pulumi-community #aws

big-potato-91793

08/03/2022, 3:28 PM

Hey all, 👋 , I’m using the aws provider

5.10

and pulumi

3.35.3

with those value

Copy code

skipCredentialsValidation: false,
 skipGetEc2Platforms: false,
 skipMetadataApiCheck: false,

with EC2 Instance Metadata (iam role on the instance) It was working before I upgrade all version. Anything wrong?

broad-toddler-72261

08/03/2022, 6:49 PM

Has anyone else run into the issue where you attempt to upgrade pulumi from 1.x to 3.x, only to find there are a number of breaking changes, so in turn you revert back to 1.x, now faced with the problem where you can no longer get a StackReference to that stack?

victorious-dusk-75271

08/03/2022, 8:32 PM

dear AWS experts, how do you setup RDS (mysql) for multi region?

breezy-laptop-42679

08/04/2022, 2:05 PM

Hello I need guidance over creating s3 public access block the code mentioned in official documentation creates a new bucket and policy however I need to do it for a already created one please check the code below

Copy code

[6:11 PM] /*
   *   s3 public access block
   */
const bucketNameList = ["prod-nueve-media-9184fce"]
const bucketIdList: pulumi.Output<string>[] = []

bucketNameList.forEach(bucketName => {
  // Create an AWS resource (S3 Bucket) 
  const bucket = new aws.s3.Bucket(bucketName, {});
  bucketIdList.push(bucket.id)
});

for (let index = 0; index < bucketIdList.length; index++) {
  new aws.s3.BucketPublicAccessBlock(`${bucketNameList[index]}-publicAccessBlock`, {
    bucket: bucketIdList[index],
    blockPublicAcls: true,
    blockPublicPolicy: true,
  });
}

aloof-dress-1001

08/04/2022, 4:43 PM

Hey guys, Im deploying an EKS cluster with pulumi_aws, and i want to connect my cluster to kubectl as soon as its deployed, how do i output the kubeconfig to my local machine inside the code and not by a command later on?

kind-hamburger-15227

08/04/2022, 6:45 PM

How can I set aws:skipCredentialsValidation for automation API? I am trying to run example https://github.com/pulumi/automation-api-examples/tree/main/python/pulumi_over_http and it's failing with terraform related aws error:

Copy code

Diagnostics:
  aws:s3:Bucket (s3-website-bucket):
    error: 1 error occurred:
    	* error configuring Terraform AWS Provider: AWS account ID not previously found and failed retrieving via all available methods. See <https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id> for workaround and implications. Errors: 2 errors occurred:

I tried adding stack.set_config("awsskipCredentialsValidation", auto.ConfigValue("true")) into main.py but it failed to parse config parameter. Any suggestions?

polite-napkin-90098

08/04/2022, 7:04 PM

I'm finding that repeated pulumi up and pulumi refresh is constantly editing and destroying rules in my AWS security groups, and then restoring them on the next cycle of refresh and up. From looking at the first refresh it seems like it is finding say 5 rules in the security group which match what the code generates but they are out of order. e.g. in the code 1,2,3,4,5 and then in aws 1,2,4,3,5 and then pulumi thinks it needs to update rules 3 and 4 essentially morphing each into the other. I think this update fails somehow (aws sg can be fussy about having rules added which match rules which already exist) and the result is that one rule is morphed into the other and the other is broken. The another round of refresh and update will fix it. As far as I know the order in which the AWS api returns the security group rules is based on their name which is sg- and a random hex string, as I can't know this before the sg are created I can't order the statements in my code to match the order in which they will appear in the api. Especially when you consider deploying the same code to multiple stacks. Is this a common issue? Can I solve it easily? Do I need to look at using AWS-Native over the AWS-Classic?

stocky-petabyte-29883

08/04/2022, 8:46 PM

Hey Trying to create a new subnet to an existing vpc, using either

new awsx.ec2.Subnet

new aws.ec2.Subnet

. How do we set the subnet name and set the subnet as private or public?

helpful-account-44059

08/05/2022, 7:56 AM

the opensearch domain ebsoption's volume type missing type of "gp3"

limited-motorcycle-11738

08/05/2022, 10:45 AM

Hi All! Perhaps a n00b question but I couldn't see anythign in the docs. I've successfully created an EKS cluster and added some k8s stuff onto it. One thing I added creatd an elb (correctly, as expected). Now I would like to get the elb using https://www.pulumi.com/registry/packages/aws/api-docs/elb/getloadbalancer/ so that I can alias it to a Route53 record. However I don't know its name or how to list all elbs. Any suggestions?

stocky-petabyte-29883

08/05/2022, 2:21 PM

Hi I am using remote command to execute a sql script, but the environment variables I set for the remote command isn't available in the remote server. How to use it?

