https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
aws
  • m

    most-lighter-95902

    12/03/2022, 4:49 PM
    Oh you can still use classic module
  • t

    thousands-area-40147

    12/03/2022, 9:02 PM
    I think https://github.com/pulumi/pulumi-aws/commit/c984ddfba812c33e5ebf7267cdf9c1498174f3d4 broke https://github.com/pulumi/pulumi-aws/blob/master/sdk/nodejs/types/s3/input.ts on line 10 🧐 Probably should be
    import { RoutingRule} from "@pulumi/aws/s3";
    Edit: Added issue here.
  • m

    melodic-tomato-39005

    12/04/2022, 4:28 AM
    So
    ec2:SecurityGroup
    is not supported in aws-native, only in the classic provider, but there’s no GH issue for this? Shouldn’t there be, to track eventual parity between the providers?
    b
    • 2
    • 2
  • i

    icy-controller-6092

    12/04/2022, 5:34 AM
    Flink v1.15 was released on Kinesis Analytics a couple of weeks ago, and it’s still not possible to use it when deploying via Pulumi. Same thing with node.js v18 on Lambda. I knew Flink v1.15 was being released on Kinesis in November so I built my analytics app to work with it, and have been eagerly waiting for Flink v1.15 for a couple of months now. I feel kinda disappointed that the holdup now is Pulumi not allowing me to deploy the app, despite the new enum value being available in the Terraform AWS provider since 9 days ago The team & everyone on Slack have been super helpful when I’ve asked about the new Kinesis and Lambda runtimes, and I also note that there was the Thanksgiving break in the US. But I’m now concerned about the lead time here to add a new entry to an enum value, and starting to research whether I should just move my IaC over to terraform to avoid running into this type of issue again I know Pulumi is free & open source, and I’m not criticising the time taken to bring the new enum value through to the CLI, just thought it might be a feedback signal the pulumi team might want to think about as I imagine this can impact adoption
    m
    b
    • 3
    • 4
  • h

    helpful-account-44059

    12/04/2022, 9:52 AM
    hi, i'm using pulumi to construct aws dms(data migration sercice) tasks, i set the
    startReplicationTask
    as true, but got the error message
    start: timeout while waiting for state to become 'running' (last state: 'starting', timeout: 5m0s)
    i have set the
    customTimeouts: { create: "15m", update: "15m", delete: "15m" },
    it seems not work
    • 1
    • 1
  • m

    most-state-94104

    12/04/2022, 1:31 PM
    Is it possible to use the pulumi github app with an AWS self-hosted backend instead of the pulumi service?
    b
    • 2
    • 1
  • b

    brainy-engineer-50929

    12/06/2022, 11:50 AM
    Hi everyone, I have an apigateway v1 using @pulumi/awsx and need to create BasePathMapping like '/api/v1' , however AWS throws an error:
    "Error creating Gateway base path mapping: BadRequestException: API Gateway V1 doesn't support the slash character (/) in base path mappings. To create a multi-level base path mapping, use API Gateway V2"
    Can I use aws.apigatewayv2.ApiMapping with apigateway v1 ? Or is there another way to go about solving this??
    v
    • 2
    • 1
  • w

    white-rain-67342

    12/06/2022, 9:45 PM
    Hello everyone. I am seeing that whenever I deploy a new version of my infrastructure, it replaces my RDS replica -despite no changes happening to my RDS definition. I see the following when I run my
    pulumi up
    command:
    +-     └─ aws:rds:Instance                              dev-db-rds-replica                  replace     [diff: -storageEncrypted~replicateSourceDb]
    Has anyone seen this before? It is quite frustrating?
    l
    • 2
    • 22
  • a

    adamant-leather-41068

    12/07/2022, 4:52 AM
    I have some EC2 instances managed by Pulumi. Various config files are written using
    cloudinit
    . If I change this data, Pulumi correctly identified the resources affected and shutsdown the correct EC2 instances. However, it doesn't write the new config data, so when it starts up the machines the old versions are still there. If I manually terminate the EC2 instances, then run
    pulumi refresh
    and
    pulumi up
    it all works. What am I doing wrong?
    m
    • 2
    • 6
  • p

