https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • m

    mysterious-family-43099

    11/07/2022, 7:54 PM
    I have a Pulumi configuration to deploy something onto fargate using
    awsx
    . However, when the service errors, AWS simply keeps trying to deploy the same service and Pulumi hangs indefinitely. How can I get Pulumi to fail on a failed deploy instead of having AWS retry endlessly?
    s
    m
    q
    • 4
    • 9
  • p

    purple-nest-55702

    11/08/2022, 2:57 PM
    Hello I'm trying to use externally managed ECS cluster in my stack, without importing it, in Pulumi TS. To do that, I first call
    getCluster
    with the cluster name and then pass the received
    id
    property to the
    aws.ecs.Cluster.get
    call. (After that, I wrap it with
    awsx.ecs.Cluster
    , but I am not sure this is related to the problem) The cluster fails to load with 'InvalidParameterException: Unsupported resource type: cluster' error. What's strange is that I see that
    id
    and
    arn
    fields returned from
    getCluster
    are the same, which is unusual - I'd expect the
    id
    to contain some Pulumi-specific string in the 'urn:...' format. Is there anything I am missing?
    • 1
    • 1
  • r

    rapid-kite-35

    11/08/2022, 7:51 PM
    I'm using ecr and am trying to push a docker image to it. It seems using
    awsx
    it handles authentication whereas if I use the
    docker
    package it doesn't. However it also seems with
    awsx
    I can't set a custom tag. So my question is if either there is a way to set a tag using
    awsx
    or alternatively how to easily auth against ecr using the
    docker
    package instead?
    m
    • 2
    • 7
  • r

    rhythmic-whale-48997

    11/09/2022, 7:54 AM
    Is it possible to create EKS Cluster in one stack, and then have different stacks for different NodeGroups? Something like this. I tried it, but there is always something missing 😅
    // stack1
    export const cluster = new eks.Cluster("eks-cluster", { ... });
    
    // stack2
    const sR = new pulumi.StackReference("stack1");
    const cluster = (sR.requireOutput("cluster") as unknown) as eks.Cluster;
    l
    • 2
    • 2
  • r

    rapid-kite-35

    11/09/2022, 9:22 AM
    Is there a way to get the fargateService to create a new revision of the task definition instead of replacing the whole task definition? It's getting a bit spamey cause on every change we get yet another new task defintion
    g
    • 2
    • 1
  • c

    crooked-student-89656

    11/09/2022, 5:14 PM
    Could someone point me in the direction of how to host a wordpress site on aws using pulumi? i keep seeing amazon lightsail to host it on aws and I’m just not sure how to have it be used by pulumi and I’m also not sure if this is the right place to ask this but looking for my next steps
  • b

    bored-baker-95734

    11/09/2022, 5:19 PM
    I have a existing load balancer . How can I query the load balancer as a resource using tags applied to it ? In terraform I can filter through the tags in data sources .
    b
    • 2
    • 1
  • t

    tall-state-52885

    11/09/2022, 11:24 PM
    Hi folks, I have a problem using awsx.apigateway.API, where all POST requests have body base64 encoded. Clients are sending raw json body, with content-type=application/json. I read a post that suggested some versions of Pulumi cause that, but you can work around it with restApiArgs.binaryMediaTypes. But, that didn't work for me. I'm on the latest Pulumi v3.46.1. Has anyone got suggestions or ideas?
    l
    • 2
    • 1
  • t

    thankful-stone-34269

    11/09/2022, 11:28 PM
    This seems like a client bug. I created a new stack called
    leodev
    . The
    Pulumi.leodev.yaml
    file it initialized wasn't actually yaml it was just "`{}`". It was still somehow acting in the correct region (us-west-2) but when I looked at the "View Live" link (app.pulumi.com...) the AWS links all went to
    us-east-1
    .
    b
    • 2
    • 1
  • e

    echoing-actor-55539

    11/10/2022, 8:53 PM
    I am trying to create an
    aws.cloudwatch.MetricAlarm
    however i cant see how to get the filterId from
    aws.s3.BucketMetric
    snip:
    const bucket = new aws.s3.BucketV2(
      `viz-bucket-${region}`,
      {
        bucketPrefix: `par-${region}-`,
        forceDestroy: true
      },
      {provider: PriActProviders[region]}
    );
    
    const bucketMetrics = new aws.s3.BucketMetric(
      `bucketMetrics-${region}`,
      {bucket: bucket.bucket},
      {provider: PriActProviders[region], parent: bucket}
    );
    