Copy code

new remote.Command("mysql-setup-execute", {
                    connection,
                    create: pulumi.interpolate`chmod 777 ./mysql-setup.sh; ./mysql-setup.sh`,
                    delete: "rm mysql-setup.sh",
                    environment: {
                        MASTER_USER: masterUsername,
                        MASTER_PASSWORD: masterPassword!,
                        DB_USERNAME: dbUsername,
                        DB_PASSWORD: dbUserPassword,
                        DB_NAME: dbName,
                        DB_HOST: dbHost
                    }
                }, { dependsOn: remoteFile });

Shell script

Copy code

#!/bin/bash

sudo yum -y install mariadb
mysql -u ${MASTER_USER} -p${MASTER_PASSWORD} -h${DB_HOST}<<MYSQL_SCRIPT

CREATE USER ${DB_USERNAME}@% IDENTIFIED BY '${DB_PASSWORD}';
GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO '${USERNAME}'@'%';
FLUSH PRIVILEGES;
MYSQL_SCRIPT

What am I missing?

brainy-furniture-43093

08/05/2022, 4:23 PM

Hi All, I have been trying to deploy my lambda on the new provided.al2 runtime for Go. I package my code using

GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags "-s -w" -tags lambda.norpc -o build/bootstrap

And then I zip it using Pulumi's

NewAssetArchive

Copy code

Code: pulumi.NewAssetArchive(map[string]interface{}{
			"bootstrap": pulumi.NewFileAsset("../onboarding/cmd/onboarding/build/bootstrap"),
			"Makefile":  pulumi.NewFileAsset("../onboarding/cmd/onboarding/build/Makefile"),
		}),

And my Makefile contains

Copy code

build-Onboarding:
	cp ./bootstrap $(ARTIFACTS_DIR)/.

But for some reason it's like my Makefile doesn't execute then the bootstrap file stays in some root folder. Any ideas here? Thank you

brainy-furniture-43093

08/05/2022, 4:25 PM

famous-magician-5742

08/05/2022, 5:09 PM

We are planning on using Pulumi (python) in an AWS Lambda function with a custom Lambda image so that we can install the Pulumi CLI on it and run it completely locally. We are looking at using an s3 bucket to store the Pulumi state. Does Pulumi (

pulumi login

) support using the Lambda execution IAM role to authenticate 'seamlessly' to the s3 bucket where the state is stored?

👀 1

victorious-dusk-75271

08/05/2022, 8:11 PM

is there any multi region vpc example?

victorious-dusk-75271

08/05/2022, 8:17 PM

should i create separate VPC for EKS and (RDS, elasticCache and ElasticSearch)?

victorious-dusk-75271

08/05/2022, 8:17 PM

in each region

square-ability-48831

08/05/2022, 10:28 PM

Anybody else encounter the "This is almost certainly a bug in the

aws

provider" when trying to import Subnets? I'm trying to import some default vpc subnets into pulumi control and get this after a

pulumi import...

command

pulumi import aws:ec2/subnet:Subnet defaultVpcSubnet2d subnet-BLAHBLAHBLAHBLAH

Copy code

warning: One or more imported inputs failed to validate. This is almost certainly a bug in the `aws` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
    warning: aws:ec2/subnet:Subnet resource 'defaultVpcSubnet2d' has a problem: Conflicting configuration arguments: "availability_zone": conflicts with availability_zone_id. Examine values at 'Subnet.AvailabilityZone'.
    warning: aws:ec2/subnet:Subnet resource 'defaultVpcSubnet2d' has a problem: Conflicting configuration arguments: "availability_zone_id": conflicts with availability_zone. Examine values at 'Subnet.AvailabilityZoneId'.

careful-oil-55681

08/05/2022, 11:09 PM

any folks out there in Pulumi-land building AWS infra using shared VPC? We are just reading up on it and we are concerned with the inability to query tags on the VPC objects from the sharing account and we were wondering how people are handling it.

victorious-dusk-75271

08/06/2022, 12:57 AM

Copy code

aws:ec2:VpcPeeringConnection (eks-vpc-peer-to-rds-vpc):
    error: 1 error occurred:
        * updating urn:pulumi:dev::allrites-infrastructure::custom:resource:vpc$aws:ec2/vpcPeeringConnection:VpcPeeringConnection::eks-vpc-peer-to-rds-vpc: 1 error occurred:
        * error reading EC2 VPC Peering Connection (pcx-093563ee7db421f17): failed

any idea what causing this error?

