victorious-dusk-75271
09/07/2022, 11:07 PMError: invocation of aws:lb/getLoadBalancer:getLoadBalancer returned an error: invoking aws:lb/getLoadBalancer:getLoadBalancer: 1 error occurred:
* Search returned 2 results, please revise so only one is returned
breezy-airplane-94478
09/08/2022, 4:14 PMbrave-angle-33257
09/08/2022, 5:06 PMpolite-window-12946
09/08/2022, 5:15 PMswift-fireman-31153
09/08/2022, 6:07 PMActive stages pointing to this deployment must be moved or deleted
the stage and deployment are in the same index.ts file but for some reason after initial deployment pulumi up
fails with an update.sticky-country-73582
09/08/2022, 7:27 PMbody
argument in apigateway.RestApi
to have OpenAPI specs for each individual path and a corresponding integration under x-amazon-apigateway-integration
but it gives an error like this -
Unable to put integration on 'POST' for resource at path '/<some>/<path>': Integrations of type 'AWS_PROXY' currently only supports Lambda function and Firehose stream invocations.
swift-fireman-31153
09/09/2022, 12:13 AMType Name Plan Info
pulumi:pulumi:Stack open-api-infra-dev
+- └─ aws:apigateway:Integration integrationOptions replace [diff: ~integrationHttpMethod]
the integrationHttpMethod
ALWAYS has a diff.
What am I doing wrong?
const openAPI = new aws.apigateway.RestApi("openAPI", {})
const rootMethodOptions = new aws.apigateway.Method("options", {
authorization: "NONE",
httpMethod: "OPTIONS",
resourceId: openAPI.rootResourceId,
restApi: openAPI.id,
});
const integrationOptions = new aws.apigateway.Integration("integrationOptions", {
restApi: openAPI.id,
resourceId: openAPI.rootResourceId,
httpMethod: rootMethodOptions.httpMethod,
integrationHttpMethod: "OPTIONS",
type: "MOCK",
}, {
dependsOn: [rootMethodOptions, openAPI],
});
swift-fireman-31153
09/09/2022, 12:16 AMvictorious-dusk-75271
09/09/2022, 2:27 AMnew aws.Provider()
use aws:* configs?freezing-artist-36980
09/09/2022, 3:23 AMawsx
and it throws an error at assigning public subnet ID from newly created VPC to a new EC2 instance. Please help me.
const vpc = new awsx.ec2.Vpc("my-vpc");
// Create bastion host
const bastionHost = new awsc.ec2.Instance("bastion-host", {
ami: ami.id,
instanceType: awsc.ec2.InstanceTypes.T2_Micro,
associatePublicIpAddress: true,
// Reference the public subnet from the custom vpc above
subnetId: vpc.publicSubnetIds.apply(x => x![0]), // ! Property apply does not exist on type ...
vpcSecurityGroupIds: [ec2SecurityGroup.id],
keyName: sshKey.keyName,
});
freezing-artist-36980
09/09/2022, 3:34 AMlively-rain-14200
09/09/2022, 7:51 AMFargateService
with Auto Scaling. It is possible in AWS's UI, but I don't see any option related to scaling here:
https://www.pulumi.com/registry/packages/awsx/api-docs/ecs/fargateservice/
Am I missing something?incalculable-midnight-8291
09/09/2022, 8:20 AMvictorious-dusk-75271
09/09/2022, 10:44 AMacoustic-truck-53557
09/09/2022, 7:25 PMpulumi preview
. What is the appropriate permission to give to this user? Given that it will just "read"/"describe" elements on the infra, it won't change anything.strong-helmet-83704
09/09/2022, 11:33 PMassociatedGatewayId: "vgw-x"
dxGatewayId : "x"
+-aws:directconnect/gatewayAssociation:GatewayAssociation: (replace)
[id=ga-x]
[urn=urn:pulumi:x::aws:directconnect/gatewayAssociation:GatewayAssociation::x]
[provider=urn:pulumi:x::x::pulumi:providers:aws::us-west-2_Provider::x]
allowedPrefixes : [
[0]: "x/24"
]
associatedGatewayId : "vgw-x"
associatedGatewayOwnerAccountId: "x"
associatedGatewayType : "virtualPrivateGateway"
dxGatewayAssociationId : "x"
dxGatewayId : "x"
dxGatewayOwnerAccountId : "x"
id : "ga-x"
--aws:directconnect/gatewayAssociation:GatewayAssociation: (delete-replaced)
[id=ga-x]
[urn=urn:pulumi:x::x::aws:directconnect/gatewayAssociation:GatewayAssociation::x]
[provider=urn:pulumi:x::x::pulumi:providers:aws::us-west-2_Provider::x]
freezing-artist-36980
09/10/2022, 3:20 PMconst vpcConnector = new awsc.apprunner.VpcConnector("vpc-connector", {
securityGroups: [ec2SecurityGroup.id],
subnets: [pulumi.output(vpc.getSubnetsIds)], // ERROR HERE!
vpcConnectorName: "my-vpc-connector",
});
But it throws error: 1. Type 'Output<(type: VpcSubnetType) => Promise<Output<string>[]>>[]' is not assignable to type 'Input<Input<string>[]>'.
