Is there any way to get the "real" error messages from AWS when doing a Pulumi update? You don't get the detailed error message from AWS and you have to wait for the CloudTrail event to see the underlying cause of the error, e.g., exact IAM issue.

What is the basic difference between .aws and .awsx apis?

Hey all, how do I share\export resources from pulumi to cloudformation? I have a couple of lambda functions built with serverless framework, where resources are created with cloudformation templates. I also have a couple of Fargate services behind ALB – this part is handled by pulumi. I want to reference alb listener arn in serverless template. What would be the sane way of doing it?

Does anyone else struggle with the

sourceCodeHash

of AWS Lambda ? Earlier I posted a Python function that replicates the

filebase64sha256

function of Terraform so that I can use the

sourceCodeHash

to know if my Lambda (or its Layer) actually needs to be updated by Pulumi or not Today, I realised that my weeks of struggling are due to zip files being undeterministic : if you zip the same file twice you'll have 2 checksums 😞 Making a zip deterministic is difficult due to the metadata included in it, so I found that the only way to make a zip archive checksum is to sum the CRC or each file, and I made a function that does exactly that (called it

zipbase64sha256

) Unfortunaly, every time I used my function to populate

sourceCodeHash

, I realize that my checksum gets written over by Pulumi (which I suspect uses the regular, non-deterministic,

filebase64sha256

of Terraform) How should I go about making a deterministic checksum so that if I build my archive again with the same content, Pulumi doesn't nag me to upload it to AWS Lambda ?

Any suggestion on how I can specify node runtime when declaring an endpoint? Here is the sample code I have to work with. Whenever pulumi creates the resource it appears to be using Node 8 and I need to specify Node 10.

const endpoint = new awsx.apigateway.API("mapboxQuery", {
  routes: [
    {
      path: "/",
      method: "GET",
      eventHandler: (request, ctx, cb) => {
        const AWS = require("aws-sdk");
        const ddb = new AWS.DynamoDB.DocumentClient({
          apiVersion: "2012-10-08"
        });
        const tableName = assetTable.name.value;
        const params = {
          TableName: tableName
        };
        <!-- code -->
      }
    }
  ],
  stageName: "dev"
});

I just get this in the output:

handler                     : "__index.handler"
            memorySize                  : 128
            name                        : "mapboxQuery4c238266-c28e6f7"
            publish                     : false
            reservedConcurrentExecutions: -1
            role                        : output<string>
            runtime                     : "nodejs8.10"
            timeout                     : 180

I’m using pulumi, and I’d like to start leveraging the S3 cloud login capabilities. However, our local S3 cloud requires that we provide an --enpoint-url to specify our in-house servers. For example, this is how I would list the contents of a directory:

aws --endpoint-url=<http://internalserver.com> s3 ls --profile internal-profile

Can I configure pulumi in such a way that I can leverage an --endpoint-url override for logging in and storing our stacks?

I'm trying to run the example https://www.pulumi.com/docs/tutorials/aws/ecs-fargate/ ibut i'm getting this error.. error: Got permission denied while trying to connect to the Docker daemon socket at unix///var/run/docker.sock Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/version: dial unix /var/run/docker.sock: connect: permission denied error: Error: No 'docker' command available on PATH: Please install to use container 'build' mode. what did I miss??

does Pulumi support S3 client side encryption with custom key? Same question for Azure storage.

Does anyone have an example of creating alarms for CloudWatch Metrics that use metric math? I see the

metricQueries

option when creating an alarm from an existing metric, but I'm not finding much documentation. Thanks in advance!

Is there any examples on how to modify main route table after VPC creation? Like, changing tags.

is there Python docs for this page? https://www.pulumi.com/docs/tutorials/aws/ecs-fargate/ same as te getting started guide for all langughes?

Hi! Does anyone know how to set up minimum and maximum capacity units for aurora serverless?

hi everyone, I created a vpc with awsx.ec2.Vpc and I let it create the subnets for me. I now need to add some tags to those subnets. Is importing the subnets the way to go for this? Been trying to get that to work, but not there yet, but would like to know I'm on the right track.

is there a way to specify a spot price for an eks managed node group? i don't see anything in the docs i don't think.

@here I'm using the awsx.apigateway.Api class and the RestApiArgs of description and policy aren't getting applied. I can see them set in the pulumi output but the final resources show them as blank. Any hints on what I'm doing wrong?

How can I circumvent the CharacterStringTooLong for a DKIM DNS record in Pulumi? If I split the string, Pulumi adds a newline between what is now 2 records. It also sorts alphabetically. https://aws.amazon.com/premiumsupport/knowledge-center/route53-resolve-dkim-text-record-error/

Running an update to add a path to a healthCheck I hit the following.

