This message was deleted.
# generals
sparse-intern-71089
03/05/2022, 11:56 AMThis message was deleted.
e
echoing-dinner-19531
03/05/2022, 12:07 PM@pulumi/dockera
adorable-gpu-98268
03/05/2022, 12:17 PMOkay, thanks
adorable-gpu-98268
03/05/2022, 12:30 PMDo you have some pointers how to best set this use case?
• AWS ECR best practice seems to use one repository per image
• It seems reasonable to setup the ECR repositories and IAM roles etc. using pulumi, as there could also some policy configuration etc. be involved
• Furthermore I’d like to use the docker images for AWS Lambda Functions. This also seems like it should be setup using pulumi
• I’d build the functions outside of pulumi (and it seems like I need to push them to a registry?)
adorable-gpu-98268
03/05/2022, 12:31 PMSo in this case, would I create two pulumi projects?
1. setup roles & ECR repositories
2. setup lambda functions and reference the ECR repositories
adorable-gpu-98268
03/05/2022, 12:32 PMThis seems complicated, as it could be a common occurence to add or remove a new lambda function and with this setup this always has to be synchronized across two stacks.
adorable-gpu-98268
03/05/2022, 12:35 PMMy build would be a bit complicated then:
1. call the first
pulumi uppulumi upadorable-gpu-98268
03/05/2022, 12:49 PMMaybe I misunderstand how this all is supposed to play together 🤔
e
echoing-dinner-19531
03/05/2022, 1:59 PMSo it might make sense in some cases to have a shared stack for setting up ECR, and then have another stack setup the functions and just refer to the first stack with StackReferences. Other cases it would make more sense to just do everything in one stack.
In either case it's not ideal having to do the push to ECR outside of pulumi. That's a bad limitation of the docker provider 😞
Some workarounds you could try.
Use the command provider to call your scripts that do the image build and add the push logic to those scripts.
Or try using a dynamic provider and use your languages docker SDK to push to ECR.
Also do consider raising an issue at https://github.com/pulumi/pulumi-docker with this issue.
a
adorable-gpu-98268
03/05/2022, 2:49 PMOkay, thanks for pointing to these resources. The reason I think I have to use two stacks is: The push only works when the ECR repository exists.
As I see adding or removing a new ECR repository and lambda function as a regular activity, not just an initial bootstrap step, I thought this would have to happen first.
e
echoing-dinner-19531
03/05/2022, 7:28 PMThe push only works when the ECR repository exists.It should be possible to depend on the ECR repository being created before running the command steps, just add it to the depends_on list.
4 Views