sparse-intern-71089
10/30/2023, 2:13 PMdry-keyboard-94795
10/30/2023, 2:27 PMmagnificent-soccer-44287
10/30/2023, 2:28 PMdry-keyboard-94795
10/30/2023, 2:28 PMmagnificent-soccer-44287
10/30/2023, 2:28 PMdry-keyboard-94795
10/30/2023, 2:33 PMmagnificent-soccer-44287
10/30/2023, 2:35 PMmagnificent-soccer-44287
10/30/2023, 2:35 PMdry-keyboard-94795
10/30/2023, 2:36 PMmagnificent-soccer-44287
10/30/2023, 2:36 PMmagnificent-soccer-44287
10/30/2023, 2:40 PMmagnificent-soccer-44287
10/30/2023, 2:40 PMmagnificent-soccer-44287
10/30/2023, 2:41 PMdry-keyboard-94795
10/30/2023, 2:44 PMmagnificent-soccer-44287
10/30/2023, 2:44 PMdry-keyboard-94795
10/30/2023, 2:44 PMmagnificent-soccer-44287
10/30/2023, 2:45 PMdry-keyboard-94795
10/30/2023, 2:45 PMmagnificent-soccer-44287
10/30/2023, 2:45 PMmagnificent-soccer-44287
10/30/2023, 2:52 PMmagnificent-soccer-44287
10/30/2023, 4:08 PMmagnificent-soccer-44287
10/30/2023, 4:08 PMdry-keyboard-94795
10/30/2023, 4:15 PMdry-keyboard-94795
10/30/2023, 4:17 PMmagnificent-soccer-44287
10/30/2023, 4:18 PMconst vpc = awsx.classic.ec2.Vpc.getDefault();
and I can't seem to get the public subnets out of it to place into:
const alb = new awsx.lb.ApplicationLoadBalancer(pre('main-web-alb'), {
name: pre('web-traffic-alb'),
idleTimeout: 360,
securityGroups: [securityGroup.id],
listener: {
port: 873
},
subnets: vpc.publicSubnetIds
});
magnificent-soccer-44287
10/30/2023, 4:18 PMmagnificent-soccer-44287
10/30/2023, 4:20 PMInput<Input<Subnet>[]>
😂dry-keyboard-94795
10/30/2023, 4:21 PMdry-keyboard-94795
10/30/2023, 4:22 PMmagnificent-soccer-44287
10/30/2023, 4:28 PMmagnificent-soccer-44287
10/30/2023, 4:29 PMconst envCheckRule = new aws.lb.ListenerRule(pre('envCheckListener'), {
conditions: [{
pathPattern: {
values: ["/environment-check*"],
},
}],
actions: [{
type: "fixed-response",
fixedResponse: {
contentType: "text/plain",
statusCode: "200",
messageBody: pulumi.interpolate`Check OK - ENV ${getStack()}`,
},
}],
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 50, // We'll have the onboarding listener be a higher priority.
});
but for some reason this rule:
const serviceListenerRule = new aws.lb.ListenerRule(pre('mainServiceListener'), {
conditions: [{
pathPattern: {
values: ["/*"],
},
}],
actions: [{
type: "forward",
targetGroupArn: mainTargetGroup.arn,
}],
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 500, // We'll have the onboarding listener be a higher priority.