Diagnostics:
  aws:lb:TargetGroup (api-tg1):
    error: deleting urn:pulumi:api-server::api-server::aws:lb/targetGroup:TargetGroup::api-tg1: Error deleting Target Group: ResourceInUse: Target group 'arn:aws:elasticloadbalancing:us-west-2:353450002364:targetgroup/api-tg1-2bf40c6/0382bcb6f8b3b67e' is currently in use by a listener or a rule

Is there a right way to pause a listener or rule so its not in use?

@here Great new blog post from Pulumi. One comment, it's missing the code for the isTaggable function. Can you post that? https://www.pulumi.com/blog/automatically-enforcing-aws-resource-tagging-policies/

can I invoke lambda function in same script during stack update right after it was deployed?

Anyone?

hey all, is there any way to work around this issue with Pulumi? https://github.com/terraform-providers/terraform-provider-aws/issues/55 We have some CloudFormation stacks we deploy w/ Pulumi, and

pulumi up

always shows the secret fields as needing an update even when unchanged

Can someone help me understand what's going wrong with the following stack?

"use strict";

const aws = require("@pulumi/aws");
const awsx = require("@pulumi/awsx");

const projet = "ecs-ec2";

const vpc = new awsx.ec2.Vpc(projet);
const cluster = new awsx.ecs.Cluster(projet, { vpc });

const asg = cluster.createAutoScalingGroup("custom", {
    templateParameters: { minSize: 2 },
    launchConfigurationArgs: { instanceType: "t3.medium" },
});

const nlb = new <http://awsx.lb|awsx.lb>.NetworkLoadBalancer("nlb", { vpc, external: true });
const listener = nlb.createListener("listener", { port: 80 });

const ec2Service = new awsx.ecs.FargateService("ec2-nginx", {
    cluster,
    desiredCount: 2,
    taskDefinitionArgs: {
        containers: {
            nginx: {
                image: "nginx",
                memory: 128,
                portMappings: [listener],
            },
        },
    },
});


exports.endpoint = listener.endpoint.hostname;

Tried it 3 times, Twice in us-east-2. Once in us-east-1. Tried with t2.medium and t3.medium as well. It always fails with following message:

Diagnostics:
  aws:cloudformation:Stack (custom):
    error: 1 error occurred:
        * creating urn:pulumi:prod::aws-ecs-ec2::awsx:x:ecs:Cluster$awsx:x:autoscaling:AutoScalingGroup$aws:cloudformation/stack:Stack::custom: ROLLBACK_COMPLETE: ["The following resource(s) failed to create: [Instances]. . Rollback requested by user." "Received 0 SUCCESS signal(s) out of 2.  Unable to satisfy 100% MinSuccessfulInstancesPercent requirement"]
 
  pulumi:pulumi:Stack (aws-ecs-ec2-prod):
    error: update failed

Most of it is taken from here: https://github.com/pulumi/pulumi-awsx/tree/master/nodejs/awsx/ecs Thanks

Hey guys,

I am trying to set up AWS Fargate using Pulumi with a simple flask python app where Dockerfile exposes port 8000, now in the example I could see tht port 80 is mapped in load balancer and later on in taskDefinitionArgs, but how to point it to 8000? I tried this, but doesnt work

// Step 4: Create a Fargate service task that can scale out.

const appService = new awsx.ecs.FargateService("app-svc", {

cluster,

taskDefinitionArgs: {

container: {

image: img,

cpu: 102 /*10% of 1024*/,

memory: 50 /*MB*/,

portMappings: [{ containerPort: 8000, }],

},

},

desiredCount: 5,

});

If your network mode is in awsvpc mode for Fargate the Host port must equal the container port, therefore you need to create a target group on 8000 then pt the load balancer

i'm using eks and noticing that my worker nodes are being assigned public IP addresses even though my cluster was created with nodeAssociatePublicIpAddress: false. (typescript) I'm using my own node groups. It looks like the oldest few instances do not have IPs, but all the relatively recent ones (maybe 2 weeks?) have public IPs. Is there any other place I should be looking for a config that was switched other than the cluster config?

Hello guys, is there any good example of setting up EMR HBase using Pulumi?

From the doc

// Create a VPC for our cluster.
const vpc = new awsx.ec2.Vpc("my-vpc");
const allVpcSubnets = vpc.privateSubnetIds.concat(vpc.publicSubnetIds);

awsx.ec2.Vpc

is expecting a second args so this will not work

vpc.privateSubnetIds

is a promise and you can’t concat Promises. What is going on? Is this doc outdated?

Are there any examples that show setting up a working ses (Simple Email Service) service?