Open joeduffy opened 3 years ago
Just ran into this bug now - how would you advise a potential customer to work around this and get the examples running?
(without having to set a default VPC if possible)
~/Code/mycompany/pulumi-examples/aws-ts-hello-fargate$ pulumi stack init dev
Created stack 'dev'
~/Code/mycompany/pulumi-examples/aws-ts-hello-fargate$ pulumi config set aws:region us-east-2
~/Code/mycompany/pulumi-examples/aws-ts-hello-fargate$ pulumi up
Previewing update (dev)
View Live: https://app.pulumi.com/mikemaccana/aws-ts-hello-fargate/dev/previews/65dad80e-a460-47a9-8121-d58c9345f580
Type Name Plan Info
pulumi:pulumi:Stack aws-ts-hello-fargate-dev 1 message
Diagnostics:
pulumi:pulumi:Stack (aws-ts-hello-fargate-dev):
error: It looks like the Pulumi SDK has not been installed. Have you run npm install or yarn install?
error: failed to load language plugin nodejs: could not read plugin [/home/mike/.pulumi/bin/pulumi-language-nodejs] stdout: EOF
~/Code/mycompany/pulumi-examples/aws-ts-hello-fargate$ npm i
npm WARN deprecated uuid@3.3.2: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
added 119 packages, and audited 120 packages in 19s
26 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
~/Code/mycompany/pulumi-examples/aws-ts-hello-fargate$ pulumi up
Previewing update (dev)
View Live: https://app.pulumi.com/mikemaccana/aws-ts-hello-fargate/dev/previews/6994f5e3-0e40-41d6-bfca-9567881c64a3
Type Name Plan Info
+ pulumi:pulumi:Stack aws-ts-hello-fargate-dev create 1 error
+ ├─ awsx:x:ecs:Cluster cluster create
+ │ ├─ awsx:x:ec2:SecurityGroup cluster create
+ │ │ ├─ awsx:x:ec2:EgressSecurityGroupRule cluster-egress create
+ │ │ ├─ awsx:x:ec2:IngressSecurityGroupRule cluster-containers create
+ │ │ └─ awsx:x:ec2:IngressSecurityGroupRule cluster-ssh create
+ │ └─ aws:ecs:Cluster cluster create
+ ├─ awsx:x:ecs:FargateTaskDefinition app-svc create
+ │ ├─ aws:iam:Role app-svc-task create
+ │ ├─ aws:ecr:Repository app-img create
+ │ ├─ aws:iam:Role app-svc-execution create
+ │ ├─ aws:cloudwatch:LogGroup app-svc create
+ │ ├─ aws:ecr:LifecyclePolicy app-img create
+ │ ├─ aws:iam:RolePolicyAttachment app-svc-task-0cbb1731 create
+ │ ├─ aws:iam:RolePolicyAttachment app-svc-task-b5aeb6b6 create
+ │ ├─ aws:iam:RolePolicyAttachment app-svc-execution-9a42f520 create
+ │ └─ aws:iam:RolePolicyAttachment app-svc-execution-58ed699a create
+ ├─ awsx:x:ecs:FargateService app-svc create
+ └─ aws:lb:ApplicationLoadBalancer net-lb create
+ ├─ awsx:lb:ApplicationTargetGroup web create
+ └─ awsx:lb:ApplicationListener web create
+ ├─ awsx:x:ec2:IngressSecurityGroupRule web-external-0-ingress create
+ └─ awsx:x:ec2:EgressSecurityGroupRule web-external-0-egress create
Diagnostics:
pulumi:pulumi:Stack (aws-ts-hello-fargate-dev):
error: Running program '/home/mike/Code/mycompany/pulumi-examples/aws-ts-hello-fargate' failed with an unhandled exception:
Error: invocation of aws:ec2/getVpc:getVpc returned an error: invoking aws:ec2/getVpc:getVpc: 1 error occurred:
* no matching VPC found
at Object.callback (/home/mike/Code/mycompany/pulumi-examples/aws-ts-hello-fargate/node_modules/@pulumi/pulumi/runtime/invoke.js:139:33)
at Object.onReceiveStatus (/home/mike/Code/mycompany/pulumi-examples/aws-ts-hello-fargate/node_modules/@grpc/grpc-js/src/client.ts:338:26)
at Object.onReceiveStatus (/home/mike/Code/mycompany/pulumi-examples/aws-ts-hello-fargate/node_modules/@grpc/grpc-js/src/client-interceptors.ts:426:34)
at Object.onReceiveStatus (/home/mike/Code/mycompany/pulumi-examples/aws-ts-hello-fargate/node_modules/@grpc/grpc-js/src/client-interceptors.ts:389:48)
at /home/mike/Code/mycompany/pulumi-examples/aws-ts-hello-fargate/node_modules/@grpc/grpc-js/src/call-stream.ts:276:24
at processTicksAndRejections (internal/process/task_queues.js:75:11)
This renders the "get started with pulumi!" examples useless. What's the workaround?
Facing the same issue.
@sarink @mkyukov Can you clarify which "Get Started with Pulumi" examples are affected by this issue?
Also, the workaround is to create your own VPC, either using AWSX (Crosswalk for AWS) or the standard AWS resources.
The following examples appear to be affected:
aws-cs-eks
aws-py-ecs-instances-autoapi
aws-go-eks
aws-py-fargate
aws-cs-fargate
aws-ts-pulumi-miniflux
This list is not necessarily complete.
An additional problem is the default
security group can be changed to be less permissive. This will allow Pulumi to run, but will result in services failing.
For example, aws-py-ecs-instances-autoapi
will fail health checks, preventing the instances going live in the LB Target Group
ref: https://pulumi-community.slack.com/archives/C84L4E3N1/p1693386835875179
Some of our AWS examples assume you have a default VPC, and break if you do not. It is often common security practice to delete an account's default VPC upon creation to avoid accidental ingress/egress exposure of private endpoints. And us-east-1 accounts created before a certain date don't have one. I don't have the exact failure information but speaking as someone who had such an account, the failure mode was not pleasant. We should audit our examples for those that depend on default VPCs and call this out in the instructions and/or code as a comment. I wish the error here was much better too.