    // create alarm for R53 to monitor as health check
    const bucketMetricAlarm = new aws.cloudwatch.MetricAlarm(
      `bucketMetricAlarm-${region}`,
      {
        comparisonOperator: 'GreaterThanOrEqualToThreshold',
        evaluationPeriods: 1,
        datapointsToAlarm: 1,
        treatMissingData: 'missing',
        metricName: '5xxErrors',
        namespace: 'AWS/S3',
        unit: 'Count',
        period: 60,
        statistic: 'Sum',
        threshold: 2,
        dimensions: {
          BucketName: bucket.bucket,
          // FilterId: ''  // ????
        },
        alarmDescription: 'This metric monitors s3 bucket Sum 5xx errors.'
      },
      {
        provider: PriActProviders[region],
        parent: bucket
      }
    );
    m
    • 2
    • 20
  • v

    victorious-dusk-75271

    11/11/2022, 6:30 AM
    Hi, I can't figure out how to create a database because my RDS server runs in private subnets. How do you guys do it?
    q
    m
    +2
    • 5
    • 26
  • v

    victorious-dusk-75271

    11/11/2022, 9:46 AM
    Anyone?
  • f

    full-soccer-21780

    11/12/2022, 3:11 AM
    Hi Pulumi folks, I wonder if I can read the default provider values of AWS. (i.e.
    aws.Provider
    ) I just need to get the following attribute for tagging purposes: • profile name • role arn used Also is there any concern to read back this provider object? e.g. security issues because there is token attribute to it.
  • b

    bored-baker-95734

    11/12/2022, 5:56 AM
    I am trying to get this ASG started but this does not wait for all instances to be healthy . It just creates ASG and chucks out . Any idea how to make it wait until all instances are healthy ?
    talos_control_plane_asg = aws.autoscaling.Group(
        f"{project}-{stack}-talos-control-plane-asg",
        name=f"{project}-{stack}-talos-control-plane-asg",
        capacity_rebalance=True,
        desired_capacity=3,
        max_size=3,
        min_size=1,
        vpc_zone_identifiers=private_subnet_ids,
        launch_configuration=control_plane_launch_configuration.name,
        wait_for_capacity_timeout="300s",
        opts=pulumi.ResourceOptions(depends_on=[control_plane_launch_configuration]),
        health_check_grace_period=300,
        tags=[aws.autoscaling.GroupTagArgs(
            key="Name",
            propagate_at_launch=True,
            value="control-plane"
        )]
    )
    That
    wait_for_capacity_timeuot="300s"
    doesn’t help either . It just shows
    created(17s)
    but ideally it should wait until all the instances in the ASG are ready ?
  • m

    millions-parrot-88279

    11/12/2022, 11:49 PM
    any example for using user_data or user_data_base64 on ec2 launch template
  • a

    adamant-guitar-56279

    11/14/2022, 12:36 AM
    Hi is there any examples of creating an RDS postgres instance and then creating tables on that DB (in typescript) ?
  • f

    full-energy-64138

    11/14/2022, 1:37 PM
    Hey, I’m having trouble with using subnet names in
    awsx.ec2.Vpc
    . Let’s say we have the following VPC:
    typescript
    const vpc = new awsx.ec2.Vpc("myVpc", {
      subnets: [
        {
          type: "isolated",
          name: "cool-subnet"
          cidrMask: 24,
        },
      ],
    });
    What I expected to happen is that the created subnet will be named
    myVpc-hi-0
    , however it’s named
    myVpc-hi-isolated-0
    :( I think this isn’t the documented behaviour, but maybe I misread it. What I’m actually trying to do is have the ability to change a subent’s type in production without completely recreating the subnet, which is costly. It would be great if I could have temporary internet access in an isolated environment via Pulumi. Is this possible?
    b
    • 2
    • 8
  • f

    fast-flower-40813

    11/14/2022, 7:18 PM
    Hi everyone, I'm having issue using vpc peer connection ( it was working like 3 weeks ago but it stops working) when assuming role. I think it's due to the upgrade of the terraform aws provider: https://github.com/pulumi/pulumi-aws/issues/2214... Does anyone have the same issue? Thank you
    m
    • 2
    • 12
  • a

