hi, I'm a complete pulumi noob. my initial goal is to create just a vpc using a specific aws profile from my aws credentials file. I have so far: - created a new directory - run 'pulumi new' , and chosen aws-python - taken the following code from the 'setting up a new vpc' part of the pulumi getting started section of their website: import pulumi import pulumi_awsx as awsx vpc = awsx.ec2.Vpc("custom") pulumi.export("vpcId", vpc.vpc_id) pulumi.export("publicSubnetIds", vpc.public_subnet_ids) pulumi.export("privateSubnetIds", vpc.private_subnet_ids) - replaced the default code in the '__main__.py' file with the above code - added the following line to Pulumi.<stackname>.yaml: aws😛rofile: dev-account When I try to run: 'pulumi up' I'm getting the error: ModuleNotFoundError: No module named 'pulumi_awsx' I then executed: 'pip install pulumi_awsx' This installed the module. When I tried to run 'pulumi up' again I experienced the same error What am I missing? (doing this on a windows machine btw)

🆘 hi! I'm getting "... unable to validate AWS credentials. ..." when trying to execute an

pulumi up

on a stack.

pulumi preview

runs with no problem. I'm dealing with this problem for days, since migrate to new macbook. Did a lot of tests and reinstalls (pulumi, awscli, ...) and the error persists the same. Finally I made a total fresh install (format) on the new macbook with just the minimal requirements to run the project. Still got same multiple errors, like below:

...
error: Running program 'my-project' failed with an unhandled exception:
    Error: invocation of aws:index/getPartition:getPartition returned an error: unable to validate AWS credentials. Make sure you have:

     	 • Set your AWS region, e.g. `pulumi config set aws:region us-west-2`
     	 • Configured your AWS credentials as per <https://pulumi.io/install/aws.html>
     	 You can also set these via cli using `aws configure`.
...
error: Running program 'my-project' failed with an unhandled exception:
    Error: invocation of aws:index/getRegion:getRegion returned an error: unable to validate AWS credentials. Make sure you have:

     	 • Set your AWS region, e.g. `pulumi config set aws:region us-west-2`
     	 • Configured your AWS credentials as per <https://pulumi.io/install/aws.html>
     	 You can also set these via cli using `aws configure`.
...

Other times it shows:

...
error: Error: invocation of aws:index/getCallerIdentity:getCallerIdentity returned an error: invoking aws:index/getCallerIdentity:getCallerIdentity: 1 error occurred:
    	* getting Caller Identity: RequestError: send request failed
    caused by: Post "<https://sts.amazonaws.com/>": dial tcp: lookup <http://sts.amazonaws.com|sts.amazonaws.com> on [fe80::1272:23ff:fe1d:5731%en0]:53: no such host
...

Everything runs nice on other machines, even at the ci/cd (github actions). I don't know more what can I do. Pls any help would be appreciated.

I'm having issues using event mixins (logGroupMixins and s3Mixins) in unit test code. I'm seeing errors like

UnhandledPromiseRejectionWarning: Error: failed to register new resource test [aws:cloudwatch/logSubscriptionFilter:LogSubscriptionFilter]: exports.LogGroup is not a constructor

and

UnhandledPromiseRejectionWarning: Error: failed to register new resource test [aws:lambda/permission:Permission]: exports.Function is not a constructor

Has anyone encountered this sort of thing? And maybe found a solution?

Hi, I’ve started testing deploying services in ECS/Fargate using AWS Classic with Python. It’s going well so far! - Am I correct to think of AWS Crosswalk as a simplified high-level api that you’re likely to grow out quite soon if you’re doing anything relatively complex? - I tried out the AWS Native provider at first, thinking it made sense to use it in a greenfield project. Every ‘up’ operation took at least one minute. (I may have made some silly mistake.) I switched to AWS Classic and it was fast. Will the AWS Classic provider be supported for a relatively long time going forward?

Hi, I was looking into how to configure the LogGroup used under-the-hood by API Gateway, and I fell over this in the documentation: https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/stage/#managing-the-api-logging-cloudwatch-log-group Is there some magic happening here with the dependsOn? From my understanding it isn't possible to configure the LogGroup API Gateway uses, and it goes by the convention:

API-Gateway-Execution-Logs-<apiId>/<stage>

, so I'm not sure what the dependsOn is supposed to achieve except creating a LogGroup prior to the stage? 🤔

I'm still debugging and gathering information, but I figured I'd see if anyone else has run into this. I've got a Cloudformation stack that I'm deploying with Pulumi, but I'm continually running into issues where updates will time out with the stack in an

UPDATE_COMPLETE_CLEANUP_IN_PROGRESS

state. Sometimes I can immediately re-run the

pulumi up

and it will succeed in a minute; other times, the re-run will fail in a minute. In the latter case, if I wait a while (e.g., ~30 minutes), I can re-run and it will often pass. Has anyone else seen this kind of behavior?

hi! (I searched history but haven't found anything related to my question.) When I run

pulumi up

, I see the plan is to create a new EC2 instance. I would like to know why pulumi thinks this is necessary. I've tried generating varying levels of logs with the

-v=N

parameter but I haven't found anything that clues me in to the reason(s) why. Is there a way to explicitly determine why a re-create of a resource is deemed necessary?

