i answered in some slack threads, but will reiterate here: the 403 error is coming from the AWS API, so it's related to something there. I suspect there are issues related to how you've authenticated to AWS AWS has an article on 403 errors when dealing with S3 buckets: https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/ there's also a stack overflow answer here: https://stackoverflow.com/questions/26691286/amazon-s3-bucket-returning-403-forbidden

I'm good, I grabbed someone with AWS experience and I missed some permissions in the s3 policy

Thanks @billowy-army-68599, I missed your response but you were correct. Much appreciated

Hi folks, in about an hour we're going to be running a webinar on Azure Infrastructure as Software with TypeScript, hosted by Matt Stratton, one of our Developer Advocates. You can join for free here: https://www.bigmarker.com/pulumi/Azure-Infrastructure-as-Software-with-TypeScript-db14f093eacf656ef6cdd7fc

Heya all. I have a few questions regarding the Pulumi K8s Operator (PKO), which I’d really appreciate some feedback on. In no particular order: Does the PKO support checking out the head of branches, rather than specific commits - i.e. follow master (and what is the default branch it uses - it is complaining about not being able to find my master branch); Does PKO support local state management, rather than operating against the Pulumi API? (If so, how does one pass this requirement to the stack CR); I’m getting “Failed to setup Pulumi workdir”,“Request.Namespace”“default”,“Request.Name”“bow-poc”,“Stack.Name”“bow poc”,“error”“failed to create local workspace: failed to create workspace, unable to enlist in git repo: unable to checkout branch: object not found”" when attempting to pull down a remote repo. Could someone point me in the right direction, please?

[pulumi_kubernetes][python] Hi folks, I've spent a couple of time trying to implement a resource here using the pulumi. I need to set permission for my volume access like 0755 and then I'm trying to write it on the pulumi script in octal mode like 0o755 but it is not working, the pulumi convert for 755. Does anyone here know how can I work around that?

QQ: Happy friday everyone, Is there an example of using AWS WAF that someone can share?

Hi, I am trying to import an exising azure resource group using CLI but get this error

pulumi import azure:core/resourceGroup:ResourceGroup <resource-group-name> '/subscriptions/<subscriptionId>/resourceGroups/<resource-group-name>'

Error that I am receiving

azure:core/resourceGroup:ResourceGroup resource '<resource-group-name>' has a problem: Missing required argument: The argument "location" is required, but no definition was found.. Examine values at 'ResourceGroup.Location'

Overall I was wondering if there is an easier way to import all the resources in a resource group?

Hi All, I have followed along this tutorial "https://www.pulumi.com/docs/tutorials/aws/ec2-webserver/" I was able to create EC2 and able to see in AWS console and able to see the webserver running fine by hittinh in browser or curl The question I have is, how do I connect to that AWS box? It needs a private key and that is kinda missing here, not sure what needs to be done, could be trivial Could someone help me?

Hi, I have the following code snippet from a Pulumi Azure Native project which creates apim Apis. However the probelms is that it only works the first time and successfully creates the APIs based on swagger but does not update the APIs when the list of exposed APIs from our WebApi changes

var bookingEngineApi = new Api("api", new ApiArgs
                            {
                                ResourceGroupName = resourceGroup.Name,
                                ServiceName = apiManagementService.Name,
                                ApiRevision = "1",
                                DisplayName = Settings.ApiManagementApiName,
                                Path = Settings.ApiManagementApiPathName,
                                Protocols = { Protocol.Http, Protocol.Https },
                                Format = "openapi+json-link",
                                Value = $"https://{Settings.AppServiceName}.<http://azurewebsites.net|azurewebsites.net>"
                            }, new CustomResourceOptions
                            {
                                DependsOn = apiAppService
                            });

Hey there! I am trying out pulumi as a potential alternative for provisioning stuff on AWS via bash scripts and cdk. We already have a lot of resources and I wanted to import a loadbalancer, but I am struggeling to figure out how the import resource name is constructed. I tried the import command over here: https://www.pulumi.com/docs/guides/adopting/import/#pulumi-import-command with something like

aws:elasticloadbalancing:loadbalancer/LoadBalancer

(and other variations) without any success. Is there a logical scheme for building those strings? Sample error message

pulumi import aws:elasticloadbalancing:loadbalancer/LoadBalancer xxxxxxxx xxxxxxxx
Previewing import (dev)