    aloof-gigabyte-74853

    11/15/2022, 8:34 PM
    Hi everyone, I'm stuck on a problem with mapping an EFS volume to a Fargate Task in ECS. What happens is that it throws the following error during startup:
    Error: EACCES: permission denied, open '/var/lib/ghost/content/logs/https___blog_test_production.error.log'
    Any help is greatly appreciated! See inline comments for a snippet of the code.
    l
    f
    • 3
    • 10
  • j

    jolly-fall-57688

    11/16/2022, 3:55 PM
    Hello- Working on a POC with Pulumi. I am having an issue where my stack fails on building my ECS fargate cluster. error: 1 error occurred: * creating urn😛ulumi:dev::fargate::awsx:ecs:FargateService$aws:ecs/service:Service::my_fargate_cluster_service: 1 error occurred: * error waiting for ECS service (my_arn:service/dev-fargate-cluster/my_fargate_cluster_service) to reach steady state after creation: ResourceNotReady: exceeded wait attempts I'm not sure what is missing from my FargateService that would throw this error. Any help would be greatly appreciated. I've omitted the alb etc...as those seem to come up fine.
    # Build the Fargate cluster
    cluster = aws.ecs.Cluster("dev-fargate-cluster")
    
    # Define the Fargate service settings and configuration
    service = awsx.ecs.FargateService("my_fargate_cluster_service",
        cluster = cluster.arn,
        network_configuration = aws.ecs.ServiceNetworkConfigurationArgs(
            subnets = vpc.private_subnet_ids,
            security_groups = [sg.id]
        ),
        task_definition_args = awsx.ecs.FargateServiceTaskDefinitionArgs(
            containers = {
                "react": awsx.ecs.TaskDefinitionContainerDefinitionArgs(
                    image = img.image_uri,
                    memory = 50,
                    cpu = 128,
                    essential = True,
                    port_mappings = [awsx.ecs.TaskDefinitionPortMappingArgs(
                        container_port = 80,
                        host_port = 80,
                        protocol = "tcp",
                        target_group = alb.default_target_group
                    )]
                )
            }
        )
    )
    b
    q
    • 3
    • 7
  • t

    thousands-pizza-93362

    11/16/2022, 5:06 PM
    Does anyone know how to speed up fargate deploys with pulumi? I am deploying ecs services with fargate. the first deploy takes about 2 minutes - but subsequent deploys that replace the service take about 10 minutes. does anyone have insight into how to speed this up again? it's definitely not the build, but something to do with the deploy
    b
    q
    • 3
    • 9
  • l

    lively-needle-84406

    11/16/2022, 7:22 PM
    I am attempting to create a policy that includes some metadata of a newly created eks cluster: importing the created eks cluster into my policy creation file-> accessing the
    cluster.core.cluster.name
    within the policy json, but Typescript is complaining that cluster is undefined at runtime. How can I ensure that the cluster is defined to remove the typescript compilation error? (I have already added a dependsOn to the Policy resource, with no luck)
    l
    • 2
    • 23
  • s

    swift-whale-31925

    11/16/2022, 8:04 PM
    Hi folks! New around here 👋 Here's a replica of an EC2 Instance with which I'm working:
    const amznAmi = aws.getAmiOutput({
            filters: [{
                name: "name",
                values: ["amzn2-ami-kernel-*"],
            }],
            owners: ["137112412989"],  // NOTE: this is Amazon's Owner ID for Official Amazon-managed AMIs
            mostRecent: true,
        });
    
    /* snip */
    
    const instance = new aws.ec2.Instance(customName, {
            ami: pulumi.interpolate`${amznAmi.id}`,
            instanceType: "t2.medium", 
            networkInterfaces: [{
                networkInterfaceId: networkInterface.id,
                deviceIndex: 0,
            }],
            userData: userData,
            keyName: "some-key",    
            tags: {
                Name: customName
            },
            rootBlockDevice: {
                volumeSize: 400
            }
        },
    This builds fine on initial stack buildouts, but whenever Amzn publishes a new Amzn Linux 2 AMI, I run into an issue where pulumi can't create the right update strategy. The AMI triggers a replacement of the EC2 Instance (see the entire preview below (with --show-replacement-steps on):
    Type                 Name        Plan        Info
         pulumi:pulumi:Stack  infra-dev               1 warning
     +-  └─ aws:ec2:Instance  instance    replace     [diff: ~ami]
    But there are resources that helped build that instance (like
    networkInterface
    ) that don't get neatly detached:
    aws:ec2:Instance (instance):
          error: 1 error occurred:
          	* creating EC2 Instance: InvalidNetworkInterface.InUse: Interface: [eni-<snip>] in use.
          	status code: 400, request id: <snip>
    My question is: how can I best tell Pulumi what my ideal update strategy is when a field that triggers replacement (e.g.
    ami
    ) on a resource inevitably is different? In particular with EC2, I would want Pulumi to stop the EC2 instance -> detach the NetworkInterface -> terminate the old instance -> create a new EC2 with the new AMI and current
    userData
    -> re-attach the NetworkInterface.
    l
    • 2
    • 11
  • d