    proud-art-41399

    12/07/2022, 5:11 PM
    Hi, I'm using
    ec2.Instance
    to spin up a new EC2 instance which employes user data to provision the needed software upon start. Now I want to use
    ec2.AmiFromInstance
    to create an AMI from the newly created EC2 instance. However, it seems that the later resource doesn't wait until the instance is fully up. Creating an AMI involves stopping the instance, creating a snapshot of EBS volume and starting it up again. However, I can see in the cloud init logs that the EC2 instance user data script is interrupted before it can finish the provisioning. Is there any way to wait for the user data script to finish? I could put some artificial sleep/delay before the creating the AMI resource, but there might be a better and more elegant way.
    m
    f
    • 3
    • 6
  • g

    gifted-room-26715

    12/08/2022, 2:26 AM
    Hi, I'm trying to use this GitHubAction - https://github.com/pulumi/actions/blob/master/examples/python-pulumi.yaml But all I've is .py files that have implemented pulumi automation API and I run those from command line without specifying up/preview/etc as required by the above link. Can someone suggest how to use the python scripts with the above GH Action as I don't have the pulumi projects with YAML files...just the pulumi automation api scripts? Thx.
    m
    • 2
    • 3
  • g

    great-sunset-355

    12/08/2022, 10:24 AM
    Hi I am experiencing weird behaviour I have an IAM policy like this
    {
        "Statement": [
            {
                "Action": "ssm:DescribeParameters",
                "Effect": "Allow",
                "Resource": "*"
            },
            {
                "Action": [
                    "*"
                ],
                "Condition": {
                    "StringEquals": {
                        "aws:ResourceTag/pulumi_project": "sandbox",
                        "aws:ResourceTag/pulumi_stack": "dev",
                        "aws:ResourceTag/tier": "dev"
                    }
                },
                "Effect": "Allow",
                "Resource": "*"
            },
            {
                "Action": [
                    "*"
                ],
                "Condition": {
                    "StringEquals": {
                        "aws:RequestTag/pulumi_project": "sandbox",
                        "aws:RequestTag/pulumi_stack": "dev",
                        "aws:RequestTag/tier": "dev"
                    }
                },
                "Effect": "Allow",
                "Resource": "*"
            },
        ],
        "Version": "2012-10-17"
    }
    and my pulumi code is deploying SSM parameters
    const dbParams = [
          { role: ro, type: "ro", endpoint: args.masterHostReadOnly },
          { role: rw, type: "rw", endpoint: args.masterHost },
          { role: mig, type: "mig", endpoint: args.masterHost },
        ].map(({ role, type, endpoint }) => {
          const ssmPrefix = `ecs/${namespace}/db/${clusterName}/${type}`;
    
          return [
            { name: "pguser", value: role.name },
            { name: "pgpassword", value: role.password },
            { name: "pghost", value: endpoint },
            { name: "pgdatabase", value: db.name },
            { name: "pgport", value: DefaultPort.toString() },
            { name: "pgssl", value: "true" },
          ].map((p) => {
            const param = new aws.ssm.Parameter(
              rcName(`${type}-${p.name.replace("/", "-")}`),
              {
                name: `/${ssmPrefix}/${databaseName === "service" ? "" : `${databaseName}_`}${p.name}`,
                type: "SecureString",
                value: pulumi.output(p.value).apply(
                  (v) => {
                  if (!v)
                    throw Error(`Missing value for RdsClusterDatabase parameter: ${p.name}`);
                  return `${v}`;
                }
                ),
                tags,
              },
              { parent: role }
            )
            return {name: p.name.toUpperCase(), arn:param.arn}
          });
    However sometimes during the initial deployment one or more parameters fail with error
    error reading SSM Parameter (/ecs/main/db/sandbox/ro/pguser): AccessDeniedException: User: arn:aws:sts::<accounted>:assumed-role/pulumi-ci-sandbox-role/dev-jan-Session is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:eu-central-1:<accountId>:parameter/ecs/main/db/sandbox/ro/pguser because no identity-based policy allows the ssm:GetParameter action
            status code: 400, request id: 30c9a9dd-23af-4bb5-b4e7-a6801667db51
    then the second run of
    pulumi up
    just works Other times the error is triggered inside
    apply
    Error: Missing value for RdsClusterDatabase parameter: pghost
    Can anyone tell me how to debug this?
  • f

