magnificent-soccer-44287
10/30/2023, 2:13 PMcreating ECS Service (pmb-main-fargate-main): InvalidParameterException: The target group with targetGroupArn arn:aws:elasticloadbalancing:us-west-2:851404744550:targetgroup/pmb-main-tg-main-a72055f/602533dbf27bf9ae does not have an associated load balancer.
Is this a Fargate Limitation that is impossible to work around? or is there some option I'm not finding in the docs.
The workaround appears to create the TG first, then link it to an ALB in a different stack, then create the Fargate service linking to the TG but... that seems extremely jankydry-keyboard-94795
10/30/2023, 2:27 PMmagnificent-soccer-44287
10/30/2023, 2:28 PMdry-keyboard-94795
10/30/2023, 2:28 PMmagnificent-soccer-44287
10/30/2023, 2:28 PMdry-keyboard-94795
10/30/2023, 2:33 PMmagnificent-soccer-44287
10/30/2023, 2:35 PMdry-keyboard-94795
10/30/2023, 2:36 PMmagnificent-soccer-44287
10/30/2023, 2:36 PMdry-keyboard-94795
10/30/2023, 2:44 PMmagnificent-soccer-44287
10/30/2023, 2:44 PMdry-keyboard-94795
10/30/2023, 2:44 PMmagnificent-soccer-44287
10/30/2023, 2:45 PMdry-keyboard-94795
10/30/2023, 2:45 PMmagnificent-soccer-44287
10/30/2023, 2:45 PMdry-keyboard-94795
10/30/2023, 4:15 PMmagnificent-soccer-44287
10/30/2023, 4:18 PMconst vpc = awsx.classic.ec2.Vpc.getDefault();
and I can't seem to get the public subnets out of it to place into:
const alb = new awsx.lb.ApplicationLoadBalancer(pre('main-web-alb'), {
name: pre('web-traffic-alb'),
idleTimeout: 360,
securityGroups: [securityGroup.id],
listener: {
port: 873
},
subnets: vpc.publicSubnetIds
});
Input<Input<Subnet>[]>
😂dry-keyboard-94795
10/30/2023, 4:21 PMmagnificent-soccer-44287
10/30/2023, 4:28 PMconst envCheckRule = new aws.lb.ListenerRule(pre('envCheckListener'), {
conditions: [{
pathPattern: {
values: ["/environment-check*"],
},
}],
actions: [{
type: "fixed-response",
fixedResponse: {
contentType: "text/plain",
statusCode: "200",
messageBody: pulumi.interpolate`Check OK - ENV ${getStack()}`,
},
}],
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 50, // We'll have the onboarding listener be a higher priority.
});
but for some reason this rule:
const serviceListenerRule = new aws.lb.ListenerRule(pre('mainServiceListener'), {
conditions: [{
pathPattern: {
values: ["/*"],
},
}],
actions: [{
type: "forward",
targetGroupArn: mainTargetGroup.arn,
}],
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 500, // We'll have the onboarding listener be a higher priority.
