sparse-intern-71089
10/18/2023, 11:34 AMbillowy-army-68599
billowy-army-68599
kind-house-12874
10/18/2023, 11:51 AMbillowy-army-68599
kind-house-12874
10/18/2023, 11:54 AMkind-house-12874
10/18/2023, 11:54 AMbillowy-army-68599
vpc.publicSubnetIds
and vpc.privateSubnetIds
are availablekind-house-12874
10/18/2023, 11:57 AMaws.ec2.Subnet
objects.kind-house-12874
10/18/2023, 12:01 PMapply()
and not to use Array.filter()
at all? This is probably doable but just makes code a bit less readable.billowy-army-68599
aws.ec2.getSubnet
and pass the ID if neededbillowy-army-68599
But what I’m hearing is that the only way to do something is inside the innermost apply() and not to use Array.filter() at all?you can’t use
Array.filter
on an output no, you need to resolve the output then use it, which happens inside an applybillowy-army-68599
kind-house-12874
10/18/2023, 1:32 PMconst vpc = new awsx.ec2.Vpc(...)
const publicSubnetCidrs = ...
const securityGroupRule = new aws.ec2.SecurityGroup(
"allow-access-from-public-subnets",
{
name,
description: 'Allow access from publicSubnet',
vpcId: vpc.vpcId,
ingress: [
{
description: 'Allow traffic from subnets',
fromPort: 5432,
toPort: 5432,
protocol: 'tcp',
cidrBlocks: publicSubnetCidrs,
},
],
});
I was hoping for a simple vpc.subnets
array filter approach that returns an Output array of the CIDR blocks but I did forget that pulumi.Outputs are treated in a special way (which is understandable as those are not resolvable immediately). This is probably the first stumbling block for me that took a while to catch. Otherwise, everything has made sense and we haven’t had too many difficulties on our path to use Pulumi.
To solve the above case, you just need to collect the cidr blocks inside the apply and create SecurityGroup
inside it.kind-house-12874
10/18/2023, 2:56 PMbillowy-army-68599
billowy-army-68599
kind-house-12874
10/18/2023, 3:16 PMkind-house-12874
10/18/2023, 7:18 PMaws.ec2.getSubnet()
as suggested. This is a simplified example but you should get the point:
export class Vpc extends pulumi.ComponentResource {
readonly instance: awsx.ec2.Vpc;
readonly publicSubnets: pulumi.Output<pulumi.Output<GetSubnetResult>[]>;
readonly privateSubnets: pulumi.Output<pulumi.Output<GetSubnetResult>[]>;
constructor(
private readonly name: string,
private readonly args: awsx.ec2.VpcArgs = {},
private readonly opts: pulumi.ComponentResourceOptions = {}
) {
super('pkg:index:MyComponent', name, {}, opts);
this.instance = new awsx.ec2.Vpc(name, {}, { parent: this });
this.publicSubnets = this.getSubnetsInternal(this.instance.publicSubnetIds);
this.privateSubnets = this.getSubnetsInternal(this.instance.privateSubnetIds);
this.registerOutputs();
}
private getSubnetsInternal(
subnetIds: pulumi.Output<string[]>
): pulumi.Output<pulumi.Output<GetSubnetResult>[]> {
return subnetIds.apply((ids) =>
ids.map((id) => aws.ec2.getSubnetOutput({ id }))
);
}
}
One can then consume the resource as follows:
const vpc = new Vpc('my-vpc');
const privateSubnetCidrBlocks = vpc.privateSubnets.apply((subnets) =>
subnets.map((subnet) => subnet.cidrBlock)
);
const securityGroup = new aws.ec2.SecurityGroup('rds-security-group', {
vpcId: vpc.instance.vpcId,
ingress: [
{
description: 'Private subnet access to RDS',
fromPort: 5432,
toPort: 5432,
protocol: 'tcp',
cidrBlocks: privateSubnetCidrBlocks,
},
],
});