https://pulumi.com logo
Join Slack
Powered by
Hello, for <https://github.com/pulumi/pulumi-awsx/...
# general
f
Hello, for https://github.com/pulumi/pulumi-awsx/issues/187 is there any more information that I can provide? (Maybe any relevant info about my AWS account? I’d be happy to PM that info over if it is helpful).
l
hey there!
sorry that you're having trouble
can i ask if your repo is totally up to date and accurate with what you were doing locally?
i technically didn't try out your scenario exactly (since i have a local development system)
but i'm willing to try out your exact stack , but i wanted to see first if you'd made any changes
f
The real config that I want to use involves deploying some k8s yaml to the cluster, but I was able to see the same issue with the simple https://github.com/ggilmore/pulumi-eip-repro The info in the issue that I reported and all the follow ups directly come from https://github.com/ggilmore/pulumi-eip-repro
l
ok. i'm helping someone else out with another reported issue.
i'll hopefully be able to get to this asap!
f
πŸ‘ I’m doing some other work right now, but just ping me when you’re free / need more info
l
somewhat unrelated, though it will simplify things
you don't need to do: 
await aws.ec2.getSubnetIds({ vpcId });
the VPC you create already exposes: 
publicSubnetIds, privateSubnetIds, publicSubnets, privateSubnets
f
Ah, so I can do something like 
Promise.all(vpc.publicSubnetIds, vpc.privateSubnetIds)
?
l
they're Outputs, so no πŸ™‚
first question. what are you trying to do with the subnets
(or subnet ids)
do you just want htem all?
f
Just pass them to the eks cluster
l
all of them? public and private?
f
Yes:
Copy code
/**
     * The subnets to attach to the EKS cluster. If either vpcId or subnetIds is unset, the cluster will use the
     * default VPC's subnets. If the list of subnets includes both public and private subnets, the Kubernetes API
     * server and the worker nodes will only be attached to the private subnets. See
     * <https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html> for more details.
     */
    subnetIds?: pulumi.Input<pulumi.Input<string>[]>;
If the list of subnets includes both public and private subnets, the Kubernetes API server and the worker nodes will only be attached to the private subnets.
l
if so, then you would do this: 
pulumi.all([vpc.publicSubnetIds, vpc.privateSubnetIds]).apply(([ids1, ids2]) => [...ids1, ...ids2])
f
So I want to make sure that I pass both kinds
l
i can explain that more if you want.
f
Oh, I think I get it
Just promise.all was the wrong operator to use in this case b/c of the types involved
l
it's similar to Promise.all πŸ™‚
yup.
f
I’ll go ahead and make that change
l
Outputs are how we track dependencies
so this combines all the data and keeps track of al lthe dependencies of both (whihc happen to be the same in this case)
f
πŸ‘ I pushed a new commit that cleans up the logic with your suggestion, but the error still remains (as expected)
l
Hi Geoffrey, you there?
f
Yep!
l
so, frustrating news. i don't repro this at all
Copy code
Type                                    Name                          Status
 +   pulumi:pulumi:Stack                     containers-fargate-cyfartest  created
 +   β”œβ”€ awsx:x:ec2:NatGateway                eksNetwork-1                  created
 +   β”‚  β”œβ”€ aws:ec2:Eip                       eksNetwork-1                  created
 +   β”‚  └─ aws:ec2:NatGateway                eksNetwork-1                  created
 +   β”œβ”€ awsx:x:ec2:NatGateway                eksNetwork-0                  created
 +   β”‚  β”œβ”€ aws:ec2:Eip                       eksNetwork-0                  created
 +   β”‚  └─ aws:ec2:NatGateway                eksNetwork-0                  created
 +   β”œβ”€ awsx:x:ec2:Vpc                       eksNetwork                    created
 +   β”‚  β”œβ”€ awsx:x:ec2:Subnet                 eksNetwork-public-1           created
 +   β”‚  β”‚  β”œβ”€ aws:ec2:RouteTable             eksNetwork-public-1           created
 +   β”‚  β”‚  β”œβ”€ aws:ec2:Subnet                 eksNetwork-public-1           created
 +   β”‚  β”‚  └─ aws:ec2:RouteTableAssociation  eksNetwork-public-1           created
 +   β”‚  β”œβ”€ awsx:x:ec2:Subnet                 eksNetwork-private-0          created
 +   β”‚  β”‚  β”œβ”€ aws:ec2:RouteTable             eksNetwork-private-0          created
 +   β”‚  β”‚  β”œβ”€ aws:ec2:Subnet                 eksNetwork-private-0          created
 +   β”‚  β”‚  └─ aws:ec2:RouteTableAssociation  eksNetwork-private-0          created
 +   β”‚  β”œβ”€ awsx:x:ec2:Subnet                 eksNetwork-public-0           created
 +   β”‚  β”‚  β”œβ”€ aws:ec2:RouteTable             eksNetwork-public-0           created
 +   β”‚  β”‚  β”œβ”€ aws:ec2:Subnet                 eksNetwork-public-0           created
 +   β”‚  β”‚  └─ aws:ec2:RouteTableAssociation  eksNetwork-public-0           created
 +   β”‚  β”œβ”€ awsx:x:ec2:InternetGateway        eksNetwork                    created
 +   β”‚  β”‚  └─ aws:ec2:InternetGateway        eksNetwork                    created
 +   β”‚  └─ awsx:x:ec2:Subnet                 eksNetwork-private-1          created
 +   β”‚     β”œβ”€ aws:ec2:Subnet                 eksNetwork-private-1          created
 +   β”‚     β”œβ”€ aws:ec2:RouteTable             eksNetwork-private-1          created
 +   β”‚     └─ aws:ec2:RouteTableAssociation  eksNetwork-private-1          created
 +   β”œβ”€ aws:ec2:Vpc                          eksNetwork                    created
 +   β”œβ”€ aws:ec2:Route                        eksNetwork-public-0-ig        created
 +   β”œβ”€ aws:ec2:Route                        eksNetwork-public-1-ig        created
 +   β”œβ”€ aws:ec2:Route                        eksNetwork-private-0-nat-0    created
 +   └─ aws:ec2:Route                        eksNetwork-private-1-nat-1    created