});
does not forward to my fargate service despite this config:
const pmbMainFargateService = new awsx.ecs.FargateService(pre('fargate-main'), {
cluster: pmbServiceCluster.arn,
name: pre('fargate-main'),
assignPublicIp: true,
healthCheckGracePeriodSeconds: 420,
desiredCount: 1,
taskDefinitionArgs: {
logGroup: {
existing: {
name: pmbServiceMainLogGroup.name
}
},
containers: {
pmbWebApp: {
name: "pmbWebApp",
image: pmbMainDockerImage.repoDigest,
cpu: 1024, //1024 = 1 VCPU
memory: 2048, // MiB
essential: true,
healthCheck: {
interval: 25,
retries: 10,
command: ["CMD-SHELL", `ps x | grep puma | grep 0.0.0.0:${pmbMainAppPort}`]
},
portMappings: [{
targetGroup: mainTargetGroup,
containerPort: pmbMainAppPort,
hostPort: pmbMainAppPort,
}],
const mainTargetGroup = new aws.lb.TargetGroup(pre('tg-main'), {
port: pmbMainAppPort,
protocol: "HTTP",
targetType: "ip",
vpcId: vpc.id,
healthCheck: {
interval: 30,
timeout: 25,
matcher: "200,304",
path: "/favicon.ico",
unhealthyThreshold: 10
},
});
dry-keyboard-94795
10/30/2023, 4:44 PMmagnificent-soccer-44287
10/30/2023, 4:46 PMconst listenerRule = new aws.lb.ListenerRule(pre('listener-s3'), {
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'), // Replace with your ALB listener ARN
priority: 75,
actions: [{
type: "redirect",
redirect: {
protocol: "HTTP", // or HTTPS if your bucket is set up with a custom domain and SSL
port: "80", // or 443 for HTTPS
host: bucket.websiteEndpoint,
path: "/#{path}",
query: "#{query}",
statusCode: "HTTP_301",
},
}],
conditions: [{
pathPattern: {
values: ["/onboarding*"],
},
}]
});
403dry-keyboard-94795
10/30/2023, 4:48 PMmagnificent-soccer-44287
10/30/2023, 4:50 PM404 Not Found
Code: NoSuchKey
Message: The specified key doe
NoSuchKeydry-keyboard-94795
10/30/2023, 4:52 PM-v
)magnificent-soccer-44287
10/30/2023, 4:54 PMdry-keyboard-94795
10/30/2023, 4:56 PMmagnificent-soccer-44287
10/30/2023, 4:56 PMdry-keyboard-94795
10/30/2023, 5:05 PMmain ALB seems to be requesting /onboarding when it should be requesting /
ALB also doesn't support rewriting the path like this. You can add to it, but not remove parts. So a server is also required here, or upload the files under the
/onboarding/
prefixmagnificent-soccer-44287
10/30/2023, 5:10 PMdry-keyboard-94795
10/30/2023, 5:16 PMmagnificent-soccer-44287
10/30/2023, 5:16 PMdry-keyboard-94795
10/30/2023, 5:18 PMmagnificent-soccer-44287
10/30/2023, 5:21 PMdry-keyboard-94795
10/30/2023, 5:22 PMmagnificent-soccer-44287
10/30/2023, 5:23 PMdry-keyboard-94795
10/30/2023, 5:23 PMmagnificent-soccer-44287
10/30/2023, 5:31 PMThe IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used.
apparently ECS supports this but having trouble finding it in pulumidry-keyboard-94795
10/30/2023, 7:26 PMmagnificent-soccer-44287
10/30/2023, 7:27 PMdry-keyboard-94795
10/30/2023, 7:28 PMmagnificent-soccer-44287
10/30/2023, 7:29 PMdry-keyboard-94795
10/30/2023, 7:29 PMmagnificent-soccer-44287
10/30/2023, 7:30 PMdry-keyboard-94795
10/30/2023, 7:30 PMmagnificent-soccer-44287
10/30/2023, 7:30 PMdry-keyboard-94795
10/30/2023, 7:31 PMmagnificent-soccer-44287
10/30/2023, 7:32 PMdry-keyboard-94795
10/30/2023, 7:35 PMmagnificent-soccer-44287
10/30/2023, 7:36 PMdry-keyboard-94795
10/30/2023, 7:36 PMmagnificent-soccer-44287
10/30/2023, 7:37 PMassignPublicIp: true,
// networkConfiguration: {
// securityGroups: [sideKiqEcsSecurityGroup.id],
// subnets: coreInfraStackRef.getOutput('privateSubnetIds'),
// },
I literally get an ECS error saying i can use one or the other. its very cleardry-keyboard-94795
10/30/2023, 7:43 PMmagnificent-soccer-44287
10/30/2023, 7:44 PMdry-keyboard-94795
10/30/2023, 7:45 PMmagnificent-soccer-44287
10/30/2023, 7:45 PMvpc.getSubnetsIds('public')
and everything else comes back blankdry-keyboard-94795
10/30/2023, 7:47 PMmagnificent-soccer-44287
10/30/2023, 7:47 PMconst privateSubnets = [ // Do NOT touch CIDR block configuration.
