https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • m

    magnificent-lifeguard-15082

    11/21/2022, 4:39 PM
    Has anybody had issues where
    aws:iam:RolePolicyAttachment
    appear to be created in pulumi state but have not been created in aws?
    b
    l
    • 3
    • 9
  • e

    elegant-laptop-80400

    11/21/2022, 6:08 PM
    are there some examples of using aws-sdk inside of an inline lambda code? like
    const lambda = new aws.lambda.CallbackFunction("mylambda", {
      callback: async e => {
        // aws sdk code here
      }
    });
    The serialization isn't going right for me and I am getting module not found error when it runs
    b
    • 2
    • 2
  • b

    brave-motorcycle-67487

    11/22/2022, 7:47 PM
    I'm trying to fit together the last piece of an ECS deployment pipeline and I'm not sure how to go about it, and the bits I've found on how others have don't seem to fit with how I'm approaching the problem. So I'm wondering if I need to rethink the entire approach. I have an infrastructure repo that has Pulumi code for defining all sorts of things. This includes all the stuff required for the ECS cluster, including the container definitions themselves for an app. Right now it's using a statically-defined
    image
    . In the apps' repos, I have Github Actions rules that build the containers and push them to ECR. Now I need to close the gap between these two. My thought was that I'd trigger CodeDeploy from Actions (we're doing that for the old process I'm replacing) and that would handle the deployment. The problem is that the next time I run
    pulumi up
    , it'll re-deploy some old version of the app. Ideally I'd just leave that field out, but it is required by the SDK. The few things I've found about how other people do this is to run pulumi in the deploy pipeline and pass it the container version in an environment variable. I don't particularly want to run all of the infrastructure configuration stuff on a code deploy, though (and especially don't want changes to infra to potentially roll out while a developer is running what they think is a normal code deploy). But is that what I have to do?
    l
    • 2
    • 24
  • a

    astonishing-dress-81433

    11/22/2022, 8:25 PM
    Hi folks. I’m giving Pulumi a spin for a new project. The project is pretty simple. • Docker image running a FastAPI REST API • AWS App Runner My Pulumi program looks like this:
    import pulumi
    import pulumi_aws as aws
    import pulumi_awsx as awsx
    
    
    repo = awsx.ecr.Repository("ecr-repository")
    
    image = awsx.ecr.Image(
        "image",
        repository_url=repo.url,
        path="../",
        env={"DOCKER_DEFAULT_PLATFORM": "linux/amd64"},  # attempt 2: running on M2 chip
        extra_options=["--platform", "linux/amd64"],  # attempt 1: running on M2 chip
    )
    
    service = aws.apprunner.Service(
        "myservice",
        service_name="myservice",
        source_configuration=aws.apprunner.ServiceSourceConfigurationArgs(
            auto_deployments_enabled=False,
            image_repository=aws.apprunner.ServiceSourceConfigurationImageRepositoryArgs(
                image_configuration=aws.apprunner.ServiceSourceConfigurationImageRepositoryImageConfigurationArgs(
                    port="8000",
                ),
                image_identifier=image.image_uri,
                image_repository_type="ECR_PUBLIC",
            ),
        ),
    )
    pulumi.export("service", service.service_url)
    This stack builds and pushes my docker image but fails to create the AppRunner service:
    aws:apprunner:Service (myservice):
        error: 1 error occurred:
        	* creating urn:pulumi:dev::infrastructure::aws:apprunner/service:Service::myservice: 1 error occurred:
        	* error waiting for App Runner Service (arn:aws:apprunner:us-east-1:11111111111:service/myservice/111111111111111111111111) creation: unexpected state 'CREATE_FAILED', wanted target 'RUNNING'. last error: %!s(<nil>)
    
      pulumi:pulumi:Stack (infrastructure-dev):
        error: update failed
    There’s not much to work off here. My App Runner console does give me these logs:
    11-22-2022 12:16:30 PM [AppRunner] Failed to pull your application image. Be sure you configure your service with a valid access role to your ECR repository.
    11-22-2022 12:14:13 PM [AppRunner] Starting to pull your application image.
    My impression was that
    awsx
    is managing the needed roles/policies for the image. Is that correct, or is there more to do here?
    b
    g
    • 3
    • 5
  • a