white-beach-28459
09/12/2022, 4:55 PMconst crawler_bucket_notification = new aws.s3.BucketNotification("crawler_bucket_notification-" + name, {
bucket: "data-lake-" + config.get("env") + "-" + name,
queues: [{
events: [
"s3:ObjectRemoved:*",
"s3:ObjectCreated:*",
],
filterPrefix: name + "/",
id: "data-lake-" + config.get("env") + "-" + name,
queueArn: crawler_sqs_queue.arn,
}],
eventbridge: false
});
white-beach-28459
09/12/2022, 5:00 PMsquare-hair-965
09/12/2022, 9:06 PMs3/BucketNotification
what I actually want?abundant-hair-53100
09/13/2022, 7:49 AMaws:iam:Policy (confirm-user-signup-role-policy):
error: 1 error occurred:
* error creating IAM Policy confirm-user-signup-role-policy-18437fc: MalformedPolicyDocument: Partition "
1" is not valid for resource "arn:
1: o.apply(v => v.toJSON())
2: o.apply(v => JSON.stringify(v))
My code:
const confirmUserIamRolePolicy = new aws.iam.Policy(
'confirm-user-signup-role-policy',
{
policy: JSON.stringify({
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Action: [DBAction.Put],
Resource: usersTable.arn.apply((arn) => `${arn}`),
},
],
}),
}
)
export const confirmUserIamRole = new aws.iam.Role('confirm-user-signup-role', {
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({
Service: '<http://lambda.amazonaws.com|lambda.amazonaws.com>',
}),
managedPolicyArns: [confirmUserIamRolePolicy.arn],
})
const confirmUserIamRolePolicyAttachment = new aws.iam.PolicyAttachment(
'confirm-user-signup-role-policy-attachment',
{
policyArn: confirmUserIamRolePolicy.arn,
roles: [confirmUserIamRole],
}
)
export const postConfirmationLambda = new aws.lambda.CallbackFunction(
'post-confirmation-signup-lambda',
{
runtime: 'nodejs14.x',
callback: confirmUserSignupHandler,
role: confirmUserIamRole,
environment: {
variables: {
USERS_TABLE: usersTable.name,
REGION: region,
},
},
}
)
In the docs I mostly see Resource: '*'
but havent found a place where a policy is for a specific resourcequaint-eye-38036
09/13/2022, 3:43 PMbitter-france-47214
09/13/2022, 5:10 PMLambda@Edge
503 ERROR
The situation
• I have a Cloudfront Distribution and defined defaultCacheBehavior.lambdaFunctionAssociations
to trigger a lambda on origin-request
.
• Weirly enough, there is no trigger in the lambda function overview, it says "+ Add trigger". I am not sure if I am missing iac here at some point.
The Problem
When I open the url, I get an 503 ERROR
.
What I tried
• There are some logs written to s3 (linked in CloudFront > Telemetry > Logs > S3 Bucket) , but the only valuable information I read out of it that there was a LambdaExecutionError
.
• If I go to the Lambda@Edge Function and click in Monitoring and then View in CloudWatch, it says Log group does not exist
.
Can anybody point me into the right direction? Many thanks in advancebrave-motorcycle-67487
09/13/2022, 5:33 PMaws-native:ecs:TaskDefinition (winnie-web-task-staging):
error: operation error CloudControl: UpdateResource, https response error StatusCode: 400, RequestID: 45ff56cc-8cce-4eac-9ca3-2be60468d69b, NotUpdatableException: Invalid patch update: createOnlyProperties [/properties/TaskRoleArn] cannot be updated
Isn't this what pulumi is supposed to handle for me - creating a new resource and switching everything over to it?breezy-airplane-94478
09/14/2022, 4:31 PMbright-orange-69401
09/15/2022, 6:42 AMpulumi-docker
or do you build your images externally ?
We’ve been using pulumi-docker
for about two years and there’s a ton of stuff that doesn’t work very well : log outputs, using buildx for multi-platform builds (AWS Graviton is on ARM arch), caching...
Overall, it feels like we’re using docker.Image
merely because we have to : otherwise we can’t get the build digest which uniquely identifies an image
So I’m wondering if there are other ways : how can I build my image externally (e.g. using GitHub Action’s build and push), push it on ECR and yet let Pulumi know which exact version (tag, on ECR) I want to deploy in a given Lambda ?fast-island-38778
09/16/2022, 5:53 AMfast-island-38778
09/16/2022, 5:54 AMfast-island-38778
09/16/2022, 6:02 AMhttpsListener
to the task target group, but i am not sure how to do that (i tried putting it in portMappings but it didn’t work)
const apiCertificateArn = 'some-arn'
const httpsListener = alb.createListener('https-listener', {
port: 443,
protocol: 'HTTPS',
external: true,
certificateArn: apiCertificateArn,
});
const httpListener = alb.createListener('http-listener', {
port: 80,
protocol: 'HTTP',
external: true,
});
// Build and publish a Docker image to a private ECR registry.
const img = awsx.ecs.Image.fromPath('api-img', '.');
// Create a Fargate service task that can scale out.
const appService = new awsx.ecs.FargateService('api-service', {
cluster,
taskDefinitionArgs: {
container: {
image: img,
cpu: 2048,
memory: 1024,
portMappings: [httpListener],
environment: [{ name: 'PORT', value: '80' }],
},
},
desiredCount: 1,
});
fast-island-38778
09/16/2022, 6:15 AM