View Live: <https://app.pulumi.com/xxxxxx/cyanite-api/dev/previews/e94fxxxd-36c4-4xxb-932e-xxx564bef403>

     Type                                                   Name                Plan       Info
 +   pulumi:pulumi:Stack                                    xxxxxxxx            create     1 error
 =   └─ aws:elasticloadbalancing:loadbalancer/LoadBalancer  xxxxxxxx            import     1 error
 
Diagnostics:
  pulumi:pulumi:Stack (xxxxxxxxxxxx):
    error: preview failed
 
  aws:elasticloadbalancing:loadbalancer/LoadBalancer (xxxxxxxxxxxxxx):
    error: Preview failed: unrecognized resource type (Read): aws:elasticloadbalancing:loadbalancer/LoadBalancer

Hi there! I am using Pulumi to create some custom infrastructure and am having trouble accessing the outputs of my resources. On the docs (https://www.pulumi.com/docs/intro/concepts/resources/#dynamic-resource-outputs) it says that what I am doing should be correct, but there is also little mention of how to actually access the outputs, so I could be wrong. This is what my resource and provider look like; am I doing anything wrong?

class AccountProvider(ResourceProvider):
    def __init__(self, props):
        self.parent_client = Client(props["sid"], props["auth_token"])
    def create(self, props):
        subaccount = self.parent_client.api.accounts.create(friendly_name="{}-{}".format(props["name"], stack))
        return CreateResult(id_=subaccount.sid, outs={'sid':subaccount.sid, 'auth_token':subaccount.auth_token})
    def delete(self, id, props):
        self.parent_client.api.accounts(id).update(status="closed")

class Account(Resource):
    sid: Output[str]
    auth_token: Output[str]
    def __init__(self, name: str, props,  opts: Optional[ResourceOptions] = None):
        super().__init__(AccountProvider(props), name, {"name":name, 'sid':None, 'auth_token':None}, opts)

new_account = Account("new_account1", props=AccountCredentials(sid=account_sid, auth_token=auth_token))

Hi, I'm new to Pulumi and I'm trying to use pulumi with azure durable functions. the language I'm using is typescript. Can I have the guidance to start this or relevant tutorials or documentation to follow?

How can I append to this array? public static tags: pulumi.Input<{[key: string]: pulumi.Input<string>}>; I would like to do something like tags.append("my_key", "my_value");

Hi, (newbie question maybe), I use Pulumi to create dynamodb table. Now it auto-renames by appending a random number to my db name. I know it can be avoided by providing “name” field, but without that, how can I access the random generated table name from within my lambda?

How can I have multiple ManagedPolicies per role? This only allows me to add one. I wish to add both [aws.iam.ManagedPolicies.AWSLambdaBasicExecutionRole, aws.iam.ManagedPolicies.AmazonDynamoDBFullAccess]

const role = new aws.iam.Role("callout-role", {
  assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`
});

new RolePolicyAttachment("callout-dynamodb-policy",
  {
    role: role,
    policyArn: aws.iam.ManagedPolicies.AmazonDynamoDBFullAccess
  });

When I tried one

new RolePolicyAttachment

after the other, only the last one got picked!

hey 👋 , is there a way to programmatically get the secret value in a nested data structure in configs: example: pulumi config set --path alex:db.admin.password test1234 --secret would create something like:

<project_name>:db:
  admin:
    password:
      secure: AAABAKBt+0VMEPjInyCkjGfqcxu3TwrYr26RybtkL/NXo+iqVsUdEyBzKll/wZ7ZIVszYGBqy8o=

I could of course flatten this by not using the --path, and then I could use require_secrets. I’m wondering if this possible to do without flattening it.

