https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
c
What do you mean by "staged"?
n
I need to be able to have two states in the deployment: one with the web instance having an egress to the internet to install packages, and a final state where it has no egress.
c
Think best course of action would be to analyze a variable, if this is set then add the NAT Gateway and route to the routing tables. I would do it within the CICD pipeline on the release. So you would set an environment variable say 
enableInternetTraffic=0
then within the pulumi program 
import os
then retrieve the variable 
enableInternetTraffic
then just do 
if enableInternetTraffic=1
then create the NAT Gateway and routes in respective routing table. That way could trigger off a schedule of at 9PM we want to patch so we set the environment variable to 1 then create resources, then allow patching, then determinate by Maintenance Window run the same pipeline but the pipeline sets the environment variable 0 which removes those resources.
n
I haven't messed with the CICD aspect yet--so you can't do this trick just within the index.ts?
Like if there were a way to do it within that script, it seems like the idempotent method would be to do a check to see if https is answering on the host, then, if it does, we just don't add the SG egress rule. If https is not answering, then add the SG egress rule and run the userdata to install httpd. Then remove the SG egress rule.
(This one doesn't require a NAT as it's in the public subnet anyway)
c
Could do it based off pulumi config, then evaluate if it should get a public ip or not
would require you to update the config setting for every deployment
Open in Slack
PreviousNext
Powered by