From 14b44e49eac527c6ed80e54699f1fbd5f32afb12 Mon Sep 17 00:00:00 2001 From: Sean Holung Date: Thu, 9 Nov 2023 15:00:11 -0800 Subject: [PATCH] temp registry files --- .../content/registry/packages/aws/_index.md | 124 ++++ .../packages/aws/how-to-guides/_index.md | 6 + .../how-to-guides/aws-cs-ansible-wordpress.md | 165 ++++++ .../aws/how-to-guides/aws-cs-assume-role.md | 105 ++++ .../packages/aws/how-to-guides/aws-cs-eks.md | 83 +++ .../aws/how-to-guides/aws-cs-fargate.md | 145 +++++ .../aws/how-to-guides/aws-cs-lambda.md | 70 +++ .../aws/how-to-guides/aws-cs-s3-folder.md | 79 +++ .../how-to-guides/aws-cs-secrets-manager.md | 71 +++ .../aws/how-to-guides/aws-cs-webserver.md | 86 +++ .../how-to-guides/aws-fs-lambda-webserver.md | 48 ++ .../aws/how-to-guides/aws-fs-s3-folder.md | 79 +++ .../how-to-guides/aws-go-ansible-wordpress.md | 165 ++++++ .../aws/how-to-guides/aws-go-appsync.md | 88 +++ .../aws/how-to-guides/aws-go-assume-role.md | 99 ++++ .../aws-go-console-slack-notification.md | 107 ++++ .../packages/aws/how-to-guides/aws-go-eks.md | 83 +++ .../aws/how-to-guides/aws-go-fargate.md | 143 +++++ .../how-to-guides/aws-go-lambda-gateway.md | 135 +++++ .../aws/how-to-guides/aws-go-lambda.md | 105 ++++ .../aws/how-to-guides/aws-go-resources.md | 72 +++ .../aws-go-s3-folder-component.md | 102 ++++ .../aws/how-to-guides/aws-go-s3-folder.md | 86 +++ .../how-to-guides/aws-go-secrets-manager.md | 71 +++ .../aws/how-to-guides/aws-go-slackbot.md | 171 ++++++ .../aws/how-to-guides/aws-go-webserver.md | 84 +++ .../aws-java-ansible-wordpress.md | 165 ++++++ .../aws/how-to-guides/aws-java-eks-minimal.md | 68 +++ .../aws/how-to-guides/aws-java-webserver.md | 80 +++ .../aws/how-to-guides/aws-js-containers.md | 96 +++ .../aws-js-s3-folder-component.md | 100 ++++ .../aws/how-to-guides/aws-js-s3-folder.md | 99 ++++ .../aws/how-to-guides/aws-js-sqs-slack.md | 105 ++++ .../aws-js-webserver-component.md | 28 + .../aws/how-to-guides/aws-js-webserver.md | 82 +++ .../how-to-guides/aws-py-ansible-wordpress.md | 165 ++++++ .../aws-py-apigateway-lambda-serverless.md | 84 +++ .../aws-py-apigatewayv2-eventbridge.md | 90 +++ ...ws-py-apigatewayv2-http-api-quickcreate.md | 102 ++++ .../aws/how-to-guides/aws-py-appsync.md | 78 +++ .../aws/how-to-guides/aws-py-assume-role.md | 112 ++++ .../how-to-guides/aws-py-django-voting-app.md | 122 ++++ .../how-to-guides/aws-py-dynamicresource.md | 93 +++ .../how-to-guides/aws-py-ec2-provisioners.md | 57 ++ .../aws-py-ecs-instances-autoapi.md | 102 ++++ .../packages/aws/how-to-guides/aws-py-eks.md | 121 ++++ .../aws/how-to-guides/aws-py-fargate.md | 158 +++++ .../aws-py-hub-and-spoke-network.md | 120 ++++ .../aws-py-oidc-provider-pulumi-cloud.md | 116 ++++ .../how-to-guides/aws-py-redshift-glue-etl.md | 76 +++ .../aws/how-to-guides/aws-py-resources.md | 39 ++ .../aws/how-to-guides/aws-py-s3-folder.md | 95 +++ .../how-to-guides/aws-py-secrets-manager.md | 71 +++ .../how-to-guides/aws-py-serverless-raw.md | 99 ++++ .../aws/how-to-guides/aws-py-slackbot.md | 165 ++++++ .../how-to-guides/aws-py-stackreference.md | 200 +++++++ .../how-to-guides/aws-py-static-website.md | 150 +++++ .../aws/how-to-guides/aws-py-stepfunctions.md | 41 ++ .../aws/how-to-guides/aws-py-voting-app.md | 110 ++++ .../aws/how-to-guides/aws-py-webserver.md | 87 +++ .../aws-py-wordpress-fargate-rds.md | 111 ++++ .../aws/how-to-guides/aws-ts-airflow.md | 62 ++ .../how-to-guides/aws-ts-ansible-wordpress.md | 165 ++++++ .../how-to-guides/aws-ts-apigateway-auth0.md | 134 +++++ .../aws-ts-apigateway-eventbridge.md | 101 ++++ .../aws-ts-apigateway-lambda-serverless.md | 109 ++++ .../aws/how-to-guides/aws-ts-apigateway.md | 99 ++++ .../aws-ts-apigatewayv2-eventbridge.md | 87 +++ ...ws-ts-apigatewayv2-http-api-quickcreate.md | 91 +++ .../aws-ts-apigatewayv2-http-api.md | 93 +++ .../aws/how-to-guides/aws-ts-appsync.md | 80 +++ .../aws/how-to-guides/aws-ts-assume-role.md | 114 ++++ .../aws/how-to-guides/aws-ts-containers.md | 85 +++ .../how-to-guides/aws-ts-ec2-provisioners.md | 63 ++ .../aws/how-to-guides/aws-ts-ecs-anywhere.md | 172 ++++++ .../aws/how-to-guides/aws-ts-eks-distro.md | 119 ++++ .../how-to-guides/aws-ts-eks-hello-world.md | 346 +++++++++++ .../aws-ts-eks-migrate-nodegroups.md | 29 + .../packages/aws/how-to-guides/aws-ts-eks.md | 173 ++++++ .../aws/how-to-guides/aws-ts-hello-fargate.md | 140 +++++ .../aws-ts-k8s-mern-voting-app.md | 123 ++++ .../how-to-guides/aws-ts-k8s-voting-app.md | 125 ++++ .../aws/how-to-guides/aws-ts-lambda-efs.md | 163 ++++++ .../aws-ts-lambda-thumbnailer.md | 142 +++++ .../aws-ts-netlify-cms-and-oauth.md | 33 ++ .../aws/how-to-guides/aws-ts-nextjs.md | 92 +++ .../aws/how-to-guides/aws-ts-organizations.md | 89 +++ .../how-to-guides/aws-ts-pern-voting-app.md | 154 +++++ .../how-to-guides/aws-ts-pulumi-miniflux.md | 73 +++ .../how-to-guides/aws-ts-pulumi-webhooks.md | 115 ++++ .../how-to-guides/aws-ts-redshift-glue-etl.md | 74 +++ .../aws/how-to-guides/aws-ts-resources.md | 42 ++ .../aws/how-to-guides/aws-ts-ruby-on-rails.md | 87 +++ .../aws/how-to-guides/aws-ts-s3-folder.md | 101 ++++ .../how-to-guides/aws-ts-s3-lambda-copyzip.md | 111 ++++ .../aws-ts-scheduled-function.md | 80 +++ .../how-to-guides/aws-ts-secrets-manager.md | 73 +++ .../aws-ts-serverless-datawarehouse.md | 267 +++++++++ .../how-to-guides/aws-ts-serverless-raw.md | 101 ++++ .../aws/how-to-guides/aws-ts-slackbot.md | 204 +++++++ .../aws-ts-stackreference-architecture.md | 191 ++++++ .../how-to-guides/aws-ts-stackreference.md | 204 +++++++ .../how-to-guides/aws-ts-static-website.md | 161 +++++ .../aws/how-to-guides/aws-ts-stepfunctions.md | 46 ++ .../how-to-guides/aws-ts-synthetics-canary.md | 86 +++ .../aws/how-to-guides/aws-ts-thumbnailer.md | 131 +++++ .../how-to-guides/aws-ts-twitter-athena.md | 88 +++ .../aws-ts-url-shortener-cache-http.md | 93 +++ .../aws/how-to-guides/aws-ts-voting-app.md | 132 +++++ .../aws-ts-vpc-with-ecs-fargate-py.md | 52 ++ .../aws/how-to-guides/aws-ts-webserver.md | 83 +++ .../aws-ts-wordpress-fargate-rds.md | 89 +++ .../aws-yaml-ansible-wordpress.md | 165 ++++++ .../aws/how-to-guides/aws-yaml-eks.md | 68 +++ .../how-to-guides/aws-yaml-static-website.md | 120 ++++ .../aws/how-to-guides/ec2-webserver.md | 554 ++++++++++++++++++ .../packages/aws/how-to-guides/ecs-fargate.md | 229 ++++++++ .../packages/aws/how-to-guides/rest-api.md | 129 ++++ .../aws/how-to-guides/s3-folder-component.md | 79 +++ .../packages/aws/how-to-guides/s3-website.md | 257 ++++++++ .../aws/how-to-guides/video-thumbnailer.md | 225 +++++++ .../aws/installation-configuration.md | 210 +++++++ 122 files changed, 14062 insertions(+) create mode 100644 themes/default/content/registry/packages/aws/_index.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/_index.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-cs-ansible-wordpress.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-cs-assume-role.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-cs-eks.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-cs-fargate.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-cs-lambda.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-cs-s3-folder.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-cs-secrets-manager.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-cs-webserver.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-fs-lambda-webserver.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-fs-s3-folder.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-ansible-wordpress.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-appsync.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-assume-role.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-console-slack-notification.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-eks.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-fargate.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-lambda-gateway.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-lambda.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-resources.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-s3-folder-component.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-s3-folder.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-secrets-manager.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-slackbot.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-go-webserver.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-java-ansible-wordpress.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-java-eks-minimal.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-java-webserver.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-js-containers.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-js-s3-folder-component.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-js-s3-folder.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-js-sqs-slack.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-js-webserver-component.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-js-webserver.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-ansible-wordpress.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigateway-lambda-serverless.