https://pulumi.com logo
#general
Title
# general
b

billions-lock-73409

03/25/2019, 8:43 PM
I’ve written a lambda to start an ECS fargate task and I’m using the
aws.lambda.CallbackFunction
class, and am referencing some parameters needed for launching fargate tasks. However the serialization seems to be properly including the values but they aren’t accessible as written in the
ecs.runTask
call. Example function in thread.
Copy code
const startScanContainer = new aws.lambda.CallbackFunction(`secrets-start-scan-container-${env}`, {
    role: lambdaRole,

    callback: async (event, context, callback) => {
        const AWS = require('aws-sdk');
        const Octokit = require('@octokit/rest');

        var ecs = new AWS.ECS();

        var params = {
            taskDefinition: scannerTask.taskDefinition.family,
            cluster: cluster.cluster.arn,
            launchType: 'FARGATE',
            networkConfiguration: {
                awsvpcConfiguration: {
                    subnets: [secretsVpc.privateSubnetIds],
                    assignPublicIp: 'DISABLED',
                    securityGroups: [secretsScannerSg.id],
                },
            },
        };

        await ecs.runTask(params).promise();

        console.log('Scanner task has been started.');

        callback(null, 'Hello');
    },
});
The cluster, and scanner task are all defined in the file further up. I downloaded the compiled lambda from AWS after pulumi uploaded it, which confirmed the lambda did have the values
Do I need to add
.get()
calls to the family and arn’s? Doesn’t seem that that would fix the issue with the
privateSubnetIds
field
Just dumped out the params variable at run-time, looks like the serialization did get the values in, but added them like this:
Copy code
{
  "taskDefinition": {
    "value": "secrets-scanner-dev-aece9bcd"
  },
  "cluster": {
    "value": "arn:aws:ecs:us-east-1:*****:cluster/secrets-scanner-dev"
  },
  "launchType": "FARGATE",
  "networkConfiguration": {
    "awsvpcConfiguration": {
      "subnets": [
        {
          "value": "subnet-010f54d482e6bbe5f"
        },
        {
          "value": "subnet-0b2de25c26fdb6329"
        }
      ],
      "assignPublicIp": "DISABLED",
      "securityGroups": [
        {
          "value": "sg-0a99aa39a8f32459f"
        }
      ]
    }
  }
}
So for subnets I’m going to have to map over it