createPrivateSubnet("private-subnet-1", vpc, "64", "a"),
createPrivateSubnet("private-subnet-2", vpc, "80", "b"),
createPrivateSubnet("private-subnet-3", vpc, "96", "c"),
createPrivateSubnet("private-subnet-4", vpc, "112", "d")
]
X____Xvpc.getSubnetsIds('public');
says it only gets pub subnets from when vpc was createddry-keyboard-94795
10/30/2023, 7:49 PMmagnificent-soccer-44287
10/30/2023, 7:50 PMdry-keyboard-94795
10/30/2023, 7:52 PMmagnificent-soccer-44287
10/30/2023, 7:55 PMnew awsx.ec2.DefaultVpc()
requires a name and my default vpc doesnt have one in any of my envsdry-keyboard-94795
10/30/2023, 7:56 PMmagnificent-soccer-44287
10/30/2023, 7:57 PMdry-keyboard-94795
10/30/2023, 7:57 PMmagnificent-soccer-44287
10/30/2023, 7:59 PMdry-keyboard-94795
10/30/2023, 8:00 PMname:...
Set in the Args object.
It'll generate the name for you, with a random suffix. Helps with resource recreationmagnificent-soccer-44287
10/30/2023, 8:01 PMdry-keyboard-94795
10/30/2023, 8:05 PMmagnificent-soccer-44287
10/30/2023, 9:17 PMpulumi:pulumi:Stack (domain-user-development):
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xe05f6e]
dry-keyboard-94795
10/30/2023, 9:19 PMmagnificent-soccer-44287
10/30/2023, 9:20 PMconst s3ReadRole = new aws.iam.Role("s3ReadRole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
},
Effect: "Allow",
Sid: ""
}]
})
});
const lambdaLogGroup = new aws.cloudwatch.LogGroup(pre('lambda-log'), {
retentionInDays: 60
})
const lambdaLoggingPolicyDocument = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
resources: ["arn:aws:logs:*:*:*"],
}],
});
const lambdaLoggingPolicy = new aws.iam.Policy(pre('lambda-log-policy'), {
path: "/",
description: "IAM policy for logging from a lambda",
policy: lambdaLoggingPolicyDocument.then(lambdaLoggingPolicyDocument => lambdaLoggingPolicyDocument.json),
});
const lambdaExecutionRole = new aws.iam.Role("lambdaExecutionRole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
},
Effect: "Allow",
Sid: ""
}]
})
});
const lambdaLogs = new aws.iam.RolePolicyAttachment(pre('lambda-log-attach'), {
role: lambdaExecutionRole.name,
policyArn: lambdaLoggingPolicy.arn,
});
const lambdaSecurityGroup = new aws.ec2.SecurityGroup(pre('lambda-sg'), {
vpcId: vpc.vpcId,
description: "Security group for domain-user proxy lambda",
egress: [
{
protocol: "-1", // Allow all outbound traffic
fromPort: 0,
toPort: 0,
cidrBlocks: ["0.0.0.0/0"],
}
],
});
const lambdaTargetGroup = new aws.lb.TargetGroup(pre('tg-lambda'), {
protocol: "HTTP",
targetType: "lambda",
port: 80,
vpcId: vpc.vpcId
});
const proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.privateSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id]
},
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => {
console.log('Starting Execution');
const path = event.path.substring(1); // Remove the leading '/'
try {
const s3Response = await s3.getObject({
Bucket: "${bucket.bucket}",
Key: path,
}).promise();
return {
statusCode: 200,
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" }, // Adjust based on your content
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`),
}),
role: s3ReadRole.arn,
}, {
dependsOn: [lambdaLogs, lambdaLogGroup, lambdaTargetGroup, lambdaLoggingPolicy, lambdaExecutionRole, lambdaLogs, lambdaSecurityGroup, s3ReadRole]
});
const lambdaElbPermission = new aws.lambda.Permission(pre('elb-permission'), {