    adamant-guitar-56279

    11/22/2022, 9:02 PM
    Anyone know why I would be getting
    Error: failed to register new resource ***** [aws-apigateway:index:RestAPI]: 2 UNKNOWN: plugins that can construct components must support secrets
    When doing as per example in https://www.pulumi.com/docs/guides/crosswalk/aws/api-gateway/#lambda-request-handling but with a provider eg:
    export const openapiAPI = new apigateway.RestAPI(
      `api`,
      routes: [
        {
          path: "/",
          method: "GET",
          eventHandler: helloHandler,
        },
      ],
      { provider }
    );
    h
    • 2
    • 4
  • e

    enough-pager-36335

    11/23/2022, 11:02 AM
    I'm setting up EC2 services over ECS using Auto Scaling Groups, there's this weirdest bug I can'g seem to solve, my pulumi up update is stuck on read aws:autoscaling:Group Running the exact same code on another machine works perfectly somehow. Anyone might know what can cause this? I have tried running destroy and then up again, I have tried pulumi refresh, I have even tried deleting and reinstalling pulumi on my machine, thanks.
    m
    • 2
    • 2
  • r

    rough-jordan-15935

    11/24/2022, 6:20 AM
    hey all quick question when im working with my team and we each do a pulumi deployment, why does the next user who deploys have to redeploy the entire stack and not only the diff?
    b
    • 2
    • 12
  • i

    icy-controller-6092

    11/26/2022, 4:13 AM
    hi all, how long does it typically take for new enums to come through? I’m trying to up a
    AWS::KinesisAnalyticsV2::Application
    but Pulumi doesn’t seem to have the latest enum for
    RuntimeEnvironment
    • 1
    • 1
  • p

    polite-rainbow-37545

    11/27/2022, 7:02 AM
    Hey everyone, I am facing a weird issue with pulumi_eks python package. I created a cluster as below. As per the doc - “Cluster is a component that wraps the AWS and Kubernetes resources necessary to run an EKS cluster, its worker nodes, its optional StorageClasses, and an optional deployment of the Kubernetes Dashboard.:” https://www.pulumi.com/registry/packages/eks/api-docs/cluster/#cluster BUT after creating the cluster, the nodegroups are also created (i can see them in ec2 console) but not attached to the cluster. I checked the EKS console and also tried to get the nodes using $ kubectl get nodes which returns empty. What could be the issue? I am flying blind here without any error output from pulumi. Pulumi says creation of cluster is successful. Appreciate if anyone could point me to the right direction.
    import pulumi
    import pulumi_aws as aws
    import pulumi_eks as eks
    
    # Get some values from the Pulumi configuration (or use defaults)
    config = pulumi.Config()
    min_cluster_size = config.get_float("minClusterSize", 3)
    max_cluster_size = config.get_float("maxClusterSize", 6)
    desired_cluster_size = config.get_float("desiredClusterSize", 3)
    eks_node_instance_type = config.get("eksNodeInstanceType", "t2.medium")
    
    eks_vpc = aws.ec2.Vpc.get("<mydefaultVPC", "<vpc-ID>")  # reusing an existing VPC
    public_subnet_ids = aws.ec2.get_subnets([
        {
            'name': 'vpc-id',
            'values': [eks_vpc.id]
        },
        {
            'name': 'subnet-id',
            'values': ['subnet-xxxxxxx', 'subnet-xxxxxx']
        }
    
