pulumi-community #aws

purple-nest-55702

11/08/2022, 2:57 PM

Hello I'm trying to use externally managed ECS cluster in my stack, without importing it, in Pulumi TS. To do that, I first call

getCluster

with the cluster name and then pass the received

id

property to the

aws.ecs.Cluster.get

call. (After that, I wrap it with

awsx.ecs.Cluster

, but I am not sure this is related to the problem) The cluster fails to load with 'InvalidParameterException: Unsupported resource type: cluster' error. What's strange is that I see that

id

and

arn

fields returned from

getCluster

are the same, which is unusual - I'd expect the

id

to contain some Pulumi-specific string in the 'urn:...' format. Is there anything I am missing?

rapid-kite-35

11/08/2022, 7:51 PM

I'm using ecr and am trying to push a docker image to it. It seems using

awsx

it handles authentication whereas if I use the

docker

package it doesn't. However it also seems with

awsx

I can't set a custom tag. So my question is if either there is a way to set a tag using

awsx

or alternatively how to easily auth against ecr using the

docker

package instead?

rhythmic-whale-48997

11/09/2022, 7:54 AM

Is it possible to create EKS Cluster in one stack, and then have different stacks for different NodeGroups? Something like this. I tried it, but there is always something missing 😅

Copy code

// stack1
export const cluster = new eks.Cluster("eks-cluster", { ... });

// stack2
const sR = new pulumi.StackReference("stack1");
const cluster = (sR.requireOutput("cluster") as unknown) as eks.Cluster;

rapid-kite-35

11/09/2022, 9:22 AM

Is there a way to get the fargateService to create a new revision of the task definition instead of replacing the whole task definition? It's getting a bit spamey cause on every change we get yet another new task defintion

crooked-student-89656

11/09/2022, 5:14 PM

Could someone point me in the direction of how to host a wordpress site on aws using pulumi? i keep seeing amazon lightsail to host it on aws and I’m just not sure how to have it be used by pulumi and I’m also not sure if this is the right place to ask this but looking for my next steps

bored-baker-95734

11/09/2022, 5:19 PM

I have a existing load balancer . How can I query the load balancer as a resource using tags applied to it ? In terraform I can filter through the tags in data sources .

tall-state-52885

11/09/2022, 11:24 PM

Hi folks, I have a problem using awsx.apigateway.API, where all POST requests have body base64 encoded. Clients are sending raw json body, with content-type=application/json. I read a post that suggested some versions of Pulumi cause that, but you can work around it with restApiArgs.binaryMediaTypes. But, that didn't work for me. I'm on the latest Pulumi v3.46.1. Has anyone got suggestions or ideas?

thankful-stone-34269

11/09/2022, 11:28 PM

This seems like a client bug. I created a new stack called

leodev

. The

Pulumi.leodev.yaml

file it initialized wasn't actually yaml it was just "`{}`". It was still somehow acting in the correct region (us-west-2) but when I looked at the "View Live" link (app.pulumi.com...) the AWS links all went to

us-east-1

echoing-actor-55539

11/10/2022, 8:53 PM

I am trying to create an

Copy code

aws.cloudwatch.MetricAlarm

however i cant see how to get the filterId from

Copy code

aws.s3.BucketMetric

snip:

Copy code

const bucket = new aws.s3.BucketV2(
  `viz-bucket-${region}`,
  {
    bucketPrefix: `par-${region}-`,
    forceDestroy: true
  },
  {provider: PriActProviders[region]}
);

const bucketMetrics = new aws.s3.BucketMetric(
  `bucketMetrics-${region}`,
  {bucket: bucket.bucket},
  {provider: PriActProviders[region], parent: bucket}
);

// create alarm for R53 to monitor as health check
const bucketMetricAlarm = new aws.cloudwatch.MetricAlarm(
  `bucketMetricAlarm-${region}`,
  {
    comparisonOperator: 'GreaterThanOrEqualToThreshold',
    evaluationPeriods: 1,
    datapointsToAlarm: 1,
    treatMissingData: 'missing',
    metricName: '5xxErrors',
    namespace: 'AWS/S3',
    unit: 'Count',
    period: 60,
    statistic: 'Sum',
    threshold: 2,
    dimensions: {
      BucketName: bucket.bucket,
      // FilterId: ''  // ????
    },
    alarmDescription: 'This metric monitors s3 bucket Sum 5xx errors.'
  },
  {
    provider: PriActProviders[region],
    parent: bucket
  }
);

victorious-dusk-75271

11/11/2022, 6:30 AM

Hi, I can't figure out how to create a database because my RDS server runs in private subnets. How do you guys do it?

victorious-dusk-75271

11/11/2022, 9:46 AM

Anyone?

full-soccer-21780

11/12/2022, 3:11 AM

Hi Pulumi folks, I wonder if I can read the default provider values of AWS. (i.e.

aws.Provider

) I just need to get the following attribute for tagging purposes: • profile name • role arn used Also is there any concern to read back this provider object? e.g. security issues because there is token attribute to it.

bored-baker-95734

11/12/2022, 5:56 AM

I am trying to get this ASG started but this does not wait for all instances to be healthy . It just creates ASG and chucks out . Any idea how to make it wait until all instances are healthy ?