action: "lambda:InvokeFunction",
function: proxyLambda.name,
principal: "<http://elasticloadbalancing.amazonaws.com|elasticloadbalancing.amazonaws.com>",
// If you're using an Application Load Balancer, you might also need to specify the source ARN:
sourceArn: lambdaTargetGroup.arn
});
const lambdaS3Permission = new aws.lambda.Permission(pre('s3-permission'), {
action: "lambda:InvokeFunction",
function: proxyLambda.name,
principal: "<http://s3.amazonaws.com|s3.amazonaws.com>",
// If you're using an Application Load Balancer, you might also need to specify the source ARN:
sourceArn: lambdaTargetGroup.arn
});
const lambdaTarget = new aws.lb.TargetGroupAttachment("lambdaTarget", {
targetGroupArn: lambdaTargetGroup.arn,
targetId: proxyLambda.arn,
}, { dependsOn: [lambdaTargetGroup, lambdaElbPermission, lambdaS3Permission]});
const listenerRule = new aws.lb.ListenerRule(pre('listener-s3'), {
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 75,
actions: [{
type: "forward",
targetGroupArn: lambdaTargetGroup.arn
}],
conditions: [{
pathPattern: {
values: ["/onboarding*"],
},
}]
});
dry-keyboard-94795
10/30/2023, 9:25 PMmagnificent-soccer-44287
10/30/2023, 9:25 PMdry-keyboard-94795
10/30/2023, 9:28 PMmagnificent-soccer-44287
10/30/2023, 9:28 PMdry-keyboard-94795
10/30/2023, 9:35 PMvpcId: vpc.vpcId,
added?magnificent-soccer-44287
10/30/2023, 9:36 PMaws:lambda:Function (domain-user-s3-lambda):
error: aws:lambda/function:Function resource 'domain-user-s3-lambda' has a problem: Value for unconfigurable attribute. Can't configure a value for "vpc_config.0.vpc_id": its value will be decided automatically based on the result of applying this configuration.. Examine values at 'domain-user-s3-lambda.vpcConfig.vpcId'.
dry-keyboard-94795
10/30/2023, 9:37 PMmagnificent-soccer-44287
10/30/2023, 9:37 PMconst lambdaSecurityGroup = new aws.ec2.SecurityGroup(pre('lambda-sg'), {
vpcId: vpc.vpcId,
description: "Security group for domain-user proxy lambda",
egress: [
{
protocol: "-1", // Allow all outbound traffic
fromPort: 0,
toPort: 0,
cidrBlocks: ["0.0.0.0/0"],
}
],
});
const lambdaTargetGroup = new aws.lb.TargetGroup(pre('tg-lambda'), {
protocol: "HTTP",
targetType: "lambda",
port: 80,
vpcId: vpc.vpcId
});
const proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
// vpcConfig: {
// subnetIds: vpc.privateSubnetIds,
// securityGroupIds: [lambdaSecurityGroup.id],
// },
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => {
console.log('Starting Execution');
const path = event.path.substring(1); // Remove the leading '/'
try {
const s3Response = await s3.getObject({
Bucket: "${bucket.bucket}",
Key: path,
}).promise();
return {
statusCode: 200,
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" }, // Adjust based on your content
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`),
}),
role: s3ReadRole.arn,
}, {dependsOn: [lambdaSecurityGroup, lambdaTargetGroup]});
dry-keyboard-94795
10/30/2023, 9:44 PMsubnetIds: vpc.privateSubnetIds.apply(ids => {
console.log(ids);
return ids;
})
magnificent-soccer-44287
10/30/2023, 9:45 PM+ subnetIds : [
+ [0]: "subnet-00ff847521ecd9d36"
+ [1]: "subnet-04b5574c704aadda3"
+ [2]: "subnet-08bab0e8ac3185463"
+ [3]: "subnet-0a00949490c736325"
]
dry-keyboard-94795
10/30/2023, 10:06 PMmagnificent-soccer-44287
10/30/2023, 10:06 PMdry-keyboard-94795
