Im working on something that involves schema traversal and I noticed something peculiar in the schema for the aws provider. at line 1034

"aws:alb/IpAddressType:IpAddressType": {
            "type": "string",
            "enum": [
                {
                    "name": "Ipv4",
                    "value": "ipv4"
                },
                {
                    "name": "Dualstack",
                    "value": "dualstack"
                }
            ]
        },

at line 8986

"aws:applicationloadbalancing/IpAddressType:IpAddressType": {
            "type": "string",
            "enum": [
                {
                    "name": "Ipv4",
                    "value": "ipv4"
                },
                {
                    "name": "Dualstack",
                    "value": "dualstack"
                }
            ]
        },

So there is the same data type for two different modules, understandable. The schema for applicationloadbalancing/loadBalancer starts at line 405729 and then describes the property

ipAddressType

at line 405789

"ipAddressType": {
                   "type": "string",
                   "$ref": "#/types/aws:alb/ipAddressType:IpAddressType",
                   "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n"
               },

Shouldn't the

$ref

be

#/types/aws:applicationloadbalancing/ipAddressType:IpAddressType

? (currently doesn't get referenced in the schema at all despite being available) I understand that this is trivial, but it might be better to be more consistent. Is this something I can make a PR for? Also, I'm now realizing that I don't understand the difference between

alb

and

applicationloadbalancing

, can someone help me understand that?

I’m defining an https://www.pulumi.com/registry/packages/aws/api-docs/ecs/service/. I’ve also created an autoscaling policy. What I would like to do now is for Pulumi to no longer manipulate the desiredCount (Since the autoscaling does that). If I leave it empty, Pulumi sets it to 0 bringing the application down, so thats not an option. Whats the alternative?

Hi. I need some help with an error:

error: unable to validate AWS credentials. Details: Assume Role: role ARN not set

. This code was working fine in 3.35.3. The error appeared when I tried to upgrade to 3.50.2. Any ideas?

Hello how to get the Public IP of a Network Load Balancer through Pulumi for NodeJS ?

Hello @echoing-match-29901 , I’ve been trying out this new project called

connecti

https://tailscale.com/blog/pulumi-connecti/ by @billowy-army-68599. However, I’m running into some issues. Is there a place that I can look for help or follow the some kind of roadmap on it? I know its a super early project but I can’t get it working at all.

Hello, Is there a client token I can pass to the ec2 instance creation ? I’ve seen that the aws endpoint has this for idempotency purposes but the aws ts sdk doesn’t, any ideas?

Hey folks, is it possible to automatically tag created resources when running

pulumi up

, instead of specifying tags manually for each resource? For example, in my stack I'm creating an EC2 instance, an elastic ip address and a security group. For those 3 resources, I add a tag such as

createdBy: Pulumi

. However, the underlying Network Interface that gets automatically generated isn't directly defined as code, thus it remains tagless. I was wondering if it's possible to: 1 - specify a set of tags that gets automatically applied to all resources created by pulumi 2 - use the above set to also tag the resources not directly defined as code, but still created during the process (like the network interface mentioned above)

I am trying to create a Glue Job with Pulumi, but for some reason a few of the

defaultArguments

are missing, these two:

‘--datalake-formats’: ‘delta’,
‘--conf’: ‘spark.sql.extensions=io.delta.sql.DeltaSparkSessionExtension --conf spark.sql.catalog.spark_catalog=org.apache.spark.sql.delta.catalog.DeltaCatalog’,

Does anyone know why?

Hello pals, Does anybody know a way to allow from ec2 instances the use of PEM files?, this throw an error from the execution of amazon documents about permission denied

Hello everyone I'm having an issue with my pulumi aws credentials it was working yesterday but 4 some reason 2day it refuses to confirm my aws credentials I have created new I am roles Reconfigured it with my aws cli Added It to my pulumi.stack.yaml as config values I even edited them from my .aws.config and .credentials directory in my root user But it still throws a invalid aws credentials wen I run pulumi up

Hey guys, do you know by chance why any operations on SGs take forever? Both deleting and adding

Like, it’s quick in the UI, so is there a flag that I need to pass or something? Does it verify anything in this time?

Hi, could you please someone explain why this code doesn't start the docker container after deployment?

import * as awsx from "@pulumi/awsx/classic"; import * as eks from "@pulumi/eks"; import * as k8s from "@pulumi/kubernetes"; import * as aws from "@pulumi/aws"; const cluster = new eks.Cluster("cluster", { }); // Deploy a serice const appName = "my-app"; const appLabels = { appClass: appName }; const deployment = new k8s.apps.v1.Deployment(

${appName}-dep

, { metadata: { labels: appLabels }, spec: { replicas: 2, selector: { matchLabels: appLabels }, template: { metadata: { labels: appLabels }, spec: { containers: [{ name: appName, image: awsx.ecr.buildAndPushImage("my-custom-nginx-service", "./app").image(), ports: [{ name: "http", containerPort: 80 }], }], } } }, }, { provider: cluster.provider }); const service = new k8s.core.v1.Service(

${appName}-svc

, { metadata: { labels: appLabels }, spec: { type: "LoadBalancer", ports: [{ port: 80, targetPort: 80 }], selector: appLabels, }, }, { provider: cluster.provider }); // Export the cluster's kubeconfig. export const kubeconfig = cluster.kubeconfig; // Publish the URL for the load balanced service. export const appURL = service.status.loadBalancer.ingress[0].hostname;

Is it possible to import awsx resources to a pulumi state? I get this when trying:

awsx:x:ec2:SecurityGroup:x:ec2:IngressSecurityGroupRule:ec2/securityGroupRule:SecurityGroupRule (<resource name>):
    error: Preview failed: provider does not support importing resources; please try updating the 'awsx' plugin

