magnificent-lifeguard-15082
11/21/2022, 4:39 PMaws:iam:RolePolicyAttachment
appear to be created in pulumi state but have not been created in aws?elegant-laptop-80400
11/21/2022, 6:08 PMconst lambda = new aws.lambda.CallbackFunction("mylambda", {
callback: async e => {
// aws sdk code here
}
});
The serialization isn't going right for me and I am getting module not found error when it runsbrave-motorcycle-67487
11/22/2022, 7:47 PMimage
.
In the apps' repos, I have Github Actions rules that build the containers and push them to ECR. Now I need to close the gap between these two.
My thought was that I'd trigger CodeDeploy from Actions (we're doing that for the old process I'm replacing) and that would handle the deployment. The problem is that the next time I run pulumi up
, it'll re-deploy some old version of the app. Ideally I'd just leave that field out, but it is required by the SDK.
The few things I've found about how other people do this is to run pulumi in the deploy pipeline and pass it the container version in an environment variable. I don't particularly want to run all of the infrastructure configuration stuff on a code deploy, though (and especially don't want changes to infra to potentially roll out while a developer is running what they think is a normal code deploy). But is that what I have to do?astonishing-dress-81433
11/22/2022, 8:25 PMimport pulumi
import pulumi_aws as aws
import pulumi_awsx as awsx
repo = awsx.ecr.Repository("ecr-repository")
image = awsx.ecr.Image(
"image",
repository_url=repo.url,
path="../",
env={"DOCKER_DEFAULT_PLATFORM": "linux/amd64"}, # attempt 2: running on M2 chip
extra_options=["--platform", "linux/amd64"], # attempt 1: running on M2 chip
)
service = aws.apprunner.Service(
"myservice",
service_name="myservice",
source_configuration=aws.apprunner.ServiceSourceConfigurationArgs(
auto_deployments_enabled=False,
image_repository=aws.apprunner.ServiceSourceConfigurationImageRepositoryArgs(
image_configuration=aws.apprunner.ServiceSourceConfigurationImageRepositoryImageConfigurationArgs(
port="8000",
),
image_identifier=image.image_uri,
image_repository_type="ECR_PUBLIC",
),
),
)
pulumi.export("service", service.service_url)
This stack builds and pushes my docker image but fails to create the AppRunner service:
aws:apprunner:Service (myservice):
error: 1 error occurred:
* creating urn:pulumi:dev::infrastructure::aws:apprunner/service:Service::myservice: 1 error occurred:
* error waiting for App Runner Service (arn:aws:apprunner:us-east-1:11111111111:service/myservice/111111111111111111111111) creation: unexpected state 'CREATE_FAILED', wanted target 'RUNNING'. last error: %!s(<nil>)
pulumi:pulumi:Stack (infrastructure-dev):
error: update failed
There’s not much to work off here. My App Runner console does give me these logs:
11-22-2022 12:16:30 PM [AppRunner] Failed to pull your application image. Be sure you configure your service with a valid access role to your ECR repository.
11-22-2022 12:14:13 PM [AppRunner] Starting to pull your application image.
My impression was that awsx
is managing the needed roles/policies for the image. Is that correct, or is there more to do here?adamant-guitar-56279
11/22/2022, 9:02 PMError: failed to register new resource ***** [aws-apigateway:index:RestAPI]: 2 UNKNOWN: plugins that can construct components must support secrets
When doing as per example in https://www.pulumi.com/docs/guides/crosswalk/aws/api-gateway/#lambda-request-handling but with a provider eg:
export const openapiAPI = new apigateway.RestAPI(
`api`,
routes: [
{
path: "/",
method: "GET",
eventHandler: helloHandler,
},
],
{ provider }
);
enough-pager-36335
11/23/2022, 11:02 AMrough-jordan-15935
11/24/2022, 6:20 AMicy-controller-6092
11/26/2022, 4:13 AMAWS::KinesisAnalyticsV2::Application
but Pulumi doesn’t seem to have the latest enum for RuntimeEnvironment
polite-rainbow-37545
11/27/2022, 7:02 AMimport pulumi
import pulumi_aws as aws
import pulumi_eks as eks
# Get some values from the Pulumi configuration (or use defaults)
config = pulumi.Config()
min_cluster_size = config.get_float("minClusterSize", 3)
max_cluster_size = config.get_float("maxClusterSize", 6)