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigatewayv2-eventbridge.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigatewayv2-http-api-quickcreate.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-appsync.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-assume-role.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-django-voting-app.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-dynamicresource.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-ec2-provisioners.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-ecs-instances-autoapi.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-eks.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-fargate.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-hub-and-spoke-network.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-oidc-provider-pulumi-cloud.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-redshift-glue-etl.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-resources.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-s3-folder.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-secrets-manager.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-serverless-raw.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-slackbot.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-stackreference.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-static-website.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-stepfunctions.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-voting-app.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-webserver.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-py-wordpress-fargate-rds.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-airflow.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ansible-wordpress.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-auth0.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-eventbridge.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-lambda-serverless.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-eventbridge.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-http-api-quickcreate.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-http-api.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-appsync.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-assume-role.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-containers.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ec2-provisioners.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ecs-anywhere.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-distro.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-hello-world.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-migrate-nodegroups.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-hello-fargate.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-k8s-mern-voting-app.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-k8s-voting-app.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-lambda-efs.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-lambda-thumbnailer.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-netlify-cms-and-oauth.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-nextjs.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-organizations.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pern-voting-app.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pulumi-miniflux.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pulumi-webhooks.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-redshift-glue-etl.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-resources.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ruby-on-rails.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-s3-folder.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-s3-lambda-copyzip.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-scheduled-function.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-secrets-manager.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-serverless-datawarehouse.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-serverless-raw.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-slackbot.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stackreference-architecture.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stackreference.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-static-website.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stepfunctions.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-synthetics-canary.