How do I go about updating the host that

awsx.docker.buildAndPushImage()

is using for

docker login

?

error: Error response from daemon: Get "<https://localhost.localstack.cloud:4510/v2/>": dialing localhost.localstack.cloud:4510 static system has no HTTPS proxy: resolving host localhost.localstack.cloud: lookup localhost.localstack.cloud: no such host

Ran into a major issue and I want to know where the best place to file the bug is: • Updated my dependencies of the pulumi SDK and Github Actions • We use Pulumi to manage an EKS Cluster in AWS • Ran GH Actions to refresh cloud state - this worked • GH Actions automated to run an

update

command • Pulumi decided to

recreate

the

aws-auth

ConfigMap in the k8s cluster - this deleted all of the role arn to user mappings and I lost access to the cluster for all users except the role used to create the cluster • Currently (as I’m sure you’re aware) there is no way to automate the

aws-auth

ConfigMap in EKS (per this issue) so it must be manually edited • from the diff besides the clobbering of the manually added arn role mappings, I saw that

metaData.managedFields.0.manager

changed from

"pulumi-resource-kubernetes"

=>

"pulumi-kubernetes"

• not saying this 👆 is the reason for the

recreate

operation but I don’t see anything else atm and this seems related to an upgrade of my dependencies • I can’t find anything in our IaC that manages that ConfigMap so it’s definitely something internal to Pulumi/Kubernetes that is managing it for us

How can I access the execution role and task role of the task definition in an AWSX Fargate service? Prior to 1.0.0 I could do

service.taskDefinition.executionRole!.name

to get the role name for attaching an IAM policy but now I can only access the ARN.

Hey everyone 🙂 I'm trying to create

pulumi_aws.iam.Role

that it's assume_role_policy uses an

output[str]

value in the json.

def _create_iam_role_with_policies(
        self,
        role_name: str,
        policies_arns: list[str],
        client_name: str,
        is_authenticated: bool,
        identity_pool: pulumi_aws.cognito.IdentityPool,
    ):
        role = pulumi_aws.iam.Role(
            resource_name=f"{role_name}",
            name=role_name,
            assume_role_policy=identity_pool.id.apply(
                lambda id: f"""{{
                    "Version": "2012-10-17",
                    "Statement": [
                        {{
                                "Effect": "Allow",
                                "Principal": {{"Federated": "<http://cognito-identity.amazonaws.com|cognito-identity.amazonaws.com>"}},
                                "Action": "sts:AssumeRoleWithWebIdentity",
                                "Condition": {{
                                        "StringEquals": {{
                                                "<http://cognito-identity.amazonaws.com:aud|cognito-identity.amazonaws.com:aud>": "{id}"
                                            }},
                                        "ForAnyValue:StringLike": {{
                                                "<http://cognito-identity.amazonaws.com:amr|cognito-identity.amazonaws.com:amr>": {"authenticated" if is_authenticated else "unauthenticated"}
                                            }}
                                    }}
                            }}
                    ]
                }}"""
            ),
            tags={"client-id": client_name},
            opts=pulumi.ResourceOptions(depends_on=[identity_pool]),
        )

I'm getting an error for an invalid json, I guess that it relates to the usage of an

output[str]

within

assume_role_policy

that uses the identity_pool_id. The error I'm getting is:

aws:iam/role:Role resource 'my_random_name' has a problem: "assume_role_policy" contains an invalid JSON: invalid character 'a' looking for beginning of value. Examine values at 'Role.AssumeRolePolicy'.

Is there a way to use

output[str]

in

assume_role_policy

?

Hi! Does anyone have an example of running a lambda function from an image using python?

Hi, I created a PR, can you please review it? https://github.com/pulumi/pulumi-eks/pull/836

Hi folks, running into a curious issue when trying to create an SQS queue with DLQ.

2 questions both in their own post so threads aren’t crossed

Is there a way to set the Pod Capacity for Nodes in a ManagedNodeGroup through the pulumi API?

What’s the best way to use Pulumi to upgrade the version of k8s running in my EKS Cluster?

Hello, team! I’m very new to Pulumi, so please forgive me my silly questions ☺️. So, I just started building a Pulumi project from the example and it doesn’t work for me for some reason. I’m getting the following error:

aws:apigateway:Deployment (api):
    error: 1 error occurred:
        * Error creating API Gateway Deployment: BadRequestException: The REST API doesn't contain any methods

since this is happening in EKS I thought I’d cross post here since this channel seem more responsive

Keep trying to get this thing up and running, still no luck (((. Now I’m bumping my head into an issue with AWS profile. So, I can’t make Pulumi use specific profile. I have created two profiles with aws cli. Tried using

export AWS_PROFILE=<profile_name>

, tried

pulumi config set aws:profile <profile_name>

with

unset AWS_PROFILE

- no luck at all. Pulumi keeps connecting to the same aws account. It doesn’t event read

region

from the profile, which leads to

Unable to put integration on 'GET' for resource at path '/': Invalid ARN specified in the request

as the region part of the ARN is

undefined

(this was actually hard to debug, had to dig into pulumi source code to figure this out):

arn:aws:apigateway:undefined:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:384316429288:function:f-856d3a1/invocations

PLEAS HELP!!! I’m starting loosing my hope about getting Pulumi on board 😕

Running

pulumi down

on a stack with a VPC and a ipam pool sets the cidr in a failed-provision state and locks the entire thing. I cannot remove it because Pulumi deleted the VPC but the CIDR refuses to deprovision because of this.

Anyone have any ideas why portMappings aren't working on a Fargate task with an application load balancer with the new AWSX? The target group isn't getting any registered targets. I tried what's there and what is commented out. I had this working with AWSX classic.