    delightful-camera-97029

    11/17/2022, 11:16 AM
    Question I'm trying to write a python script using glue.GetScript but I don't know where to find NodeType beside ones that used in the example. I'm trying to create a Node for S3 Bucket to store the data in parquet format.
  • d

    delightful-camera-97029

    11/17/2022, 11:21 AM
    error creating Glue script: InvalidInputException: Unknown Transformation Spec for the Node end with NodeType DataSource
  • j

    jolly-fall-57688

    11/17/2022, 9:17 PM
    How do I specify more than one ingress and egress rule for a security group using pulumi? haven't found an example using python. Thanks in advance.
    sg = aws.ec2.SecurityGroup("dev-sg",
        description = "Allow web traffic for cluster",
        vpc_id = vpc.vpc_id,
        ingress = [aws.ec2.SecurityGroupIngressArgs(
            description = "Allow port 80 inbound from Internet",
            from_port = 80,
            to_port = 80,
            protocol = "TCP",
            cidr_blocks = ["0.0.0.0/0"]
        )],
        egress = [aws.ec2.SecurityGroupEgressArgs(
            description = "Allow all traffic out from cluster",
            from_port = 0,
            to_port = 0,
            protocol = "-1",
            cidr_blocks = ["0.0.0.0/0"]
        )]
    )
    How would I add a second ingress and egress rule to this security group?
    b
    • 2
    • 6
  • c

    crooked-student-89656

    11/18/2022, 10:55 PM
    Could someone possibly point me in the direction of how to encrypt my information with a kms key? I’ve seen how to do it when initializing but I just would like a clear cut answer as to how to do it with an existing stack
  • p

    powerful-motherboard-62748

    11/19/2022, 8:56 AM
    given
    import * as awsApigateway from '@pulumi/aws-apigateway';
    i have a
    awsApigateway.RestAPI
    setup and works with
    eventHandler: new aws.lambda.Function(...)
    👍 i introduced a
    aws.lambda.Alias
    and accompanying
    aws.lambda.Permission
    👌 how do i update my
    apigateway
    to send events to my alias instead of
    $LATEST
    ?
    • 1
    • 1
  • m

    modern-evening-83482

    11/19/2022, 7:58 PM
    Hello Everyone, I have imported a vpc into the pulumi state. Now when I try to run up..its asking to replace the vpc.
  • s

    shy-kite-40307

    11/20/2022, 5:51 AM
    Hi there! Several days ago a new aws terraform provider was released (v4.40.0), and I was wondering what the typical process for updating the corresponding aws-pulumi project provider? I saw that a new issue was opened automatically here: https://github.com/pulumi/pulumi-aws/issues/2222 but curious how often the updates happen and when >=4.40.0 will land? Btw this update includes a pretty major feature for AWS's Certificate Manager (ACM): the public certs now support ECDSA elliptic curve algos, which are better than the current only default of RSA 2048 (so expect a lot of folks may be eager to get this new option 🙂). Thanks a bunch!
    s
    • 2
    • 1
Powered by Linen
Title
s

shy-kite-40307

11/20/2022, 5:51 AM
Hi there! Several days ago a new aws terraform provider was released (v4.40.0), and I was wondering what the typical process for updating the corresponding aws-pulumi project provider? I saw that a new issue was opened automatically here: https://github.com/pulumi/pulumi-aws/issues/2222 but curious how often the updates happen and when >=4.40.0 will land? Btw this update includes a pretty major feature for AWS's Certificate Manager (ACM): the public certs now support ECDSA elliptic curve algos, which are better than the current only default of RSA 2048 (so expect a lot of folks may be eager to get this new option 🙂). Thanks a bunch!
s

stocky-restaurant-98004

11/22/2022, 4:29 PM
For AWS, Azure, GCP, Random, and Azure AD the typical turnaround time is 2 business days following the upstream release.
View count: 1