) (value of type pulumi.AnyOutput) as type pulumi.StringInput in struct literal:
pulumi.AnyOutput does not implement pulumi.StringInput (missing ToStringOutput method)
when specifying bucket I've also tried:
pulumi.Sprintf("arn:aws:s3:::%v", uploadBucket.ID()))
and
pulumi.Sprintf("%v", uploadBucket.Arn)
but both result in a different error:
aws:s3control:BucketLifecycleConfiguration (mybucket-lifecycle):
error: 1 error occurred:
* error parsing S3 Control Bucket ARN (): unknown format
any suggestions?aloof-dress-1001
08/02/2022, 5:07 PMstrong-helmet-83704
08/03/2022, 1:13 AMstocky-petabyte-29883
08/03/2022, 10:05 AMstocky-petabyte-29883
08/03/2022, 10:05 AM