https://pulumi.com logo
Join Slack
Powered by
That said, it’s also completely hallucinating a so...
# general
q
That said, it’s also completely hallucinating a solution to my current question 🙂 maybe I’ll ask that here too: I’m trying to extract the CIDR blocks for just the private subnets in a VPC (created with 
awsx.ec2.Vpc
). The 
vpc
object exposes 
privateSubnetIds
and 
subnets
- I was hoping to combine the two using code like the below. However, it complains that 
subnet.id
is 
Output<string>
and 
includes()
of course expects a 
string
. Is this something which is possible? The alternative is to re-query the subnets using 
aws.ec2.getSubnet
, but that feels kind of iffy/unnecessary, when the subnets are already available on the 
vpc
object.
Copy code
export const privateSubnetCidrs = pulumi
  .all([vpc.subnets, vpc.privateSubnetIds])
  .apply(([subnets, privateSubnetIds]) => {
    return subnets
      .filter(subnet => privateSubnetIds.includes(subnet.id))
      .map(subnet => subnet.cidrBlock);
  });
Pulumi AI confidently suggested I do this instead - but there is no such 
privateSubnets
field on 
vpc
:
Copy code
// Map over the private subnets and retrieve the cidrBlocks
const privateSubnetCidrs = vpc.privateSubnets.apply(privateSubnets =>
    privateSubnets.map(subnet => subnet.cidrBlock)
)
l
You can add subnetIds into your all/apply guards. However, you don't need to. The awsx VPC does indeed have a privateSubnets property, you don't need to filter subnets by id. https://www.pulumi.com/registry/packages/awsx/api-docs/ec2/vpc/#privatesubnetids_nodejs
Is it possible you were looking on the AWS VPC resource for the privateSubnets property? Only the AWSX resource has it.
q
This maybe sort of seems to work (untested, but types are happy):
Copy code
export const privateSubnetCidrs = pulumi
  .all([vpc.subnets, vpc.privateSubnetIds])
  .apply(([subnets, privateSubnetIds]) => {
    const cidrBlocks: string[] = [];
    for (const subnet of subnets) {
      pulumi
        .all([subnet.id, subnet.cidrBlock])
        .apply(([subnetId, cidrBlock]) => {
          if (privateSubnetIds.includes(subnetId) && cidrBlock) {
            cidrBlocks.push(cidrBlock);
          }
        });
    }
    return cidrBlocks;
  });
l
It's massive overkill.
q
@little-cartoon-10569 it has 
privateSubnetIds
, but NOT 
privateSubnets
l
It does. I use it. Have a look at the link I sent.
Here's the code from vpc.d.ts:
Copy code
/**
     * Asynchronously retrieves the private subnets in this Vpc.  This will only retrieve data for
     * the subnets specified when the Vpc was created.  If subnets were created externally, they
     * will not be included.
     */
    get privateSubnets(): Promise<x.ec2.Subnet[]>;
Actually, there must be a version without it. The new docs don't have it.. onesec, I'll check github.
q
I want you to be right, but I don’t think you are 🙃 https://github.com/pulumi/pulumi-awsx/blob/master/awsx/ec2/vpc.ts
l
I found it. It's not in AWSX, only AWSXclassic (which is what I use: it's in the same library, in the awsx.classic namespace). You can use that it you prefer.
q
Ahhh gotcha, I wonder if there are other meaningful differences between those two
Good to know though, thankyou!
l
Yes, there are a few. I'm surprised it's that hard to get CIDRs (or indeed, subnets) out of the code. I'll have a quick hunt through examples...
I can't see anything that doesn't require an 
apply()
. However it looks like you can skip filtering by subnetId. You can just filter on subnets, which have a type property whose lowercase value will be private. https://github.com/pulumi/pulumi-awsx/blob/dad5462435286498bc86168c91c0d801482dbcba/awsx/ec2/subnetDistributor.ts#L52
Ah ignore that. That's not available on the AWS subnet, only the awsx subnet.. 😞
Wow they've made that sort of stuff hard, haven't they?
Maybe you'd be better off finding all routes and grabbing the CIDRs from there 🙂
q
All good, thanks for taking a look anyway! I think the code I ended up with is… readable, if verbose
Interesting, so I was using the code above to generate Security Group ingress rules (i.e. only allow traffic from the private subnet CIDRs), but it seems that for some reason the CIDRs were never resolved, and no ingress rules ended up being created. Going to just hard-code the CIDRs for now, as this seems to go beyond my understanding of 
pulumi.Output
and I don’t have time to figure out what’s happening 😞
m
is there a easy way to extract the private subnet ids from the awsx.ec2.Vpc ? I need to add additional route to the routetable for the private subnets
I am struggling from last 2 days and not able to wrap my head around Output<string[]> , how to convert it to string[]
l
You cannot convert it to a string[] at the top level. Output<string[]> means a string[] that will be available in the indefinite future, not now. It's simply not available yet. Instead, you can apply() the Output. The string[] is made available as a parameter to your callback in apply().
Open in Slack
PreviousNext
Powered by