Good morning, can anyone help me with this error. The resource is actually created but Pulumi never gets confirmation back so it thinks it failed: aws-nativelambdaEventSourceMapping (ds-wc-twp-event-source-map-dev): error: reading resource state: reading resource state: operation error CloudControl: GetResource, exceeded maximum number of attempts, 25, https response error StatusCode: 500, RequestID: ef203b08-2be2-4c5c-bfe3-4556f46dd41b, HandlerInternalFailureException: AWS:Lambda:EventSourceMapping Handler returned status FAILED: null (HandlerErrorCode: InternalFailure, RequestToken: 592d6d07-a173-4cd2-810c-185ed78adc59)

Is there any regression in auto naming of resources? Somehow when I added another component resource into my code, all other resources now requesting replacement. It rly seems to be consistent with all auto named resources. Can anyone confirm if I am hitting any of the issues below? https://github.com/pulumi/pulumi/issues/12378 https://github.com/pulumi/pulumi/issues/12531 @echoing-dinner-19531 or @microscopic-pilot-97530 - Thank you

I’m having some trouble with

aws:assumeRole

. For the most part it works, but I just ran into a situation where pulumi fails to delete a resource, seemingly because it’s trying to do so without the

assumeRole

credentials. I have the following in my stack yaml:

aws:assumeRole:
    roleArn: arn:aws:iam::WORKFLOW_ACCT_ID:role/AWSControlTowerExecution

I run

pulumi up

after assuming a role in the management account on the cli. I have a log statement in my pulumi program that shows that

assumeRole

is in effect and the caller id is for the workflow acount. But it fails to delete a resource, saying the management account id isn’t allowed:

Diagnostics:
  aws:ecr:LifecyclePolicy (axial-stream-repo):
    error: 1 error occurred:
    	* AWS Account ID not allowed: MGT_ACCT_ID

  pulumi:pulumi:Stack (axial-stream-dev):
    current caller identity: arn:aws:sts::WORKFLOW_ACCT_ID:assumed-role/AWSControlTowerExecution/aws-go-sdk-1684286516770199000
    IMAGE_TAG: latest
    error: update failed

When importing a target group I'm getting this error. Any idea what's going on here?

error: anonymous.pp:31,22-32,14: cannot assign expression of type (null) to location of type   list(  { onDeregistration: output(string) | string, onUnhealthy: output(string) | string }
  | output({ onDeregistration: string, onUnhealthy: string }))
| output(list({ onDeregistration: string, onUnhealthy: string }))?: ;

Running command as

pulumi import aws:alb/targetGroup:TargetGroup <name> <arn>

Hi.. I am using nginx ingress controller in eks cluster and now I want to attach waf to it. how can I do it? Because in resource arn it is not accepting arn of my elb I am retrieving from ingress. Can anyone help me with this? I am doing it with pulumi-typescript.

When using a custom state backend, what IAM policies for S3 are required by Pulumi?

Running into the following error with EKS. Has anyone seen something similar? (I'm from Pinecone).

aws:eks:NodeGroup eks-[cluster]-index-spots-mz-0 created (119s)
    pulumi:pulumi:Stack aws-[cluster]-us-west-2 **failed** 5 errors
    eks:index:ManagedNodeGroup eks-[cluster]-index-spots-mz-0

Diagnostics:
  pulumi:pulumi:Stack (aws-[cluster]):
    error: Program failed with an unhandled exception:
    Traceback (most recent call last):
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/runtime/resource.py", line 602, in do_rpc_call
        return monitor.RegisterResource(req)
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/grpc/_channel.py", line 1030, in __call__
        return _end_unary_response_blocking(state, call, False, None)
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/grpc/_channel.py", line 910, in _end_unary_response_blocking
        raise _InactiveRpcError(state)  # pytype: disable=not-instantiable
    grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
    	status = StatusCode.UNKNOWN
    	details = "Cannot read properties of undefined (reading 'map')"
    	debug_error_string = "UNKNOWN:Error received from peer  {grpc_message:"Cannot read properties of undefined (reading \'map\')", grpc_status:2, created_time:"2023-05-18T00:39:30.364908383+00:00"}"
    >