    future-receptionist-60599

    12/08/2022, 2:36 PM
    Hello everyone! Has anyone gotten Pulumi CLI working when working with AWS Identity Center (SSO). I am getting error:
    Details: loading configuration: profile "value-dev" is configured to use SSO but is missing required configuration: sso_region, sso_start_url
    When I add the missing parameters, I get error:
    Error: failed to refresh cached credentials, the SSO session has expired or is invalid: open /Users/my-user/.aws/sso/cache/5b4332413256eb7492af48c99f1ed4408c4ad28e.json: no such file or directory
    .aws/config:
    [profile value-dev]
    sso_session = my-sso
    sso_account_id = 12341234123
    sso_role_name = PowerUserAccess
    region = eu-north-1
    output = json
    
    [sso-session my-sso]
    sso_start_url = <https://my-sso.awsapps.com/start>
    sso_region = eu-west-1
    sso_registration_scopes = sso:account:access
    Some version details:
    $ aws --version
    aws-cli/2.9.4 Python/3.11.0 Darwin/21.6.0 source/arm64 prompt/off
    
    $ pulumi version
    v3.48.0
    Any help on this is appreciated!
    f
    s
    • 3
    • 8
  • r

    rich-dress-42878

    12/09/2022, 1:39 AM
    Hey, I am building and deploying an image to ECR using
    awsx.ecr.Image
    . It's working great. I was wondering if there is a workflow/story for conveniently accessing a Dockerfile from a remote URL, rather than a local path. My application code as well as its corresponding Dockerfile are in a separate repo from my infra repo in this case. E.g. something like this (doesn't work, of course):
    const image = new awsx.ecr.Image("image", {
      // ...
      path: "<https://github.com/>...",
      // dockerfile: "...",
    });
    I have some ideas for dynamically pulling in the dockerfile by leveraging the language ecosystem (JS/TS/Node in this case) but I think that might be overcomplicating this a bit
    l
    • 2
    • 3
  • b

    better-translator-47169

    12/12/2022, 2:55 AM
    Hi, I want to deploy a node lambda using Pulumi which reads a file using fs.readFile when executed - does anyone know the right way to copy this file up as part of the lambda's file structure?
    l
    • 2
    • 2
  • a

    able-pager-43706

    12/12/2022, 3:22 AM
    Has anybody used AWS CDK on Pulumi? Does it support other languages other than Typescript?
    m
    r
    s
    • 4
    • 3
  • p

    purple-market-1813

    12/12/2022, 10:03 PM
    Hey all,
  • p

    purple-market-1813

    12/12/2022, 10:03 PM
    working on a fargate task that has pulumi installed
  • p

    purple-market-1813

    12/12/2022, 10:04 PM
    looking to run a python file in an ecs task that has pulumi on the requirements.txt?
    s
    • 2
    • 22
  • g

    gifted-student-18589

    12/13/2022, 12:36 PM
    I have a weird IAM issue where I receive:
    xyz is not authorized to perform: lambda:GetEventSourceMapping on resource: * because no identity-based policy allows the lambda:GetEventSourceMapping action"
    But, my user clearly has these permissions (check sshot). Will all of the Cloudtrail debugging (the above message is from it) and trying different things, I still didn't manage to find what is running this and why wildcard is being used. I'm at a point where I'll just put
    Resource: *
    but still, just in case, I decided to ask if anybody had a similar experience.
    p
    • 2
    • 9
  • p