});
does not forward to my fargate service despite this config:
const pmbMainFargateService = new awsx.ecs.FargateService(pre('fargate-main'), {
cluster: pmbServiceCluster.arn,
name: pre('fargate-main'),
assignPublicIp: true,
healthCheckGracePeriodSeconds: 420,
desiredCount: 1,
taskDefinitionArgs: {
logGroup: {
existing: {
name: pmbServiceMainLogGroup.name
}
},
containers: {
pmbWebApp: {
name: "pmbWebApp",
image: pmbMainDockerImage.repoDigest,
cpu: 1024, //1024 = 1 VCPU
memory: 2048, // MiB
essential: true,
healthCheck: {
interval: 25,
retries: 10,
command: ["CMD-SHELL", `ps x | grep puma | grep 0.0.0.0:${pmbMainAppPort}`]
},
portMappings: [{
targetGroup: mainTargetGroup,
containerPort: pmbMainAppPort,
hostPort: pmbMainAppPort,
}],
magnificent-soccer-44287
10/30/2023, 4:30 PMconst mainTargetGroup = new aws.lb.TargetGroup(pre('tg-main'), {
port: pmbMainAppPort,
protocol: "HTTP",
targetType: "ip",
vpcId: vpc.id,
healthCheck: {
interval: 30,
timeout: 25,
matcher: "200,304",
path: "/favicon.ico",
unhealthyThreshold: 10
},
});
magnificent-soccer-44287
10/30/2023, 4:30 PMmagnificent-soccer-44287
10/30/2023, 4:30 PMmagnificent-soccer-44287
10/30/2023, 4:36 PMdry-keyboard-94795
10/30/2023, 4:44 PMmagnificent-soccer-44287
10/30/2023, 4:46 PMmagnificent-soccer-44287
10/30/2023, 4:47 PMconst listenerRule = new aws.lb.ListenerRule(pre('listener-s3'), {
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'), // Replace with your ALB listener ARN
priority: 75,
actions: [{
type: "redirect",
redirect: {
protocol: "HTTP", // or HTTPS if your bucket is set up with a custom domain and SSL
port: "80", // or 443 for HTTPS
host: bucket.websiteEndpoint,
path: "/#{path}",
query: "#{query}",
statusCode: "HTTP_301",
},
}],
conditions: [{
pathPattern: {
values: ["/onboarding*"],
},
}]
});
403dry-keyboard-94795
10/30/2023, 4:48 PMmagnificent-soccer-44287
10/30/2023, 4:50 PMmagnificent-soccer-44287
10/30/2023, 4:50 PMmagnificent-soccer-44287
10/30/2023, 4:50 PMmagnificent-soccer-44287
10/30/2023, 4:50 PM404 Not Found
Code: NoSuchKey
Message: The specified key doe
NoSuchKeydry-keyboard-94795
10/30/2023, 4:52 PM-v
)magnificent-soccer-44287
10/30/2023, 4:54 PMmagnificent-soccer-44287
10/30/2023, 4:54 PMdry-keyboard-94795
10/30/2023, 4:56 PMmagnificent-soccer-44287
10/30/2023, 4:56 PMmagnificent-soccer-44287
10/30/2023, 4:57 PMmagnificent-soccer-44287
10/30/2023, 4:58 PMmagnificent-soccer-44287
10/30/2023, 4:59 PMmagnificent-soccer-44287
10/30/2023, 4:59 PMmagnificent-soccer-44287
10/30/2023, 5:01 PMmagnificent-soccer-44287
10/30/2023, 5:01 PMmagnificent-soccer-44287
10/30/2023, 5:01 PMmagnificent-soccer-44287
10/30/2023, 5:01 PMmagnificent-soccer-44287
10/30/2023, 5:02 PMdry-keyboard-94795
10/30/2023, 5:05 PMdry-keyboard-94795
10/30/2023, 5:08 PMmain ALB seems to be requesting /onboarding when it should be requesting /
ALB also doesn't support rewriting the path like this. You can add to it, but not remove parts. So a server is also required here, or upload the files under the
/onboarding/
prefixdry-keyboard-94795
10/30/2023, 5:09 PMmagnificent-soccer-44287
10/30/2023, 5:10 PMmagnificent-soccer-44287
10/30/2023, 5:12 PMmagnificent-soccer-44287
10/30/2023, 5:13 PMdry-keyboard-94795
10/30/2023, 5:16 PMmagnificent-soccer-44287
10/30/2023, 5:16 PMmagnificent-soccer-44287
10/30/2023, 5:17 PMdry-keyboard-94795
10/30/2023, 5:18 PMdry-keyboard-94795
10/30/2023, 5:21 PMmagnificent-soccer-44287
10/30/2023, 5:21 PMmagnificent-soccer-44287
10/30/2023, 5:21 PMdry-keyboard-94795
10/30/2023, 5:22 PMmagnificent-soccer-44287
10/30/2023, 5:23 PMdry-keyboard-94795
10/30/2023, 5:23 PMmagnificent-soccer-44287
10/30/2023, 5:31 PMmagnificent-soccer-44287
10/30/2023, 5:31 PMThe IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used.