Copy code

talos_control_plane_asg = aws.autoscaling.Group(
    f"{project}-{stack}-talos-control-plane-asg",
    name=f"{project}-{stack}-talos-control-plane-asg",
    capacity_rebalance=True,
    desired_capacity=3,
    max_size=3,
    min_size=1,
    vpc_zone_identifiers=private_subnet_ids,
    launch_configuration=control_plane_launch_configuration.name,
    wait_for_capacity_timeout="300s",
    opts=pulumi.ResourceOptions(depends_on=[control_plane_launch_configuration]),
    health_check_grace_period=300,
    tags=[aws.autoscaling.GroupTagArgs(
        key="Name",
        propagate_at_launch=True,
        value="control-plane"
    )]
)

That

wait_for_capacity_timeuot="300s"

doesn’t help either . It just shows

created(17s)

but ideally it should wait until all the instances in the ASG are ready ?

millions-parrot-88279

11/12/2022, 11:49 PM

any example for using user_data or user_data_base64 on ec2 launch template

adamant-guitar-56279

11/14/2022, 12:36 AM

Hi is there any examples of creating an RDS postgres instance and then creating tables on that DB (in typescript) ?

full-energy-64138

11/14/2022, 1:37 PM

Hey, I’m having trouble with using subnet names in

awsx.ec2.Vpc

. Let’s say we have the following VPC:

Copy code

typescript
const vpc = new awsx.ec2.Vpc("myVpc", {
  subnets: [
    {
      type: "isolated",
      name: "cool-subnet"
      cidrMask: 24,
    },
  ],
});

What I expected to happen is that the created subnet will be named

myVpc-hi-0

, however it’s named

myVpc-hi-isolated-0

:( I think this isn’t the documented behaviour, but maybe I misread it. What I’m actually trying to do is have the ability to change a subent’s type in production without completely recreating the subnet, which is costly. It would be great if I could have temporary internet access in an isolated environment via Pulumi. Is this possible?

fast-flower-40813

11/14/2022, 7:18 PM

Hi everyone, I'm having issue using vpc peer connection ( it was working like 3 weeks ago but it stops working) when assuming role. I think it's due to the upgrade of the terraform aws provider: https://github.com/pulumi/pulumi-aws/issues/2214... Does anyone have the same issue? Thank you

aloof-gigabyte-74853

11/15/2022, 8:34 PM

Hi everyone, I'm stuck on a problem with mapping an EFS volume to a Fargate Task in ECS. What happens is that it throws the following error during startup:

Copy code

Error: EACCES: permission denied, open '/var/lib/ghost/content/logs/https___blog_test_production.error.log'

Any help is greatly appreciated! See inline comments for a snippet of the code.

jolly-fall-57688

11/16/2022, 3:55 PM

Hello- Working on a POC with Pulumi. I am having an issue where my stack fails on building my ECS fargate cluster. error: 1 error occurred: * creating urnpulumidev:fargateawsxecs:FargateService$awsecs/serviceService:my fargate cluster service 1 error occurred: * error waiting for ECS service (my_arn:service/dev-fargate-cluster/my_fargate_cluster_service) to reach steady state after creation: ResourceNotReady: exceeded wait attempts I'm not sure what is missing from my FargateService that would throw this error. Any help would be greatly appreciated. I've omitted the alb etc...as those seem to come up fine.

Copy code

# Build the Fargate cluster
cluster = aws.ecs.Cluster("dev-fargate-cluster")

# Define the Fargate service settings and configuration
service = awsx.ecs.FargateService("my_fargate_cluster_service",
    cluster = cluster.arn,
    network_configuration = aws.ecs.ServiceNetworkConfigurationArgs(
        subnets = vpc.private_subnet_ids,
        security_groups = [sg.id]
    ),
    task_definition_args = awsx.ecs.FargateServiceTaskDefinitionArgs(
        containers = {
            "react": awsx.ecs.TaskDefinitionContainerDefinitionArgs(
                image = img.image_uri,
                memory = 50,
                cpu = 128,
                essential = True,
                port_mappings = [awsx.ecs.TaskDefinitionPortMappingArgs(
                    container_port = 80,
                    host_port = 80,
                    protocol = "tcp",
                    target_group = alb.default_target_group
                )]
            )
        }
    )
)

thousands-pizza-93362

11/16/2022, 5:06 PM

Does anyone know how to speed up fargate deploys with pulumi? I am deploying ecs services with fargate. the first deploy takes about 2 minutes - but subsequent deploys that replace the service take about 10 minutes. does anyone have insight into how to speed this up again? it's definitely not the build, but something to do with the deploy

lively-needle-84406

11/16/2022, 7:22 PM

I am attempting to create a policy that includes some metadata of a newly created eks cluster: importing the created eks cluster into my policy creation file-> accessing the

cluster.core.cluster.name

within the policy json, but Typescript is complaining that cluster is undefined at runtime. How can I ensure that the cluster is defined to remove the typescript compilation error? (I have already added a dependsOn to the Policy resource, with no luck)

swift-whale-31925

11/16/2022, 8:04 PM

Hi folks! New around here 👋 Here's a replica of an EC2 Instance with which I'm working:

