search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
464 stars 155 forks source link

Unable to create aws.ecr.RegistryPolicy #2326

Closed jazzdan closed 1 year ago

jazzdan commented 1 year ago

What happened?

Whenever I try to create a AWS Elastic Container Registry Policy I get the following error:

Error creating ECR Registry Policy: InvalidParameterException: Invalid parameter at 'PolicyText' failed to satisfy constraint: 'Invalid registry policy provided'

Steps to reproduce

    new aws.ecr.RegistryPolicy(`repository-policy`, {
      policy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [
          {
            Sid: "AllowPushPull",
            Effect: "Allow",
            Principal: {
              AWS: "arn:aws:iam::123:user/sampleuser",
            },
            Action: [
              "ecr:GetDownloadUrlForLayer",
              "ecr:BatchGetImage",
              "ecr:BatchCheckLayerAvailability",
              "ecr:PutImage",
              "ecr:InitiateLayerUpload",
              "ecr:UploadLayerPart",
              "ecr:CompleteLayerUpload",
            ],
          },
        ],
      }),
    });

Expected Behavior

I expected an ecr RegistryPolicy to be created

Actual Behavior

Error creating ECR Registry Policy: InvalidParameterException: Invalid parameter at 'PolicyText' failed to satisfy constraint: 'Invalid registry policy provided'

Output of pulumi about

CLI
Version      3.51.1
Go Version   go1.19.5
Go Compiler  gc

Plugins
NAME        VERSION
aws         5.23.0
aws         5.16.2
docker      3.0.0
eks         1.0.1
kubernetes  3.23.0
nodejs      unknown

Host
OS       darwin
Version  13.1
Arch     arm64

This project is written in nodejs: executable='/Users/dan/.nvm/versions/node/v16.13.0/bin/node' version='v16.13.0'

