Is it possible to have an Input like this?

interface ResourceArgs {
  [key: pulumi.Input<string>]: pulumi.Input<string>
}

because this is a problem:

[key: pulumi.Input<string>]

when the value is an

Output

I was wondering about AWS Lambda Function URLs, in this post https://www.pulumi.com/blog/lambda-urls-launch/ it says it’s that you need to use the function ID as part of the URL. What I’m looking to do is to have a Lambda w/Function URL and have some other service call it over HTTP and it will not know the function ID when starting. am I missing something here? if this was a public API, I’d use DNS for this… does this mean I have to use the SDK to invoke it or something like that?

Hi there! When executing this code:

export const generateSigningJob = (
  signingProfile: aws.signer.GetSigningProfileResult,
  bucket: aws.s3.Bucket
) => {
  const signingJob = new aws.signer.SigningJob("signing-job", {
    source: {
      s3: {
        bucket: bucket.bucket,
        key: "cove_fw.bin",
        version: "ynjaE4qqt_.w7V0F_0OzuARKk2586Fuy",
      },
    },
    destination: {
      s3: {
        bucket: bucket.bucket,
        prefix: "SignedImages/",
      },
    },
    profileName: "evcsigningprofile",
    ignoreSigningJobFailure: false,
  });
  return signingJob;
};

I get a SIGSEGV

When it comes to string interpolation vs me, string interpolation is undefeated 😅. I have a

Component Resource

I have created for the cluster autoscaler role. I want to pass a few args and use them within the IAM policy and role. I have it configured as below, but when I run a preview, the location where the string should be inserted is blank. I get no error and I've also tried using

pulumi.interpolate

constructor(name: string, args: { clusterName: string, oidcArn: string, oidcUrl: string }, opts?: pulumi.ComponentResourceOptions) {
    super("pkg:iam:clusterAutoscalerRole", name, args, opts);
    
    this.policy = new aws.iam.Policy(name, {
      path: "/",
      description: "Amazon EKS - Cluster autoscaler policy",
      policy: `{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "autoscaling:SetDesiredCapacity",
                "autoscaling:TerminateInstanceInAutoScalingGroup"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:ResourceTag/k8s.io/cluster-autoscaler/${args.clusterName}": "owned"
                }
            }
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "autoscaling:DescribeAutoScalingInstances",
                "autoscaling:DescribeAutoScalingGroups",
                "ec2:DescribeLaunchTemplateVersions",
                "autoscaling:DescribeTags",
                "autoscaling:DescribeLaunchConfigurations",
                "ec2:DescribeInstanceTypes"
            ],
            "Resource": "*"
        }
    ]
}`
    }, { parent: this });

I need to check if

gcp.types.input.cloudrunv2.JobTemplateTemplateVolume.secret

is not undefined and based on that create IAMMember, however the input type is

pulumi.Input<pulumi.Input<gcp.types.input.cloudrunv2.JobTemplateTemplateVolume>[]>

. Is it possible to check if

secret === undefined

without using

apply

? If not I will have to create

IAMMember

in

apply

because this is a chicken egg problem

Are there any examples of how to pull from GCP Artifact Registry?

Hi I'm trying to create a role using 2 managed AWS policies

const CloudWatch_CrossAccountSharingRole = new aws.iam.Role(
  `MyEnv_CloudWatch-CrossAccountSharingRole`,
  {
    assumeRolePolicy: {
      Statement: [
        {
          Action: 'sts:AssumeRole',
          Effect: 'Allow',
          Principal: { AWS: `arn:aws:iam::${MONITORING_ACCOUNT_ID}:root` },
        },
      ],
      Version: '2012-10-17',
    },
    managedPolicyArns: [
      aws.iam.ManagedPolicy.CloudWatchReadOnlyAccess,
      aws.iam.ManagedPolicy.CloudWatchAutomaticDashboardsAccess
    ],
    name: `MyEnv_CloudWatch-CrossAccountSharingRole`,
  }
)

As you can see the AWS Managed Policy Is there, but I'm getting an exception are there any ways to get it?

Someone who's more familiar with pulumi's typscript judo know of a way to work around the

Input<Region> | undefined

limitation when I try to dynamically create

aws.Provider

? I'm trying to do the following to get around another issue with default providers and using

aws:profile

configs:

import { getConfig } from "@pulumi/pulumi/runtime/config";

    const defaultProvider = new aws.Provider(`${stack}-peer-provider`, {
        region: getConfig("aws:region"),
        profile: "org_prod"
    });

You get:

error TS2322: Type 'string | undefined' is not assignable to type 'Input<Region> | undefined'.
      Type 'string' is not assignable to type 'Input<Region> | undefined'

So I would need to fudge that enum constant somehow but am kind of lost on how I would do that considering its expecting it to be an Input<>

Howdy ya’ll, Question about doing things the proper pulumi way - What is the proper way to write a deployment library that can be used across the pulumi supported languages? (specifically want to write once if possible, and use in both C# and Typescript, preferably writing only in typescript) or do I need to write and maintain two deployment libraries?