Copy code

const amznAmi = aws.getAmiOutput({
        filters: [{
            name: "name",
            values: ["amzn2-ami-kernel-*"],
        }],
        owners: ["137112412989"],  // NOTE: this is Amazon's Owner ID for Official Amazon-managed AMIs
        mostRecent: true,
    });

/* snip */

const instance = new aws.ec2.Instance(customName, {
        ami: pulumi.interpolate`${amznAmi.id}`,
        instanceType: "t2.medium", 
        networkInterfaces: [{
            networkInterfaceId: networkInterface.id,
            deviceIndex: 0,
        }],
        userData: userData,
        keyName: "some-key",    
        tags: {
            Name: customName
        },
        rootBlockDevice: {
            volumeSize: 400
        }
    },

This builds fine on initial stack buildouts, but whenever Amzn publishes a new Amzn Linux 2 AMI, I run into an issue where pulumi can't create the right update strategy. The AMI triggers a replacement of the EC2 Instance (see the entire preview below (with --show-replacement-steps on):

Copy code

Type                 Name        Plan        Info
     pulumi:pulumi:Stack  infra-dev               1 warning
 +-  └─ aws:ec2:Instance  instance    replace     [diff: ~ami]

But there are resources that helped build that instance (like

networkInterface

) that don't get neatly detached:

Copy code

aws:ec2:Instance (instance):
      error: 1 error occurred:
      	* creating EC2 Instance: InvalidNetworkInterface.InUse: Interface: [eni-<snip>] in use.
      	status code: 400, request id: <snip>

My question is: how can I best tell Pulumi what my ideal update strategy is when a field that triggers replacement (e.g.

ami

) on a resource inevitably is different? In particular with EC2, I would want Pulumi to stop the EC2 instance -> detach the NetworkInterface -> terminate the old instance -> create a new EC2 with the new AMI and current

userData

-> re-attach the NetworkInterface.

delightful-camera-97029

11/17/2022, 11:16 AM

Question I'm trying to write a python script using glue.GetScript but I don't know where to find NodeType beside ones that used in the example. I'm trying to create a Node for S3 Bucket to store the data in parquet format.

delightful-camera-97029

11/17/2022, 11:21 AM

error creating Glue script: InvalidInputException: Unknown Transformation Spec for the Node end with NodeType DataSource

jolly-fall-57688

11/17/2022, 9:17 PM

How do I specify more than one ingress and egress rule for a security group using pulumi? haven't found an example using python. Thanks in advance.

Copy code

sg = aws.ec2.SecurityGroup("dev-sg",
    description = "Allow web traffic for cluster",
    vpc_id = vpc.vpc_id,
    ingress = [aws.ec2.SecurityGroupIngressArgs(
        description = "Allow port 80 inbound from Internet",
        from_port = 80,
        to_port = 80,
        protocol = "TCP",
        cidr_blocks = ["0.0.0.0/0"]
    )],
    egress = [aws.ec2.SecurityGroupEgressArgs(
        description = "Allow all traffic out from cluster",
        from_port = 0,
        to_port = 0,
        protocol = "-1",
        cidr_blocks = ["0.0.0.0/0"]
    )]
)

How would I add a second ingress and egress rule to this security group?

crooked-student-89656

11/18/2022, 10:55 PM

Could someone possibly point me in the direction of how to encrypt my information with a kms key? I’ve seen how to do it when initializing but I just would like a clear cut answer as to how to do it with an existing stack

powerful-motherboard-62748

11/19/2022, 8:56 AM

given

Copy code

import * as awsApigateway from '@pulumi/aws-apigateway';

i have a

awsApigateway.RestAPI

setup and works with

eventHandler: new aws.lambda.Function(...)

👍 i introduced a

aws.lambda.Alias

and accompanying

aws.lambda.Permission

👌 how do i update my

apigateway

to send events to my alias instead of

$LATEST

modern-evening-83482

11/19/2022, 7:58 PM

Hello Everyone, I have imported a vpc into the pulumi state. Now when I try to run up..its asking to replace the vpc.

shy-kite-40307

11/20/2022, 5:51 AM

Hi there! Several days ago a new aws terraform provider was released (v4.40.0), and I was wondering what the typical process for updating the corresponding aws-pulumi project provider? I saw that a new issue was opened automatically here: https://github.com/pulumi/pulumi-aws/issues/2222 but curious how often the updates happen and when >=4.40.0 will land? Btw this update includes a pretty major feature for AWS's Certificate Manager (ACM): the public certs now support ECDSA elliptic curve algos, which are better than the current only default of RSA 2048 (so expect a lot of folks may be eager to get this new option 🙂). Thanks a bunch!

magnificent-lifeguard-15082

11/21/2022, 4:39 PM

Has anybody had issues where

aws:iam:RolePolicyAttachment

appear to be created in pulumi state but have not been created in aws?