bored-branch-92019
03/28/2023, 4:21 PM443
listener. It is unclear to me the correct way to add multiple SSL CERTs for a 443
listener. I wrote some code below, however I suspect i might be misunderstanding how to use pulumi inputs/outputs correctly so If anyone can point me to the right direction that would be greatly appreciated.
Example code in đź§µ .// code above that creates vpc + security groups
const appLb = new awsx.lb.ApplicationLoadBalancer(`${stack}-my-lb`, {
subnetIds: vpc.publicSubnetIds,
securityGroups: [securityGroup.id],
defaultTargetGroup: {
port: 80,
protocol: 'HTTP',
ipAddressType: 'ipv4',
healthCheck: {
interval: 10,
enabled: true,
path: '/healthcheck',
},
},
listeners: [
{
port: 80,
protocol: 'HTTP',
},
{
port: 443,
protocol: 'HTTPS',
// ARN of a manually created SSL cert managed by AWS for our domain
certificateArn:
'ARN OF CERT HERE',
},
],
});
const listeners = appLb.listeners.get();
const tlsListenerArn = listeners?.find(
(listener) => listener.port.get() === 443
)?.arn;
//I want to add an additional cert
const otherDomainCert = new aws.lb.ListenerCertificate('different-domains-cert', {
// PROBLEM HERE here is that the ARN is an Output but Really want this to be an INPUT
listenerArn: tlsListenerArn,
certificateArn:
'ARN OF an additional cert',
});
// more code below
millions-furniture-75402
03/28/2023, 7:27 PMlistenerArn: tlsListenerArn.apply(v => v),
const tlsListenerArn = listeners?.find(
(listener) => listener.port.get() === 443
)?.arn;
The Input for listenerArn
takes a string.
All input properties are implicitly available as output properties.To get the string value of an Output, you have to
.apply()
it.bored-branch-92019
03/28/2023, 8:51 PMOuput<string | undefined>
, which causes a typing issue because it could be undefined
if the listener was not defined. I guess my question here is does it make sense to assert that the that the previously defined resources exists in this case since it was created above?millions-furniture-75402
03/30/2023, 12:23 PMdependsOn
.
In some cases, the entire resource needs to be put inside of an apply
, but I believe that is considered bad practice because resources inside of an apply won't show up in a preview.
e.g. something like:
appLb.apply(lb => {
const listeners = lb.listeners.get();
const tlsListenerArn = listeners?.find(
(listener) => listener.port.get() === 443
)?.arn;
//I want to add an additional cert
const otherDomainCert = new aws.lb.ListenerCertificate('different-domains-cert', {
// PROBLEM HERE here is that the ARN is an Output but Really want this to be an INPUT
listenerArn: tlsListenerArn,
certificateArn:
'ARN OF an additional cert',
});
});
bored-branch-92019
03/30/2023, 1:57 PMmillions-furniture-75402
03/30/2023, 2:00 PMbored-branch-92019
03/31/2023, 2:04 PMlisteners?.find(
bit. As it will always be an output and doing .get()
for the port throws an exception (which is expected).
Error: Cannot call '.get' during update or preview.
To manipulate the value of this Output, use '.apply' instead.
const otherDomainCert = new aws.lb.ListenerCertificate('different-domains-cert', {
// Feels like a bad approach because it does not handle listeners changing order
listenerArn: appLb.listeners.apply((listeners) => listeners![1].arn),
certificateArn:
'ARN OF an additional cert',
});
millions-furniture-75402
03/31/2023, 3:02 PMbored-branch-92019
03/31/2023, 3:45 PMmillions-furniture-75402
03/31/2023, 3:45 PMbored-branch-92019
03/31/2023, 3:52 PMawsx
) I need to instead provision the lower level resources myself to because then I could just reference them directly from the const resource = new aws.<resource>…..
to get ARNs.