but if you make the right way the easy path (especially if you provide a lot of utility for dealing with the tediousness that is AWS), then you'll get better developer buy-in

(see also: devops the culture, all software has ux)

so, for example, I wrote https://github.com/dingbots/deplumi to deal with a lot of messy details around lambda, everything from building packages to generating IAM roles to setting up a lambda function as a webservice

I'm trying to unpack your question here, @hallowed-raincoat-3555 and I think there may be some confusion on my end about what you are after. I'm assuming that you've read https://www.pulumi.com/docs/reference/organizing-stacks-projects/, because you're using a bunch of the words we have on that page to explain things. There's a difference here between "stacks" which are logically correspond to a deployed instance of a Pulumi program and what you seem to be asking for. Your request to be able to create libraries that make things easier for your devs to build infrastructure which is to be deployed is sort of orthogonal to how you name these deployments. The message above about using ComponentResources to wrap up best practices is correct, but these aren't really tied to the way that you organize and name the actual deployments of you infrastructure into stacks.

@bitter-oil-46081 or anyone else, what approach would you recommend to break a relatively long project into modules (I.E.: a module for networking, one for db, one for functions… and so on)?

How can I use the ouput of a custom resource, as a string in a policy? - CustomResource outputs endpoint - Need to use that output as such:

url="${customResource.endpoint}"

Hi, I'm stuck using getResource on a Helm chart to get the loadBalancer hostname of a nginx k8s service. I'm running

const hostname = nginx.getResource("v1/Service", ns, "nginx-ingress-controller").status.apply(s => s.loadBalancer.ingress[0].hostname);

but I get

TypeError: Cannot read property 'loadBalancer' of undefined

The service definitely has these fields:

status:
  loadBalancer:
    ingress:
    - hostname: <http://a1abdb135b2cb11e9afc60e430b1c1d1-ee9745e779b8c1b8.elb.us-east-1.amazonaws.com|a1abdb135b2cb11e9afc60e430b1c1d1-ee9745e779b8c1b8.elb.us-east-1.amazonaws.com>

and nginx is the Helm chart and has type: Chart

easy question for you guys...how do you create a new project via CLI with a different Owner?

Where’s the best place to add a change request for the

awsx.Vpc

resource? (IMO, it should create AWS service endpoints for private subnets, since routing all S3 traffic through a NAT is probably not what most people have in mind).

Is there a document somewhere with details about Pulumi's REST api? Specifically, I'd like to list all stack tags (key/values) for stacks in a given project.

quick way to get an

aws.iam.Role

object back if you have the role name?

aws.iam.GetRole

seems to return attributes of the role but not the role itself which is what a K8s cluster constructor wants

this is due to building a stack that creates all the IAM roles including the cluster role, rather export the role names or ARNs and not entire role objects (if that’s even a thing)

Will it accept the Role ARN?

nope

that smells like a bug with the k8s provider (as an external user that doesn't mess with k8s much)

oh, it's declared as only accepting a real

Role

but that doesn't mean it's true

(JavaScript and Python have something in the common--the type declarations are more suggestions than fact)

hard-coded an ARN - doesn’t like it

that sounds like a deficiency in the provider, and you should probably file an issue on github

(there's probably an argument to be made that if you're predefining roles, they're probably not as reduced as they could be, but i don't feel like arguing opinions and best practices)

what do you mean by “as reduced as they could be”

i.e. not implementing something like kiam?

ideally, every computation resource should have exactly as much access as it needs to do its job, and no more

just attempting to pass info between stacks at this point

and passing a promise like a role object seems problematic or impossible