https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • s

    stocky-petabyte-29883

    08/20/2022, 2:32 PM
    Hi I created an aws aurora cluster inside a vpc, I have a script that I am running using pulumi remote command, which is running a sql script against the previously created instance. The remote command depends on a different resource, which inturn depends on the aurora cluster. However the script are still getting executed before the clusters in the instance are fully provisioned and I get an error back that the host is unknown, how can I prevent this?
    v
    1 reply · 2 participants
  • v

    victorious-dusk-75271

    08/20/2022, 2:34 PM
    @stocky-petabyte-29883 have you tried dependsOn or parent?
  • s

    stocky-petabyte-29883

    08/20/2022, 2:35 PM
    Yeah
  • b

    big-house-59728

    08/20/2022, 6:35 PM
    Hey all, my team is new to IaC in general and we were wondering how you deal with permissions in AWS. Do you all just have a single ‘god’ role for pulumi to deploy resources with or do you create stricter roles and assign them differently per CI pipeline (e.g. my pipeline that just deploys a Lambda function only has access to lambda)? The latter seems like it might be difficult to manage once you have quite a few projects all deploying to AWS with roles that are getting more permissive as projects grow.
    f
    1 reply · 2 participants
  • v

    victorious-dusk-75271

    08/21/2022, 2:49 PM
    how do you setup metrics-server in eks?
  • v

    victorious-dusk-75271

    08/21/2022, 4:49 PM
    can anyone help me with this problem please?
    Warning  FailedBuildModel  7m11s  ingress  Failed build model due to AccessDenied: User: arn:aws:sts::256032450122:assumed-role/primary-eks-eks-cluster-instanceRole-role-4a78aea/i-0f132b11c4bc816c1 is not authorized to perform: elasticloadbalancing:DescribeLoadBalancers because no identity-based policy allows the elasticloadbalancing:DescribeLoadBalancers action
    s
    5 replies · 2 participants
  • i

    icy-controller-6092

    08/22/2022, 1:39 AM
    is there a way to deploy a regional api gateway (instead of edge-optimized) when using AWS Xwalk? or do I need to drop “awsx” and go back to “aws” to do this?
    g
    1 reply · 2 participants
  • a

    alert-plumber-27645

    08/22/2022, 6:10 PM
    for the AWS route 53 - does it make sense to use PULUMI(otherwise also) for the public hosted zone provisioning? and if that is achievable via PULUMI?
    b
    2 replies · 2 participants
  • i

    icy-controller-6092

    08/22/2022, 7:00 PM
    is anyone doing multi-region deployments, using a function that takes a Provider as input and generates resources using the given provider? How do you give every resource a unique name, and pass it the provider to use, without having to edit each created Resource in the stack by hand (eg to add a name suffix, and pass in
    { provider }
    as the third arg)
    g
    5 replies · 2 participants
  • r

    rough-jewelry-85094

    08/23/2022, 3:07 PM
    Hi, Quickly wanted to check if we could get an ETA on https://github.com/pulumi/pulumi-eks/issues/658. We are blocked on this feature for a couple of Kubernetes cluster autoscaler functionalities crucial for us. AFAIK, there are no upstream blockers - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group_tag?
  • r

    rapid-portugal-24105

    08/23/2022, 5:38 PM
    Hey all, my team is new to IaC in general and we were wondering how you deal with with leveraging Pulumi and protecting passwords/Secrets in AWS before deploying the Code
    s
    v
    9 replies · 3 participants
  • s

    sparse-intern-71089

    08/23/2022, 7:55 PM
    This message was deleted.
    b
    5 replies · 2 participants
  • a

    adamant-terabyte-3965

    08/23/2022, 8:02 PM
    Hello, I am trying to create a CNAME record in Route 53 using Pulumi with the
    Value/Route traffic to
    field populated with the DNS name of an ALB that is auto-created by an
    aws-load-balancer-controller
    upon detecting the ingress of my application. This breaks down into 2 questions: 1. Is there a way to get the DNS name of the ALB when its created? I know of
    aws.alb.getLoadBalancer
    but that requires the name and ARN of the ALB, so I would need a way to get those. 2. How do I put the DNS name of the ALB into the CNAME record? Looking at the Pulumi docs here https://www.pulumi.com/registry/packages/aws/api-docs/route53/record/ it doesn't seem as though there is a
    Value
    field to populate (though I could be wrong) and the
    records
    field used in the example doesn't actually have any explanation. Thank you!
    s
    11 replies · 2 participants
  • g

    gentle-zoo-32137

    08/24/2022, 11:47 AM
    Hello - what is the difference between Pulumi Crosswalk for AWS VPC (https://www.pulumi.com/docs/guides/crosswalk/aws/vpc/) and the Pulumi AWS Quickstart for VPC (https://www.pulumi.com/blog/aws-quickstart-registry/)? Do they serve different purposes, is one more up-to-date or more recommended for use?
    s
    1 reply · 2 participants
  • v

