Anyone have an example of using a loop to create multiple AWS instances?

When using

awsx.ec2.Vpc

, is there any way to ensure that a set of tags gets applied to the VPC, the subnets, and the route tables?

While organizing my project I'm separating resources into different files (

s3.ts

,

ec2.ts

, etc.). Since resources have dependencies on each other I need to export some of them to be able to import in another module which ends up automatically add them to stack output, sometime unnecessarily. Is there a way to avoid that? Can I somehow choose what gets added to stack output?

@fierce-cpu-94517 Only things exported from the entry point module should become stack outputs

I am getting

invalid or unknown key: tls13

on

cloudflare.ZoneSettingsOverride

but it’s in the type definitions and shows up fine in GitHub https://github.com/pulumi/pulumi-cloudflare/blob/master/sdk/nodejs/zoneSettingsOverride.ts#L170

Posting this again: When using

awsx.ec2.Vpc

, is there any way to ensure that a set of tags gets applied to the VPC, the subnets, and the route tables? (BTW, this is necessary for the AWS cloud provider for Kubernetes to work properly.)

Hey, Wondered if anyone new a way to actually capture errors from pulumi

try{
      NatGw = aws.ec2.getNatGateway({
        tags: {
          Name: "RCS-CDR"
        }
      });
    } catch(err){
      // Craete a New NAT GW here ... 
    }

The error is not caught but it's thrown in my terminal after pulumi up. I'd like to catch the error and create a new resource if the gatway with the name

RCS-CDR

does not exist

@white-balloon-205 thanks again for the quick reply on that issue

Question: how would I go about incorporating a variable's value into the name of a tag to be applied to an AWS resource? For example, the AWS cloud provider for Kubernetes requires a tag named

<http://kubernetes.io/cluster/<clustername>|kubernetes.io/cluster/<clustername>>

(the value is immaterial). I'd like to be able to define the

<clustername>

value once in a variable, and then include it in the tags to be applied to resources. Any suggestions?

Hey all I'm having an extreme amount of trouble getting https load balancer to work with GKE. If anyone could point me in the right direction that would be greatly appreciated!

const appService = new k8s.core.v1.Service("django-service", {
  metadata: { labels: appDeployment.metadata.labels },
  spec: {
    type: "NodePort",
    ports: [{ port: 80, targetPort: appPort }],
    selector: appDeployment.spec.template.metadata.labels,
  },
}, { provider: cluster.provider });

const appIngress = new k8s.extensions.v1beta1.Ingress("django-load-balancer", {
  spec: {
    backend: {
      serviceName: appService.metadata.name
      ,
      servicePort: 80,
    }
  }
})

is there anyway to establish a specific sequence for things to be created?

or put some sort of wait in between?

deploying custom

new azure.core.TemplateDeployment

which messes with the order of some logic

Resources that depend on each other (e.g. an output of one is used as the input of another) will influence the sequence. Beyond that you can use https://www.pulumi.com/docs/reference/programming-model/#dependson to also influence the sequence.

i'm using pulumi in typescript. i've written some stuff to extract into a module. do i need to compile the module into js to use it in pulumi?

How should one handle inter-dependent AWS security groups? I have Security Group A which needs to allow traffic from Security Group B, and Security Group B which needs to allow traffic from Security Group A. Pulumi will error out if I reference group B in an ingress rule for group A before group B is defined. I thought maybe I could use a combination of SecurityGroup and SecurityGroupRule, but it looks like those should not be combined. Thoughts/ideas?

Hi, I'm running into some lambda invoking issues where it seems that no modules are being bundled? I've read through this explanation on github https://github.com/pulumi/pulumi-aws/issues/249#issuecomment-401563361 I have the following code:

import { holdingQueue } from './infrastructure/holding-queue'

holdingQueue.onEvent(
    'lambda-dev-holding-queue-event',
    async () => {
        let pulumi = await import('@pulumi/pulumi')
        let config = new pulumi.Config('apple-news-syndication')
        console.log(config.require('masthead'))
    },
    { batchSize: 1 },
)

and on the invoking of the function in AWS I'm getting the following error...

