Hello everyone 🙂 I am currently working with the pulumi rest api to provide data to a cli script. I query

api/stacks/<org>/<project>/<stack>/export

to get a stacks output. Some of those outputs are encrypted, and i need a way to decrypt those for my script. Is there a way to decrypt the encrypted outputs of a stack/export rest api call without using the pulumi cli/sdk? Can you point me to documenation for this use case?

Hi, What is

publicKey

in

aws.ec2.KeyPair

? is it my

AWS_ACCESS_KEY_ID

?

Looks like the policy pack can't find the "pulumi" python module. Do you have a virtual environment setup for your program?

My Pulumi deployment to a custom cluster in Minikube keeps hanging on "Please enter Username". This seems to come from

kubectl

. But

kubectl

on the CL works fine. How can I find out which user Pulumi is using for authentication?

How to create a native Kubernetes cluster using Pulumi? That is, when I'm not using a cloud provider. Does/will Pulumi support the cluster API?

Q: How do I add resources to a VPC? E.g., I can create a VPC, but how do I add s3, dynamodb tables, clusters, fargate, etc to the vpc? Of course, I want to create the standard dev/prod/stage vpcs and have them isolated from each other, etc.

Hello everyone! A noob question here. I am (test-drivenly!) building a stack for DBMS, on python. Currently (at both docker and yandex-cloud providers I use) Pulumi considers stack up if resources are created, but not ready yet, and I need to wait (or, more correctly, try connecting with a backoff) before starting my tests. Is there a way to move this readiness check into stack logic, so that

up

command is completed on definitely ready stack? Should I do a custom provider, or a local Command perhaps? I am off k8s at the moment (as I know it has a notion of readiness probes etc), going by sole containers for dev and pure VMs for prod. This probably extends to eventual regular checks of infrastructure, that

pulumi up

will conduct when run by cron, as that's the IaaC way, right? 😉 Thanks!

UPD: SOLVED. Hey everyone! I am trying to develop several projects using local login (

file://~

), both having the same sets of stacks (like

dev

). But when doing

pulumi stack init dev

at the second project. Pulumi tells me that stack

dev

already exists. My structure is like depicted here (as in docs).

Hi everyone, I am trying to write a microservice which will do provision infrastructure, want to store states in aws s3 bucket. Is there a way to initialize automation class using hardcoded aws credentials, I mean without aws configure ar without setting

AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN

from pulumi import automation as auto


def program():
    pass


auto.create_stack(
    stack_name="Dev",
    project_name="MyfirstProject",
    program=program,
    opts=auto.LocalWorkspaceOptions(
        project_settings=auto.ProjectSettings(
            name="Test",
            runtime="python",
            backend=auto.ProjectBackend(url="<s3://test-bucket>")
        )
    )
)

Is there a way to tell pulumi to update aws tags? It appears that it has identified that there’s a difference in tags, but doesn’t actually do anything about it.

updating stack...
Updating (test22):

    pulumi:pulumi:Stack AUTOIAM-TAMTOOL-test22 running
    aws:iam:User test22  [diff: ~tags]
 ~  aws:iam:UserPolicy useast-partner-datafeed updating [diff: ~policy]
 ~  aws:iam:UserPolicy useast-partner-datafeed updated [diff: ~policy]
    pulumi:pulumi:Stack AUTOIAM-TAMTOOL-test22

Resources:
    ~ 1 updated
    2 unchanged

👋 Hey All, just starting to piece together a larger stack for the first time and starting to deal with

Output<string>

types. I'm dealing with a MongoDB URI, db name, and an associated username/password. I have all 4 of these as outputs, and i am trying to form them into a proper MongoDB connection string. This involves taking the URI in the format

<mongodb+srv://mycluster.randomchars.mongodb.net>

and inserting the username/password to form this format:

mongodb+srv://<username>:<password>@mycluster.randomchars.mongodb.net/<dbName>

. The problem I have is that I need to do some sort of replace in order to retain the

mycluster.randomchars

section of the URI - this means that

pulumi.interpolate

is not sufficient for my use-case. Any suggestions where I can go from here? Just keep them separate and form them properly in the application?

Hey All, Just want to know. I have created 2 pulumi cloudfront aws and every I run the pulumi with no changes in the code or changes code one of them, the cloudfront always update (deploying) and disabled both of cloudfront. Anybody know what is feature should I used to handle that situation? Thanks

quick question. im spinning up some infra for an azure project. Should I use one pulumi project to provisiion all my resources or shouild I have seperate projects?

Are there any examples (preferably in Python) that use

aws.cloudwatch.EventTarget

with the

ecs_target

parameter? I have the parameter set to a

aws.cloudwatch.EventTargetEcsTargetArgs

with

task_definition_arn

set to the ARN of my task definition, but after bringing the stack up the AWS console shows no targets for the EventBridge rule, and no tasks are created from the task definition even though the

EventTarget

is using a rule that should run it on a schedule every few minutes.

Is it possible to export an

Output

wrapped value? I can't do

pulumi.export(name='export-name', value=x)

because

x

is of type

Output

, but when I rewrite that to use

x.apply(fn)

where

fn

calls

pulumi.export

the name & value don't appear with the other exported values. Tossing a

print

statement in there reveals in the diagnostics that it is being run, and the correct name/value pairs get through, but despite that they don't seem to get exported.

I want to migrate my SnowFlake provider from Terrform to Pulumi. I have set my

private_key

(rsa certicate) and

private_key_passphrase

in the Terrform provider. I would like to add these as config secrets in Pulumi, but looking at the docs it only has the option to set the path to the certificate?