desired_cluster_size = config.get_float("desiredClusterSize", 3)
eks_node_instance_type = config.get("eksNodeInstanceType", "t2.medium")
eks_vpc = aws.ec2.Vpc.get("<mydefaultVPC", "<vpc-ID>") # reusing an existing VPC
public_subnet_ids = aws.ec2.get_subnets([
{
'name': 'vpc-id',
'values': [eks_vpc.id]
},
{
'name': 'subnet-id',
'values': ['subnet-xxxxxxx', 'subnet-xxxxxx']
}
])
private_subnet_ids = aws.ec2.get_subnets([
{
'name': 'vpc-id',
'values': [eks_vpc.id]
},
{
'name': 'subnet-id',
'values': ['subnet-xxxxxxxxxxxxxxxxx', 'subnet-xxxxxxxxxxxxxxx']
}
])
eks_cluster = eks.Cluster("eks-cluster",
# Put the cluster in the new VPC created earlier
vpc_id=eks_vpc.id,
# Public subnets will be used for load balancers
public_subnet_ids=public_subnet_ids.ids,
# Private subnets will be used for cluster nodes
private_subnet_ids=private_subnet_ids.ids,
desired_capacity=desired_cluster_size,
max_size=max_cluster_size,
min_size=min_cluster_size,
)
pulumi.export("kubeconfig", eks_cluster.kubeconfig)
pulumi.export("vpcId", eks_vpc.id)
pulumi.export("aws_provider", eks_cluster.aws_provider)
pulumi.export("name", eks_cluster.eks_cluster.id)
pulumi.export("default_node_group", eks_cluster.default_node_group)
thankful-stone-34269
11/27/2022, 6:29 PMpulumi import
? I'm getting sick of the trial-and-error like pulumi import aws:ec2:SecurityGroup
vs aws:ec2/securitygroup:SecurityGroup
etc etc.lively-needle-84406
11/28/2022, 4:34 PMpulumi.interpolate
inside an iam PolicyDocument.
Here is my code:
const stringEqualsKey = pulumi.interpolate`aws:ResourceTag/k8s.io/cluster-autoscaler/${cluster.core.cluster.name}`;
export const clusterAutoScalingPolicy = new aws.iam.Policy("clusterAutoScalingPolicy", {
policy: {
Version: "2012-10-17",
Statement: [
{
Sid: "VisualEditor0",
Effect: "Allow",
Action: [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup"
],
Resource: "*",
Condition: {
StringEquals: {
[`${stringEqualsKey}`]: "owned"
}
}
},
{
Sid: "VisualEditor1",
Effect: "Allow",
Action: [
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeAutoScalingGroups",
"ec2:DescribeLaunchTemplateVersions",
"autoscaling:DescribeTags",
"autoscaling:DescribeLaunchConfigurations"
],
Resource: "*"
}
]
}
}, {
dependsOn: [cluster]
});
Here is the error I am receiving:
Calling [toString] on an [Output\u003cT\u003e] is not supported.\n\nTo get the value of an Output\u003cT\u003e as an Output\u003cstring\u003e consider either:\n1: o.apply(v =\u003e `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee <https://pulumi.io/help/outputs> for more details.\nThis function may throw in a future version of @pulumi/pulumi.
I have tried apply
and pulumi.interpolate
to resolve this issue, but neither seem to work.
Am I missing something about outputs?
Thanksicy-controller-6092
11/28/2022, 8:50 PMFLINK-1_15
as the runtime environment when deploying a new Kinesis Analytics application? It was only released a few days ago and I understand the internal enum has not yet been updated (throwing an error) - just wondering if there is a workaround?white-chef-55657
11/29/2022, 8:18 AMwhite-chef-55657
11/29/2022, 8:27 AMechoing-butcher-64641
11/29/2022, 2:35 PMmanaged node group
with this function createManagedNodeGroup
and I would like to do some changes to the kubelet configuration
but I found out its not possible due to this issue https://github.com/pulumi/pulumi-eks/issues/611. Is there any other way to pass kubelet extra args
?fresh-minister-66960
11/29/2022, 9:56 PMaws:lambda:Function (XXXXX):
44
error: 1 error occurred:
45
* error creating Lambda Function (1): AccessDeniedException:
46
status code: 403, request id: 2224b871-f8fc-43f9-baf5-c62809b1779d
I am creating a new account in my organization using IAM credentials of an admin user in my main account. Will post the code in a comment here.adamant-dress-73325
11/29/2022, 10:16 PMelasticloadbalancingv2
namespace was not kept around in classic from 0.40 -> 1.0 of pulumi-awsx, should be mentioned in migration notes, we had to change it to lb
to keep things working post upgrade to 1.0wooden-architect-84094
11/30/2022, 10:50 AMpulumi refresh
i’ve come across when using explicit aws providers within a specific scenario.