2019-08-22T08:15:19.797Z 516f4272-0d5e-5549-b81b-17aa5c18ea49
{
    "errorMessage": "Cannot find module '@pulumi/pulumi'",
    "errorType": "Error",
    "stackTrace": [
        "Function.Module._resolveFilename (module.js:547:15)",
        "Function.Module._load (module.js:474:25)",
        "Module.require (module.js:596:17)",
        "require (internal/module.js:11:18)",
        "Promise.resolve.then (/var/task/__index.js:30:53)",
        "<anonymous>"
    ]
}

Any insight on why this is giving me issues saying assumed role isn't allowed to run EC2 RunTask

const amassScanTask = new awsx.ecs.FargateTaskDefinition("amassScanTask", {
	container: {
		image: awsx.ecs.Image.fromPath("amassScanTask", "./app/amass"),
	},
});

let engineEndpoint = new awsx.apigateway.API("dns-scan-api", {
	routes: [{
		path: "/dns",
		method: "POST",
		eventHandler: async (event) => {
			const taskUUID = uuid();
			let route = event.queryStringParameters!["target"]
			await amassScanTask.run({ 
				cluster: cluster,
				overrides: {
					containerOverrides: [{
						environment: [
							{ name: "TASK_ID", value: taskUUID },
							{ name: "TARGET_DOMAIN", value: "<http://filo.ai|filo.ai>" },
							{ name: "S3_BUCKET", value: `${scanResultsBucket.id}` },
						],
					}],
				},
			});
			return {
				statusCode: 200,
				body: JSON.stringify({ route, taskUUID }),
			};
		},
	}],
});

Hi. Is anyone able to point me in the direction of an example/documentation whereby autoscaling is attached to a fargate service? I've been unable to find anything

As part of my Pulumi code, I'd like to be able to be sure that I'm deploying the stack to the correct place (AWS account). I started off by using the

aws:profile

in the stack config; however when authenticating this way, I can't create and EKS cluster (gets error

could not get token: NoCredentialProviders: no valid providers in chain. Deprecated

). So now I have to use the environment variables. The problem is I could easily have the wrong environment variables and deploy my stack to the wrong place. Does anyone have any suggestions?

I'm using Pulumi to create an AWS VPC with explicitly created subnets. I'm using these to create an EKS cluster

const subnetIds = [
    ...vpc.privateSubnetIds,
    ...vpc.publicSubnetIds,
  ];

  const cluster = new eks.Cluster(name, {
    deployDashboard: false,
    enabledClusterLogTypes: ['api', 'audit', 'authenticator', 'controllerManager', 'scheduler'],
    instanceRoles: [role],
    skipDefaultNodeGroup: true,
    subnetIds,
    vpcId: vpc.id,
  }, { dependsOn: [vpc] });

I then need to go back through all the subnets and add a tag

<http://kubernetes.io/cluster/<cluster-name>:shared|kubernetes.io/cluster/<cluster-name>:shared>

, but I don't see how I can go back over the existing subnets to add the tags. Does anyone know the correct way to do this?

How can I get the

project

name from a

gcp.Provider

? I’m setting up a Typescript module for a GKE cluster where I set the

gcp.Provider

externally to use it inside this module. To activate the new

workloadIdentityConfig

, you need to set the

identityNamespace: ${gcloudProject}.svc.id.goog

(currently).

is there a way to convert

Output<string>

to

Promise<string>

?

Typescript newbie question: Is there a way to type the resulting

data

values of a Kubernetes

Secret.get()

such as (in pseudo-language):

type ServiceAccountSecretData = [ 
  "ca.crt": string,
  "namespace": string,
  "token": string,
]

The “only” thing I’ve come up yet is with

type SecretData = { [key: string]: string }

(see attached snippet).

Is it possible for Pulumi to use a different starting point? e.g. I prefer to have my code in a

src/

directory, so can I make Pulumi start with

src/index.ts

instead of

index.ts

?

Hi. Is there a way for me to convert from a

string

to

InstanceType

?

I want to read the machine type from environment variables but pulumi is expecting a

InstanceType

and I cannot figure out how to cast from one to the other.

Hi all, Any way to always force a no-op for an entire pulumi project? I want to force skip the contents of a pulumi project based on a variable exported by my infrastructure project. Thanks!

HI all, I am new using Pulumi. I am trying

Cluster.createNodeGroup()

under

@pulumi/eks

. I am trying to pass in a securityGroup to use for the nodeGroup using

nodeSecurityGroup

. However, it seems that the nodeGroup ends up with a new SG named

{STACK_NAME}-nodeSecurityGroup-{randomID}

instead of the SG I pass in.. Ideas? https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#ClusterNodeGroupOptions-nodeSecurityGroup

I am running into a type issue when I try to create this IAM policy statement:

Type '{ StringEquals: { "s3:prefix": string[]; }; StringLike?: undefined; }' is not assignable to type 'Conditions'.
              Property 'StringLike' is incompatible with index signature.
                Type 'undefined' is not assignable to type 'ConditionArguments'.

I think this is because I have different keys in the condition for each statement:

StringEquals

in one,

StringLike

in the other. Is this a possible bug in the

aws.iam.Conditions

interface? https://github.com/pulumi/pulumi-aws/blob/master/sdk/nodejs/iam/documents.ts#L98 cc @dazzling-memory-8548