Current Stack: replay/backend/prod

TYPE                                                        URN
pulumi:pulumi:Stack                                         urn:pulumi:prod::backend::pulumi:pulumi:Stack::backend-prod
pulumi:providers:aws                                        urn:pulumi:prod::backend::pulumi:providers:aws::default_5_23_0
eks:index:Cluster                                           urn:pulumi:prod::backend::eks:index:Cluster::purple-replay-eks-us-east-2
awsx:x:ec2:Vpc                                              urn:pulumi:prod::backend::awsx:x:ec2:Vpc::replay
pulumi:providers:aws                                        urn:pulumi:prod::backend::pulumi:providers:aws::acm-provider
eks:index:ServiceRole                                       urn:pulumi:prod::backend::eks:index:Cluster$eks:index:ServiceRole::purple-replay-eks-us-east-2-eksRole
pulumi:providers:aws                                        urn:pulumi:prod::backend::pulumi:providers:aws::default_5_16_2
aws:acm/certificate:Certificate                             urn:pulumi:prod::backend::aws:acm/certificate:Certificate::static_replay_cert
aws:sns/topic:Topic                                         urn:pulumi:prod::backend::aws:sns/topic:Topic::guardDutyToSlack
aws:sns/topic:Topic                                         urn:pulumi:prod::backend::aws:sns/topic:Topic::guardDutyToEmail
aws:sqs/queue:Queue                                         urn:pulumi:prod::backend::aws:sqs/queue:Queue::term-sqs-queue
aws:iam/userPolicyAttachment:UserPolicyAttachment           urn:pulumi:prod::backend::aws:iam/userPolicyAttachment:UserPolicyAttachment::github-backend-ecr
aws:cloudwatch/eventRule:EventRule                          urn:pulumi:prod::backend::aws:cloudwatch/eventRule:EventRule::guardDutyEventRule
aws:iam/user:User                                           urn:pulumi:prod::backend::aws:iam/user:User::github-backend
aws:sqs/queue:Queue                                         urn:pulumi:prod::backend::aws:sqs/queue:Queue::agent-term-queue
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::aws-k8s-read-write
aws:ec2/keyPair:KeyPair                                     urn:pulumi:prod::backend::aws:ec2/keyPair:KeyPair::keypair
aws:cloudwatch/eventRule:EventRule                          urn:pulumi:prod::backend::aws:cloudwatch/eventRule:EventRule::agent-term-queue-rebalance-recommendation
aws:iam/user:User                                           urn:pulumi:prod::backend::aws:iam/user:User::build-user
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::AmazonEKS_EFS_CSI_Driver_Policy
aws:cloudwatch/logGroup:LogGroup                            urn:pulumi:prod::backend::aws:cloudwatch/logGroup:LogGroup::flowLogGroup
aws:cloudwatch/eventRule:EventRule                          urn:pulumi:prod::backend::aws:cloudwatch/eventRule:EventRule::agent-term-queue-instance-state-change
aws:iam/role:Role                                           urn:pulumi:prod::backend::aws:iam/role:Role::flowLogRole
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::nodeTerminationHandlerPolicy
aws:cloudwatch/eventRule:EventRule                          urn:pulumi:prod::backend::aws:cloudwatch/eventRule:EventRule::agent-term-queue-spot-interrupt
aws:iam/role:Role                                           urn:pulumi:prod::backend::aws:iam/role:Role::purple-worker-role2
aws:guardduty/detector:Detector                             urn:pulumi:prod::backend::aws:guardduty/detector:Detector::ProdDetector
aws:iam/role:Role                                           urn:pulumi:prod::backend::aws:iam/role:Role::purple-worker-role1
aws:iam/userPolicyAttachment:UserPolicyAttachment           urn:pulumi:prod::backend::aws:iam/userPolicyAttachment:UserPolicyAttachment::github-backend-lambda
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::dispatch
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::controller-cleaner
aws:iam/user:User                                           urn:pulumi:prod::backend::aws:iam/user:User::certbot
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::control
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::kube
aws:iam/userPolicyAttachment:UserPolicyAttachment           urn:pulumi:prod::backend::aws:iam/userPolicyAttachment:UserPolicyAttachment::github-backend-api-gateway
aws:iam/user:User                                           urn:pulumi:prod::backend::aws:iam/user:User::Courier
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::certbot-dns-policy
aws:ec2/instance:Instance                                   urn:pulumi:prod::backend::aws:ec2/instance:Instance::chromium recording test server
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::nginx-sidecar
aws:route53/zone:Zone                                       urn:pulumi:prod::backend::aws:route53/zone:Zone::replay.io
aws:ec2/instance:Instance                                   urn:pulumi:prod::backend::aws:ec2/instance:Instance::chromium recording server
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::debugger-server
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::vanta-policy
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::autoScalerPolicy
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::test-inbox
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::data-retention-enforcer
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::dev-build-policy
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::githubPrBot
aws:s3/bucket:Bucket                                        urn:pulumi:prod::backend::aws:s3/bucket:Bucket::buildkite-cache
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::buildServer
aws:ec2/instance:Instance                                   urn:pulumi:prod::backend::aws:ec2/instance:Instance::chromium recording browser instance