10/30/2023, 10:24 PMmagnificent-soccer-44287
10/30/2023, 10:24 PMconst networkInterfacePolicyDocument = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
],
resources: ["*"],
}],
});
dry-keyboard-94795
10/30/2023, 10:26 PMmagnificent-soccer-44287
10/30/2023, 10:26 PMdry-keyboard-94795
10/30/2023, 10:27 PMmagnificent-soccer-44287
10/30/2023, 10:30 PMdry-keyboard-94795
10/30/2023, 10:32 PMimport * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = new awsx.ec2.DefaultVpc("vpc");
const lambdaSecurityGroup = new aws.ec2.SecurityGroup('func', {
vpcId: vpc.vpcId,
description: "Security group for domain-user proxy lambda",
egress: [
{
protocol: "-1", // Allow all outbound traffic
fromPort: 0,
toPort: 0,
cidrBlocks: ["0.0.0.0/0"],
}
],
});
const role = new aws.iam.Role('func', {
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>" }),
managedPolicyArns: [
aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole,
// NOTE: With this commented out, creation of the lambda function hangs indefinitely
// aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole,
]
});
new aws.lambda.Function('func', {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.publicSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id],
},
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
exports.handler = async (event) => {
console.log('Starting Execution');
return {
statusCode: 200,
body: "Hello, world!",
headers: { "Content-Type": "text/plain" },
};
};
`),
}),
role: role.arn,
});
magnificent-soccer-44287
10/30/2023, 10:35 PMdry-keyboard-94795
10/30/2023, 10:36 PMmagnificent-soccer-44287
10/30/2023, 10:36 PMconst listenerRule = new aws.lb.ListenerRule(pre('listener-s3'), {
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 75,
actions: [{
type: "forward",
targetGroupArn: lambdaTargetGroup.arn
}],
conditions: [{
pathPattern: {
values: ["/onboarding*"],
},
}]
});
const lambdaTargetGroup = new aws.lb.TargetGroup(pre('tg-lambda'), {
protocol: "HTTP",
targetType: "lambda",
port: 80,
vpcId: vpc.vpcId
});
const lambdaElbPermission = new aws.lambda.Permission(pre('elb-permission'), {
action: "lambda:InvokeFunction",
function: proxyLambda.name,
principal: "<http://elasticloadbalancing.amazonaws.com|elasticloadbalancing.amazonaws.com>",
// If you're using an Application Load Balancer, you might also need to specify the source ARN:
sourceArn: lambdaTargetGroup.arn
});
dry-keyboard-94795
10/30/2023, 10:37 PMs3read
to the lambda.
You need to end up with one role that has multiple policies insteadmagnificent-soccer-44287
10/30/2023, 10:37 PMdry-keyboard-94795
10/30/2023, 10:37 PMmagnificent-soccer-44287
10/30/2023, 10:41 PMconst listenerRule = new aws.lb.ListenerRule(pre('listener-s3'), {
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 75,
actions: [{
type: "forward",
targetGroupArn: lambdaTargetGroup.arn
}],
conditions: [{
pathPattern: {
values: ["/onboarding*"],
},
}]
});
const envCheckRule = new aws.lb.ListenerRule(pre('envCheckListener'), {
conditions: [{
pathPattern: {
values: ["/domain-user-check*"],
},
}],
actions: [{
type: "fixed-response",
fixedResponse: {
contentType: "text/plain",
statusCode: "200",
messageBody: pulumi.interpolate`User Domain Check OK - ENV ${getStack()}`,
},
}],
listenerArn: coreInfraStackRef.getOutput('port80ListenerArn'),
priority: 49, // We'll have the onboarding listener be a higher priority.