apparently ECS supports this but having trouble finding it in pulumimagnificent-soccer-44287
10/30/2023, 5:32 PMmagnificent-soccer-44287
10/30/2023, 6:08 PMmagnificent-soccer-44287
10/30/2023, 7:21 PMmagnificent-soccer-44287
10/30/2023, 7:21 PMdry-keyboard-94795
10/30/2023, 7:26 PMmagnificent-soccer-44287
10/30/2023, 7:27 PMdry-keyboard-94795
10/30/2023, 7:28 PMmagnificent-soccer-44287
10/30/2023, 7:29 PMmagnificent-soccer-44287
10/30/2023, 7:29 PMmagnificent-soccer-44287
10/30/2023, 7:29 PMdry-keyboard-94795
10/30/2023, 7:29 PMmagnificent-soccer-44287
10/30/2023, 7:30 PMdry-keyboard-94795
10/30/2023, 7:30 PMdry-keyboard-94795
10/30/2023, 7:31 PMdry-keyboard-94795
10/30/2023, 7:32 PMmagnificent-soccer-44287
10/30/2023, 7:32 PMmagnificent-soccer-44287
10/30/2023, 7:33 PMmagnificent-soccer-44287
10/30/2023, 7:34 PMmagnificent-soccer-44287
10/30/2023, 7:34 PMdry-keyboard-94795
10/30/2023, 7:35 PMdry-keyboard-94795
10/30/2023, 7:35 PMmagnificent-soccer-44287
10/30/2023, 7:36 PMdry-keyboard-94795
10/30/2023, 7:36 PMmagnificent-soccer-44287
10/30/2023, 7:37 PMassignPublicIp: true,
// networkConfiguration: {
// securityGroups: [sideKiqEcsSecurityGroup.id],
// subnets: coreInfraStackRef.getOutput('privateSubnetIds'),
// },
I literally get an ECS error saying i can use one or the other. its very clearmagnificent-soccer-44287
10/30/2023, 7:37 PMmagnificent-soccer-44287
10/30/2023, 7:39 PMmagnificent-soccer-44287
10/30/2023, 7:40 PMdry-keyboard-94795
10/30/2023, 7:43 PMmagnificent-soccer-44287
10/30/2023, 7:44 PMmagnificent-soccer-44287
10/30/2023, 7:44 PMmagnificent-soccer-44287
10/30/2023, 7:44 PMdry-keyboard-94795
10/30/2023, 7:45 PMmagnificent-soccer-44287
10/30/2023, 7:45 PMmagnificent-soccer-44287
10/30/2023, 7:46 PMvpc.getSubnetsIds('public')
and everything else comes back blankmagnificent-soccer-44287
10/30/2023, 7:46 PMdry-keyboard-94795
10/30/2023, 7:47 PMmagnificent-soccer-44287
10/30/2023, 7:47 PMconst privateSubnets = [ // Do NOT touch CIDR block configuration.