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-thumbnailer.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-twitter-athena.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-url-shortener-cache-http.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-voting-app.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-vpc-with-ecs-fargate-py.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-webserver.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-ts-wordpress-fargate-rds.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-ansible-wordpress.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-eks.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-static-website.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/ec2-webserver.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/ecs-fargate.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/rest-api.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/s3-folder-component.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/s3-website.md create mode 100644 themes/default/content/registry/packages/aws/how-to-guides/video-thumbnailer.md create mode 100644 themes/default/content/registry/packages/aws/installation-configuration.md diff --git a/themes/default/content/registry/packages/aws/_index.md b/themes/default/content/registry/packages/aws/_index.md new file mode 100644 index 00000000000..88e61e1c352 --- /dev/null +++ b/themes/default/content/registry/packages/aws/_index.md @@ -0,0 +1,124 @@ +--- +title: AWS Classic +meta_desc: Learn how you can use Pulumi's AWS Classic Provider to reduce the complexity of provisioning and managing resources on AWS. +layout: package +--- + +The Amazon Web Services (AWS) provider for Pulumi can provision many of the cloud resources available in [AWS](https://aws.amazon.com/). It uses the AWS SDK to manage and provision resources. + +The AWS provider must be configured with credentials to deploy and update resources in AWS; see [Installation & Configuration](./installation-configuration/) for instructions. + +**New to Pulumi and AWS?** [Get started with AWS using our tutorial](/docs/get-started/aws). + +{{% notes %}} +Pulumi has a new AWS provider: the [Pulumi AWS Native Provider](/registry/packages/aws-native). AWS Native gives you same-day access to all new AWS resources and includes coverage of all resources in the [AWS Cloud Control API](https://aws.amazon.com/blogs/aws/announcing-aws-cloud-control-api/). + +Consider trying [AWS Native](/registry/packages/aws-native) if you need AWS resources that aren't available in this provider. +{{% /notes %}} + +## Example + +{{< chooser language "typescript,python,go,csharp,java,yaml" >}} + +{{% choosable language typescript %}} + +```typescript +const aws = require("@pulumi/aws"); + +const bucket = new aws.s3.Bucket("mybucket"); +``` + +{{% /choosable %}} + +{{% choosable language python %}} + +```python +import pulumi +import pulumi_aws as aws + +bucket = aws.s3.Bucket("bucket") +``` + +{{% /choosable %}} + +{{% choosable language go %}} + +```go +package main + +import ( + "github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +func main() { + pulumi.Run(func(ctx *pulumi.Context) error { + _, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{}) + if err != nil { + return err + } + return nil + }) +} + +``` + +{{% /choosable %}} + +{{% choosable language csharp %}} + +```csharp +using Pulumi; +using Aws = Pulumi.Aws; + +await Deployment.RunAsync(() => +{ + var bucket = new Aws.S3.Bucket("bucket"); +}); +``` + +{{% /choosable %}} + +{{% choosable language java %}} + +```java +import com.pulumi.Context; +import com.pulumi.Pulumi; +import com.pulumi.aws.s3.Bucket; + +public class App { + public static void main(String[] args) { + Pulumi.run(App::stack); + } + + private static void stack(Context ctx) { + final var bucket = new Bucket("my-bucket"); + ctx.export("bucketName", bucket.name()); + } +} +``` + +{{% /choosable %}} + +{{% choosable language yaml %}} + +```yaml +resources: + mybucket: + type: aws:s3:Bucket +outputs: + bucketName: ${mybucket.name} +``` + +{{% /choosable %}} + +{{< /chooser >}} + +Visit the [How-to Guides](./how-to-guides) to find step-by-step guides for specific scenarios like creating a serverless application or setting up Athena search. + +## Components + +Pulumi offers Components that provide simpler interfaces and higher-productivity APIs for many areas of AWS: + +* [Amazon EKS](/registry/packages/eks) +* [Crosswalk for AWS](/docs/guides/crosswalk/aws), which includes API Gateway, CloudWatch, Elastic