Resources:
    + 31 created

Duration: 2m14s

Permalink: <https://app.pulumi.com/CyrusNajmabadi/containers-fargate/cyfartest/updates/7>
cyrusn@DESKTOP-3IRRNND ~/go/src/github.com/pulumi/pulumi-awsx/nodejs/awsx/examples/fargate[(v0.17.1) ?
even when using the exact versions of packages you're using
i also can't see any reasonable reason it would happen
so i wanted to try a few things with you
first, the moral of equivalent of "turning it off and on again"
so, destroyingt he stack, and starting a new one (if this is just a testing stack)
f
This is just a test stack
l
if that doesn't work, diving deeper into ths.
ok. so a 
pulumi destroy
, followed by a 
pulumi stack rm
would do it
then, when you go and actually redo things, i'd loe to know what steps you're taking. in case tehre's something odd happening that might interfere
f
Do you actually want to do a slack call? I could just share my screen with you.
l
only diference between your stack and mine is that i'm i'm in us-east-2 (since our us-west-2 has no more VPC space)
For now, let's just see if it reproes a second time with a fresh stack.
then i can see about logs and whatnot
f
alright, trying now
l
fortunately, on my end create/delete of this is only around 1-2 minutes
so not too bad
f
Okay, so I 
pulumi destroy
and 
pulumi stack rm
and was able to repro it
I made a recording of what I see when I run pulumi up
I did get this strange 
gRPC binary module
error (you can see this in the recording). Running 
yarn
fixed the issue. I’ve seen this off an on the entire time that I’ve been trying Pulumi - afaict there is no consistent reason for why it keeps occurring
l
yup, the grpc issue is fine.
it has to do with changing node versions
and node_modules needing to be rebuilt
f
I’ll take your word for it πŸ˜… Typescript / node isn’t my strongest language
l
It is not a problem of missing quotation marks, but missing --region option when the instance is running in a region other than the default one (one hour waster for a useless error message .. )
hrmmmm
how did you set your region?
f
l
would you be willing to delete that, and to try using us-east-2 for a moment
f
Sure, trying now
Hmm, I get a different error now: https://asciinema.org/a/EuEpEo0CxDkTeEJtSyYThxqrr
Copy code
Diagnostics:
  aws:ec2:RouteTable (eksNetwork-private-1):
    error: Plan apply failed: Error creating route table: InvalidVpcID.NotFound: The vpc ID 'vpc-074ae14ff6f818703' does not exist
    	status code: 400, request id: 1806cadc-e093-485b-82ab-e0870158451c

