mysterious-family-43099
11/07/2022, 7:54 PMawsx
. However, when the service errors, AWS simply keeps trying to deploy the same service and Pulumi hangs indefinitely. How can I get Pulumi to fail on a failed deploy instead of having AWS retry endlessly?purple-nest-55702
11/08/2022, 2:57 PMgetCluster
with the cluster name and then pass the received id
property to the aws.ecs.Cluster.get
call.
(After that, I wrap it with awsx.ecs.Cluster
, but I am not sure this is related to the problem)
The cluster fails to load with 'InvalidParameterException: Unsupported resource type: cluster' error.
What's strange is that I see that id
and arn
fields returned from getCluster
are the same, which is unusual - I'd expect the id
to contain some Pulumi-specific string in the 'urn:...' format.
Is there anything I am missing?rapid-kite-35
11/08/2022, 7:51 PMawsx
it handles authentication whereas if I use the docker
package it doesn't.
However it also seems with awsx
I can't set a custom tag.
So my question is if either there is a way to set a tag using awsx
or alternatively how to easily auth against ecr using the docker
package instead?rhythmic-whale-48997
11/09/2022, 7:54 AM// stack1
export const cluster = new eks.Cluster("eks-cluster", { ... });
// stack2
const sR = new pulumi.StackReference("stack1");
const cluster = (sR.requireOutput("cluster") as unknown) as eks.Cluster;
rapid-kite-35
11/09/2022, 9:22 AMcrooked-student-89656
11/09/2022, 5:14 PMbored-baker-95734
11/09/2022, 5:19 PMtall-state-52885
11/09/2022, 11:24 PMthankful-stone-34269
11/09/2022, 11:28 PMleodev
. The Pulumi.leodev.yaml
file it initialized wasn't actually yaml it was just "`{}`". It was still somehow acting in the correct region (us-west-2) but when I looked at the "View Live" link (app.pulumi.com...) the AWS links all went to us-east-1
.echoing-actor-55539
11/10/2022, 8:53 PMaws.cloudwatch.MetricAlarm
however i cant see how to get the filterId from
aws.s3.BucketMetric
snip:
const bucket = new aws.s3.BucketV2(
`viz-bucket-${region}`,
{
bucketPrefix: `par-${region}-`,
forceDestroy: true
},
{provider: PriActProviders[region]}
);
const bucketMetrics = new aws.s3.BucketMetric(
`bucketMetrics-${region}`,
{bucket: bucket.bucket},
{provider: PriActProviders[region], parent: bucket}
);
// create alarm for R53 to monitor as health check
const bucketMetricAlarm = new aws.cloudwatch.MetricAlarm(
`bucketMetricAlarm-${region}`,
{
comparisonOperator: 'GreaterThanOrEqualToThreshold',
evaluationPeriods: 1,
datapointsToAlarm: 1,
treatMissingData: 'missing',
metricName: '5xxErrors',
namespace: 'AWS/S3',
unit: 'Count',
period: 60,
statistic: 'Sum',
threshold: 2,
dimensions: {
BucketName: bucket.bucket,
// FilterId: '' // ????
},
alarmDescription: 'This metric monitors s3 bucket Sum 5xx errors.'
},
{
provider: PriActProviders[region],
parent: bucket
}
);
victorious-dusk-75271
11/11/2022, 6:30 AMvictorious-dusk-75271
11/11/2022, 9:46 AMfull-soccer-21780
11/12/2022, 3:11 AMaws.Provider
) I just need to get the following attribute for tagging purposes:
• profile name
• role arn used
Also is there any concern to read back this provider object? e.g. security issues because there is token attribute to it.bored-baker-95734
11/12/2022, 5:56 AMtalos_control_plane_asg = aws.autoscaling.Group(
f"{project}-{stack}-talos-control-plane-asg",
name=f"{project}-{stack}-talos-control-plane-asg",
capacity_rebalance=True,
desired_capacity=3,
max_size=3,
min_size=1,
vpc_zone_identifiers=private_subnet_ids,
launch_configuration=control_plane_launch_configuration.name,
wait_for_capacity_timeout="300s",
opts=pulumi.ResourceOptions(depends_on=[control_plane_launch_configuration]),
health_check_grace_period=300,
tags=[aws.autoscaling.GroupTagArgs(
key="Name",
propagate_at_launch=True,
value="control-plane"
)]
)
That wait_for_capacity_timeuot="300s"
doesn’t help either . It just shows created(17s)
but ideally it should wait until all the instances in the ASG are ready ?millions-parrot-88279
11/12/2022, 11:49 PMadamant-guitar-56279
11/14/2022, 12:36 AMfull-energy-64138
11/14/2022, 1:37 PMawsx.ec2.Vpc
. Let’s say we have the following VPC:
typescript
const vpc = new awsx.ec2.Vpc("myVpc", {
subnets: [
{
type: "isolated",
name: "cool-subnet"
cidrMask: 24,
},
],
});
What I expected to happen is that the created subnet will be named myVpc-hi-0
, however it’s named myVpc-hi-isolated-0
:(
I think this isn’t the documented behaviour, but maybe I misread it.