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/home/runner/actions-runner/_work/_tool/pulumi/3.60.0/x64/pulumi-language-python-exec", line 197, in <module>
        loop.run_until_complete(coro)
      File "/home/runner/actions-runner/_work/_tool/Python/3.7.12/x64/lib/python3.7/asyncio/base_events.py", line 587, in run_until_complete
        return future.result()
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/runtime/stack.py", line 126, in run_in_stack
        await run_pulumi_func(lambda: Stack(func))
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/runtime/stack.py", line 51, in run_pulumi_func
        await wait_for_rpcs()
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/runtime/stack.py", line 110, in wait_for_rpcs
        raise exception
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/runtime/rpc_manager.py", line 68, in rpc_wrapper
        result = await rpc
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/output.py", line 98, in is_value_known
        return await is_known and not contains_unknowns(await future)
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/output.py", line 98, in is_value_known
        return await is_known and not contains_unknowns(await future)
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/output.py", line 98, in is_value_known
        return await is_known and not contains_unknowns(await future)
      [Previous line repeated 19 more times]
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/runtime/resource.py", line 607, in do_register
        resp = await asyncio.get_event_loop().run_in_executor(None, do_rpc_call)
      File "/home/runner/actions-runner/_work/_tool/Python/3.7.12/x64/lib/python3.7/concurrent/futures/thread.py", line 57, in run
        result = self.fn(*self.args, **self.kwargs)
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/runtime/resource.py", line 604, in do_rpc_call
        handle_grpc_error(exn)
      File "/home/runner/actions-runner/_work/iac/iac/pulumi/aws/venv/lib/python3.7/site-packages/pulumi/runtime/settings.py", line 276, in handle_grpc_error
        raise grpc_error_to_exception(exn)
    Exception: Cannot read properties of undefined (reading 'map')
    error: TypeError: Cannot read properties of undefined (reading 'map')
        at /snapshot/eks/bin/nodegroup.js:894:32
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:257:35
        at Generator.next (<anonymous>)
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:21:71
        at new Promise (<anonymous>)
        at __awaiter (/snapshot/eks/node_modules/@pulumi/pulumi/output.js:17:12)
        at applyHelperAsync (/snapshot/eks/node_modules/@pulumi/pulumi/output.js:236:12)
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:190:65
        at processTicksAndRejections (node:internal/process/task_queues:95:5)
    error: TypeError: Cannot read properties of undefined (reading 'map')
        at /snapshot/eks/bin/nodegroup.js:894:32
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:257:35
        at Generator.next (<anonymous>)
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:21:71
        at new Promise (<anonymous>)
        at __awaiter (/snapshot/eks/node_modules/@pulumi/pulumi/output.js:17:12)
        at applyHelperAsync (/snapshot/eks/node_modules/@pulumi/pulumi/output.js:236:12)
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:190:65
        at processTicksAndRejections (node:internal/process/task_queues:95:5)
    error: TypeError: Cannot read properties of undefined (reading 'map')
        at /snapshot/eks/bin/nodegroup.js:894:32
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:257:35
        at Generator.next (<anonymous>)
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:21:71
        at new Promise (<anonymous>)
        at __awaiter (/snapshot/eks/node_modules/@pulumi/pulumi/output.js:17:12)
        at applyHelperAsync (/snapshot/eks/node_modules/@pulumi/pulumi/output.js:236:12)
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:190:65
        at processTicksAndRejections (node:internal/process/task_queues:95:5)
    error: TypeError: Cannot read properties of undefined (reading 'map')
        at /snapshot/eks/bin/nodegroup.js:894:32
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:257:35
        at Generator.next (<anonymous>)
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:21:71
        at new Promise (<anonymous>)
        at __awaiter (/snapshot/eks/node_modules/@pulumi/pulumi/output.js:17:12)
        at applyHelperAsync (/snapshot/eks/node_modules/@pulumi/pulumi/output.js:236:12)
        at /snapshot/eks/node_modules/@pulumi/pulumi/output.js:190:65
        at processTicksAndRejections (node:internal/process/task_queues:95:5)

Hi guys! I've been working on a Airflow stack in ECS for my company, and there is a step I don't know the best strategy to implement it. There is some dependency between some ECS containers going up when i'm doing a database migration that runs with a

airflow db upgrade

, but I need to run this command once some scripts stopped running inside the ECS containers, so this I have to watch for this containers to be ready after being replaced, and then run the command. What's the best strategy in this case to run a script inside a container after a task definition in ECS and it's container/task is replaced AND a process inside it's container already finished?