createPrivateSubnet("private-subnet-1", vpc, "64", "a"),
createPrivateSubnet("private-subnet-2", vpc, "80", "b"),
createPrivateSubnet("private-subnet-3", vpc, "96", "c"),
createPrivateSubnet("private-subnet-4", vpc, "112", "d")
]
X____Xmagnificent-soccer-44287
10/30/2023, 7:49 PMvpc.getSubnetsIds('public');
says it only gets pub subnets from when vpc was createdmagnificent-soccer-44287
10/30/2023, 7:49 PMdry-keyboard-94795
10/30/2023, 7:49 PMmagnificent-soccer-44287
10/30/2023, 7:50 PMmagnificent-soccer-44287
10/30/2023, 7:52 PMdry-keyboard-94795
10/30/2023, 7:52 PMdry-keyboard-94795
10/30/2023, 7:55 PMmagnificent-soccer-44287
10/30/2023, 7:55 PMnew awsx.ec2.DefaultVpc()
requires a name and my default vpc doesnt have one in any of my envsdry-keyboard-94795
10/30/2023, 7:56 PMdry-keyboard-94795
10/30/2023, 7:57 PMmagnificent-soccer-44287
10/30/2023, 7:57 PMmagnificent-soccer-44287
10/30/2023, 7:57 PMdry-keyboard-94795
10/30/2023, 7:57 PMmagnificent-soccer-44287
10/30/2023, 7:59 PMmagnificent-soccer-44287
10/30/2023, 7:59 PMmagnificent-soccer-44287
10/30/2023, 8:00 PMmagnificent-soccer-44287
10/30/2023, 8:00 PMdry-keyboard-94795
10/30/2023, 8:00 PMname:...
Set in the Args object.
It'll generate the name for you, with a random suffix. Helps with resource recreationdry-keyboard-94795
10/30/2023, 8:00 PMmagnificent-soccer-44287
10/30/2023, 8:01 PMmagnificent-soccer-44287
10/30/2023, 8:03 PMdry-keyboard-94795
10/30/2023, 8:05 PMmagnificent-soccer-44287
10/30/2023, 9:17 PMmagnificent-soccer-44287
10/30/2023, 9:18 PMpulumi:pulumi:Stack (domain-user-development):
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xe05f6e]
dry-keyboard-94795
10/30/2023, 9:19 PMmagnificent-soccer-44287
10/30/2023, 9:20 PMconst s3ReadRole = new aws.iam.Role("s3ReadRole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
},
Effect: "Allow",
Sid: ""
}]
})
});
const lambdaLogGroup = new aws.cloudwatch.LogGroup(pre('lambda-log'), {
retentionInDays: 60
})
const lambdaLoggingPolicyDocument = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
resources: ["arn:aws:logs:*:*:*"],
}],
});
const lambdaLoggingPolicy = new aws.iam.Policy(pre('lambda-log-policy'), {
path: "/",
description: "IAM policy for logging from a lambda",
policy: lambdaLoggingPolicyDocument.then(lambdaLoggingPolicyDocument => lambdaLoggingPolicyDocument.json),
});
const lambdaExecutionRole = new aws.iam.Role("lambdaExecutionRole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
},
Effect: "Allow",
Sid: ""
}]
})
});
const lambdaLogs = new aws.iam.RolePolicyAttachment(pre('lambda-log-attach'), {
role: lambdaExecutionRole.name,
policyArn: lambdaLoggingPolicy.arn,
});
const lambdaSecurityGroup = new aws.ec2.SecurityGroup(pre('lambda-sg'), {
vpcId: vpc.vpcId,
description: "Security group for domain-user proxy lambda",
egress: [
{
protocol: "-1", // Allow all outbound traffic
fromPort: 0,
toPort: 0,
cidrBlocks: ["0.0.0.0/0"],
}
],
});
const lambdaTargetGroup = new aws.lb.TargetGroup(pre('tg-lambda'), {
protocol: "HTTP",
targetType: "lambda",