This example shows a gcp service account name (an Output<string>) being used directly. https://www.pulumi.com/registry/packages/gcp/api-docs/serviceaccount/iambinding/#google_service_account_iam_policy But in my use, I get `Error 400: The member Calling [toString] on an [Output<T>] is not supported.`on the appIAM's serviceAccountId.

const appServiceAccount = new gcp.serviceaccount.Account(camelcase(APP_NAME + "-SA"), {
  accountId: kebabcase(APP_NAME),
  displayName: startcase(APP_NAME),
});

const appAuthz = gcp.organizations.getIAMPolicy({
  bindings: [
    {
      role: "roles/workflows.invoker",
      members: [`${appServiceAccount.email}`],
    },
  ],
});

const appIAM = new gcp.serviceaccount.IAMPolicy("appSAIAM", {
  serviceAccountId: appServiceAccount.name,
  policyData: appAuthz.then((admin) => admin.policyData),
});

Ive tried, serviceAccountId: appServiceAccount.name.apply((n) =>

${n}

) and ``${appServiceAccount.name}`` etc. What am I missing?

Hi, I would like to create an RDS cluster from a snapshot, but am receiving an error:

* creating RDS Cluster (restore from snapshot) (temp-cluster): InvalidDBInstanceState: The server state is not yet available

. My implementation to create the cluster is:

const rdsCluster = new rds.Cluster('db-cluster', {
      clusterIdentifier: `temp-cluster`,
      engine: EngineType.AuroraPostgresql,
      engineMode: EngineMode.Provisioned,
      masterUsername: 'postgres',
      masterPassword: 'postgres',
      databaseName: 'postgres',
      snapshotIdentifier: <clusterSnapshotIdentifier>,
      vpcSecurityGroupIds: [vpcSecurityGroup.id],
    });

Hello, would you have any examples, or article that explains how to access the outputs from a StackReference?

Does anyone know how to create a pulumi type map? I saw a video with example of

pulumi.StringMap{}

but I see no documentation of it.

anyone had any luck making ingress work with kubernetes in pulumi?

Has anyone tried to create Pulumi Packages with the typescript boilerplate? https://github.com/pulumi/pulumi-component-provider-ts-boilerplate I am getting a

403 HTTP error fetching plugin from

when attempting to access my plugin from an pulumi example file....

Hello, I am starting with Pulumi and I am having a very beginner-ish issue for the past 3 days that drives me crazy. I want to deploy a Vpc on AWS and then a RDS database inside of it. I have two custom components: One for my Vpc, and one for my RDS database. In my RDS custom component I am creating a Security Group using the VPC id. Whenever I try to run

pulumi up

, it says I have hundreds of Promises leaks. When I change the VPC id used by the Security Group by any literal string though, all the leaks disappear. Do you have any idea what could be the source of the leaks ? I find it very opaque and hard to debug the leaks and I am completely stuck. I am pasting my Security Group code in the thread below.

Where’s the docs for

alb.createTargetGroup('web-target', …)

?

For that matter, https://www.pulumi.com/docs/guides/crosswalk/aws/elb/ refers to both createListener and createTargetGroup which doesn’t seem to be on the target/alb objects?

This message was deleted.

Hi guys! I'm trying to manage some simple code and use output from resource1 (arn of aws sqs) as input for resource2 (iam policy), but with no luck... the error appears:

Diagnostics:
  aws:iam:Policy (doc-mgmt-dev):
    error: 1 error occurred:
        * creating IAM Policy doc-mgmt-dev-ef9a0e5: MalformedPolicyDocument: Partition "
        1" is not valid for resource "arn:
        1: o.apply(v => v.toJSON())
        2: o.apply(v => JSON.stringify(v))

    See <https://pulumi.io/help/outputs> for more details.
    This function may throw in a future version of @pulumi/pulumi.:*".