    victorious-dusk-75271

    08/25/2022, 7:12 AM
    https://www.pulumi.com/registry/packages/aws/api-docs/acm/certificatevalidation/#dns-validation-with-route-53
    s
    5 replies · 2 participants
  • v

    victorious-dusk-75271

    08/25/2022, 7:12 AM
    this example doesnt even work
  • e

    elegant-smartphone-60282

    08/25/2022, 12:07 PM
    Hey i have this code
    public_subnets = dis_stack.get_output("public_subnets")
    
    subnets_list = public_subnets.apply(lambda id: id)
    but it returns an output object, how can i do that i get a list ?
    s
    l
    3 replies · 3 participants
  • m

    microscopic-intern-16525

    08/25/2022, 2:14 PM
    hey there! looking for a bit of help as I'm stuck - I was playing with adding a placement constraint to an ECS Fargate task and found out it was not supported, so I removed the placement constraint and am trying to
    pulumi up
    but I still get the
    InvalidParameterException: Placement constraints are not supported with FARGATE launch type.
    even though the placement constraint is no longer present in my pulumi infrastructure code. Anyone get stuck like this before? any tips on how to fix the deployment?
  • b

    bitter-france-47214

    08/25/2022, 5:34 PM
    My
    aws:cloudfront:Distribution
    is failing because of following error:
    error creating CloudFront Distribution: InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket. status code: 400, request id: 59...eb1
    I assume that this originates to following parts of the arguments:
    origins: [
            {
                originId: contentBucket.arn,
                domainName: contentBucket.websiteEndpoint,
                s3OriginConfig: {
                    originAccessIdentity: originAccessIdentity.cloudfrontAccessIdentityPath,
                },
            },
        ],
    Especially
    contentBucket.websiteEndpoint
    . I assume this is the problem. Pulumi outputs this as
    <http://myDomain.app.s3-website.eu-central-1.amazonaws.com/>
    which works fine so I don't quite know what the problem is. Can anybody help?
    s
    2 replies · 2 participants
  • v

    victorious-dusk-75271

    08/25/2022, 7:52 PM
    does anyone know what this route53 error is?
    Diagnostics:
      pulumi:pulumi:Stack (laravel-application-dev):
        error: Running program '/home/k1ng/projects/allrites-laravel/devops' failed with an unhandled exception:
        /home/k1ng/projects/allrites-laravel/devops/node_modules/@pulumi/aws/s3/routingRules.js:1
        b�  �s�a7�1��9^��p�%б��!<>�`��k�/`cx���sĶ��� W�u�Z�Wٺn�֪Y�O3M��V*"�.�x,���Y_�{������~�H7��F*�gQW|��bu ��2A1�(�c�(ѪI
    
    
        SyntaxError: Invalid or unexpected token
            at Object.compileFunction (node:vm:353:18)
            at wrapSafe (node:internal/modules/cjs/loader:1040:15)
            at Module._compile (node:internal/modules/cjs/loader:1076:27)
            at Object.Module._extensions..js (node:internal/modules/cjs/loader:1166:10)
            at Module.load (node:internal/modules/cjs/loader:988:32)
            at Function.Module._load (node:internal/modules/cjs/loader:834:12)
            at Module.require (node:internal/modules/cjs/loader:1012:19)
            at require (node:internal/modules/cjs/helpers:102:18)
            at Object.<anonymous> (/home/k1ng/projects/allrites-laravel/devops/node_modules/@pulumi/s3/index.ts:43:1)
            at Module._compile (node:internal/modules/cjs/loader:1112:14)
    2 replies · 1 participant
  • h

    helpful-account-44059

    08/26/2022, 5:28 AM
    Hi, i have a eks cluster constructed by pulumi, recently when i typed pulumi preview or pulumi up, it always failed with below errors: i have updated the aws cli and kubectl
    s
    s
    8 replies · 3 participants
  • h

    helpful-account-44059

    08/26/2022, 5:29 AM
  • v

    victorious-dusk-75271

    08/26/2022, 2:09 PM
    why i am keep getting this error randomly?
    pulumi:pulumi:Stack (laravel-application-eu-dev):
        error: Running program '/home/k1ng/projects/allrites-laravel/devops' failed with an unhandled exception:
        /home/k1ng/projects/allrites-laravel/devops/node_modules/@pulumi/aws/s3/routingRules.js:1
        b�  �s�a7�1��9^��p�%б��!<>�`��k�/`cx���sĶ��� W�u�Z�Wٺn�֪Y�O3M��V*"�.�x,���Y_�{������~�H7��F*�gQW|��bu ��2A1�(�c�(ѪIj���E���6b�
    
