thousands-area-40147
12/03/2022, 9:02 PMimport { RoutingRule} from "@pulumi/aws/s3";
Edit: Added issue here.melodic-tomato-39005
12/04/2022, 4:28 AMec2:SecurityGroup
is not supported in aws-native, only in the classic provider, but there’s no GH issue for this? Shouldn’t there be, to track eventual parity between the providers?icy-controller-6092
12/04/2022, 5:34 AMhelpful-account-44059
12/04/2022, 9:52 AMstartReplicationTask
as true, but got the error message
start: timeout while waiting for state to become 'running' (last state: 'starting', timeout: 5m0s)
i have set the customTimeouts: { create: "15m", update: "15m", delete: "15m" },
it seems not workmost-state-94104
12/04/2022, 1:31 PMbrainy-engineer-50929
12/06/2022, 11:50 AM"Error creating Gateway base path mapping: BadRequestException: API Gateway V1 doesn't support the slash character (/) in base path mappings. To create a multi-level base path mapping, use API Gateway V2"
Can I use aws.apigatewayv2.ApiMapping with apigateway v1 ? Or is there another way to go about solving this??white-rain-67342
12/06/2022, 9:45 PMpulumi up
command:
+- └─ aws:rds:Instance dev-db-rds-replica replace [diff: -storageEncrypted~replicateSourceDb]
Has anyone seen this before? It is quite frustrating?adamant-leather-41068
12/07/2022, 4:52 AMcloudinit
.
If I change this data, Pulumi correctly identified the resources affected and shutsdown the correct EC2 instances. However, it doesn't write the new config data, so when it starts up the machines the old versions are still there.
If I manually terminate the EC2 instances, then run pulumi refresh
and pulumi up
it all works.
What am I doing wrong?proud-art-41399
12/07/2022, 5:11 PMec2.Instance
to spin up a new EC2 instance which employes user data to provision the needed software upon start. Now I want to use ec2.AmiFromInstance
to create an AMI from the newly created EC2 instance. However, it seems that the later resource doesn't wait until the instance is fully up. Creating an AMI involves stopping the instance, creating a snapshot of EBS volume and starting it up again. However, I can see in the cloud init logs that the EC2 instance user data script is interrupted before it can finish the provisioning. Is there any way to wait for the user data script to finish? I could put some artificial sleep/delay before the creating the AMI resource, but there might be a better and more elegant way.gifted-room-26715
12/08/2022, 2:26 AMgreat-sunset-355
12/08/2022, 10:24 AM{
"Statement": [
{
"Action": "ssm:DescribeParameters",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"*"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/pulumi_project": "sandbox",
"aws:ResourceTag/pulumi_stack": "dev",
"aws:ResourceTag/tier": "dev"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"*"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/pulumi_project": "sandbox",
"aws:RequestTag/pulumi_stack": "dev",
"aws:RequestTag/tier": "dev"
}
},
"Effect": "Allow",
"Resource": "*"
},
],
"Version": "2012-10-17"
}
and my pulumi code is deploying SSM parameters
const dbParams = [
{ role: ro, type: "ro", endpoint: args.masterHostReadOnly },
{ role: rw, type: "rw", endpoint: args.masterHost },
{ role: mig, type: "mig", endpoint: args.masterHost },
].map(({ role, type, endpoint }) => {
const ssmPrefix = `ecs/${namespace}/db/${clusterName}/${type}`;
return [
{ name: "pguser", value: role.name },
{ name: "pgpassword", value: role.password },
{ name: "pghost", value: endpoint },
{ name: "pgdatabase", value: db.name },
{ name: "pgport", value: DefaultPort.toString() },
{ name: "pgssl", value: "true" },
].map((p) => {
const param = new aws.ssm.Parameter(
rcName(`${type}-${p.name.replace("/", "-")}`),
{
name: `/${ssmPrefix}/${databaseName === "service" ? "" : `${databaseName}_`}${p.name}`,
type: "SecureString",
value: pulumi.output(p.value).apply(
(v) => {
if (!v)
throw Error(`Missing value for RdsClusterDatabase parameter: ${p.name}`);
return `${v}`;
}
),
tags,
},
{ parent: role }
)
return {name: p.name.toUpperCase(), arn:param.arn}
});
However sometimes during the initial deployment one or more parameters fail with error
error reading SSM Parameter (/ecs/main/db/sandbox/ro/pguser): AccessDeniedException: User: arn:aws:sts::<accounted>:assumed-role/pulumi-ci-sandbox-role/dev-jan-Session is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:eu-central-1:<accountId>:parameter/ecs/main/db/sandbox/ro/pguser because no identity-based policy allows the ssm:GetParameter action
status code: 400, request id: 30c9a9dd-23af-4bb5-b4e7-a6801667db51
then the second run of pulumi up
just works
Other times the error is triggered inside apply
Error: Missing value for RdsClusterDatabase parameter: pghostCan anyone tell me how to debug this?
