Hey you lovely people! In Typescript, trying to us...
# aws
Hey you lovely people! In Typescript, trying to use
to create a role on an Aurora postgresql database after its creation, much like shown in this blog post for mysql and an RDS instance (second example). Unfortunately, I have no luck and run into a timeout error:
Copy code
postgresql:index:Role (<role name>):
    error: could not start transaction: dial tcp xx.x.x.xxx:5432: connect: operation timed out
Found an issue on Github that seemed related, but wasn't able to derive a solution for my case from it. This is the part of the program that is supposed to create the role:
Copy code
this.postgresProvider = new postgresql.Provider('aurora-postgresql', {
    expectedVersion: this.cluster.engineVersion,
    host: this.cluster.endpoint,
    password: this.password.result,
    port: this.cluster.port,
    username: this.cluster.masterUsername
}, {
    parent: this.cluster

this.postgresUser = new postgresql.Role(<role name>, {
    createDatabase: true,
    createRole: true,
    login: true,
    name: <role name>,
    roles: ['rds_iam']
}, {
    parent: this.postgresProvider,
    provider: this.postgresProvider
The instances on the cluster are set to not be publicly accessible, in case that has anything to do with it. Any help and pointers would be greatly appreciated! Cheers ✌️
You likely got it with your last note - the node you’re running Pulumi on will need to be able to access the Postgres API, so if the Aurora RDS rejects that access, Pulumi won’t be able to connect.
🙌 1
Aaah, I suspected that might be the culprit, dang. And there's probably not an easy way around it I suppose? 😄
But generally you would run Pulumi for a node that has network access to it.
Technically it does through an SSH tunnel—changed the
parameter of the
and now it works. The problem is that when the entire stack is provisioned at once (and setting up the bastion host through which the connection goes is part of it), establishing the SSH tunnel would have to be part of the program. Still, this is progress, so thank you a lot! 😄
Yep, you’d want to set up the bastion host to be able to do that 🙂
@thousands-area-40147 or your CI/CD runner to have that access
Github or gitlab runner can run on ECS. Technically pulumi program can run in lambda but I'd not risk that for timeouts. So if not ECS then AWS Code Deploy/Pipeline (but I hate AWS Code* services so that's pass for me)
We're only starting to adopt IaC, so I'll make sure to relay your input to the team! Thanks! 😄
hmm it depends on your experience but it wouldn't be a bad idea to hire a consultant for few hours just to give you some evaluation and tips how to move forward
Got someone already, I just want to be able to ask informed questions 😁