  aws:ec2:Subnet (eksNetwork-public-0):
    error: Plan apply failed: Error creating subnet: InvalidVpcID.NotFound: The vpc ID 'vpc-074ae14ff6f818703' does not exist
    	status code: 400, request id: 71004bec-bfcb-414b-b51c-a294872066f6

  aws:ec2:RouteTable (eksNetwork-public-0):
    error: Plan apply failed: Error creating route table: InvalidVpcID.NotFound: The vpc ID 'vpc-074ae14ff6f818703' does not exist
    	status code: 400, request id: 13871371-fa69-4b35-a400-caedd2673827

  aws:ec2:InternetGateway (eksNetwork):
    error: Plan apply failed: 1 error occurred:

    * creating urn:pulumi:dev::eks-cluster::awsx:x:ec2:Vpc$awsx:x:ec2:InternetGateway$aws:ec2/internetGateway:InternetGateway::eksNetwork: error attaching EC2 Internet Gateway (igw-092ec2d27430da2eb): InvalidVpcID.NotFound: The vpc ID 'vpc-074ae14ff6f818703' does not exist
    	status code: 400, request id: 68f9c6b7-2308-488a-b7cb-031b3dc66d45

  aws:ec2:RouteTable (eksNetwork-public-1):
    error: Plan apply failed: Error creating route table: InvalidVpcID.NotFound: The vpc ID 'vpc-074ae14ff6f818703' does not exist
    	status code: 400, request id: 4073579f-3de7-41c1-90bc-e9be2633a0dc

  aws:ec2:Subnet (eksNetwork-public-1):
    error: Plan apply failed: Error creating subnet: InvalidVpcID.NotFound: The vpc ID 'vpc-074ae14ff6f818703' does not exist
    	status code: 400, request id: 8daaead9-ffae-42ed-bd9f-4a58303cb640

  aws:ec2:RouteTable (eksNetwork-private-0):
    error: Plan apply failed: Error creating route table: InvalidVpcID.NotFound: The vpc ID 'vpc-074ae14ff6f818703' does not exist
    	status code: 400, request id: 23639c85-25ba-4a2b-8dcf-a93723bf119c

  aws:ec2:Subnet (eksNetwork-private-0):
    error: Plan apply failed: Error creating subnet: InvalidVpcID.NotFound: The vpc ID 'vpc-074ae14ff6f818703' does not exist
    	status code: 400, request id: 7a3b1b8d-4430-4e56-b63a-ab8f4cf5202c