port: 80,
vpcId: vpc.vpcId
});
const proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.privateSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id]
},
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => {
console.log('Starting Execution');
const path = event.path.substring(1); // Remove the leading '/'
try {
const s3Response = await s3.getObject({
Bucket: "${bucket.bucket}",
Key: path,
}).promise();
return {
statusCode: 200,
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" }, // Adjust based on your content
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`),
}),
role: s3ReadRole.arn,
}, {
dependsOn: [lambdaLogs, lambdaLogGroup, lambdaTargetGroup, lambdaLoggingPolicy, lambdaExecutionRole, lambdaLogs, lambdaSecurityGroup, s3ReadRole]
});
const lambdaElbPermission = new aws.lambda.Permission(pre('elb-permission'), {
action: "lambda:InvokeFunction",
function: proxyLambda.name,
principal: "<http://elasticloadbalancing.amazonaws.com|elasticloadbalancing.amazonaws.com>",
// If you're using an Application Load Balancer, you might also need to specify the source ARN:
sourceArn: lambdaTargetGroup.arn
});
const lambdaS3Permission = new aws.lambda.Permission(pre('s3-permission'), {
action: "lambda:InvokeFunction",
function: proxyLambda.name,
principal: "<http://s3.amazonaws.com|s3.amazonaws.com>",
// If you're using an Application Load Balancer, you might also need to specify the source ARN:
sourceArn: lambdaTargetGroup.arn
});
const lambdaTarget = new aws.lb.TargetGroupAttachment("lambdaTarget", {
targetGroupArn: lambdaTargetGroup.arn,
targetId: proxyLambda.arn,
}, { dependsOn: [lambdaTargetGroup, lambdaElbPermission, lambdaS3Permission]});
const listenerRule = new aws.lb.ListenerRule(pre('listener-s3'), {
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 75,
actions: [{
type: "forward",
targetGroupArn: lambdaTargetGroup.arn
}],
conditions: [{
pathPattern: {
values: ["/onboarding*"],
},
}]
});
magnificent-soccer-44287
10/30/2023, 9:22 PMmagnificent-soccer-44287
10/30/2023, 9:24 PMdry-keyboard-94795
10/30/2023, 9:25 PMmagnificent-soccer-44287
10/30/2023, 9:25 PMmagnificent-soccer-44287
10/30/2023, 9:26 PMmagnificent-soccer-44287
10/30/2023, 9:28 PMdry-keyboard-94795
10/30/2023, 9:28 PMmagnificent-soccer-44287
10/30/2023, 9:28 PMmagnificent-soccer-44287
10/30/2023, 9:29 PMmagnificent-soccer-44287
10/30/2023, 9:30 PMmagnificent-soccer-44287
10/30/2023, 9:31 PMmagnificent-soccer-44287
10/30/2023, 9:32 PMmagnificent-soccer-44287
10/30/2023, 9:35 PMdry-keyboard-94795
10/30/2023, 9:35 PMvpcId: vpc.vpcId,
added?magnificent-soccer-44287
10/30/2023, 9:36 PMmagnificent-soccer-44287
10/30/2023, 9:36 PMaws:lambda:Function (domain-user-s3-lambda):
error: aws:lambda/function:Function resource 'domain-user-s3-lambda' has a problem: Value for unconfigurable attribute. Can't configure a value for "vpc_config.0.vpc_id": its value will be decided automatically based on the result of applying this configuration.. Examine values at 'domain-user-s3-lambda.vpcConfig.vpcId'.
