https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • b

    brief-ram-15160

    07/20/2022, 10:40 AM
    hey all. Did anyone here managed to create a
    cloudfront
    security headers policy in Pulumi?
    g
    • 2
    • 1
  • a

    alert-spoon-97538

    07/20/2022, 8:43 PM
    Trying to run Pulumi in GitHub Action CI but keep seeing the following line implying a Profile is passed even though no AWS profile is defined.
    A Profile was specified along with the environment variables "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY". The Profile is now used instead of the environment variable credentials. This may lead to unexpected behavior.
    I do set the config aws:profile locally and I tried removing that in the CI prior to
    up
    and re-adding it after though that didn't change the log line above. Is this an issue or a red herring?
    b
    l
    • 3
    • 9
  • a

    adorable-summer-21974

    07/21/2022, 8:42 AM
    Hi, does anyone know how I can get past a 'duplicate security group' error. The issue seems to have been fixed in Terraform about 6 years ago!
    aws:ec2:SecurityGroupRule (wiki-https-external-0-egress):
        error: 1 error occurred:
        	* [WARN] A duplicate Security Group rule was found on (sg-002096ed4ca1220a3). This may be
        a side effect of a now-fixed Terraform issue causing two security groups with
        identical attributes but different source_security_group_ids to overwrite each
        other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
        information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, TCP, from port: 443, to port: 443, ALLOW" already exists
        	status code: 400, request id: 1b6001e7-2dc7-437f-aa56-c92a32fa707b
    m
    b
    • 3
    • 6
  • m

    modern-evening-83482

    07/21/2022, 5:32 PM
    Hello Everyone, I am trying to achieve blue green for ecs backed by ec2 via code deploy. I am setting the following in the aws.ecs.Service object
    deployment_controller=aws.ecs.ServiceDeploymentControllerArgs(
          type="CODE_DEPLOY",
        )
    However I dont see any changes on the ecs service side. Am I missing something? My goal is to get a blue green for an ecs service backed by ec2
  • q

    quaint-match-50796

    07/22/2022, 12:18 PM
    Hi, do anyone have issues when: 1. Create EKS cluster 2. Setup AWS Load Balanacer Controller 3. Create some services that deploys load balancers 4. Try to take down stack As a result, we got stuck at delete subnet because the load balancers are not deleted. Anyone has implemented anything? Options could be manual removal or listing and removing, that I can think of.
    p
    s
    • 3
    • 6
  • p

    polite-napkin-90098

    07/22/2022, 6:12 PM
    I'm trying to look up a load balancer by tags, so I can create a DNS record to point a hostname at it. I can't find any examples for how to construct the
    {[key: string]: string}
    block described here https://www.pulumi.com/registry/packages/aws/api-docs/alb/getloadbalancer/#using
    đź’Ż 1
    • 1
    • 1
  • b

    bored-vase-40478

    07/22/2022, 6:22 PM
    Hi Pulumi Community, Does anyone tried to create ec2 instances and pause the resource deploying process until the ec2 instances have a healthy status? I would like to continue deploying resources until the ec2 instances have a healthy status. Not sure if the right way is to configure Pulumi custom timeouts
    opts=ResourceOptions(custom_timeouts=CustomTimeouts(create='30m'))
    b
    q
    • 3
    • 13
  • e

    early-keyboard-41388

    07/24/2022, 2:46 PM
    Hi! Does anyone have an implementation on a similar use case as this? Serverless alias handling for lambdas. Main questions is how to handle a
    getAllAliases
    for a lambda. So to keep all created ones, and don’t delete existing ones.
  • i

    icy-pilot-31118

    07/26/2022, 1:51 AM
    I deployed a service/load balancer within kubernetes cluster using the default VPC. I wanted to have the cluster use fargate so that I don’t have to worry about provisioning. Since fargate requires a private subnet, I needed to create a new VPC and deploy the cluster under this new VPC. After I did this though, the service/load balancer returned an empty reply when queried. Anybody know why? Code in thread.
    b
    • 2
    • 36
  • a

    aloof-dress-1001

    07/26/2022, 2:48 PM
    Hey guys, is anybody familiar with step functions? I’m deploying a state machine that creates an EMR Cluster and runs some steps. I want to pass a date parameter in this format: YYYY-MM-DD, that changes every day (inside the state definition) and i cant figure out how to do that. Can someone help please? The output should be something like: { … “Parameters”:{ “date”: “2022-07-26”, …..} }
  • g

    gorgeous-ability-71963

    07/26/2022, 7:27 PM
    Hi! Does anyone know how to export an accessKey
    encryptedSecret
    on the stack outputs? I’ve tried this:
    const lbUser = new aws.iam.User("lbUser", {path: "/system/"});
    const lbAccessKey = new aws.iam.AccessKey("lbAccessKey", {
        user: lbUser.name,
    });
    export const secret = lbAccessKey.encryptedSecret;
    But this does not exports the secret. The
    pgpKey
    parameter is required? If so, how do I generate one?
    • 1
    • 1
  • h