Here is the code I use:

import * as pulumi from "@pulumi/pulumi";
import { Sqs } from './sqs';
import { IamPolicy } from './iamPolicy';

const stackName = pulumi.getStack();
const projectName = pulumi.getProject();

const tags = {
    project: projectName,
    environment: stackName,
}

const sqsQueue1 = new Sqs(`${projectName}-${stackName}`, {
    createDlq: true,
    tags: tags,
});

const iamLambdaPolicy = new IamPolicy(`${projectName}-${stackName}`, {
    path: "/",
    description: `${projectName}-${stackName}-Lambda-policies`,
    listOfStatements: JSON.stringify({
        Version: "2012-10-17",
        Statement: [
            {
                Action: [
                    "sqs:*"
                ],
                Effect: "Allow",
                Resource: [
                    sqsQueue1.sqs.arn.apply(v => JSON.stringify(v)),
                ],
            },
            {
                Action: [
                    "sqs:ReceiveMessage"
                ],
                Effect: "Allow",
                Resource: [
                    sqsQueue1.sqsDlq?.arn.apply(v => JSON.stringify(v)),
                ],
            },
        ]
    }),
    tags: tags,
});

export const iamLambdaPoliciyArn = iamLambdaPolicy.policy.arn;

I tried to use

pulumi.all([sqsQueue1.sqs.arn, sqsQueue1.sqsDlq?.arn]).apply(([sqs1Arn, sqs1DlqArn])...

it works, but with such approach I don't see the policy resource is going to be created during

pulumi preview

Every time I think I think I have this sorted out, I realize I don't.

Property 'getProvider' is missing in type 'OutputInstance<Deployment> & LiftedObject<Deployment, "id" | "apiVersion" | "kind" | "metadata" | "spec" | "status" | "urn">' but required  typescript (2741) [308, 5]

Hi, I am trying to package my own library with component resources. However, after compiling the code with

tsc

my package also contains

.ts

files. How can I exclude

.ts

files from the artifact? I tried to look at synced folder repo for example. But I when I compile my code into the

bin

folder it does not contain

package.json

like here https://github.com/pulumi/pulumi-synced-folder/blob/main/.github/workflows/release.yaml#LL132C11-L132C69 what step am I missing to get the package.json inside

bin

?

Hi! Anyone else experiencing issues with the TS server crashing in VScode when using the

@pulumi/azure-native

library? Looks like the library is too heavy for intellisense to load it in enough time. Posted in #general

Just to post here, so far this is the best thing to do about the huge TS azure-native library https://github.com/pulumi/pulumi-azure-native/issues/932#issuecomment-1454217629

Hello all! I'm building a cli using the

@pulumi/pulumi/automation

package and ran into something of a unique issue. The command is basically "disabling" an item in a map in the config but I'm having trouble updating the config with the new structure. Just piping the json object back into it using

setConfig

doesnt work. I get

object

strings. If I stringify as json, it ends up being a json string. I ended up installing the yaml package to help me do this but I'm still running into an issure. Currently the code looks like this:

await projectStack.setConfig('regions', { secret: false, value: yaml.stringify(newConfig) });

I am attempting to provision a group to a GitLab, but getting a 403 Forbidden. I can provision a repository to my Userid, but when adding a group (with no linking or dependencies), it fails with a 403. I have been using an access token will full API access. The documentation, https://www.pulumi.com/registry/packages/gitlab/api-docs/group/, mentions this "On GitLab SaaS, you must use the GitLab UI to create groups without a parent group. You cannot use this provider nor the API to do this." - I assume this is only for the paid SaaS subscription, not the free tier. Does anyone know why this is happening?

how do I get a list of all stacks from the project in typescript? NVM wrong mental model 😓

Hi guys! I'm trying to figure out how can I manage dependencies here:

import * as k8s from "@pulumi/kubernetes";
import { FileAsset } from "@pulumi/pulumi/asset";
import { project, stack } from "./globals";

export const release = new k8s.helm.v3.Release(`${project}-${stack}`, {
    chart: "./nats",
    atomic: true,
    createNamespace: true,
    namespace: `${project}-${stack}`,

    valueYamlFiles: [new FileAsset(`./nats/${stack}-values.yaml`)],
    values: {
        Lb: true,
        LbServiceAnnotations: {
            "<http://service.beta.kubernetes.io/aws-load-balancer-name|service.beta.kubernetes.io/aws-load-balancer-name>": `${project}-${stack}`,
        }
    }
})

const nlb = aws.lb.getLoadBalancerOutput({
    name: `${project}-${stack}`,
});

After

pulumi preview

I got an error on NLB lookup, because it doesn't exist, obviously:

reading ELBv2 Load Balancers: couldn't find resource

Inside the helm chart there is a logic to create NLB and I want to get NLB dns name just after creation to manage route53 records afterwards Is it possible to add any dependency condition or kind of in such case?

Hello! I just finished writing this adorable little

forEach

loop to setup my DNS zones in GCP, and I just realized that if I'm going to create DNS records in these zones, I need to actually work with the output. I need to somehow appropriately chain the resource dependencies so the order of operations are correct. I started going down the road of using

eval

to dynamically declare the const, and that was when I realized I should probably consult with others and see if anyone has advice to give. Thank you in advanced!