future-receptionist-60599
12/08/2022, 2:36 PMDetails: loading configuration: profile "value-dev" is configured to use SSO but is missing required configuration: sso_region, sso_start_url
When I add the missing parameters, I get error:
Error: failed to refresh cached credentials, the SSO session has expired or is invalid: open /Users/my-user/.aws/sso/cache/5b4332413256eb7492af48c99f1ed4408c4ad28e.json: no such file or directory
.aws/config:
[profile value-dev]
sso_session = my-sso
sso_account_id = 12341234123
sso_role_name = PowerUserAccess
region = eu-north-1
output = json
[sso-session my-sso]
sso_start_url = <https://my-sso.awsapps.com/start>
sso_region = eu-west-1
sso_registration_scopes = sso:account:access
Some version details:
$ aws --version
aws-cli/2.9.4 Python/3.11.0 Darwin/21.6.0 source/arm64 prompt/off
$ pulumi version
v3.48.0
Any help on this is appreciated!rich-dress-42878
12/09/2022, 1:39 AMawsx.ecr.Image
. It's working great. I was wondering if there is a workflow/story for conveniently accessing a Dockerfile from a remote URL, rather than a local path. My application code as well as its corresponding Dockerfile are in a separate repo from my infra repo in this case.
E.g. something like this (doesn't work, of course):
const image = new awsx.ecr.Image("image", {
// ...
path: "<https://github.com/>...",
// dockerfile: "...",
});
I have some ideas for dynamically pulling in the dockerfile by leveraging the language ecosystem (JS/TS/Node in this case) but I think that might be overcomplicating this a bitbetter-translator-47169
12/12/2022, 2:55 AMable-pager-43706
12/12/2022, 3:22 AMpurple-market-1813
12/12/2022, 10:03 PMpurple-market-1813
12/12/2022, 10:03 PMpurple-market-1813
12/12/2022, 10:04 PMgifted-student-18589
12/13/2022, 12:36 PMxyz is not authorized to perform: lambda:GetEventSourceMapping on resource: * because no identity-based policy allows the lambda:GetEventSourceMapping action"
But, my user clearly has these permissions (check sshot).
Will all of the Cloudtrail debugging (the above message is from it) and trying different things, I still didn't manage to find what is running this and why wildcard is being used.
I'm at a point where I'll just put Resource: *
but still, just in case, I decided to ask if anybody had a similar experience.purple-market-1813
12/13/2022, 4:04 PMFROM python:3.9
that runs RUN pip3 install -r requirements.txt
with a file that looks like this:alert-laptop-81342
12/14/2022, 3:25 PMimport pulumi
import json
import pulumi_aws as aws
managed_policy_arns = [
"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
]
assume_role_policy = json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Sid": None,
"Principal": {
"Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>",
},
}],
})
role1 = aws.iam.Role("jarvis",
assume_role_policy=assume_role_policy,
managed_policy_arns=managed_policy_arns)
When I try to run I get MalformedPolicyDocument error. I debugged following this https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-malformed-policy-errors/ and I saw that the assumeRolePolicyDocument seemed bad formatted, it was like this:
{
"path": "/",
"roleName": "jarvis-1be401b",
"assumeRolePolicyDocument": "{"Version": "2012-10-17", "Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Sid": null, "Principal": {"Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"}}]}",
"maxSessionDuration": 3600
}
But it seems it should not the double quotes at the beginning... anyone else with this problem? any work around it?
Appreciate your attentionrough-jordan-15935
12/14/2022, 4:33 PMastonishing-dentist-11149
12/14/2022, 7:42 PMstraight-salesclerk-83604
12/15/2022, 6:04 AMambitious-agent-35343
12/15/2022, 10:05 AMpurple-market-1813
12/15/2022, 5:02 PMhelpful-kite-36916
12/19/2022, 3:14 PMable-hospital-16256
12/20/2022, 1:15 PMincalculable-midnight-8291
12/21/2022, 9:58 AMable-hospital-16256
12/21/2022, 4:23 PMparameters=[
"mkdir FileTestSSM3",
],