Hello everyone, I am managing my production stack with pulumi and from time to time when I make changes to my infra stack all nodes get's replaced which puts down all our services here below the stack update that restarts the nodes

eks:index:Cluster$aws:ec2/launchConfiguration:LaunchConfiguration (x-cluster-nodeLaunchConfiguration)
+- aws:ec2/launchConfiguration:LaunchConfiguration (replace)

I am trying to find out how to fix this I made a little investigation and I think that sometimes one of the nodes get terminated for some reason and replaced by the autoscaling group by a new node (ec2 instance) and then during the following deployment for sure the node launch config needs to get updated to reflect with the new live instances. But I don't want to have a downtime on my services due to this Thank you Salah

Hello, could someone please point me to some documentation on configuring API Gateway access logging, including the required role?

Hey all, I’m having a lot of trouble configuring an

awsx.ecs.FargateService

to work with an

ApplicationListener

that does authentication. Without the authentication, I can specify

portMappings: [listener]

inside the

container

config, but when I add an

authenticate-oidc

step and then a

forward

step to a

TargetGroup

, this stops working.

portMappings

is supposed to accept a

TargetGroup

as well as a

Listener

but typescript refuses to allow it. This page https://www.pulumi.com/docs/guides/crosswalk/aws/ecs/ specifies a syntax that seems to be completely invalid (a PortMapping doesn’t have a

targetGroup

input keyword). Has anyone managed to get this to work?

Hello everyone, i have been integrating pulumi for integrating with api gateway but I ran into some issue.

ids:list[pulumi.output.Output] #contains ids of the resources to be deployed
deployment = apigateway.Deployment("test_deployment",
        rest_api=restapi.id,
        triggers={
            "redeployment":pulumi.Output.all(ids)
            .apply(lambda exampleResourceId: json.dumps([exampleResourceId]))
            .apply(lambda to_json: hashlib.sha1(to_json.encode()).hexdigest()),      
        }
    )

as pulumi.Output.all function accepts the pulumi.output.Output not list[pulumi.output.Output], I am getting error. How should I pass the above ids into pulumi.Output.all function so that all the ids in the list can passed? (a list can contain any number of elements)

How do you register an AWS Lambda Function Alias as a callback event (e.g.,

aws.lambda.EventHandler

) ?

aws.lambda.Alias

isn't compatible with it

Is it possible to import an existing resource and manage with

awsx

code instead of

aws

?

When you import a resource it gives you the code snippet but not sure how to leverage crosswalk for existing resources.

Hii everyone, What is equal it in pulumi:

data.aws_availability_zones.region_azs.names[2]

thank you

hello! i'm seeing an issue where I am unable to call aws.getAvailabilityZones with a custom aws provider without getting an AWS credentials validation error - i'll post more details into a thread 👇

Hi! I’m creating a AWS lambda in Python and I want to associate it with a created VPC. I’m doing:

lambda_handler = aws.lambda_.Function(
        "my-lambda",
        name="my-lambda",
        code=pulumi.FileArchive(lambda_zip_path),
        runtime="python3.9",
        handler="main.handler",
        role=iam_role_for_lambda.arn,
        opts=pulumi.ResourceOptions(depends_on=[log_group]),
        vpc_config=aws.lambda_.FunctionVpcConfigArgs(
            vpc_id=vpc.id,
            subnet_ids=[public_subnet_1.id, private_subnet_1.id],
            security_group_ids=[allow_tls.id],
        ),
)

...but I get

error: aws:lambda/function:Function resource 'my-lambda' has a problem: Value for unconfigurable attribute: Can't configure a value for "vpc_config.0.vpc_id": its value will be decided automatically based on the result of applying this configuration.. Examine values at 'Function.VpcConfig.VpcId'.

I’m not sure I understand the error. Does anybody know what it means?