    ])
    private_subnet_ids = aws.ec2.get_subnets([
        {
            'name': 'vpc-id',
            'values': [eks_vpc.id]
        },
        {
            'name': 'subnet-id',
            'values': ['subnet-xxxxxxxxxxxxxxxxx', 'subnet-xxxxxxxxxxxxxxx']
        }
    ])
    eks_cluster = eks.Cluster("eks-cluster",
                              # Put the cluster in the new VPC created earlier
                              vpc_id=eks_vpc.id,
                              # Public subnets will be used for load balancers
                              public_subnet_ids=public_subnet_ids.ids,
                              # Private subnets will be used for cluster nodes
                              private_subnet_ids=private_subnet_ids.ids,
                              desired_capacity=desired_cluster_size,
                              max_size=max_cluster_size,
                              min_size=min_cluster_size,
                              )
    pulumi.export("kubeconfig", eks_cluster.kubeconfig)
    pulumi.export("vpcId", eks_vpc.id)
    pulumi.export("aws_provider", eks_cluster.aws_provider)
    pulumi.export("name", eks_cluster.eks_cluster.id)
    pulumi.export("default_node_group", eks_cluster.default_node_group)
    b
    • 2
    • 2
  • t

    thankful-stone-34269

    11/27/2022, 6:29 PM
    Howdy y'all! Where can I find a list of resource types that i can
    pulumi import
    ? I'm getting sick of the trial-and-error like
    pulumi import aws:ec2:SecurityGroup
    vs
    aws:ec2/securitygroup:SecurityGroup
    etc etc.
    l
    b
    • 3
    • 3
  • l

    lively-needle-84406

    11/28/2022, 4:34 PM
    Hey all, I am still stuck on an issue with using
    pulumi.interpolate
    inside an iam PolicyDocument. Here is my code:
    const stringEqualsKey = pulumi.interpolate`aws:ResourceTag/k8s.io/cluster-autoscaler/${cluster.core.cluster.name}`;
    
    export const clusterAutoScalingPolicy = new aws.iam.Policy("clusterAutoScalingPolicy", {
        policy: {
            Version: "2012-10-17",
            Statement: [
                {
                    Sid: "VisualEditor0",
                    Effect: "Allow",
                    Action: [
                        "autoscaling:SetDesiredCapacity",
                        "autoscaling:TerminateInstanceInAutoScalingGroup"
                    ],
                    Resource: "*",
                    Condition: {
                        StringEquals: {
                            [`${stringEqualsKey}`]: "owned"
                        }
                    }
                },
                {
                    Sid: "VisualEditor1",
                    Effect: "Allow",
                    Action: [
                        "autoscaling:DescribeAutoScalingInstances",
                        "autoscaling:DescribeAutoScalingGroups",
                        "ec2:DescribeLaunchTemplateVersions",
                        "autoscaling:DescribeTags",
                        "autoscaling:DescribeLaunchConfigurations"
                    ],
                    Resource: "*"
                }
            ]
        }
    }, {
        dependsOn: [cluster]
    });
    Here is the error I am receiving:
    Calling [toString] on an [Output\u003cT\u003e] is not supported.\n\nTo get the value of an Output\u003cT\u003e as an Output\u003cstring\u003e consider either:\n1: o.apply(v =\u003e `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee <https://pulumi.io/help/outputs> for more details.\nThis function may throw in a future version of @pulumi/pulumi.
    I have tried
    apply
    and
    pulumi.interpolate
    to resolve this issue, but neither seem to work. Am I missing something about outputs? Thanks
    b
    • 2
    • 9
  • i

    icy-controller-6092

    11/28/2022, 8:50 PM
    Hi all, thought I’d try asking one more time. Does anyone know how I can use
    FLINK-1_15
    as the runtime environment when deploying a new Kinesis Analytics application? It was only released a few days ago and I understand the internal enum has not yet been updated (throwing an error) - just wondering if there is a workaround?
  • w

    white-chef-55657

    11/29/2022, 8:18 AM
    updating from awsxv0.40.1 to v1.0.0 results in a complete rebuild of our VPC - did anyone else figure how out how to avoid this breaking change?
  • w

    white-chef-55657

    11/29/2022, 8:27 AM
    also, awsx plugin now wants to listen for incoming connections? what’s going on?
  • e