  aws:ec2:Subnet (eksNetwork-private-1):
    error: Plan apply failed: Error creating subnet: InvalidVpcID.NotFound: The vpc ID 'vpc-074ae14ff6f818703' does not exist
    	status code: 400, request id: 683d91a2-4500-46d3-b8a0-196d2e2cfc97
Maybe I should have ran 
pulumi destroy
before changing the config?
l
that would def help
this is definitely extremely strange though. clearly AWS made the VPC
and gave it an ID. but then was unable to return requests about it
f
Should I file a separate issue about that?
l
not yet
the best thing right now would be to delete stack
start again, set region once, then update
f
Switching the region worked!
I am not super familiar with AWS, so I might be missing some context for what the poster is saying
l
it's not actually clear to me either.
but it's at least telling me that sometimes you might get this error because of something totally unrelated
i.e. something related to regions might give a bizarre errror about tags.
now, why you're seeing any sort of region issue is beyond me
quick question: does your .aws/credentials list anything region specific?
f
Nope, just the access key id and secret key
l
ok...
f
Is there some setting that I can find through the aws web ui console?
l
bleagh
alright, i'd like to just start fresh, tryin us-east-2
do you have AWS_DEFAULT_REGION set in your local environment?
f
Okay, so 
pulumi destroy
and just 
pulumi up again
?
And no
If you signed up for an AWS account on or after May 17, 2017, the default region when you access a resource from the AWS Management Console is US East (Ohio) (us-east-2); for older accounts, the default region is either US West (Oregon) (us-west-2) or US East (N. Virginia) (us-east-1). For more information, see Regions and Endpoints.
I’m pretty sure the aws account that I am using is before May 17, 2017 so 
us-west-2
is our default
l
pulumi destroy
pulumi stack rm
what i'm wondering is: did aws somehow pull a region out of thin air somewhere that is somewhat conflicting with this choice of us-east-2
and then that's causing an issue somehow
after 
pulumi stack rm
f
Wait, I only switched to 
us-east-2
in this commit https://github.com/ggilmore/pulumi-eip-repro/commit/a471be14c49f882d3a7ee6fbd54e47e4c6c397b2 (per your suggestion)
l
do a 
pulumi config set ...
let me rephrase: i don't know what's going on here. the only thing that is a bit of a clue is that link i had above which indicated something might be region based.
i'm trying to throw a few different configs around, to see if they might help give us more information to help narrow down what the actual problem is
f
πŸ‘ I just wanted to be sure that we were on the same page
l
it's a very rough and scattershot way of trying to just isolate or eliminate issues
f
Alright, I ran 
pulumi destroy
and 
pulumi stack rm --preserve-config
l
can we not preserve teh config πŸ™‚
we don't really need config for this example
the only thing tha thas to be set should be the region
so i'm just trying to isolate the single diff between you and me (namely that I picked us-east-2)
f
Okay, I removed the 
Pulumi.dev.yaml
file as well
So what region are we picking?
l
us-east-2
and you def should get prompted for that by pulumi
if not, that's also something weird
f
Pulumi.dev.yaml
Copy code
config:
  aws:region: us-east-2
Anything else before I run 
pulumi up
?
l
no
i also freed up resources in our own us-west-2
so i'm going to try it over there.
f
l
ok
so the only difference is region
i'm going to attempt to repro in us-west-2
πŸ‘ 1
if i can, terrific, i can stop bugging you
f
Thanks for all your help so far!
l
seriously bizarre BTW!
f
AWS in general makes little sense to me TBH…That’s why I’d prefer to use Pulumi if at all possible
l
i have not seen this, and cannot explain this at all
f
Ah, it worked for you in us-west-2?
l
yes. also worked in us-west-2
so... to figure this out for you. let's tear down entirely one more time and do things again
this time, we'll do the update, but collecting logs
for the pulumi up, you'll need to do:
pulumi up --debug --logtostderr --verbose 7
i recommend redirecting to a file.
so tear it all down, don't keep config, set back to us-west-2
then update, but with the above command
f
πŸ‘ Will do
l
and if we get nothin useful there... then 😒
f
Should I post stdout as a snippet?
l
or a gist if possible
f
and the screen recording if helpful https://asciinema.org/a/SYef8JMiFR3fgDnf8RDJ7DrGe
l
yup yup
so, yeah. logs look good. going to do this locally to compare logs
f
❗ if it matters, the following setting was in 
~/.aws/config
(not 
~/.aws/credentials
):
Copy code
[default]
region = us-west-2
My bad for not thinking of this. I believe all this got set when I was running through https://pulumi.io/quickstart/aws/setup.html#shared-credentials-file
l
ackkk πŸ™‚
maybe?
let's try blowing that away and trying again!
f
πŸ‘
no dice 😞 Here is the screen recording: https://asciinema.org/a/QdC346iqLnrURjrqYoSk8n6qP
You can see that I run 
aws configure list
and have no default region set
l
right
f
logs
l
you need to set the region πŸ™‚
it says how
f
Ah, where?
No, I fixed that
l
run again, without the logging goop πŸ™‚
oh you did
sorry
still watching
we are investigating
what is so strange is that locally it's workign fine for me, with all the data i expect being passed along
specifically, when the tags are being set, the right ID is being used to specify the EIP
however, in your case, it's pickign the 'PublicID' of the EIP