dry-keyboard-94795
10/30/2023, 9:37 PMmagnificent-soccer-44287
10/30/2023, 9:37 PMmagnificent-soccer-44287
10/30/2023, 9:37 PMmagnificent-soccer-44287
10/30/2023, 9:41 PMmagnificent-soccer-44287
10/30/2023, 9:41 PMmagnificent-soccer-44287
10/30/2023, 9:41 PMconst lambdaSecurityGroup = new aws.ec2.SecurityGroup(pre('lambda-sg'), {
vpcId: vpc.vpcId,
description: "Security group for domain-user proxy lambda",
egress: [
{
protocol: "-1", // Allow all outbound traffic
fromPort: 0,
toPort: 0,
cidrBlocks: ["0.0.0.0/0"],
}
],
});
const lambdaTargetGroup = new aws.lb.TargetGroup(pre('tg-lambda'), {
protocol: "HTTP",
targetType: "lambda",
port: 80,
vpcId: vpc.vpcId
});
const proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
// vpcConfig: {
// subnetIds: vpc.privateSubnetIds,
// securityGroupIds: [lambdaSecurityGroup.id],
// },
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => {
console.log('Starting Execution');
const path = event.path.substring(1); // Remove the leading '/'
try {
const s3Response = await s3.getObject({
Bucket: "${bucket.bucket}",
Key: path,
}).promise();
return {
statusCode: 200,
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" }, // Adjust based on your content
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`),
}),
role: s3ReadRole.arn,
}, {dependsOn: [lambdaSecurityGroup, lambdaTargetGroup]});
magnificent-soccer-44287
10/30/2023, 9:41 PMdry-keyboard-94795
10/30/2023, 9:44 PMsubnetIds: vpc.privateSubnetIds.apply(ids => {
console.log(ids);
return ids;
})
magnificent-soccer-44287
10/30/2023, 9:45 PMmagnificent-soccer-44287
10/30/2023, 9:46 PM+ subnetIds : [
+ [0]: "subnet-00ff847521ecd9d36"
+ [1]: "subnet-04b5574c704aadda3"
+ [2]: "subnet-08bab0e8ac3185463"
+ [3]: "subnet-0a00949490c736325"
]
dry-keyboard-94795
10/30/2023, 10:06 PMmagnificent-soccer-44287
10/30/2023, 10:06 PMmagnificent-soccer-44287
10/30/2023, 10:07 PMmagnificent-soccer-44287
10/30/2023, 10:07 PMdry-keyboard-94795
10/30/2023, 10:24 PMmagnificent-soccer-44287
10/30/2023, 10:24 PMconst networkInterfacePolicyDocument = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
],
resources: ["*"],
}],
});
magnificent-soccer-44287
10/30/2023, 10:25 PMmagnificent-soccer-44287
10/30/2023, 10:25 PMmagnificent-soccer-44287
10/30/2023, 10:25 PMdry-keyboard-94795
10/30/2023, 10:26 PMmagnificent-soccer-44287
10/30/2023, 10:26 PMmagnificent-soccer-44287
10/30/2023, 10:27 PMdry-keyboard-94795
10/30/2023, 10:27 PMmagnificent-soccer-44287
10/30/2023, 10:30 PMmagnificent-soccer-44287
10/30/2023, 10:30 PMmagnificent-soccer-44287
10/30/2023, 10:30 PMdry-keyboard-94795
10/30/2023, 10:32 PMimport * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = new awsx.ec2.DefaultVpc("vpc");
const lambdaSecurityGroup = new aws.ec2.SecurityGroup('func', {
vpcId: vpc.vpcId,
description: "Security group for domain-user proxy lambda",
egress: [
{
protocol: "-1", // Allow all outbound traffic
fromPort: 0,
toPort: 0,
cidrBlocks: ["0.0.0.0/0"],
}
],
});
const role = new aws.iam.Role('func', {
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>" }),
managedPolicyArns: [
aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole,
// NOTE: With this commented out, creation of the lambda function hangs indefinitely
// aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole,
]
});
new aws.lambda.Function('func', {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.publicSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id],
},
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
exports.handler = async (event) => {
console.log('Starting Execution');
return {
statusCode: 200,
body: "Hello, world!",
headers: { "Content-Type": "text/plain" },
};
};
`),
}),
role: role.arn,
});
magnificent-soccer-44287
10/30/2023, 10:35 PMdry-keyboard-94795
10/30/2023, 10:36 PMmagnificent-soccer-44287
10/30/2023, 10:36 PMmagnificent-soccer-44287
10/30/2023, 10:36 PMconst listenerRule = new aws.lb.ListenerRule(pre('listener-s3'), {
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 75,
actions: [{
type: "forward",
targetGroupArn: lambdaTargetGroup.arn
}],
conditions: [{
pathPattern: {
values: ["/onboarding*"],
},
}]
});
magnificent-soccer-44287
10/30/2023, 10:36 PMconst lambdaTargetGroup = new aws.lb.TargetGroup(pre('tg-lambda'), {
protocol: "HTTP",
targetType: "lambda",
port: 80,
vpcId: vpc.vpcId
});
const lambdaElbPermission = new aws.lambda.Permission(pre('elb-permission'), {
action: "lambda:InvokeFunction",
function: proxyLambda.name,
principal: "<http://elasticloadbalancing.amazonaws.com|elasticloadbalancing.amazonaws.com>",
// If you're using an Application Load Balancer, you might also need to specify the source ARN:
sourceArn: lambdaTargetGroup.arn
});
dry-keyboard-94795
10/30/2023, 10:37 PMs3read
to the lambda.