victorious-dusk-75271

08/06/2022, 2:49 AM

Copy code

Diagnostics:
  aws:ec2:Vpc (rds-vpc-vpc):
    error: deleting urn:pulumi:dev::allrites-infrastructure::aws:ec2/vpc:Vpc::rds-vpc-vpc: 1 error occurred:
        * error deleting EC2 VPC (vpc-076d9d57f5bfecac7): DependencyViolation: The vpc 'vpc-076d9d57f5bfecac7' has dependencies and cannot be deleted.
        status code: 400, request id: 8f586580-0c6f-4134-8606-e2c3aaa0c19f

  pulumi:pulumi:Stack (allrites-infrastructure-dev):
    error: update failed

how do i solve this problem?

victorious-dusk-75271

08/06/2022, 2:49 AM

Copy code

-   ├─ aws:ec2:Vpc                             rds-vpc-vpc                        delete     completing deletion fro

victorious-dusk-75271

08/06/2022, 8:45 AM

every time i run up a duplicate vpc, route, and whole lot of networking stuff being created

victorious-dusk-75271

08/06/2022, 8:45 AM

😞

victorious-dusk-75271

08/06/2022, 9:01 AM

Copy code

aws:ec2:VpcPeeringConnection (us-data-vpc-peer-to-primary-data-vpc):
    error: 1 error occurred:
        * updating urn:pulumi:dev::allrites-infrastructure::custom:resource:vpc$aws:ec2/vpcPeeringConnection:VpcPeeringConnection::us-data-vpc-peer-to-primary-data-vpc: 1 error occurred:
        * Unable to modify EC2 VPC Peering Connection Options. EC2 VPC Peering Connection (pcx-074aa1572a7fa6704) is not active (current status: pending-acceptance). Please set the `auto_accept` attribute to `true` or activate the EC2 VPC Peering Connection manually.

how do i solve this problem?

victorious-dusk-75271

08/06/2022, 9:01 AM

i am trying to peer cross region vpc

quaint-air-36266

08/08/2022, 9:56 AM

alex

colossal-vr-62639

08/08/2022, 2:06 PM

Does anyone here know if Cloud Formation Custom Resources are supported via the AWS Cloud Control API? I'm getting conflicting results

stocky-petabyte-29883

08/09/2022, 8:48 AM

Hey I am having issues with running pulumi remote command with environment variables, I tried a couple of things such as adding placeholder values in bashrc and setting AcceptEnv in another remote command that runs before the main one, still no joy What am I missing here?

Copy code

const setEnvVarsCommand = new remote.Command("set-env-vars", {connection,
                    create: pulumi.interpolate`echo "export MASTER_USER='"test"'\nexport MASTER_PASSWORD='test'\nexport DB_USERNAME='test'\nexport DB_PASSWORD='test'\nexport DB_NAME='test'\nexport DB_HOST='test'" >> ~/.bashrc && source ~/.bashrc && echo "AcceptEnv MASTER_USER MASTER_PASSWORD DB_USERNAME DB_PASSWORD DB_NAME DB_HOST" | sudo tee -a /etc/ssh/sshd_config && sudo service sshd restart`,
                    delete: `head -n -6 ~/.bashrc > tmp_file && mv tmp_file ~/.bashrc && head -n -1 ~/.bashrc > tmp_sshd && sudo mv tmp_sshd /etc/ssh/sshd_config`
                }, { dependsOn: remoteFile });

 new remote.Command("mysql-setup-execute", {connection,
                    create: pulumi.interpolate`chmod 777 ./mysql-setup.sh; ./mysql-setup.sh`,
                    delete: "rm mysql-setup.sh",
                    environment: {
                        MASTER_USER: masterUsername,
                        MASTER_PASSWORD: masterPassword!,
                        DB_USERNAME: dbUsername,
                        DB_PASSWORD: dbUserPassword,
                        DB_NAME: dbName,
                        DB_HOST: dbHost
                    }
                }, { dependsOn: setEnvVarsCommand });

I am dumping all the env variables available in the mysql-setup.sh file and the environment variables have the place holder value test. I went with AcceptEnv as people recommended it in the issue https://github.com/pulumi/pulumi-command/issues/48 I am stuck here and need some help

salmon-account-74572

08/09/2022, 4:24 PM

If I stop an EC2 instance and then restart it (say, using the AWS CLI), its IP address changes. Is there any reason why

pulumi refresh

would not pick up the new IP address and update the stack output accordingly?