aws:cloudwatch/eventRule:EventRule                          urn:pulumi:prod::backend::aws:cloudwatch/eventRule:EventRule::agent-term-queue-lifecycle-action
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::namespaceCleaner
aws:s3/bucket:Bucket                                        urn:pulumi:prod::backend::aws:s3/bucket:Bucket::recordreplay-website
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::diskCleaner
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::crash-server
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::update-server
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::nodeDiskCleaner
aws:iam/user:User                                           urn:pulumi:prod::backend::aws:iam/user:User::buildkite-fly-user
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::flyCleaner
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::triage
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::telemetry-server
aws:s3/bucket:Bucket                                        urn:pulumi:prod::backend::aws:s3/bucket:Bucket::recordreplay-us-east-2-logs
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::recordreplay-graphql-api
aws:iam/role:Role                                           urn:pulumi:prod::backend::aws:iam/role:Role::full_s3_access
aws:iam/role:Role                                           urn:pulumi:prod::backend::aws:iam/role:Role::buildkite-deploy
aws:cloudwatch/metricAlarm:MetricAlarm                      urn:pulumi:prod::backend::aws:cloudwatch/metricAlarm:MetricAlarm::graphql_high_cpu_utilization
aws:cloudwatch/eventRule:EventRule                          urn:pulumi:prod::backend::aws:cloudwatch/eventRule:EventRule::term-sqs-queue-lifecycle-action
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::admin
aws:cloudwatch/eventRule:EventRule                          urn:pulumi:prod::backend::aws:cloudwatch/eventRule:EventRule::term-sqs-queue-instance-state-change
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::crash-dump-uploader
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::kubeBench
aws:ecr/repository:Repository                               urn:pulumi:prod::backend::aws:ecr/repository:Repository::agent
aws:s3/bucket:Bucket                                        urn:pulumi:prod::backend::aws:s3/bucket:Bucket::recordreplay-us-east-2
aws:sns:TopicEventSubscription                              urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription::guardDutyNotifier
aws:iam/role:Role                                           urn:pulumi:prod::backend::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::purple-replay-eks-us-east-2-eksRole-role
aws:sns/topicSubscription:TopicSubscription                 urn:pulumi:prod::backend::aws:sns/topicSubscription:TopicSubscription::guardDutyEmailSubscription
aws:sqs/queuePolicy:QueuePolicy                             urn:pulumi:prod::backend::aws:sqs/queuePolicy:QueuePolicy::term-sqs-queue-policy
aws:sns/topicPolicy:TopicPolicy                             urn:pulumi:prod::backend::aws:sns/topicPolicy:TopicPolicy::default
aws:sns/topicPolicy:TopicPolicy                             urn:pulumi:prod::backend::aws:sns/topicPolicy:TopicPolicy::email
aws:cloudwatch/eventTarget:EventTarget                      urn:pulumi:prod::backend::aws:cloudwatch/eventTarget:EventTarget::sns
aws:cloudwatch/eventTarget:EventTarget                      urn:pulumi:prod::backend::aws:cloudwatch/eventTarget:EventTarget::snsGuardDutyEmail
aws:sqs/queuePolicy:QueuePolicy                             urn:pulumi:prod::backend::aws:sqs/queuePolicy:QueuePolicy::agent-term-queue-policy
aws:iam/userPolicyAttachment:UserPolicyAttachment           urn:pulumi:prod::backend::aws:iam/userPolicyAttachment:UserPolicyAttachment::github-backend-k8s-read-write
aws:cloudwatch/eventTarget:EventTarget                      urn:pulumi:prod::backend::aws:cloudwatch/eventTarget:EventTarget::agent-term-queue-rebalance-recommendation
aws:cloudwatch/eventTarget:EventTarget                      urn:pulumi:prod::backend::aws:cloudwatch/eventTarget:EventTarget::agent-term-queue-instance-state-change
aws:cloudwatch/eventTarget:EventTarget                      urn:pulumi:prod::backend::aws:cloudwatch/eventTarget:EventTarget::agent-term-queue-spot-interrupt
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role2-policy-6
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role2-policy-1
aws:iam/role:Role                                           urn:pulumi:prod::backend::aws:iam/role:Role::replay-external-s3-role
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role2-policy-3
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role2-policy-2
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role2-policy-7
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role2-policy-0
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::dispatch-lifecycle-policy
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role1-policy-0
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role1-policy-1
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role1-policy-6
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role1-policy-7
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role1-policy-2
aws:iam/instanceProfile:InstanceProfile                     urn:pulumi:prod::backend::aws:iam/instanceProfile:InstanceProfile::purple-instance-profile1
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role1-policy-3
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::controller-cleaner-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::control-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::kube-lifecycle-policy