Hi guys, I am not sure if this is a bug or not, but I find it strange. • pulumi with golang • deploy lambda with versioning enabled set reservedConcurrency to -1 • add alias • create provisioned concurrency for the alias without routing / weight • add as scalable target and add autoscaling policy when do update with pre existing version it returned with

Diagnostics:
 aws:lambda:ProvisionedConcurrencyConfig (lambda-provisioned-concurrency):
  error: 1 error occurred:
  	* updating urn:pulumi:dev::lambda::aws:lambda/provisionedConcurrencyConfig:ProvisionedConcurrencyConfig::lambda-provisioned-concurrency: 1 error occurred:
  	* updating Lambda Provisioned Concurrency Config (lambda-handler-dev:live): InvalidParameterValueException: Alias with weights can not be used with Provisioned Concurrency
  {
   RespMetadata: {
    StatusCode: 400,
    RequestID: "69dfe9f6-7991-4f9e-8ce1-aae34e8ba629"
   },
   Message_: "Alias with weights can not be used with Provisioned Concurrency",
   Type: "User"
  }

 pulumi:pulumi:Stack (lambda-dev):
  error: update failed

although if given sometime, when I check at the console, the update actually went tru.

is it possible to generate code from import using an explicit provider? i have resources in another region i would like to import. i created an explicit aws provider for a different region, and am able to import the resource. however, i get an

undefined variable

error when the import is trying to generate the code.

Does anyone have a component resource with S3 bucket pre-configured to receive logs? Something similar to: https://github.com/cloudposse/terraform-aws-s3-log-storage

Hi, I’m trying to upgrade my Neptune DB engine version, But I have this error:

Failed to modify Neptune Cluster (xxxxxx): InvalidParameterCombination: The current DB instance parameter group xxxxinstanceparametergroupxxxxx is custom. You must explicitly specify a new DB instance parameter group, either default or custom, for the engine version upgrade.
	status code: 400, request id: ba8c9fb9-a3bc-43a5-bca9-20324bca10c3

I specified the parameter group explicitly, so I don’t understand what I am missing What am I doing wrong? Thanks

Is there an approach to automatically run a CloudFront cache invalidation after an S3 object in its origin changes via BucketObject?

How do you handle circular dependencies in Pulumi ? I have an

apigatewayv2.Authorizer

which is used in an

apigatewayv2.Route

, but when I delete the stack it wants to delete the Authorizer first (which makes sense), and I get this error:

* deleting API Gateway v2 authorizer: ConflictException: Cannot delete authorizer 'authorizer-bar', is referenced in route: $connect

So basically I’m kinda stuck with this loop : Authorizer -> Route -> Authorizer (Even though it technically depends on the Authorizer in order to be created, I need to delete the Route before deleting the Authorizer)

Pulumi update suddenly giving weird plugin error without any code automation change

failed to discover plugin requirements: calling `python -m pip list -v --format json`: exit status 1

Hmm, i have 2 pulumi deployed EKS clusters, one in the japan and one in the singapore region where i can no longer run updates error: Error: Cannot retrieve the certificate fingerprint at the issuer URL: https://oidc.eks.ap-northeast-3.amazonaws.com at /Users/roderik/Development/bpaas/node_modules/.pnpm/@pulumi+eks@1.0.2_@swc+core@1.3.59_@types+node@18.16.14/node_modules/@pulumi/cert-thumprint.ts12711 at Generator.throw (<anonymous>) at rejected (/Users/roderik/Development/bpaas/node_modules/.pnpm/@pulumi+eks@1.0.2_@swc+core@1.3.59_@types+node@18.16.14/node_modules/@pulumi/eks/cert-thumprint.js1965) at processTicksAndRejections (nodeinternal/process/task queues95:5) the same cluster code (different stacks) in other regions still works and updates. So clearly a south east asia problem. Anyone have an idea?

Hello Team, Good morning. I am having a bit of challenge executing this task. I would appreciate any help. I have two AWS accounts, for production and dev environments. I have a domain (example.com) in Route53 of the production account. However, I want to create a new stack and deploy to the dev environment. If the stack name is testing, it should create a record in the production environment as testing.example.com, and then create a hosted zone in the dev account.