You need to end up with one role that has multiple policies insteadmagnificent-soccer-44287
10/30/2023, 10:37 PMdry-keyboard-94795
10/30/2023, 10:37 PMmagnificent-soccer-44287
10/30/2023, 10:41 PMmagnificent-soccer-44287
10/30/2023, 10:41 PMconst listenerRule = new aws.lb.ListenerRule(pre('listener-s3'), {
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 75,
actions: [{
type: "forward",
targetGroupArn: lambdaTargetGroup.arn
}],
conditions: [{
pathPattern: {
values: ["/onboarding*"],
},
}]
});
const envCheckRule = new aws.lb.ListenerRule(pre('envCheckListener'), {
conditions: [{
pathPattern: {
values: ["/domain-user-check*"],
},
}],
actions: [{
type: "fixed-response",
fixedResponse: {
contentType: "text/plain",
statusCode: "200",
messageBody: pulumi.interpolate`User Domain Check OK - ENV ${getStack()}`,
},
}],
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 49, // We'll have the onboarding listener be a higher priority.
});
domain-user-check passesmagnificent-soccer-44287
10/30/2023, 10:41 PMmagnificent-soccer-44287
10/30/2023, 10:42 PMdry-keyboard-94795
10/30/2023, 10:43 PMmagnificent-soccer-44287
10/30/2023, 10:43 PMdry-keyboard-94795
10/30/2023, 11:20 PMmagnificent-soccer-44287
10/30/2023, 11:21 PMdry-keyboard-94795
10/30/2023, 11:21 PMmagnificent-soccer-44287
10/30/2023, 11:22 PMdry-keyboard-94795
10/30/2023, 11:23 PMmagnificent-soccer-44287
10/30/2023, 11:23 PMconst bucketString = bucket.bucket.apply(t => t);
const proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.privateSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id],
},
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => { // 3
console.log('Starting Execution');
const path = event.path.substring(1);
try {
const s3Response = await s3.getObject({
Bucket: '${pulumi.interpolate`${bucketString}`}',
Key: path,
}).promise();
return {
statusCode: 200,
statusDescription: "200 OK",
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" },
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`),
}),
role: lambdaExecutionRole.arn,
}, {dependsOn: [lambdaExecutionRole, lambdaSecurityGroup, lambdaTargetGroup]});
gives me an invalid TS file because the bucket.bucket isnt parsedmagnificent-soccer-44287
10/30/2023, 11:24 PMmagnificent-soccer-44287
10/30/2023, 11:24 PMdry-keyboard-94795
10/30/2023, 11:24 PMpulumi.interpolate
. Attributes on resources are wrapped as pulumi Outputsmagnificent-soccer-44287
10/30/2023, 11:24 PMdry-keyboard-94795
10/30/2023, 11:25 PMmagnificent-soccer-44287
10/30/2023, 11:25 PMBucket: '${pulumi.interpolate`${bucket.bucket}`}',
?magnificent-soccer-44287
10/30/2023, 11:25 PMmagnificent-soccer-44287
10/30/2023, 11:25 PMmagnificent-soccer-44287
10/30/2023, 11:28 PMmagnificent-soccer-44287
10/30/2023, 11:30 PMmagnificent-soccer-44287
10/30/2023, 11:30 PMmagnificent-soccer-44287
10/30/2023, 11:30 PMmagnificent-soccer-44287
10/30/2023, 11:40 PMmagnificent-soccer-44287
10/30/2023, 11:44 PMmagnificent-soccer-44287
10/30/2023, 11:45 PMconst transformedOutput = bucket.bucket.apply(val => val);
const templateOut = pulumi.interpolate`${transformedOutput}`;
let bucketOut = ''
templateOut.apply(s => { bucketOut = s; });
Bucket: '${bucketOut}',
still gets me a callback outputmagnificent-soccer-44287
10/30/2023, 11:45 PMmagnificent-soccer-44287
10/30/2023, 11:49 PMdry-keyboard-94795
10/30/2023, 11:49 PMbucket.bucket.apply
magnificent-soccer-44287
10/30/2023, 11:50 PMconst string = bucket.bucket.apply(s => { return s })
not seeing a StringAsset typemagnificent-soccer-44287
10/30/2023, 11:50 PMmagnificent-soccer-44287
10/30/2023, 11:52 PMTo get the value of an Output<T> as an Output<string> consider either:
1: o.apply(v => `prefix${v}suffix`)
2: pulumi.interpolate `prefix${v}suffix`
See <https://www.pulumi.com/docs/concepts/inputs-outputs> for more details.