aws:iam/userPolicyAttachment:UserPolicyAttachment           urn:pulumi:prod::backend::aws:iam/userPolicyAttachment:UserPolicyAttachment::certbot-dns-attachment
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::nginx-sidecar-lifecycle-policy
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::record.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::tmvenq756jlp3emvzrjgqlinhngin7wi._domainkey.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::replay.io_mx
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::dev.dispatch.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::recordings.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::_4b9180d34a77ff04111c4feca5aa2b01.static.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::crash-reports-test.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::url3084.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::admin.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::opengraph.replay.io
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::graphql-test.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::api.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::staging.app.replay.io
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::_d57bdecb0123fc2dc277885bbfd3a230.app.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::em1528.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::fuzzer.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::crash-reports.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::outbound.intercom.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::dispatch.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::record-test.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::app.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::vercel.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::fesca72th6nlclxl4aykarwjal56y7xh._domainkey.replay.io
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::replay.io
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::graphql.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::bounce.replay.io
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::replay.io_soa
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::webhooks.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::20922453.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::replay.io_txt
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::_53b7d72ea73a2dc05a55abace3ecbde9.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::replay.io_ns
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::_acme-challenge.replay.io_txt
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::_amazonses.replay.io_txt
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::2opbplege6f2ux7a3zs7b3ew26qgxe6l._domainkey.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::intercom._domainkey.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::s2._domainkey.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::s1._domainkey.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::grlykp7ymwstruo4bzewfif66rqaod26._domainkey.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::test-inbox.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::rpjeqrp575zqkvldtor2pjvbiapwc7ie._domainkey.replay.io
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::updates-k8s.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::2ywubtsxvxyabmlcsvi75ohomi4qxvlz._domainkey.replay.io
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::updates-test.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::2mqi2grbxc5pvqpdxl3q3bgi2wpip4he._domainkey.replay.io
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::updates.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::login.replay.io
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::_d0075d3608c7c53854bb34ea8a088bc1.www.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::telemetry.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::mr5a2pf7dlfx3zrybctibue23gleqlhw._domainkey.replay.io
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::test-inbox-test.replay.io_a
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::www.replay.io_cname
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::esv2mctisx6wocop4xpwjs3wrxy4ur7a._domainkey.replay.io
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::debugger-server-lifecycle-policy
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role1-policy-4
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role2-policy-4
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::test-inbox-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::data-retention-enforcer-lifecycle-policy
aws:iam/userPolicyAttachment:UserPolicyAttachment           urn:pulumi:prod::backend::aws:iam/userPolicyAttachment:UserPolicyAttachment::dev-build-policy-attachment
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::githubPrBot-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::buildServer-lifecycle-policy
aws:cloudwatch/eventTarget:EventTarget                      urn:pulumi:prod::backend::aws:cloudwatch/eventTarget:EventTarget::agent-term-queue-lifecycle-action
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::namespaceCleaner-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::diskCleaner-lifecycle-policy
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::s3-website-write-downloads
aws:cloudfront/distribution:Distribution                    urn:pulumi:prod::backend::aws:cloudfront/distribution:Distribution::replay_distribution
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::crash-server-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::update-server-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::nodeDiskCleaner-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::flyCleaner-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::triage-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::telemetry-server-lifecycle-policy
aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock      urn:pulumi:prod::backend::aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock::block-recordreplay-us-east-2-logs
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::recordreplay-graphql-api-lifecycle-policy
aws:ec2/instance:Instance                                   urn:pulumi:prod::backend::aws:ec2/instance:Instance::linux development replay vpc
aws:iam/instanceProfile:InstanceProfile                     urn:pulumi:prod::backend::aws:iam/instanceProfile:InstanceProfile::buildkite-deploy
aws:cloudwatch/eventTarget:EventTarget                      urn:pulumi:prod::backend::aws:cloudwatch/eventTarget:EventTarget::term-sqs-queue-lifecycle-action
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::admin-lifecycle-policy
aws:cloudwatch/eventTarget:EventTarget                      urn:pulumi:prod::backend::aws:cloudwatch/eventTarget:EventTarget::term-sqs-queue-instance-state-change
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::crash-dump-uploader-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::kubeBench-lifecycle-policy
aws:ecr/lifecyclePolicy:LifecyclePolicy                     urn:pulumi:prod::backend::aws:ecr/lifecyclePolicy:LifecyclePolicy::agent-lifecycle-policy
aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock      urn:pulumi:prod::backend::aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock::block-recordreplay-us-east-2
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::s3-recordreplay-readwrite
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::build-policy
aws:iam/role:Role                                           urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:iam/role:Role::guardDutyNotifier
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-replay-eks-us-east-2-eksRole-4b490823
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::replay-external-s3-policy-attachment
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::assumeExternalS3Policy
aws:s3/bucketPolicy:BucketPolicy                            urn:pulumi:prod::backend::aws:s3/bucketPolicy:BucketPolicy::logBucketPolicy
awsx:x:ec2:Subnet                                           urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet::replay-private-1
awsx:x:ec2:NatGateway                                       urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:NatGateway::replay-0
awsx:x:ec2:NatGateway                                       urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:NatGateway::replay-1
awsx:x:ec2:Subnet                                           urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet::replay-public-0
awsx:x:ec2:Subnet                                           urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet::replay-private-0
awsx:x:ec2:InternetGateway                                  urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:InternetGateway::replay
aws:ec2/vpc:Vpc                                             urn:pulumi:prod::backend::awsx:x:ec2:Vpc$aws:ec2/vpc:Vpc::replay
awsx:x:ec2:Subnet                                           urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet::replay-public-1
aws:iam/policy:Policy                                       urn:pulumi:prod::backend::aws:iam/policy:Policy::buildkite-fly-policy
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role1-policy-8
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role2-policy-8
aws:route53/record:Record                                   urn:pulumi:prod::backend::aws:route53/record:Record::static.replay.io_a
aws:iam/role:Role                                           urn:pulumi:prod::backend::aws:iam/role:Role::kube-user-role
aws:ec2/eip:Eip                                             urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:NatGateway$aws:ec2/eip:Eip::replay-1
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role1-policy-5
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role2-policy-5
aws:iam/userPolicyAttachment:UserPolicyAttachment           urn:pulumi:prod::backend::aws:iam/userPolicyAttachment:UserPolicyAttachment::build-policy-attachment
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::guardDutyNotifier-1b4caae3
aws:lambda/function:Function                                urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:lambda/function:Function::guardDutyNotifier
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::guardDutyNotifier-7cd09230
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::guardDutyNotifier-e1a3786d
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::guardDutyNotifier-019020e7
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::guardDutyNotifier-4aaabb8e
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::guardDutyNotifier-a1de8170
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::guardDutyNotifier-b5aeb6b6
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::guardDutyNotifier-74d12784
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::guardDutyNotifier-6c156834
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role1-external-s3
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:prod::backend::aws:iam/rolePolicyAttachment:RolePolicyAttachment::purple-worker-role2-external-s3
aws:cloudtrail/trail:Trail                                  urn:pulumi:prod::backend::aws:cloudtrail/trail:Trail::recordReplayBucketCloudtrail
aws:ec2/eip:Eip                                             urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:NatGateway$aws:ec2/eip:Eip::replay-0
aws:ec2/flowLog:FlowLog                                     urn:pulumi:prod::backend::aws:ec2/flowLog:FlowLog::replayFlowLog