    echoing-butcher-64641

    11/29/2022, 2:35 PM
    Hello Everyone I am struggling with something and I would appreciate your help so much 😄 I am creating a
    managed node group
    with this function
    createManagedNodeGroup
    and I would like to do some changes to the
    kubelet configuration
    but I found out its not possible due to this issue https://github.com/pulumi/pulumi-eks/issues/611. Is there any other way to pass
    kubelet extra args
    ?
  • f

    fresh-minister-66960

    11/29/2022, 9:56 PM
    Hello, I need some help here. I have started using Deployments REST API but I am getting an error when trying to provision a lambda function in a subaccount. I get this error:
    aws:lambda:Function (XXXXX): 
    44
         error: 1 error occurred: 
    45
         	* error creating Lambda Function (1): AccessDeniedException: 
    46
         	status code: 403, request id: 2224b871-f8fc-43f9-baf5-c62809b1779d
    I am creating a new account in my organization using IAM credentials of an admin user in my main account. Will post the code in a comment here.
    • 1
    • 3
  • a

    adamant-dress-73325

    11/29/2022, 10:16 PM
    FYI folks, the
    elasticloadbalancingv2
    namespace was not kept around in classic from 0.40 -> 1.0 of pulumi-awsx, should be mentioned in migration notes, we had to change it to
    lb
    to keep things working post upgrade to 1.0
  • w

    wooden-architect-84094

    11/30/2022, 10:50 AM
    Hello. Would like to quickly run by you an issue with
    pulumi refresh
    i’ve come across when using explicit aws providers within a specific scenario. For context I am wanting to use explicit aws providers to enable easy cross account deployment of resources. Most deployments will be done via a github actions workflow, but we will occasionally be required to deploy from local machines too. The iam roles we use for deployments from github and local machines are not the same and so the provider’s
    role_to_assume
    is changed based on the deployment environment. However running the
    pulumi refresh
    command locally if the previous deployment was made from github causes an access denied error, but running
    pulumi up
    does not give the same error and will simply deploy any changes. Was wondering if there’s a neat workaround i’ve not thought of to enable
    pulumi refresh
    in this scenario, something other than manually editing the the aws provider
    role_to_assume
    in the backend state file after changing deployment environment?
    l
    • 2
    • 1
  • l

    loud-australia-45001

    11/30/2022, 11:47 AM
    Hello guys I've tried to upgrade the version for
    awsx
    from 0.40 to 1.0 and I'm finding that when doing
    preview
    or
    update
    , it wants to recreate my VPC I saw in the https://www.pulumi.com/docs/guides/crosswalk/aws/ documentation that it is suggested to use the
    classic
    package, but that means that there is no way to upgrade apart destroying all the resources and recreate them?
    c
    c
    • 3
    • 2
  • l

    loud-australia-45001

    11/30/2022, 2:03 PM
    Hello again, another doubt: We are facing a strange issue with creating the subnets in the VPC with
    AWS CrossWalk
    the following worked on
    0.40.0
    , the latter didn't with
    1.0.0
    . Can't understand why, it seems something related to the IPs This worked
    const vpc = new awsx.ec2.Vpc(VPC_NAME, {
      cidrBlock: CIDR_BLOCK //is 10.0.0.0/16,
      numberOfAvailabilityZones: AVAILABILITY_ZONE //is 3,
      numberOfNatGateways: NUMBER_OF_GATEWAYS //is 1,
      subnets: [
        {
          cidrMask: 18,
          name: 'Private',
          type: 'private',
        },
        {
          cidrMask: 20,
          name: 'DBs',
          type: 'isolated',
        },
        {
          cidrMask: 22,
          name: 'Public',
          type: 'public',
        },
      ],
      tags: vpcTags,
    });
    This doesn't
    const vpc = new awsx.ec2.Vpc(VPC_NAME, {
        cidrBlock: CIDR_BLOCK //is 10.0.0.0/16,
        numberOfAvailabilityZones: AVAILABILITY_ZONE //is 3,
        natGateways: {
          strategy: awsx.ec2.NatGatewayStrategy.Single,
        },
        subnetSpecs: [
          {
            cidrMask: 18,
            name: 'Private',
            type: awsx.ec2.SubnetType.Private,
          },
          {
            cidrMask: 20,
            name: 'Isolated',
            type: awsx.ec2.SubnetType.Isolated,
          },
          {
            cidrMask: 22,
            name: 'Public',
            type: awsx.ec2.SubnetType.Public,
          },
        ],
        tags: vpcTags,
      });
    • 1
    • 3
  • s