What I’m actually trying to do is have the ability to change a subent’s type in production without completely recreating the subnet, which is costly. It would be great if I could have temporary internet access in an isolated environment via Pulumi. Is this possible?fast-flower-40813
11/14/2022, 7:18 PMaloof-gigabyte-74853
11/15/2022, 8:34 PMError: EACCES: permission denied, open '/var/lib/ghost/content/logs/https___blog_test_production.error.log'
Any help is greatly appreciated!
See inline comments for a snippet of the code.jolly-fall-57688
11/16/2022, 3:55 PM# Build the Fargate cluster
cluster = aws.ecs.Cluster("dev-fargate-cluster")
# Define the Fargate service settings and configuration
service = awsx.ecs.FargateService("my_fargate_cluster_service",
cluster = cluster.arn,
network_configuration = aws.ecs.ServiceNetworkConfigurationArgs(
subnets = vpc.private_subnet_ids,
security_groups = [sg.id]
),
task_definition_args = awsx.ecs.FargateServiceTaskDefinitionArgs(
containers = {
"react": awsx.ecs.TaskDefinitionContainerDefinitionArgs(
image = img.image_uri,
memory = 50,
cpu = 128,
essential = True,
port_mappings = [awsx.ecs.TaskDefinitionPortMappingArgs(
container_port = 80,
host_port = 80,
protocol = "tcp",
target_group = alb.default_target_group
)]
)
}
)
)
thousands-pizza-93362
11/16/2022, 5:06 PMlively-needle-84406
11/16/2022, 7:22 PMcluster.core.cluster.name
within the policy json, but Typescript is complaining that cluster is undefined at runtime.
How can I ensure that the cluster is defined to remove the typescript compilation error? (I have already added a dependsOn to the Policy resource, with no luck)swift-whale-31925
11/16/2022, 8:04 PMconst amznAmi = aws.getAmiOutput({
filters: [{
name: "name",
values: ["amzn2-ami-kernel-*"],
}],
owners: ["137112412989"], // NOTE: this is Amazon's Owner ID for Official Amazon-managed AMIs
mostRecent: true,
});
/* snip */
const instance = new aws.ec2.Instance(customName, {
ami: pulumi.interpolate`${amznAmi.id}`,
instanceType: "t2.medium",
networkInterfaces: [{
networkInterfaceId: networkInterface.id,
deviceIndex: 0,
}],
userData: userData,
keyName: "some-key",
tags: {
Name: customName
},
rootBlockDevice: {
volumeSize: 400
}
},
This builds fine on initial stack buildouts, but whenever Amzn publishes a new Amzn Linux 2 AMI, I run into an issue where pulumi can't create the right update strategy. The AMI triggers a replacement of the EC2 Instance (see the entire preview below (with --show-replacement-steps on):
Type Name Plan Info
pulumi:pulumi:Stack infra-dev 1 warning
+- └─ aws:ec2:Instance instance replace [diff: ~ami]
But there are resources that helped build that instance (like networkInterface
) that don't get neatly detached:
aws:ec2:Instance (instance):
error: 1 error occurred:
* creating EC2 Instance: InvalidNetworkInterface.InUse: Interface: [eni-<snip>] in use.
status code: 400, request id: <snip>
My question is: how can I best tell Pulumi what my ideal update strategy is when a field that triggers replacement (e.g. ami
) on a resource inevitably is different? In particular with EC2, I would want Pulumi to stop the EC2 instance -> detach the NetworkInterface -> terminate the old instance -> create a new EC2 with the new AMI and current userData
-> re-attach the NetworkInterface.delightful-camera-97029
11/17/2022, 11:16 AMdelightful-camera-97029
11/17/2022, 11:21 AMerror creating Glue script: InvalidInputException: Unknown Transformation Spec for the Node end with NodeType DataSource
jolly-fall-57688
11/17/2022, 9:17 PMsg = aws.ec2.SecurityGroup("dev-sg",
description = "Allow web traffic for cluster",
vpc_id = vpc.vpc_id,
ingress = [aws.ec2.SecurityGroupIngressArgs(
description = "Allow port 80 inbound from Internet",
from_port = 80,
to_port = 80,
protocol = "TCP",
cidr_blocks = ["0.0.0.0/0"]
)],
egress = [aws.ec2.SecurityGroupEgressArgs(
description = "Allow all traffic out from cluster",
from_port = 0,
to_port = 0,
protocol = "-1",
cidr_blocks = ["0.0.0.0/0"]
)]
)
How would I add a second ingress and egress rule to this security group?crooked-student-89656
11/18/2022, 10:55 PMpowerful-motherboard-62748
11/19/2022, 8:56 AMimport * as awsApigateway from '@pulumi/aws-apigateway';
i have a awsApigateway.RestAPI
setup and works with eventHandler: new aws.lambda.Function(...)
👍
i introduced a aws.lambda.Alias
and accompanying aws.lambda.Permission
👌
how do i update my apigateway
to send events to my alias instead of $LATEST
?modern-evening-83482
11/19/2022, 7:58 PMshy-kite-40307
11/20/2022, 5:51 AMshy-kite-40307
11/20/2022, 5:51 AMstocky-restaurant-98004
11/22/2022, 4:29 PM