@crooked-jelly-50877 you could try using Visual Studio Code Remote Containers (https://code.visualstudio.com/docs/remote/containers) That's what I'm using on Windows for a consistent Ubuntu environment and it's been great

hi all, just looking for some guidance on how to manage pure pulumi packages through CI/CD. We have a handful of Pulumi packages (typescript) that contain just infrastructure and no application code, the best example of this is our AWS VPC. What I was thinking was having this code built and published to our private NPM registry during the CI process. Once it comes to deployment, that module will be downloaded and

pulumi up

will be run from the root. this feels kind of funny though… what do you guys think and/or how are you managing Pulumi packages between CI and CD?

Hey all, is there anything special I need to do to get the Pulumi GitHub app to comment on a PR? I can successfully run pulumi in an action and i have the Pulumi GitHub app installed but I cannot seem to figure out how to get it to comment on a pull request.

is there a way to ping versions when using this approach? @stocky-spoon-28903 @broad-dog-22463

curl -fsSL

<https://get.pulumi.com/>

| bash

@glamorous-waitress-51149 Ping?

sorry, pin

just had a look and might be able to use ``curl -fsSL`

<https://get.pulumi.com/>

`| bash --version 1.2.3``

Is there a prescribed way for running custom (local) logic after provisioning resources with Pulumi, or is this what custom hooks aim to address? https://github.com/pulumi/pulumi/issues/1691. Scenario (which only applies to development examples for me at this point): Provision an Application Insights instance in Azure and set a local user secret with the resulting Instrumentation Key. In my case, I'm using dotnet user secrets (though this question isn't specific to dotnet). I've done something similar with a Terraform local provisioner: https://github.com/ndonze/CentralizedApplicationLogging/blob/master/Terraform/main.tf

Hi can anyone explain when I use an f-string with python in pulumi I get:

:<pulumi.output.Output object at 0x000001854EFF2F88>

config: "arn:aws:logs:eu-west-2:12345678:log-group:<pulumi.output.Output object at 0x000001854EFD6C48>:log-stream:<pulumi.output.Output object at 0x000001854EFF2F88>"

Hi All. Does Pulumi support assumed roles with AWS? Also, does it support using the same cache that the AWS cli does? For example with the cli, I specify a profile with the assumed role in, that then prompts for my MFA and it caches the credentials (including session token) returned in a json file under ~./aws/cache/cli/*.json. Just trying to understand the expected workflow for using Pulumi. Thanks.

Will the Pulumi team be at next weeks Kubecon in SD?

has anyone had issues with pulumi preview/up in the last week just hanging? We spotted it 7 days ago and initially thought it was our CI server but it’s not that and we think its pulumi

Hey all, I'm evaluating Pulumi, and I'm trying to find if they have any security certifications (e.g. ISO27001/SOC2). I couldn't find any on the website (https://www.pulumi.com/security/)

I am new to Pulumi and I am trying to figure out how to convert

Output<string>

to a

string

in TypeScript. My code looks something like:

const config = new pulumi.Config();
const ddAPIKey = config.requireSecret("my-api-key");

const envVars = [
    { name: 'ECS_FARGATE', value: 'true' },
    { name: 'DD_API_KEY', value: ddAPIKey.apply(dd => dd) }
];

It seems simple enough to create an IAM policy in Pulumi (a policy to attach to an IAM User/Group/Role), but I'm finding it difficult to create a resource policy (a policy to attach to an AWS resource external to IAM, e.g., a KMS CMK).

Good day! Does one of you happen to know, how I can retrieve my

access token

? It is needed for the

pulumi login

command

A question, with the azure devops extension, this requires an Azure subscription (it's a property on the extension). Does this extension only support Azure resources? I want to build AWS resources through Azure DevOps.

launching production :)

What's the best way to do the following cloudformation replacement:

!Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter${SsmParameterPrefix}*"

where ${AWS::*} are standard cloudformation values replaced at runtime by the current region/account id and ${SsmParameterPrefix} is a passed in value as a parameter.

Does the Azure Blob Storage backend support Shared Access Signature (SAS) tokens instead of Access Keys? I've had success running Pulumi against an Azure Storage backend by supplying an Access Key via the

AZURE_STORAGE_KEY

environment variable, but I haven't had success supplying an SAS token. Looking for something similar to Terraform's

sas_token

support: https://www.terraform.io/docs/backends/types/azurerm.html#sas_token

For folks interested in such things - there's some discussion around yesterday's Pulumi Kubernetes announcements ongoing right now on the front page of HN. These tend to be a great source of new eyes on the project, and some of the best insights and feedback on the project come from all of you in this community who are actively using Pulumi. https://news.ycombinator.com/item?id=21546099

I would think that this would work:

const
        opts = {provider: provider},
        callerId = aws.getCallerIdentity(opts),
        region = aws.getRegion({}, opts)

where provider is

new aws.Provider('myprovider', {profile: profile, region: region})

but they return

unable to discover AWS AccessKeyID and/or SecretAccessKey

has anyone created an ECS service that uses a docker image from a private registry before? I’m struggling to find where/how to define the

repositoryCredentials

property mentioned in the AWS docs (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html). I’m currently using the

FargateService

resource from AWS Crosswalk, but can’t find any reference to the

repositoryCredentials

property in the Pulumi docs for Crosswalk, nor in the source code.

Has anyone had any success integrating Pulumi with the Serverless Framework ? I think these two would be very powerful together but I don't know exactly how to integrate them. Ideally, Pulumi should do the heavy lifting while Serverless does the packaging of FaaS and the WSGI for web frameworks

Re-posting from above, does anyone know how the Pulumi GitHub app is triggered? I am using GitHub actions and it only seems to get triggered on a merge and I can't seem to get it to comment on the PR. I think I am just configuring something incorrectly but can't figure out what.

Hm just a general question, pulumi logs is marked as [PREVIEW] in the CLI docs. Does this mean it's in a testing state/not prod ready? I ask because I launched a simple s3 bucket with magic inline lambda (with console logs) to test pulumi. After pulumi up, the resources are up, and I see the console.log in cloudwatch logs (amazing!). However pulumi logs doesn't appear to be collecting the logs at all (either with -f or pulumi logs).

What is the recommended way to consume external resources (git repositories) as part of the deployment process? I am setting up a Serverless app on AWS with a static site hosted on S3. The lambdas and static site are hosted on individual repositories, and I am looking for ways to have a seamless integration between Pulumi handling the infrastructure and the deployment of those external contents. In addition, I am also looking to somehow have a continuous delivery from each lambda and static site repositories when commits are made to master. • Has anyone dealt with this already? • Are there any pitfalls to avoid? • Any reading material? Thank you

Hi Folks. How to assign the Azure directory Role to Service Principle? I try to find around the source code. But there is no sample available?

Hello Pulumi Team! I was awarded a swag hoodie in February, but it was never in my size (XXL) - checked back every few weeks. Now my link shows "This giveaway is not currently running." 😢

Hey guys, trying to set up a RDS mysql resource that requires me loading a previous backup. does pulumi have an option to do local exec like terraform or something similar?