    purple-market-1813

    12/13/2022, 4:04 PM
    hey all, I have a simple dockerfile with a base image of
    FROM python:3.9
    that runs
    RUN pip3 install -r requirements.txt
    with a file that looks like this:
    b
    s
    • 3
    • 17
  • a

    alert-laptop-81342

    12/14/2022, 3:25 PM
    Hello all! I am having an issue with this simple example from the site:
    import pulumi
    import json
    import pulumi_aws as aws
    
    managed_policy_arns = [
        "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
        "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
        "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
    ]
    
    
    assume_role_policy = json.dumps({
        "Version": "2012-10-17",
        "Statement": [{
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Sid": None,
            "Principal": {
                "Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>",
            },
        }],
    })
    
    role1 = aws.iam.Role("jarvis",
        assume_role_policy=assume_role_policy,
        managed_policy_arns=managed_policy_arns)
    When I try to run I get MalformedPolicyDocument error. I debugged following this https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-malformed-policy-errors/ and I saw that the assumeRolePolicyDocument seemed bad formatted, it was like this:
    {
        "path": "/",
        "roleName": "jarvis-1be401b",
        "assumeRolePolicyDocument": "{"Version": "2012-10-17", "Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Sid": null, "Principal": {"Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"}}]}",
        "maxSessionDuration": 3600
    }
    But it seems it should not the double quotes at the beginning... anyone else with this problem? any work around it? Appreciate your attention
    g
    o
    s
    • 4
    • 5
  • r

    rough-jordan-15935

    12/14/2022, 4:33 PM
    getting this errro when deploying. could i get any help? error occurs when deploying from codebuild pulumi😛ulumi:Stack <<STACK>> running error: error reading from server: EOF
    b
    • 2
    • 2
  • a

    astonishing-dentist-11149

    12/14/2022, 7:42 PM
    Hey all, are there any upgrade guides anywhere for awsx version 1, I am coming from the beta, and there are a ton of breaking changes in the full upgrade.
    g
    • 2
    • 6
  • s

    straight-salesclerk-83604

    12/15/2022, 6:04 AM
    Has anybody come across this weird issue related to API Gateway. Seems a Golang + macOS level thing related to certs.
    m
    • 2
    • 1
  • a

    ambitious-agent-35343

    12/15/2022, 10:05 AM
    A true hero who would wanna take a look at implementing https://github.com/pulumi/pulumi-eks/issues/611 letting users select the max pods per node? This is hurting both the environment and the wallet X)
    b
    • 2
    • 1
  • p

    purple-market-1813

    12/15/2022, 5:02 PM
    is there a way to get the security group's id of a newly created group? https://www.pulumi.com/registry/packages/aws/api-docs/ec2/securitygroup/#outputs
    p
    m
    • 3
    • 3
  • h

    helpful-kite-36916

    12/19/2022, 3:14 PM
    https://www.pulumi.com/registry/packages/aws/api-docs/wafv2/webacl/ How to get this page? Chrome always die on this page. And it is more than 60 Mb of text
    m
    • 2
    • 1
  • a

    able-hospital-16256

    12/20/2022, 1:15 PM
    Hi team, does anyone used or have a project using SSM with Pulumi to run Ansible Commands? 🤔
    g
    • 2
    • 2
  • i

    incalculable-midnight-8291

    12/21/2022, 9:58 AM
    Is there a nice way to generate passwords from code when setting up and rds database for example, and storing it in secrets manager? Any tutorial I can look at?
    b
    • 2
    • 1
Powered by Linen
Title
i

incalculable-midnight-8291

12/21/2022, 9:58 AM
Is there a nice way to generate passwords from code when setting up and rds database for example, and storing it in secrets manager? Any tutorial I can look at?
b

boundless-telephone-75738

12/21/2022, 11:55 AM
https://www.pulumi.com/registry/packages/random/api-docs/randompassword/ is what we use
View count: 1