I am new to Pulumi and trying to migrate from Skaf...
# aws
I am new to Pulumi and trying to migrate from Skaffold/K8s to Pulumi/AWS EKS. I am getting the following error when doing a pulumi up:
Copy code
aws:cloudformation:Stack (eks-cluster-nodes):
    error: 1 error occurred:
        * creating urn:pulumi:dev::pulumi-sandbox-k8s::eks:index:Cluster$aws:cloudformation/stack:Stack::eks-cluster-nodes: 1 error occurred:
        * waiting for CloudFormation Stack (arn:aws:cloudformation:us-east-1:158719089730:stack/eks-cluster-557b1a8b/53a1e670-6d29-11ee-83dc-1257eb19d3d3) create: failed to create CloudFormation stack, rollback requested (ROLLBACK_COMPLETE): ["The following resource(s) failed to create: [NodeGroup]. Rollback requested by user." "Resource handler returned message: \"At least one Availability Zone or VPC Subnet is required. (Service: AutoScaling, Status Code: 400, Request ID: 5edc3134-4282-4cf3-b435-33dd1748f765)\" (RequestToken: 704960ef-620f-21b8-e25e-1cb2ccd2cc0a, HandlerErrorCode: InvalidRequest)"]
The relevant code in my index.ts is below - any help would be appreciated:
Copy code
// Get the default VPC
const defaultVpc = pulumi.output(aws.ec2.getVpc({ default: true }));

// Get all subnets associated with the default VPC
const defaultVpcSubnets = defaultVpc.apply(vpc => {
    return aws.ec2.getSubnetIds({ vpcId: vpc.id });

// Filter out the public subnets and export their IDs
const publicSubnetIds = defaultVpcSubnets.apply(subnets =>
    Promise.all(subnets.ids.map(id => aws.ec2.getSubnet({ id })))
    .then(subnets => subnets.filter(subnet => subnet.mapPublicIpOnLaunch).map(subnet => subnet.id))

// Filter out the private subnets and export their IDs
const privateSubnetIds = defaultVpcSubnets.apply(subnets =>
    Promise.all(subnets.ids.map(id => aws.ec2.getSubnet({ id })))
    .then(subnets => subnets.filter(subnet => !subnet.mapPublicIpOnLaunch).map(subnet => subnet.id))

// Create the EKS cluster
const eksCluster = new eks.Cluster("eks-cluster", {
    // Put the cluster in the new VPC created earlier
    vpcId: defaultVpc.id,
    // Public subnets will be used for load balancers
    publicSubnetIds: publicSubnetIds,
    // Private subnets will be used for cluster nodes
    privateSubnetIds: privateSubnetIds,
    // Change configuration values to change any of the following settings
    instanceType: eksNodeInstanceType,
    desiredCapacity: desiredClusterSize,
    minSize: minClusterSize,
    maxSize: maxClusterSize,
    // Do not give the worker nodes public IP addresses
    nodeAssociatePublicIpAddress: false,
    // Uncomment the next two lines for a private cluster (VPN access required)
    // endpointPrivateAccess: true,
    // endpointPublicAccess: false
You can skip most of those apply() calls, by using the equivalent getXOutput() functions. But you would be better off creating your own VPC and subnets, and using the known new values when creating your cluster. Looking up existing resources like this exposes you to the risk of them being deleted under you, and having to manually re-create them.
kk, I was using the existing one because I was getting an error about hitting the maximum public ip addresses. I assume I can delete the default vpc if I am not using it and then I shouldn't hit the 5 public IP cap.
You shouldn't need any public IP addresses: what use-case requires those?
I would think I would have a public IP to the nginx ingress controller which would then point to the 2 micro services based on path. (I am more of a software developer than infrastructure so I am out of my depth).
Conventionally, those are provided by a load balancer. Providing direct internet access to your web server is not recommended.
So here is my full index.ts that I originally had (that creates the vpc). When I run a pulumi up I get the error below: https://www.dropbox.com/scl/fi/l7ikc87intnrvsnu51avj/index.ts?rlkey=1aihbeykzl00vs21qzttz4diy&dl=0
Copy code
aws:ec2:Eip (ticketing-vpc-1):
    error: 1 error occurred:
        * creating EC2 EIP: AddressLimitExceeded: The maximum number of addresses has been reached.
        status code: 400, request id: 3ff6b08a-a85c-45cd-8022-af0221bbc3f2
That code looks reasonable. The error message says you're using too many EIPs (as opposed to static public IP addresses, which was my previous assumption). This won't be affected by using different VPCs: this is an account-wide limit. I think perhaps there's a small limit when you use the free tier. You can check your EIPs in the AWS VPC console, "Elastic IPs". You shouldn't need more than two per account, under normal circumstances; perhaps you have some old ones created when experimenting?
Maybe two per account is a bit small 🙂 One per region you intend to have a load balancer in!