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:prod::backend::aws:ec2/securityGroup:SecurityGroup::eks-cluster-sg-purple-replay-eks-us-east-2
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:prod::backend::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::purple-replay-eks-us-east-2-eksClusterSecurityGroup
aws:ec2/routeTable:RouteTable                               urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/routeTable:RouteTable::replay-public-0
aws:ec2/routeTable:RouteTable                               urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/routeTable:RouteTable::replay-private-0
aws:ec2/routeTable:RouteTable                               urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/routeTable:RouteTable::replay-private-1
aws:ec2/subnet:Subnet                                       urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/subnet:Subnet::replay-public-0
aws:ec2/subnet:Subnet                                       urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/subnet:Subnet::replay-private-0
aws:ec2/subnet:Subnet                                       urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/subnet:Subnet::replay-private-1
aws:ec2/internetGateway:InternetGateway                     urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:InternetGateway$aws:ec2/internetGateway:InternetGateway::replay
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:prod::backend::aws:ec2/securityGroup:SecurityGroup::prod-tailscale-router-sg
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:prod::backend::aws:ec2/securityGroup:SecurityGroup::buildkite-sg
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:prod::backend::aws:ec2/securityGroup:SecurityGroup::allow rdp
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:prod::backend::aws:ec2/securityGroup:SecurityGroup::endpoint-security-group
aws:ec2/routeTable:RouteTable                               urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/routeTable:RouteTable::replay-public-1
aws:ec2/subnet:Subnet                                       urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/subnet:Subnet::replay-public-1
aws:iam/userPolicyAttachment:UserPolicyAttachment           urn:pulumi:prod::backend::aws:iam/userPolicyAttachment:UserPolicyAttachment::buildkite-fly-policy-attachment
aws:lambda/permission:Permission                            urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:lambda/permission:Permission::guardDutyNotifier
aws:sns/topicSubscription:TopicSubscription                 urn:pulumi:prod::backend::aws:sns/topic:Topic$aws:sns:TopicEventSubscription$aws:sns/topicSubscription:TopicSubscription::guardDutyNotifier
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:prod::backend::aws:ec2/securityGroup:SecurityGroup::graphql-allow-metabase-and-k8s
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:prod::backend::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::purple-replay-eks-us-east-2-eksClusterInternetEgressRule
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/routeTableAssociation:RouteTableAssociation::replay-public-0
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/routeTableAssociation:RouteTableAssociation::replay-private-0
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/routeTableAssociation:RouteTableAssociation::replay-private-1
aws:ec2/route:Route                                         urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/route:Route::replay-public-0-ig
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:prod::backend::aws:ec2/securityGroup:SecurityGroup::redis-state-security-group
aws:ec2/instance:Instance                                   urn:pulumi:prod::backend::aws:ec2/instance:Instance::prod-tailscale-router
aws:ec2/launchTemplate:LaunchTemplate                       urn:pulumi:prod::backend::aws:ec2/launchTemplate:LaunchTemplate::buildkite-launch-config
aws:ec2/instance:Instance                                   urn:pulumi:prod::backend::aws:ec2/instance:Instance::buildkite2
aws:ec2/route:Route                                         urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/route:Route::replay-public-1-ig
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/routeTableAssociation:RouteTableAssociation::replay-public-1
aws:ec2/natGateway:NatGateway                               urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:NatGateway$aws:ec2/natGateway:NatGateway::replay-0
aws:ec2/instance:Instance                                   urn:pulumi:prod::backend::aws:ec2/instance:Instance::windows development replay vpc
aws:elasticache/subnetGroup:SubnetGroup                     urn:pulumi:prod::backend::aws:elasticache/subnetGroup:SubnetGroup::redis-state-subnet-group
aws:autoscaling/group:Group                                 urn:pulumi:prod::backend::aws:autoscaling/group:Group::buildkite-asg
aws:ec2/natGateway:NatGateway                               urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:NatGateway$aws:ec2/natGateway:NatGateway::replay-1
aws:ec2/vpcEndpoint:VpcEndpoint                             urn:pulumi:prod::backend::aws:ec2/vpcEndpoint:VpcEndpoint::ssmmessages
aws:ec2/vpcEndpoint:VpcEndpoint                             urn:pulumi:prod::backend::aws:ec2/vpcEndpoint:VpcEndpoint::ssm
aws:iam/role:Role                                           urn:pulumi:prod::backend::aws:iam/role:Role::rds-monitoring-role
aws:ec2/vpcEndpoint:VpcEndpoint                             urn:pulumi:prod::backend::aws:ec2/vpcEndpoint:VpcEndpoint::ec2messages
aws:rds/subnetGroup:SubnetGroup                             urn:pulumi:prod::backend::aws:rds/subnetGroup:SubnetGroup::graphql-subnet-group