Hi, Im using Pulumi with YAML. How can I make a condition to check if a resource exists to avoid that Pulumi shows me an error telling me that the resource already exists in the AWS Cloud ?. Regards,

I have been playing around a bit with Crosswalk for AWS using Python. As far as I can see, there are some example code snippets for multiple languages at the Crosswalk for AWS webpage (https://www.pulumi.com/docs/guides/crosswalk/aws/), but I could not see an actual API reference for the different classes etc available in Crosswalk. The intellisense experience in VS Code and Pylance left a bit to be desired here, so looked into the Typescript source code in Github to get a better idea of what was available beyond the code examples on the webpage. Is there another place for such docs, or is that the approach to use currently?

While importing existing infrastructure, I've gotten myself into a bit of a state that I'm not sure how to get out of. If you're interested in the long context of how I got there, see https://github.com/pulumi/pulumi-aws-native/issues/660 , but right now I have a resource that's in the stack but I can't seem to do anything that will cause

pulumi up

to not make changes to it: • If I provide any value for the

listener_arn

field in the auto-generated code, Pulumi attempts to update it via AWS's API and that fails because it has to be set on creation. • If I don't provide

listener_arn

, Pulumi errors out because it's a required field. • If I don't define the resource at all, Pulumi errors out because it would attempt to delete it from AWS (but thankfully

protect=True

) I'd like to either back out of the import or move forward in a no-op way, but I'm not sure how to do either of those. I think my options are 1. Set up

replace_on_changes

to let Pulumi delete and recreate the resource in AWS. Theoretically fine, but since this is in-use infrastructure and I'm just getting this set up for the first time, I'm nervous about this happening correctly. 2. Do some sort of stack edit to remove the imported resource, and try it again but with

aws

instead of

aws-native

. I'm not sure how I would do this, and it seems like the sort of dangerous path that I shouldn't be pursuing as a beginner. 3. Do some sort of stack edit to fix the imported resource so it correctly knows what is set up in AWS and doesn't try to make any changes to it. Similarly sounds risky. Any advice on a path out of this? I haven't yet learned many of the tools for dealing with problems I create in Pulumi. simple smile

related question: how do I find out what the right resource type is to pass to

pulumi import

? I thought it would be the type field in the yaml tab of the docs, but that seems inconsistent: •

type: aws-native:elasticloadbalancingv2:ListenerRule

->

aws-native:elasticloadbalancingv2:ListenerRule

•

type: aws:s3:Bucket

->

aws:s3/bucket:Bucket

•

type: aws:lb:ListenerRule

-> ??? (not any of:

aws:lb:ListenerRule

,

aws:lb/listenerrule:ListenerRule

,

aws:lb/loadbalancer:ListenerRule

) I assume there is some other place to look this up that I'm just missing

Hello, I'm making use of the Automation API to spin up some infrastructure. However, this process takes ~5-10 mins because of the resources being created/modified. Is there a recommended way to report some sort of progress of the stack being spun up? Would hitting the Pulumi REST API to get the stack and resource statuses be a good way to do that?

Hi, I created my first PR for pulumi: https://github.com/pulumi/pulumi/pull/11095 The PR is adding base functionality discussed here: https://github.com/pulumi/pulumi-postgresql/issues/167 In short - it’s about not requiring to delete child resources when deleting the parent resource in scenarios where deleting the parent resource on the provider already deletes child objects (Think about the time wasted getting valid credentials connecting to SQL databases and running queries that delete roles when you want to delete the database itself) Would love to join channels that can be relevant for extending pulumi / postgres and gcp functionality 🙂

Is there a prescribed way to track down things like

TypeError: 'NoneType' object is not subscriptable

? If verbose logging is telling me what object is NoneType, I’m not finding it.

I often run into

Resource monitor is terminating

errors during development. I'm assuming this is because the stack hasn't reached a final state after a failure or cancellation. I'm using the Automation API - is there any way I can safeguard against this error? Would checking the state of the stack work for this or inspecting the refresResult?

This message was deleted.

Turns out you do in fact need the master pw to a DB cluster from time to time 🫠 Currently it's only registered as a RandomPassword resource and not available in plaintext—is there any way to access it in plaintext without logging it to the console by using the

.apply( v => console.log( v ) )

method?

Hi folks, having a little problem setting up the gitlab webhook. I’ve set everything up as per the docs, but am getting a 401 in Gitlab when testing. I’ve had a search of the troubleshooting guide, and slack posts but can’t see what the issue is. The access token works fine in the CI itself. I’ve set up my pulumi org to identify with gitlab, and have deleted the original pulumi access token, logged out, logged back in via gitlab, and recreated a token in the org, but it’s still throwing an error. Can anyone help?

Hello is there anyway I can setup MFA required to log into Pulumi for security purposes?

This might be a little bit out of scope, but has anyone here had to deal with single tenant architecture using Pulumi & Kubernetes? Currently trying to figure out the best approach to handle continous delivery/continous deployments for hundreds of tenants. Each tenant has a Pulumi stack with a virtual kubernetes cluster and an almost identical environment, that can be created on demand. Codefresh (Argo CD) seems to be a good choice because of pricing, Argo Application Set and Argo Rollout, but having to render Kubernetes manifests to YAML and commit them for GitOps to work is cumbersome. I've had a look at Harness, CodeDeploy, Armory & Octopus Deploy as alternatives, but they're way too expensive. Any pointers perhaps? 😁

Hi guys, I'm curious, where can I find documentation for old packages? For example for https://www.pulumi.com/registry/packages/awsx with versions bellow v1.0.0-beta.7 which is currently published Thanks 🙂