This function may throw in a future version of @pulumi/pulumi.',
and neither of those seem to work unless im doing something very wrongdry-keyboard-94795
10/30/2023, 11:52 PMpulumi.asset.StringAsset
dry-keyboard-94795
10/30/2023, 11:54 PMbucket.bucket.apply
magnificent-soccer-44287
10/30/2023, 11:54 PMmagnificent-soccer-44287
10/30/2023, 11:54 PMmagnificent-soccer-44287
10/30/2023, 11:55 PMconst proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.privateSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id],
},
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => { // 16
console.log('Starting Execution');
const path = event.path.substring(1);
try {
const s3Response = await s3.getObject({
Bucket: '${string}',
Key: path,
}).promise();
return {
statusCode: 200,
statusDescription: "200 OK",
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" },
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`),
}),
role: lambdaExecutionRole.arn,
}, {dependsOn: [lambdaExecutionRole, lambdaSecurityGroup, lambdaTargetGroup]});
and assign it outward with a "let"magnificent-soccer-44287
10/30/2023, 11:55 PMdry-keyboard-94795
10/30/2023, 11:56 PMmagnificent-soccer-44287
10/30/2023, 11:56 PMmagnificent-soccer-44287
10/30/2023, 11:57 PMlet proxyLambda!: aws.lambda.Function;
bucket.bucket.apply(s => {
proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.privateSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id],
},
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => { // 16
console.log('Starting Execution');
const path = event.path.substring(1);
try {
const s3Response = await s3.getObject({
Bucket: '${s}',
Key: path,
}).promise();
return {
statusCode: 200,
statusDescription: "200 OK",
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" },
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`),
}),
role: lambdaExecutionRole.arn,
}, {dependsOn: [lambdaExecutionRole, lambdaSecurityGroup, lambdaTargetGroup]});
})
just makes the whole object never get evaluateddry-keyboard-94795
10/30/2023, 11:58 PMmagnificent-soccer-44287
10/30/2023, 11:58 PMdry-keyboard-94795
10/30/2023, 11:58 PMcode
parametermagnificent-soccer-44287
10/31/2023, 12:02 AMconst proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.privateSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id],
},
code: bucket.bucket.apply(s => { return new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => { // 18
console.log('Starting Execution');
const path = event.path.substring(1);
try {
const s3Response = await s3.getObject({
Bucket: '${s}',
Key: path,
}).promise();
return {
statusCode: 200,
statusDescription: "200 OK",
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" },
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`)})}),
role: lambdaExecutionRole.arn,
}, {dependsOn: [lambdaExecutionRole, lambdaSecurityGroup, lambdaTargetGroup]});
magnificent-soccer-44287
10/31/2023, 12:02 AMmagnificent-soccer-44287
10/31/2023, 12:04 AM