aws:eks/cluster:Cluster                                     urn:pulumi:prod::backend::eks:index:Cluster$aws:eks/cluster:Cluster::purple-replay-eks-us-east-2-eksCluster
aws:ec2/route:Route                                         urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/route:Route::replay-private-0-nat-0
aws:elasticache/replicationGroup:ReplicationGroup           urn:pulumi:prod::backend::aws:elasticache/replicationGroup:ReplicationGroup::state
aws:ec2/route:Route                                         urn:pulumi:prod::backend::awsx:x:ec2:Vpc$awsx:x:ec2:Subnet$aws:ec2/route:Route::replay-private-1-nat-1
aws:rds/clusterInstance:ClusterInstance                     urn:pulumi:prod::backend::aws:rds/clusterInstance:ClusterInstance::graphql-aurora-writereplica
aws:rds/clusterInstance:ClusterInstance                     urn:pulumi:prod::backend::aws:rds/clusterInstance:ClusterInstance::graphql-aurora-readreplica
pulumi:providers:kubernetes                                 urn:pulumi:prod::backend::pulumi:providers:kubernetes::provider
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:prod::backend::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::purple-replay-eks-us-east-2-nodeSecurityGroup
aws:iam/openIdConnectProvider:OpenIdConnectProvider         urn:pulumi:prod::backend::eks:index:Cluster$aws:iam/openIdConnectProvider:OpenIdConnectProvider::purple-replay-eks-us-east-2-oidcProvider
kubernetes:helm.sh/v3:Chart                                 urn:pulumi:prod::backend::kubernetes:helm.sh/v3:Chart::cluster-autoscaler
aws:rds/cluster:Cluster                                     urn:pulumi:prod::backend::aws:rds/cluster:Cluster::graphql-aurora
kubernetes:core/v1:ConfigMap                                urn:pulumi:prod::backend::kubernetes:core/v1:ConfigMap::cluster-name
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:prod::backend::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::purple-replay-eks-us-east-2-eksNodeInternetEgressRule
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:prod::backend::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::purple-replay-eks-us-east-2-eksExtApiServerClusterIngressRule
aws:ec2/launchTemplate:LaunchTemplate                       urn:pulumi:prod::backend::aws:ec2/launchTemplate:LaunchTemplate::purple-ondemand-2022-10-03-launch-template
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:prod::backend::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::purple-replay-eks-us-east-2-eksClusterIngressRule
aws:ec2/launchTemplate:LaunchTemplate                       urn:pulumi:prod::backend::aws:ec2/launchTemplate:LaunchTemplate::spotLaunchTemplate-2022-12-19
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:prod::backend::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::purple-replay-eks-us-east-2-eksNodeClusterIngressRule
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:prod::backend::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::purple-replay-eks-us-east-2-eksNodeIngressRule
pulumi:providers:kubernetes                                 urn:pulumi:prod::backend::eks:index:Cluster$pulumi:providers:kubernetes::purple-replay-eks-us-east-2-eks-k8s
pulumi:providers:kubernetes                                 urn:pulumi:prod::backend::eks:index:Cluster$pulumi:providers:kubernetes::purple-replay-eks-us-east-2-provider
kubernetes:core/v1:ConfigMap                                urn:pulumi:prod::backend::eks:index:Cluster$kubernetes:core/v1:ConfigMap::purple-replay-eks-us-east-2-nodeAccess
aws:eks/nodeGroup:NodeGroup                                 urn:pulumi:prod::backend::eks:index:Cluster$aws:eks/nodeGroup:NodeGroup::purple-spot-2022-12-19
aws:eks/nodeGroup:NodeGroup                                 urn:pulumi:prod::backend::eks:index:Cluster$aws:eks/nodeGroup:NodeGroup::purple-on-demand-managed-2022-10-03
aws:autoscaling/lifecycleHook:LifecycleHook                 urn:pulumi:prod::backend::aws:autoscaling/lifecycleHook:LifecycleHook::eks-purple20221219174938722300000003-90c295c0-b396-d8ef-e6ac-1f7bd327890a-lifecycle-hook
kubernetes:core/v1:ServiceAccount                           urn:pulumi:prod::backend::kubernetes:helm.sh/v3:Chart$kubernetes:core/v1:ServiceAccount::kube-system/cluster-autoscaler-aws-cluster-autoscaler
kubernetes:rbac.authorization.k8s.io/v1:Role                urn:pulumi:prod::backend::kubernetes:helm.sh/v3:Chart$kubernetes:rbac.authorization.k8s.io/v1:Role::kube-system/cluster-autoscaler-aws-cluster-autoscaler
kubernetes:rbac.authorization.k8s.io/v1:RoleBinding         urn:pulumi:prod::backend::kubernetes:helm.sh/v3:Chart$kubernetes:rbac.authorization.k8s.io/v1:RoleBinding::kube-system/cluster-autoscaler-aws-cluster-autoscaler
kubernetes:apps/v1:Deployment                               urn:pulumi:prod::backend::kubernetes:helm.sh/v3:Chart$kubernetes:apps/v1:Deployment::kube-system/cluster-autoscaler-aws-cluster-autoscaler
kubernetes:core/v1:Service                                  urn:pulumi:prod::backend::kubernetes:helm.sh/v3:Chart$kubernetes:core/v1:Service::kube-system/cluster-autoscaler-aws-cluster-autoscaler
kubernetes:policy/v1:PodDisruptionBudget                    urn:pulumi:prod::backend::kubernetes:helm.sh/v3:Chart$kubernetes:policy/v1:PodDisruptionBudget::kube-system/cluster-autoscaler-aws-cluster-autoscaler
kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding  urn:pulumi:prod::backend::kubernetes:helm.sh/v3:Chart$kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding::cluster-autoscaler-aws-cluster-autoscaler
kubernetes:rbac.authorization.k8s.io/v1:ClusterRole         urn:pulumi:prod::backend::kubernetes:helm.sh/v3:Chart$kubernetes:rbac.authorization.k8s.io/v1:ClusterRole::cluster-autoscaler-aws-cluster-autoscaler