    swift-fireman-31153

    11/30/2022, 10:35 PM
    has anyone had any issues with
    new aws.Provider
    not using the
    profile
    provide and just using the aws configure
    default
    profile?
    l
    • 2
    • 6
  • c

    curved-appointment-51749

    12/01/2022, 12:59 PM
    Hi. For a resource like
    aws.iam.Role
    where there is a property
    managedPolicyArns
    , if you import the resource or run
    pulumi up --refresh
    pulumi will populate
    managedPolicyArns
    with the policy even if you use
    aws.iam.PolicyAttachment
    ,
    aws.iam.RolePolicyAttachment
    and
    aws.iam.RolePolicy
    . Pulumi warns that you should not use both. It is possible to use Resource Tranforms to remove
    managedPolicyArns
    but then running
    pulumi up --refresh
    results in policies being detached and then only maybe being reattached. Is it possible to use a resource like
    aws.iam.Role
    without
    managedPolicyArns
    in practice or do you really not have a choice?
    l
    • 2
    • 5
  • i

    icy-controller-6092

    12/02/2022, 4:36 AM
    It takes quite a while for new runtime environments to make it through to Pulumi 😞 I’m still waiting for Flink v1.15 for Kinesis, and Node.js v18 for lambda
    b
    • 2
    • 2
  • i

    icy-controller-6092

    12/02/2022, 4:36 AM
    is there anything I can hack away in my local packages that will just ignore the enum validation check? e.g. a way to get around this error:
    expected runtime_environment to be one of [SQL-1_0 FLINK-1_6 FLINK-1_8 ZEPPELIN-FLINK-1_0 FLINK-1_11 FLINK-1_13 ZEPPELIN-FLINK-2_0], got FLINK-1_15.
    it seems to be a local validation error and not a remote one, as the cloudformation docs are up to date, plus terraform has included the two new enum entries
  • a

    astonishing-dentist-11149

    12/02/2022, 8:54 PM
    Hey all, what is the proper way to have pulumi "redeploy" a fargateService if all I did was update the latest image (same docker tag)? There is no change to tell pulumi this needs to be updated again, so not sure the best way to do this, short of going to AWS and redeploying the task.
    b
    • 2
    • 2
  • m

    most-lighter-95902

    12/03/2022, 4:38 PM
    Hi, I just upgraded awsx version and Vpc endpoint is giving me type errors. I can’t seem to find any examples for this so can someone suggest how can change my previous setup to the new api?
  • m

    most-lighter-95902

    12/03/2022, 4:39 PM
    const vpc = new awsx.ec2.Vpc(`vpc-${clusterName}`, {
          numberOfAvailabilityZones: 2,
          subnets: [
            { type: 'public' },
            {
              type: 'private',
              tags: {
                [`<http://kubernetes.io/cluster/${clusterName}`|kubernetes.io/cluster/${clusterName}`>]: 'owned',
                [`<http://karpenter.sh/discovery`|karpenter.sh/discovery`>]: clusterName,
              },
            }, // tags required for Karpenter setup
          ],
        })
  • m

    most-lighter-95902

    12/03/2022, 4:42 PM
    Looks like I have to change subnets to subnetSpecs, but unsure what serviceName is for
  • m

    most-lighter-95902

    12/03/2022, 4:42 PM
    As for the type, I assume I need to set privateDnsEnabled?
  • m

    most-lighter-95902

    12/03/2022, 4:47 PM
    Also, ec2.SecurityGroup is now gone - is there any migration docs for this?
Powered by Linen
Title
m

most-lighter-95902

12/03/2022, 4:47 PM
Also, ec2.SecurityGroup is now gone - is there any migration docs for this?
View count: 2