    
        SyntaxError: Invalid or unexpected token
            at Object.compileFunction (node:vm:353:18)
            at wrapSafe (node:internal/modules/cjs/loader:1040:15)
            at Module._compile (node:internal/modules/cjs/loader:1076:27)
            at Object.Module._extensions..js (node:internal/modules/cjs/loader:1166:10)
            at Module.load (node:internal/modules/cjs/loader:988:32)
            at Function.Module._load (node:internal/modules/cjs/loader:834:12)
            at Module.require (node:internal/modules/cjs/loader:1012:19)
            at require (node:internal/modules/cjs/helpers:102:18)
            at Object.<anonymous> (/home/k1ng/projects/allrites-laravel/devops/node_modules/@pulumi/s3/index.ts:43:1)
            at Module._compile (node:internal/modules/cjs/loader:1112:14)
    1 reply · 1 participant
  • s

    strong-helmet-83704

    08/26/2022, 5:18 PM
    I’m confused about why Pulumi still tries to delete my VPC after i added
    retain_on_delete=True
    to the ResourceOptions. My understanding was that it would only remove it from the stack and not perform the API call to delete. What part of this flow am i misunderstanding?
    s
    7 replies · 2 participants
  • s

    square-ability-48831

    08/26/2022, 7:01 PM
    I'm looking at building an Aurora Postgres Serverless V2 cluster in a non-default VPC, but I do not see an apparent way to specify which VPC the cluster should be created in—no option in ClusterArgs or ClusterInstanceArgs—is it just missing? Seems like it's choosing the default VPC - but I really don't want this.
    error creating RDS cluster: InvalidParameterCombination: The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-088d910645c61f340 (Default VPC) and the EC2 security group is in vpc-064aba8b2279cfa50 (my custom Data VPC where I want the cluster to reside)
    how do I tell pulumi to put this cluster in my dataVPC and not the default VPC?
    v
    9 replies · 2 participants
  • v

    victorious-dusk-75271

    08/26/2022, 7:58 PM
    does anyone know how to get the global RDS cluster write forwarding endpoint? https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-write-forwarding.html
    s
    2 replies · 2 participants
  • v

    victorious-dusk-75271

    08/27/2022, 1:26 AM
    I am trying to create latency based records and AWS getting this error.
    * [ERR]: Error building changeset: InvalidChangeBatch: [Tried to create resource record set [name='xxxxxxxx.io.', type='CNAME', set-identifier='latency'] but it already exists]
    return new aws.route53.Record('admin', {
            name: 'admin',
            zoneId: zone.then(z => z.zoneId),
            type: 'CNAME',
            setIdentifier: 'latency',
            records: [loadBalancer],
            ttl: 60,
            latencyRoutingPolicies: [{ region: i.region }]
        })
    f
    3 replies · 2 participants
  • g

    great-library-25724

    08/28/2022, 10:05 PM
    Hi, does now pulumi supports all aws modules with yaml method ?
    e
    1 reply · 2 participants
  • a

    agreeable-scooter-87411

    08/29/2022, 8:36 AM
    Anyone had experience that the EKS init by one person, that passed onto the next person, the second person became unauthorized to do things like create iamserviceaccounts, like because the he is not the cluster creator or some sort?
    q
    1 reply · 2 participants
  • a

    aloof-dress-1001

    08/29/2022, 10:36 AM
    Hey guys, does anyone know what is the best way to expose an eks cluster using pulumi? im installing an app with it's helm chart and i want to expose it to the internet but when using servicetype loadbalancer aws creates a classic lb. i want it all to be done inside the pulumi code. anyone have an idea?
    s
    s
    4 replies · 3 participants
Powered by Linen
Title
a

aloof-dress-1001

08/29/2022, 10:36 AM
Hey guys, does anyone know what is the best way to expose an eks cluster using pulumi? im installing an app with it's helm chart and i want to expose it to the internet but when using servicetype loadbalancer aws creates a classic lb. i want it all to be done inside the pulumi code. anyone have an idea?
s

salmon-account-74572

08/29/2022, 12:27 PM
So you don’t want the Kubernetes-managed LB? It’s possible to manually (outside of Kubernetes) create an LB and then connect that to Kubernetes, but generally you’re better off letting Kubernetes manage it.
a

aloof-dress-1001

08/29/2022, 12:31 PM
Hey Scott, Thanks for the response! Im quite new to the entire k8s side of things, so how do i connect an external lb to my eks cluster? Or how do i expose my services with pulumi kubernetes? By managed k8s you mean using a LoadBalancer Service type?
s

salmon-account-74572

08/29/2022, 1:31 PM
When I say “Kubernetes-managed LB,” I’m talking about an LB created and managed on behalf of a Service of type LoadBalancer. When you create the Service, an LB is created automatically and all the necessary plumbing is done; when you delete the Service, the LB is destroyed automatically. While it’s possible to do this yourself (create the LB, add the listener(s), add the targets, etc.) it is much easier (and more idiomatic) to let Kubernetes handle it as part of the Service lifecycle. You can use Pulumi’s Kubernetes provider (along with the EKS provider) to automatically create the Service, although it’s entirely possible that the Helm chart already does that; I don’t have enough details about your Helm chart to know for certain.
s

stocky-restaurant-98004

08/29/2022, 2:03 PM
Same principle also applies to DNS records - let K8s manage them.
View count: 1