Found no pending operations associated with replay/prod

Backend
Name           pulumi.com
URL            https://app.pulumi.com/dmiller17
User           dmiller17
Organizations  dmiller17, replay

Dependencies:
NAME                VERSION
@pulumi/pulumi      3.49.0
@types/node         10.17.60
@pulumi/aws         5.23.0
@pulumi/awsx        0.40.0
@pulumi/eks         1.0.1
@pulumi/kubernetes  3.23.0

Pulumi locates its logs in /var/folders/1m/p8864bqn449g3yl46wwt4nqc0000gn/T/ by default

Additional context

I noticed that the Pulumi API for RegistryPolicy doesn’t take a repository ID, only a policy (https://www.pulumi.com/registry/packages/aws/api-docs/ecr/registrypolicy/#create). Whereas the terraform API takes both a repository ID and a policy (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository_policy#argument-reference). Is it possible that this Pulumi API is wrong and it’s impossible to make AWS ECR Registry Policies or am I missing something? I don’t see how Pulumi could know what repository to apply this policy to without a registry/repository ID.

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

squaremo commented 1 year ago

Error creating ECR Registry Policy: InvalidParameterException: Invalid parameter at 'PolicyText' failed to satisfy constraint: 'Invalid registry policy provided'

Ugh, that's pretty unhelpful error text, isn't it -- sorry about that. I suspect it's passed through from the AWS API (since it's an opaque string to the provider). But still, it would be nice to do better.

One thing I noticed on a scan is that the example at https://www.pulumi.com/registry/packages/aws/api-docs/ecr/registrypolicy/#example-usage includes a Resource field in the stringified policy, whereas your code above doesn't. The examples in the AWS docs (if I have the right place ...) include a Resource field too. Could that be the problem?

I noticed that the Pulumi API for RegistryPolicy doesn’t take a repository ID, only a policy (https://www.pulumi.com/registry/packages/aws/api-docs/ecr/registrypolicy/#create). Whereas the terraform API takes both a repository ID and a policy (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository_policy#argument-reference).

These are two different things with very easily confusable names: RegistryPolicy (applies to the whole registry), and RepositoryPolicy (applies to a particular image repository in a registry). The Pulumi SDK equivalent to the Terraform resource is https://www.pulumi.com/registry/packages/aws/api-docs/ecr/repositorypolicy/, which does have a repository input.

jazzdan commented 1 year ago

Ah, thanks @squaremo you're totally right. Switching to repository policy is what I needed to do. Thanks so much!!!