Hi again! I am creating subnets with aws.ec2, and I give them names.

public_subnet_1 = aws.ec2.Subnet(
    "subnet-public-1", # Seems like the name is not working in AWS console
    vpc_id=vpc.id,
    cidr_block="10.0.1.0/24",
)
private_subnet_1 = aws.ec2.Subnet(
    "subnetn-private-1", # Seems like the name is not working in AWS console
    vpc_id=vpc.id,
    cidr_block="10.0.2.0/24",
)

The subnets are created, but their names do not appear in the AWS console (they have no names). I also tried with

resource-name

attribute (

attribute="subnet-public-1"

), but it’s the same. Why?

Hello Everyone, whats the difference between https://www.pulumi.com/registry/packages/aws/api-docs/opensearch/domain/#first-apply and https://www.pulumi.com/registry/packages/aws/api-docs/opensearch/domain/#second-apply?

Hi, I wrote this post about automating your IaC for AWS with Github Actions. It focuses a lot on setting up the IAM resources necessary (with pulumi of course) so that you can have GHA fully automate the preview and apply of your IaC. I hope it's helpful to anyone getting started. https://fearlessaws.substack.com/p/automating-infrastructure-as-code

Does anyone know how to create aurora mysql database and user with pulumi? database listens on private subnet only

Hi All, trying to create a VPC using

pulumi-awsx

. The snippet below works, however I need to add a set of tags to the private subnets that are generated, as well as adding a different set of tags to the public subnets. Conceptually, I understand that I need to add the tags before Pulumi creates the resources, but I am not sure how to go about that, even for all subnets. There's an arg called

subnet_specs

but adding tags is not an option. There's also the

tags

are for the

Vpc

, but that just adds tags to the VPC. Help?

import pulumi
import pulumi_awsx as awsx

config = pulumi.Config()
vpc_network_cidr = config.get("vpcNetworkCidr", "10.0.0.0/16")

# Create a VPC for the EKS cluster
eks_vpc = awsx.ec2.Vpc(
    "eks-vpc", enable_dns_hostnames=True, cidr_block=vpc_network_cidr,
)

Hello 👋🏻, how would I go about creating a trigger for an AWS Lambda function ? For example, call the function upon a new entry in a CloudWatch log stream or upon a new file in an S3 bucket ? I could not find anything

trigger

in the AWS Lambda docs; do the docs use some other term or does Pulumi simply not support creating triggers ?

Hi all, I’m attempting to use

aws-native

to create a CloudFront Distribution, and as far as I can tell from the documentation, I have all the required fields I should need in the following config:

const distribution = new awsn.cloudfront.Distribution(`${appName}-cache`, {
    distributionConfig: {
        enabled: true,
        defaultCacheBehavior: {
            targetOriginId: domain,
            viewerProtocolPolicy: "redirect-to-https",
            defaultTTL: 900,
            allowedMethods: [
                "GET",
                "HEAD"
            ],
            compress: true,
        },
    },
    tags
});

I get a preview that tells me everything should get created, then when I go to run

pulumi up

I get the following error:

Diagnostics:
  pulumi:pulumi:Stack
    error: update failed
 
  aws-native:cloudfront:Distribution
    error: operation CREATE failed with "InvalidRequest": Invalid request provided: 1 validation error detected: Value null at 'distributionConfigWithTags.distributionConfig.origins.items' failed to satisfy constraint: Member must not be null (Service: CloudFront, Status Code: 400, Request ID: be520947-ac5f-4fe0-a5d8-83ffb0bbafde)
 
Resources:
    1 unchanged
 
Duration: 4s

Should I not be using

aws-native

for CloudFront yet or is there something I am missing from this?

When trying to create Fargate task definition from awsx example I am getting:

aws:ecs:TaskDefinition (app-svc):
    error: 1 error occurred:
    	* failed creating ECS Task Definition (app-svc-ba5d8020): ClientException: Log driver awslogs requires options: awslogs-region

config:

const appService = new awsx.ecs.FargateService("app-svc", {
    cluster,
    taskDefinitionArgs: {
        container: {
            image: 'jupyter/datascience-notebook',
            cpu: 102 /*10% of 1024*/,
            memory: 5000 /*MB*/,
            portMappings: [ listener ],
        },
    },
    desiredCount: 1,
});

And destroy fails:

arn:aws:elasticloadbalancing:eu-north-1:136559070303:targetgroup/group-3f16a0b/d19344126107e4c0' is not a valid target group ARN

How would one go about adding routes to subnets on a VPC that Pulumi didn't create? Trying to grab an "existing VPC" doesn't return the associated subnets those calls seem to only work for Pulumi created VPCs.

what equal null_resource(terraform) in pulumi?