and i'm wondering if this is somehow some sort of library mismatch
which is causing some sort of marshalling issue across these types
f
Hmm, why wouldn’t the library mismatch show up on your machine too though?
Since you should be using the same lock file
l
i am not using the same lock file πŸ™‚
(my bad)
we've also found some interesting stuff in TF that might help explain this
this would explain why you're seeing a PublicIp where an AllocationId is expected
f
I see. I am not familiar with terraform’s codebase, but that behavior looks intentional
l
yes
we're researching what's going on here
f
Thank the team for me for helping me out with this πŸ™‚
l
ok.... possible fix for you to try out
let me know when ready
f
Ready. Should I tear everything down beforehand?
l
sure
f
Ready.
l
at the same tme, can you go edit this file:
node_modules/@pulumi/awsx/ec2/natGateway.js
look for lines that look like this:
Copy code
this.elasticIP = new aws.ec2.Eip(name, {
                tags: { Name: name },
            }, parentOpts);
and chnage to
Copy code
this.elasticIP = new aws.ec2.Eip(name, {
                vpc: true,
                tags: { Name: name },
            }, parentOpts);
f
this is the only reference that I see
is this the only usage that I need to change?
l
hrmmm
that doesn't look right
the entire file should baiscally look like this:
Copy code
"use strict";
// Copyright 2016-2018, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     <http://www.apache.org/licenses/LICENSE-2.0>
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
Object.defineProperty(exports, "__esModule", { value: true });
const aws = require("@pulumi/aws");
const pulumi = require("@pulumi/pulumi");
const x = require("..");
class NatGateway extends pulumi.ComponentResource {
    constructor(name, vpc, args, opts) {
        super("awsx:x:ec2:NatGateway", name, {}, opts || { parent: vpc });
        const parentOpts = { parent: this };
        this.vpc = vpc;
        if (isExistingNatGatewayArgs(args)) {
            this.natGateway = args.natGateway;
        }
        else {
            // from <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html>
            //
            // you must also specify an Elastic IP address to associate with the NAT gateway
            // when you create it. After you've created a NAT gateway, you must update the route
            // table associated with one or more of your private subnets to point Internet-bound
            // traffic to the NAT gateway. This enables instances in your private subnets to
            // communicate with the internet.
            this.elasticIP = new aws.ec2.Eip(name, {
                tags: { Name: name },
            }, parentOpts);
            const subnetId = x.ec2.Subnet.isSubnetInstance(args.subnet)
                ? args.subnet.id
                : args.subnet;
            this.natGateway = new aws.ec2.NatGateway(name, Object.assign({}, args, { subnetId, allocationId: this.elasticIP.id }), parentOpts);
        }
        this.registerOutputs();
    }
    route(name, opts) {
and we just want to change the bit starting with
Copy code
this.elasticIP = new aws.ec2.Eip(name, {
oh, i got confused by your link
because it's showing two different sections
first, make sure you're editing the .js file
f
that?
l
yes
but the js file
not the ts file
f
πŸ‘
Yeah, but the js files aren’t committed so this was the only thing that I could link to
l
also, add a 
console.log("yup!  hitting the new code")
f
and that actually fixed it for me!
l
just so we can make sure we're hittin that πŸ™‚
run without logging
f
got it
l
or redirect stderr to another file.
f
is this where you want me to add the print statement?
right above the 
this.elasticip
assignment?
l
sure
it's just to be paranoid
f
(The pause in the middle of the recording is me re-adding the 
vpc: true
and log statement since I had to run 
yarn
again)
l
so it worked πŸ™‚
yes?
once you can confirm, i can push these changes through our repo
f
Yes, it worked!
l
wow, how bizarre
so we have no idea why you would see that
but, at least we have an easy fix on our end
f
I’m glad I could help out. It is still worth filling this issue separately: https://pulumi-community.slack.com/archives/C84L4E3N1/p1553542701886200?thread_ts=1553533136.852500&amp;cid=C84L4E3N1 ?
l
whih issue?
f
β€œvpcID doesn’t exist”
l
i'll file. t hanks!
f
πŸ‘
Do you know when this will make it in to a new release?
l
i will try to get it in tonight
so hopefully by tomorrow
f
πŸ‘ Thank you so much for all your help!
l
btw, do yoy know how old your AWS account is?
f
Our account looks like it was created in 2013?
l
ah
so, our vague understanding is that for some old accounts, in some old regions the defaults on this stuff was different
f
So I think our account has 
us-west-2
as the default - I’m not sure why that’d cause this behavior though
l
right. we don't know the specifics
but it's possible in uswest-2 in your account, you have some sort of bit flipped on their end that makes the defaults slightly different
once it goes through, i'll tag a new release
f
πŸ‘ Thanks again
l
thanks for your patience
that was a first in terms of bugs
f
πŸ˜… well, I’ll keep sending some more feedback your way. Hopefully they won’t be as involved as this
l
agreed! πŸ™‚
ok, tagging new release
f
I pulled in 
0.17.3
for awsx and it seems like it’s working now. Thanks again πŸ‘
l
sweet!
3 Views
Open in Slack
PreviousNext
Powered by