Hello all. I am trying to deploy a lambda (A) and inside that lambda invoke another already existing lambda (B). When I invoke A, and check A's logs, it tells me that the user used to deploy the lambdas (as in the Pulumi provider) is not authorized to perform: lambda:InvokeFunction on resource: B. I am wondering why it is trying to use the Pulumi user to invoke B instead of the role that it has configured already on A. No permissions that I add on A's role seem to do anything. The lambda seems determined to try and use the Pulumi provider user to invoke. Anyone encounter this?

aws:rds:Instance (<name>):
    warning: One or more imported inputs failed to validate. This is almost certainly a bug in the `aws` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
    warning: aws:rds/instance:Instance resource '<name>' has a problem: Conflicting configuration arguments: "db_name": conflicts with name. Examine values at 'Instance.DbName'.
    warning: aws:rds/instance:Instance resource '<name>' has a problem: Conflicting configuration arguments: "name": conflicts with db_name. Examine values at 'Instance.Name'.

on importing an RDS instance, any ideas?

Hello all, I’m trying to deploy a k8s cluster using the AWS env vars set of my root account pulumi bucket but have

aws:profile

to our test sub aws account. If I deploy w/o the profile to the creds within env vars it works but I’m getting authorisation failed from k8s errors within the GitHub action I’m running, the other AWS specific stacks are deploying correctly but stops at k8s. Any advice? I’m seeing this a lot within github issues but not really a suitable solution. Errors within thread.

Using awsx (crosswalk) with Yaml - can anyone tell me, what happens when you need to adjust properties of the underlying resource? Any plans to make this possible in yaml? E.g. in an ECS repository, I want to set

properties:
      forceDelete: true

but the https://www.pulumi.com/registry/packages/awsx/api-docs/ecr/repository/#repository_yaml doesn't have this input property...

Hi friends, i’m experiencing a state diff with the aws.RouteTable resource - I’m using a transit_gateway_id=tgw_id with aws.Route to define the route attached to a RouteTable with no routes declared during table creation. I have a feeling this relates to the aws.Route resource modifying the aws.RouteTable resource (its routes) and not notifying it. Feels like RouteTable needs to support a mode where it ignores route changes because they are managed externally, but still monitors all other properties?

Hello All. Please, I need assistance on this task. I have two AWS accounts, for production and dev environments. I have a domain (example.com) in Route53 of the production account. However, I want to create a new stack and deploy to the dev environment. If the stack name is testing, it should create a record in the production environment as testing.example.com, and then create a hosted zone in the dev account. In other words, the parent domain is inside the Production account (example.com). And under that domain, a subdomain, a subdomain was created (dev.example.com), where dev is the stack name. That subdomain (dev.example.com) has now be used as a hosted zone in the Dev account. Now what I want to achieve is the use of ephemeral environments. So now, when I create a name stack, say testing, it should have that record registered on the production account as (testing.example.com), and a hosted zone on the Dev account.

Hello everyone. I have some resources especially task Definitions that I have manually deleted on my aws ecs console page. Now that I’m trying to destroy all resources (

pulumi destroy -s <my-stack>

), I can’t get them destroyed as it can’t successfully delete those resources that I’ve manually deleted on the aws console. I also tried to delete the stack entirely (

pulumi stack rm <my-stack>

), and it’s the same error I’m getting. Please see image below for more info:

Hi everyone, dumb question here. everytime I run

up

on a stack with a cloudfront distribution pulumi want to updtate the egag & lastModifiedTime. I can't find a way to ignore this. Am I missing something? Here is a screen shot of the issue I am trying to resovle/ignore

hi all - question about .env files, I want to store a .env in secrets manager, and pass it to a docker container task definition a bit confused on what is the 'type' as the type definitons in TypeScript dont give me the available options.. maybe its not possible?

environmentFiles: [{
                value: "some arn value",
                type: "?? what goes here",
            }]

nevermind got it.. only supports s3 and i dont want to store my env file there lol

Hello all. Please how do I create subnets with valid cidrBlock values? Is there a way to auto generate cidrblock values from the vpc’s cidrblock?

Hello all. Please, anyone here familiar with ephemeral environments?

Hey all, I'm trying to use an S3 bucket name from one stack to another and keep getting

Calling __str__ on an Output[T] is not supported.
    To get the value of an Output[T] as an Output[str] consider:
    1. o.apply(lambda v: f"prefix{v}suffix")
    See <https://pulumi.io/help/outputs> for more details.
    This function may throw in a future version of Pulumi.

Ref stack does a bucketV2

pulumi.export("bucket", bucket.id)

With the following used in the stack using it

bucket = core_stack_ref.get_output("bucket")

It does not want to work and I cannot help but feel I'm missing something. ANy idea?