});
domain-user-check passesdry-keyboard-94795
10/30/2023, 10:43 PMmagnificent-soccer-44287
10/30/2023, 10:43 PMdry-keyboard-94795
10/30/2023, 11:20 PMmagnificent-soccer-44287
10/30/2023, 11:21 PMdry-keyboard-94795
10/30/2023, 11:21 PMmagnificent-soccer-44287
10/30/2023, 11:22 PMdry-keyboard-94795
10/30/2023, 11:23 PMmagnificent-soccer-44287
10/30/2023, 11:23 PMconst bucketString = bucket.bucket.apply(t => t);
const proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.privateSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id],
},
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => { // 3
console.log('Starting Execution');
const path = event.path.substring(1);
try {
const s3Response = await s3.getObject({
Bucket: '${pulumi.interpolate`${bucketString}`}',
Key: path,
}).promise();
return {
statusCode: 200,
statusDescription: "200 OK",
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" },
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`),
}),
role: lambdaExecutionRole.arn,
}, {dependsOn: [lambdaExecutionRole, lambdaSecurityGroup, lambdaTargetGroup]});
gives me an invalid TS file because the bucket.bucket isnt parseddry-keyboard-94795
10/30/2023, 11:24 PMpulumi.interpolate
. Attributes on resources are wrapped as pulumi Outputsmagnificent-soccer-44287
10/30/2023, 11:24 PMdry-keyboard-94795
10/30/2023, 11:25 PMmagnificent-soccer-44287
10/30/2023, 11:25 PMBucket: '${pulumi.interpolate`${bucket.bucket}`}',
?const transformedOutput = bucket.bucket.apply(val => val);
const templateOut = pulumi.interpolate`${transformedOutput}`;
let bucketOut = ''
templateOut.apply(s => { bucketOut = s; });
Bucket: '${bucketOut}',
still gets me a callback outputdry-keyboard-94795
10/30/2023, 11:49 PMbucket.bucket.apply
magnificent-soccer-44287
10/30/2023, 11:50 PMconst string = bucket.bucket.apply(s => { return s })
not seeing a StringAsset typeTo get the value of an Output<T> as an Output<string> consider either:
1: o.apply(v => `prefix${v}suffix`)
2: pulumi.interpolate `prefix${v}suffix`
See <https://www.pulumi.com/docs/concepts/inputs-outputs> for more details.
This function may throw in a future version of @pulumi/pulumi.',
and neither of those seem to work unless im doing something very wrongdry-keyboard-94795
10/30/2023, 11:52 PMpulumi.asset.StringAsset
bucket.bucket.apply
magnificent-soccer-44287
10/30/2023, 11:54 PMconst proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.privateSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id],
},
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => { // 16
console.log('Starting Execution');
const path = event.path.substring(1);
try {
const s3Response = await s3.getObject({
Bucket: '${string}',
Key: path,
}).promise();
return {
statusCode: 200,
statusDescription: "200 OK",
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" },
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`),
}),
role: lambdaExecutionRole.arn,
}, {dependsOn: [lambdaExecutionRole, lambdaSecurityGroup, lambdaTargetGroup]});
and assign it outward with a "let"dry-keyboard-94795
10/30/2023, 11:56 PMmagnificent-soccer-44287
10/30/2023, 11:56 PMlet proxyLambda!: aws.lambda.Function;
bucket.bucket.apply(s => {
proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.privateSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id],
},
code: new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => { // 16
console.log('Starting Execution');
const path = event.path.substring(1);
try {
const s3Response = await s3.getObject({
Bucket: '${s}',
Key: path,
}).promise();
return {
statusCode: 200,
statusDescription: "200 OK",
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" },
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`),
}),
role: lambdaExecutionRole.arn,
}, {dependsOn: [lambdaExecutionRole, lambdaSecurityGroup, lambdaTargetGroup]});
})
just makes the whole object never get evaluateddry-keyboard-94795
10/30/2023, 11:58 PMmagnificent-soccer-44287
10/30/2023, 11:58 PMdry-keyboard-94795
10/30/2023, 11:58 PMcode
parametermagnificent-soccer-44287
10/31/2023, 12:02 AMconst proxyLambda = new aws.lambda.Function(pre('s3-lambda'), {
runtime: aws.lambda.Runtime.NodeJS18dX,
handler: "index.handler",
vpcConfig: {
subnetIds: vpc.privateSubnetIds,
securityGroupIds: [lambdaSecurityGroup.id],
},
code: bucket.bucket.apply(s => { return new pulumi.asset.AssetArchive({
"index.js": new pulumi.asset.StringAsset(`
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
exports.handler = async (event) => { // 18
console.log('Starting Execution');
const path = event.path.substring(1);
try {
const s3Response = await s3.getObject({
Bucket: '${s}',
Key: path,
}).promise();
return {
statusCode: 200,
statusDescription: "200 OK",
body: s3Response.Body.toString(),
headers: { "Content-Type": "text/plain" },
};
} catch (error) {
return {
statusCode: 500,
body: "Internal Server Error",
};
}
};
`)})}),
role: lambdaExecutionRole.arn,
}, {dependsOn: [lambdaExecutionRole, lambdaSecurityGroup, lambdaTargetGroup]});