    helpful-account-44059

    07/27/2022, 3:12 AM
    Hi there, the aws,lambda.EventSourceMapping not support SNS topic??
    v
    • 2
    • 2
  • h

    helpful-account-44059

    07/27/2022, 6:31 AM
    Hi, I have aws sns topic access policy as picture, it was edited by manual, when i try to translate to pulumi IaC code, it not accepted 1. Statement IDs (SID) must be alpha-numeric.
    Check that your input satisfies the regular expression [0-9A-Za-z]*
    2. I change the Sid to AllowPublishAlarms
    error creating IAM Policy sns-access-policy: MalformedPolicyDocument: Policy document should not specify a principal
    const snsAccessPolicy = new aws.iam.Policy("sns-access-policy", {
      name: "sns-access-policy",
      policy: {
        Version: "2012-10-17",
        Statement: [
          {
            Sid: "Allow_Publish_Alarms",
            Effect: "Allow",
            Principal: {
              Service: "<http://aps.amazonaws.com|aps.amazonaws.com>",
            },
            Action: ["sns:Publish", "sns:GetTopicAttributes"],
            Resource: "arn:aws:sns:ap-southeast-1:482414749843:amp-sns-topic",
            Condition: {
              StringEquals: {
                "AWS:SourceAccount": "482414749843",
              },
              ArnEquals: {
                "aws:SourceArn":
                  "arn:aws:aps:ap-southeast-1:482414749843:workspace/ws-be6e741f-d8ac-4330-b0fb-6a0c0aa92d6f",
              },
            },
          },
        ],
      },
    });
    • 1
    • 1
  • b

    busy-helicopter-97413

    07/27/2022, 3:56 PM
    Hey all! I am running some automation in golang that involves retrieving AMIs that breaks on certain occasions but not on others. Specifically, the error message I'm getting is
    rpc error: code = Unknown desc = invocation of aws:ec2/getAmi:getAmi returned an error: unrecognized data function (Invoke): aws:ec2/getAmi:getAmi
    I am thinking the reason why is that there are two versions of
    getAMI
    as one is deprecated (https://www.pulumi.com/registry/packages/aws/api-docs/getami/ vs https://www.pulumi.com/registry/packages/aws/api-docs/ec2/getami/) I am running this automation on multiple versions of k8s, so is it possible that somehow the wrong implementation of getAMI is being called depending on the version?
  • a

    adorable-summer-21974

    07/28/2022, 9:46 AM
    Hey, does anyone know if its possible to add an origin to an existing cloudfront distribution using pulumi? Thanks!
    l
    • 2
    • 1
  • a

    aloof-dress-1001

    07/28/2022, 1:00 PM
    Hey, Why can’t i run “nodejs16.x” runtime from pulumi when creating a lambda function?
  • g

    glamorous-spring-30202

    07/29/2022, 3:35 AM
    Hi, I recently started using
    registerAutoTags
    as described here. After that I notice that my lambda resources are losing its policies, and I am puzzled as to why this is happening. I use pulumi to create a lambda, add a role, and policy attachments to it. After a successful
    pulumi up
    , after a few seconds my lambdas do not work, permission issues. I go look in AWS console, and they do not have my custom policy attachment anymore. If I
    pulumi refresh
    , I see the removed policies/attachments, and if I
    pulumi up
    again, it will create them. But on next re-deploy, the lambdas lose their policies again. I am thinking that there is something going on with the stack transformations I am trying to apply, but honestly, I have no good idea why this is happening, apart from the only change before this started, being the tagging. If anyone ever faced this issue or has some pointers on where I should look, it would be much appreciated. Thank you
  • r

    rhythmic-branch-12845

    07/29/2022, 8:52 AM
    can Pulumi be run from an EC2 instance that has an instance profile assigned to it? or must we set up AWS credentials?
    s
    l
    l
    • 4
    • 51
  • r

    rhythmic-branch-12845

    07/29/2022, 9:34 AM
    hi, I am importing an EC2 instance (using
    pulumi import
    ) and then pasting the code into my file, and when I try to run
    pulumi up
    again using the same code, Pulumi claims that there is a diff in the user data when the strings are the same?
    Type                 Name        Plan       Info
         pulumi:pulumi:Stack  test-dev
     ~   └─ aws:ec2:Instance  api         update     [diff: ~userData]
    
