IIRC this is why Terraform has separate

aws_security_group_rule

resources as well as the nested ones, and there is a storied history about those bits. Is this something others are commonly seeing?

Hmm, attempting to fix it by manual delete and refresh gives me an interesting state too:

Permalink: <https://app.pulumi.com/jen20/vault-dev/updates/45>
error: post-step event returned an error: failed to save snapshot: after mutation of snapshot: resource urn:pulumi:vault-dev::pulumi-vault-test::operator-error:aws:vault:BastionHost::algo-vault-bastion-host's dependency urn:pulumi:vault-dev::pulumi-vault-test::operator-error:aws:vault:VaultServers$aws:ec2/securityGroup:SecurityGroup::algo-vault-server-sg comes after it

Then did a stack export, removed the offending security group, imported (success), but then got a panic on the next refresh:

Hi! Probably a dumb question. Is there a way to pass the AWS_PROFILE to use as a parameter to

pulumi update

? The guide talks about setting is as an ENV but is quite annoying to have to change the ENV manually while jumping between different projects. Any tips? ^^

I believe there was something just merged that would allow you set provider config in code, but I’m not sure whether it’s hit a release yet. Right now I think you have to have AWS_PROFILE set in the environment

Setting if in the config yml is what I was just trying 😛 well i’m gonna use the env for now. thanks ^^

You should be able to do

pulumi config set aws:profile production

to set the profile to use via Pulumi config. This will take priority over anything from the environment.

Is there a good example of using the function capture and serialization with a plain

aws.lambda.Function

resource?

New bloggage from @colossal-beach-47527 https://twitter.com/PulumiCorp/status/1027696618680791042

I've hit the same issue as described by https://github.com/pulumi/pulumi-cloud/issues/145#issuecomment-341567911

I'm using cloud-aws to create a Service on fargate, but the task requires access to KMS

I've created the necessary policy, but there appears to be no way to add it to the task/service

I'm wondering if there's a work around possible, or if I should +1 the issue

is it possible to generate a random property in pulumi code and reuse it somehow on the next deploy instead of randomly generating it again?

@important-jackal-88836 in situations like that, I usually just embed the stack’s name. (e.g.

pulumi.getStackName()

IIRC.) That is a stable value that will remain constant across deployments. If that doesn’t work, you could specify a random number generator seed in your Pulumi config.

@bitter-oil-46081 has done some clever work on this recently.

Let me show you some code, @important-jackal-88836.

sweet

you should npm that

I think it may be exported from

@ellismg/pulumi-github-webhooks

? maybe import {RandomResource} from "@ellismg/pulumi-github-webhooks/random" works.

man my IAC is lookin so slick

if i've got a TypeScript cloud.Function, what's the best way to do a promises-friendly http POST?

Is there any good way to add new resources created by pulumi to existing resources that are managed in other ways? As a concrete example, say I wanted to add an allow rule for a new subnet I've created to an existing security group for an RDS database

can you "fetch" resources without pulumi trying to create them?

The resource classes all have a "get" method, I think it's designed for this use case but not totally clear what's expected for the ID: https://pulumi.io/reference/pkg/nodejs/@pulumi/aws/rds/#method-get-7

Yes - there’s generally three options: 1. Just take the ARN or id of the external resource and pass it directly. 2. Use .get static methods on reaources to populate a full resource object based on an id, in case other properties of the object are needed. 3. Use the .getXYZ functions on modules like

aws.ec2

to find information about resources via more free form calls to the underlying provider. For example https://pulumi.io/reference/pkg/nodejs/@pulumi/aws/ec2/#getSecurityGroups