For context I am wanting to use explicit aws providers to enable easy cross account deployment of resources. Most deployments will be done via a github actions workflow, but we will occasionally be required to deploy from local machines too. The iam roles we use for deployments from github and local machines are not the same and so the provider’s role_to_assume
is changed based on the deployment environment. However running the pulumi refresh
command locally if the previous deployment was made from github causes an access denied error, but running pulumi up
does not give the same error and will simply deploy any changes. Was wondering if there’s a neat workaround i’ve not thought of to enable pulumi refresh
in this scenario, something other than manually editing the the aws provider role_to_assume
in the backend state file after changing deployment environment?loud-australia-45001
11/30/2022, 11:47 AMawsx
from 0.40 to 1.0 and I'm finding that when doing preview
or update
, it wants to recreate my VPC
I saw in the https://www.pulumi.com/docs/guides/crosswalk/aws/ documentation that it is suggested to use the classic
package, but that means that there is no way to upgrade apart destroying all the resources and recreate them?loud-australia-45001
11/30/2022, 2:03 PMAWS CrossWalk
the following worked on 0.40.0
, the latter didn't with 1.0.0
. Can't understand why, it seems something related to the IPs
This worked
const vpc = new awsx.ec2.Vpc(VPC_NAME, {
cidrBlock: CIDR_BLOCK //is 10.0.0.0/16,
numberOfAvailabilityZones: AVAILABILITY_ZONE //is 3,
numberOfNatGateways: NUMBER_OF_GATEWAYS //is 1,
subnets: [
{
cidrMask: 18,
name: 'Private',
type: 'private',
},
{
cidrMask: 20,
name: 'DBs',
type: 'isolated',
},
{
cidrMask: 22,
name: 'Public',
type: 'public',
},
],
tags: vpcTags,
});
This doesn't
const vpc = new awsx.ec2.Vpc(VPC_NAME, {
cidrBlock: CIDR_BLOCK //is 10.0.0.0/16,
numberOfAvailabilityZones: AVAILABILITY_ZONE //is 3,
natGateways: {
strategy: awsx.ec2.NatGatewayStrategy.Single,
},
subnetSpecs: [
{
cidrMask: 18,
name: 'Private',
type: awsx.ec2.SubnetType.Private,
},
{
cidrMask: 20,
name: 'Isolated',
type: awsx.ec2.SubnetType.Isolated,
},
{
cidrMask: 22,
name: 'Public',
type: awsx.ec2.SubnetType.Public,
},
],
tags: vpcTags,
});
swift-fireman-31153
11/30/2022, 10:35 PMnew aws.Provider
not using the profile
provide and just using the aws configure default
profile?curved-appointment-51749
12/01/2022, 12:59 PMaws.iam.Role
where there is a property managedPolicyArns
, if you import the resource or run pulumi up --refresh
pulumi will populate managedPolicyArns
with the policy even if you use aws.iam.PolicyAttachment
, aws.iam.RolePolicyAttachment
and aws.iam.RolePolicy
. Pulumi warns that you should not use both. It is possible to use Resource Tranforms to remove managedPolicyArns
but then running pulumi up --refresh
results in policies being detached and then only maybe being reattached. Is it possible to use a resource like aws.iam.Role
without managedPolicyArns
in practice or do you really not have a choice?icy-controller-6092
12/02/2022, 4:36 AMicy-controller-6092
12/02/2022, 4:36 AMexpected runtime_environment to be one of [SQL-1_0 FLINK-1_6 FLINK-1_8 ZEPPELIN-FLINK-1_0 FLINK-1_11 FLINK-1_13 ZEPPELIN-FLINK-2_0], got FLINK-1_15.
it seems to be a local validation error and not a remote one, as the cloudformation docs are up to date, plus terraform has included the two new enum entriesastonishing-dentist-11149
12/02/2022, 8:54 PMmost-lighter-95902
12/03/2022, 4:38 PMmost-lighter-95902
12/03/2022, 4:39 PMconst vpc = new awsx.ec2.Vpc(`vpc-${clusterName}`, {
numberOfAvailabilityZones: 2,
subnets: [
{ type: 'public' },
{
type: 'private',
tags: {
[`<http://kubernetes.io/cluster/${clusterName}`|kubernetes.io/cluster/${clusterName}`>]: 'owned',
[`<http://karpenter.sh/discovery`|karpenter.sh/discovery`>]: clusterName,
},
}, // tags required for Karpenter setup
],
})
most-lighter-95902
12/03/2022, 4:42 PMmost-lighter-95902
12/03/2022, 4:42 PMmost-lighter-95902
12/03/2022, 4:47 PMmost-lighter-95902
12/03/2022, 4:47 PM