    Resources:
        ~ 1 to update
        1 unchanged
    
    Do you want to perform this update? details
      pulumi:pulumi:Stack: (same)
        [urn=urn:pulumi:dev::test::pulumi:pulumi:Stack::test-dev]
        ~ aws:ec2/instance:Instance: (update) đź”’
            [id=i-0a1fd51cf5f02a8b4]
            [urn=urn:pulumi:dev::test::aws:ec2/instance:Instance::api]
            [provider=urn:pulumi:dev::test::pulumi:providers:aws::default_5_10_0::bdc3a497-cbed-47f9-98ef-99acbed1740f]
          ~ userData: "85de5fdec580fbc6617d9b2bfbddbae346a45ef4" => "85de5fdec580fbc6617d9b2bfbddbae346a45ef4"
    l
    • 2
    • 2
  • r

    rough-jewelry-40643

    07/29/2022, 3:10 PM
    Hi all, I have a question about deploying multi region resources. In general we use AWS us-east-2. I need to build a stack which contains CloudFront and some CloudFront associated lamda fucntions. B/c cloudfront is global the lambda fucntions must be in us-east-1. Is there a way in pulumi to specify this, without changing my overall
    Pulumi.stack.yml
    and thus building all the stack resources in us-east-1?
    s
    • 2
    • 3
  • m

    most-lighter-95902

    07/30/2022, 11:15 PM
    Hi, I’m getting the following error even though my aws credentials are set as env variables as per the doc:
  • m

    most-lighter-95902

    07/30/2022, 11:15 PM
    error: Running program '/app' failed with an unhandled exception:
    Error: invocation of aws:index/getCallerIdentity:getCallerIdentity returned an error: unable to validate AWS credentials
  • m

    most-lighter-95902

    07/30/2022, 11:16 PM
    This is running inside a container - why would I be getting this error? Not sure where to start debugging this?
    b
    l
    +2
    • 5
    • 13
  • t

    thankful-horse-13152

    08/01/2022, 4:45 PM
    I am new to Pulumi. I am looking at creating a new IAM user just for Pulumi. Following the Principle of Least Privilege. What are the bare minimum permissions a Pulumi IAM user would need? (I am not very well versed in AWS IAM)
    b
    • 2
    • 1
  • b

    brief-baker-41837

    08/01/2022, 7:50 PM
    Hi, I am trying to create a VPC and then query the result object to get the private subnet but it is always failing with the following error during preview itself:
    * multiple EC2 Subnets matched; use additional constraints to reduce matches to a single EC2 Subnet
    I cant seem to figure out the cause specially when this is occurring in preview itself. Please help.
    s
    b
    • 3
    • 7
  • f

    fast-river-57630

    08/01/2022, 7:55 PM
    I expected retainOnDelete to keep my EC2 Instance running and just spawn i new one when my AMI caused a replace. Should I have run 'pulumi state delete' on the EC2 instance first to keep the old instance around?
    • 1
    • 3
  • l

    little-soccer-5693

    08/02/2022, 4:22 PM
    the example code for bucket lifecycle configuration doesn't seem to work. reference: https://www.pulumi.com/registry/packages/aws/api-docs/s3control/bucketlifecycleconfiguration/ I get:
    main.go:365:11: cannot use pulumi.Any(uploadBucket.Arn) (value of type pulumi.AnyOutput) as type pulumi.StringInput in struct literal:
    pulumi.AnyOutput does not implement pulumi.StringInput (missing ToStringOutput method)
    when specifying bucket I've also tried:
    pulumi.Sprintf("arn:aws:s3:::%v", uploadBucket.ID()))
    and
    pulumi.Sprintf("%v", uploadBucket.Arn)
    but both result in a different error:
    aws:s3control:BucketLifecycleConfiguration (mybucket-lifecycle):
    error: 1 error occurred:
    * error parsing S3 Control Bucket ARN (): unknown format
    any suggestions?
    b
    • 2
    • 11
  • a

    aloof-dress-1001

    08/02/2022, 5:07 PM
    Hey guys, is it possible to deploy pulumi_kuberenetes and pulumi_aws in the same program? i want to deploy an EKS Cluster with some other resources, and in the same program use helm.release function of pulumi_kubernetes. but i cant import the modules of k8s into my aws program, what is the best way to do it?
    s
    • 2
    • 1
  • s

    strong-helmet-83704

    08/03/2022, 1:13 AM
    I’ve noticed that sometimes Pulumi will take multiple runs to complete all of its tasks… Is this normal or expected in some situations?
    s
    • 2
    • 13
  • s

    stocky-petabyte-29883

    08/03/2022, 10:05 AM
    Hey About using mysql provider for an aurora instance that is not publicly accessible, I have created a bastion machine that I am trying to use to access the database. Can I create a remote ssh connection the bastion via pulumi command and use it for the pulumi mysql provider? If not what is the recommended approach to run mysql commands to create a user.
Powered by Linen
Title
s

stocky-petabyte-29883

08/03/2022, 10:05 AM
Hey About using mysql provider for an aurora instance that is not publicly accessible, I have created a bastion machine that I am trying to use to access the database. Can I create a remote ssh connection the bastion via pulumi command and use it for the pulumi mysql provider? If not what is the recommended approach to run mysql commands to create a user.
View count: 3