Hi there, I'm new here 👋 I was following the Pulumi API Gateway tutorial (this one https://www.pulumi.com/docs/tutorials/aws/rest-api/ ) and I was wondering what would be the best way for me to use external packages in the lambda function. Here:

{
            path: "/source",
            method: "GET",
            eventHandler: (req, ctx, cb) => {
                cb(undefined, {
                    statusCode: 200,
                    body: Buffer.from(JSON.stringify({ name: "AWS" }), "utf8").toString("base64"),
                    isBase64Encoded: true,
                    headers: { "content-type": "application/json" },
                })
            }
        }

@here Has anyone seen this bug, https://github.com/pulumi/pulumi-aws/issues/1605? I am trying to import an ec2 instance but it fails due to ami parameter

Is it possible to run pulumi new against a template on the file system (as opposed to a repository or canned template)? I found the PULUMI_TEMPLATE_LOCATION environment variable in source, but I can't figure out how to use it... or if it's even supposed to be used.

Hi There, i am working on pulumi stack and automation. I forgot my stack passpharse , need to reset or remove. Any pointers? Getting below error.

error: getting secrets manager: passphrase must be set with PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE environment variables

I do not see a VMware specific channel, but I am provisioning servers using pulumi-vsphere and it works great, but there is a cloud-init bug that causes my static assigned network configuration to be reverted to DHCP on reboot. I am trying to avoid baking a script into my template for this, but am wondering if anyone has any ideas to possibly apply a file change post initial startup as the solution to the bug suggests?

What's the best way to test dynamic/custom resources?

Hi, I found that

pulumi update

always want to update

nodeLaunchConfiguration

of

eks:index:Cluster

after days, which will restart all k8s nodes after enable. Do I miss some configuration that should be declared to pin it? Here is some logs:

pulumi up --cwd infra --stack staging
Previewing update (staging)

View Live: <https://app.pulumi.com/Ma233/fiora/staging/previews/29e82764-6253-4f0d-9b22-f571eb3c75b3>

     Type                                  Name                          Plan        Info
     pulumi:pulumi:Stack                   fiora-staging                             2 messages
     └─ custom:resource:EKS                jace
        └─ eks:index:Cluster               jace
 +-        ├─ aws:ec2:LaunchConfiguration  jace-nodeLaunchConfiguration  replace     [diff: ~imageId]
 ~         └─ aws:cloudformation:Stack     jace-nodes                    update      [diff: ~templateBody]

Diagnostics:
  pulumi:pulumi:Stack (fiora-staging):
    W0830 11:13:24.710750   94282 transport.go:260] Unable to cancel request for *exec.roundTripper

    W0830 11:13:24.927600   94285 transport.go:260] Unable to cancel request for *exec.roundTripper


Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:staging::fiora::pulumi:pulumi:Stack::fiora-staging]
            ++aws:ec2/launchConfiguration:LaunchConfiguration: (create-replacement)
                [id=jace-nodeLaunchConfiguration-6cc66d3]
                [urn=urn:pulumi:staging::fiora::custom:resource:EKS$eks:index:Cluster$aws:ec2/launchConfiguration:LaunchConfiguration::jace-nodeLaunchConfiguration]
                [provider=urn:pulumi:staging::fiora::pulumi:providers:aws::default_4_14_0::9f1d7127-76df-4224-b36c-9fc9ec0e7da3]
              ~ imageId: "ami-075bfc7d8a7e81bc5" => "ami-0d29b23a29ababad8"
            +-aws:ec2/launchConfiguration:LaunchConfiguration: (replace)
                [id=jace-nodeLaunchConfiguration-6cc66d3]
                [urn=urn:pulumi:staging::fiora::custom:resource:EKS$eks:index:Cluster$aws:ec2/launchConfiguration:LaunchConfiguration::jace-nodeLaunchConfiguration]
                [provider=urn:pulumi:staging::fiora::pulumi:providers:aws::default_4_14_0::9f1d7127-76df-4224-b36c-9fc9ec0e7da3]
              ~ imageId: "ami-075bfc7d8a7e81bc5" => "ami-0d29b23a29ababad8"
            ~ aws:cloudformation/stack:Stack: (update)
                [id=arn:aws:cloudformation:us-east-2:145889354582:stack/jace-3b8b0f53/742364d0-f6cc-11eb-a94f-0a909640e19a]
                [urn=urn:pulumi:staging::fiora::custom:resource:EKS$eks:index:Cluster$aws:cloudformation/stack:Stack::jace-nodes]
                [provider=urn:pulumi:staging::fiora::pulumi:providers:aws::default_4_14_0::9f1d7127-76df-4224-b36c-9fc9ec0e7da3]
              ~ templateBody: "\n                AWSTemplateFormatVersion: '2010-09-09'\n                Outputs:\n                    NodeGroup:\n                        Value: !Ref NodeGroup\n                Resources:\n                    NodeGroup:\n                        Type: AWS::AutoScaling::AutoScalingGroup\n                        Properties:\n                          DesiredCapacity: 2\n                          LaunchConfigurationName: jace-nodeLaunchConfiguration-6cc66d3\n                          MinSize: 2\n                          MaxSize: 10\n                          VPCZoneIdentifier: [\"subnet-00863d16d1e2634bd\",\"subnet-0a90bf1f4ab7acfe7\"]\n                          Tags:\n                          \n                          - Key: Name\n                            Value: jace-worker\n                            PropagateAtLaunch: 'true'\n                          - Key: <http://kubernetes.io/cluster/jace\n|kubernetes.io/cluster/jace\n>                            Value: owned\n                            PropagateAtLaunch: 'true'\n                        UpdatePolicy:\n                          AutoScalingRollingUpdate:\n                            MinInstancesInService: '1'\n                            MaxBatchSize: '1'\n                " => output<string>
            --aws:ec2/launchConfiguration:LaunchConfiguration: (delete-replaced)
                [id=jace-nodeLaunchConfiguration-6cc66d3]
                [urn=urn:pulumi:staging::fiora::custom:resource:EKS$eks:index:Cluster$aws:ec2/launchConfiguration:LaunchConfiguration::jace-nodeLaunchConfiguration]
                [provider=urn:pulumi:staging::fiora::pulumi:providers:aws::default_4_14_0::9f1d7127-76df-4224-b36c-9fc9ec0e7da3]

👋 I’m here!

anyone know how to remove a stack output from an old resource? I was working through some code and added a bucket a while back that got removed from the stack but somehow after running “pulumi up” I still get the output listed even thought the resource is no longer there. I can’t delete it from the stack as it does not have a urn. I could edit the state file to remove it, but I’d like to do that through a pulumi command (if possible)

➜ pulumi up -y
Previewing update (dai-shared-dev-us-west-2):
     Type                 Name                                 Plan     
...     
 
Resources:
    7 unchanged

Updating (...):
   Type  Name  Status     
 
Outputs:
  - bucket_name: "my-bucket-57931f5" <- ##### HOW TO REMOVE THIS?

Resources:
    7 unchanged

Duration: 1s

Hey there! Quick / simple question from a Pulumi beginner: what is the recommended scope of Pulumi projects? Should I put a Pulumi.yaml along my application code, or should I have another central repository with all things related to Pulumi?

Hi guys, is there a way to force using a secret-provider when initializing a stack? Ex, when executing

pulumi stack init my-stack

to use

<hashivault://my-secret>

by default without having to specify

--secrets-provider="<hashivault://payroll>"

everytime. Or is there a way to prevent initializing a stack using the passphrase strategy? Thanks!

👋 I'm using this very basic example of creating a docker image and pushing to ECR

const image = repo.buildAndPushImage({
  context: '../',
});

I looked for example and documentation, but could not find an example of how to specify a label for the image - for instance i'd like to label the image

api

Does anyone have any pointers? much appreciated ty

Hi 👋, I'm using typescript and having trouble understanding how imports are meant to be handled during function serialisation. We are using:

const { isLeft } = await import("fp-ts/lib/Either");

Which is `tsc`'d into:

const { isLeft } = await Promise.resolve().then(() => __importStar(require("fp-ts/lib/Either")));

Where

__importStar

is defined at the top most level of the file. After function serialisation, it appears that the

__importStar

definition is not retained (i.e. it hasn't been captured?) so the lambda fails during invocation. When I switch

importHelpers

on in

tsconfig.json

, it does work. The tsconfig.json from the aws-typescript template doesn't have this set. So... can anyone shed light on the expected way to import those runtime dependencies?