No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

```
const startScanContainer = new aws.lambda.CallbackFunction(`secrets-start-scan-container-${env}`, {
    role: lambdaRole,

    callback: async (event, context, callback) =&gt; {
        const AWS = require('aws-sdk');
        const Octokit = require('@octokit/rest');

        var ecs = new AWS.ECS();

        var params = {
            taskDefinition: scannerTask.taskDefinition.family,
            cluster: cluster.cluster.arn,
            launchType: 'FARGATE',
            networkConfiguration: {
                awsvpcConfiguration: {
                    subnets: [secretsVpc.privateSubnetIds],
                    assignPublicIp: 'DISABLED',
                    securityGroups: [secretsScannerSg.id],
                },
            },
        };

        await ecs.runTask(params).promise();

        console.log('Scanner task has been started.');

        callback(null, 'Hello');
    },
});
```

The cluster, and scanner task are all defined in the file further up.  I downloaded the compiled lambda from AWS after pulumi uploaded it, which confirmed the lambda did have the values

Do I need to add `.get()` calls to the family and arn’s?  Doesn’t seem that that would fix the issue with the `privateSubnetIds` field

Just dumped out the params variable at run-time, looks like the serialization did get the values in, but added them like this:

```
{
    "taskDefinition": {
        "value": "secrets-scanner-dev-aece9bcd"
    },
    "cluster": {
        "value": "arn:aws:ecs:us-east-1:*****:cluster/secrets-scanner-dev"
    },
    "launchType": "FARGATE",
    "networkConfiguration": {
        "awsvpcConfiguration": {
            "subnets": [
                {
                    "value": "subnet-010f54d482e6bbe5f"
                },
                {
                    "value": "subnet-0b2de25c26fdb6329"
                }
            ],
            "assignPublicIp": "DISABLED",
            "securityGroups": [
                {
                    "value": "sg-0a99aa39a8f32459f"
                }
            ]
        }
    }
}
```

So for subnets I’m going to have to map over it