Container Registry, Elastic Container Service, Elastic Kubernetes Service, Elastic Load Balancing, Identity & Access Management, Lambda, Virtual Private Cloud, and more diff --git a/themes/default/content/registry/packages/aws/how-to-guides/_index.md b/themes/default/content/registry/packages/aws/how-to-guides/_index.md new file mode 100644 index 00000000000..e8fc2cd5b4c --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/_index.md @@ -0,0 +1,6 @@ +--- +title: AWS Classic How-to Guides +meta_desc: | + Tutorials for using infrastructure as code in the Pulumi AWS Classic package +layout: package +--- diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-ansible-wordpress.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-ansible-wordpress.md new file mode 100644 index 00000000000..a3526a39d26 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-ansible-wordpress.md @@ -0,0 +1,165 @@ +--- +title: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible | C#" +h1: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +linktitle: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +meta_desc: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible How-to Guide using C#" +no_edit_this_page: true +cloud: aws +language: cs +layout: package +--- + + + + +

+ + View Code + +

+ + +This project demonstrates how to use Pulumi and Ansible together. Pulumi handles provisioning the AWS infrastructure +required to run Wordpress on an EC2 instance, with an RDS MySQL database, running inside of a VPC with proper public +and private subnets, and exposed to the Internet using an Elastic IP address. Ansible handles configuring the EC2 +virtual machine after it's been provisioned with a playbook that knows how to install and configure Wordpress. +The entire deployment is orchestrated by Pulumi in a single `pulumi up` thanks to the +[Command package](https://www.pulumi.com/registry/packages/command) which runs a combination of local and remote SSH +commands to accomplish the desired effect. The result is repeatable automation that both provisions and configures. + +> Note: This code was adapted from https://github.com/devbhusal/terraform-ansible-wordpress. Thank you devbhusal! + +> Note: This example is available in many languages: +> +> * [C#](../aws-cs-ansible-wordpress) +> * [Java](../aws-java-ansible-wordpress) +> * [Go](../aws-go-ansible-wordpress) +> * [TypeScript](../aws-ts-ansible-wordpress) +> * [YAML](../aws-yaml-ansible-wordpress) + +## Prerequisites + +* [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +* [Install Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) +* [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +## Deploying Your Infrastructure + +After cloning this repo, from this working directory, run these commands: + +1. Create a new stack, an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Generate a key pair which will be used to access your EC2 instance over SSH: + + ```bash + $ ssh-keygen -f wordpress-keypair + ``` + + This will create two files: your private (`wordpress-keypair`) and your public (`wordpress-keypair.pub`) + keys. Keep your private key safe, since anybody with access to it can log into your EC2 machine! + + Note that you may choose a different file name if you're creating multiple stacks, for instance. + +3. Set the required configuration variables, choosing any valid AWS region. The code is written in such + a way to work in any AWS region, including fetching the right Amazon Linux 2 AMI and availability zones: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region + $ pulumi config set publicKeyPath wordpress-keypair.pub # your newly generated public key + $ pulumi config set privateKeyPath wordpress-keypair # your newly generated private key + $ pulumi config set dbPassword Sup45ekreT#123 --secret # your RDS database password -- keep it safe! + ``` + + There are some other optional variables you can set if you choose. Feel free to skip these. If you don't + set them, they'll receive the default values shown below: + + ```bash + $ pulumi config set dbInstanceSize db.t3.small # the RDS instance size to use + $ pulumi config set dbName wordpressdb # the name of the Wordpress database in RDS + $ pulumi config set dbUsername admin # the name of the Wordpress user that will be used + $ pulumi config set ec2InstanceSize t3.small # the EC2 instance size to provision + ``` + +4. Now all you need to do is run `pulumi up`. This will do all of the magic, and you'll see various + things going on in the output: resources being created in AWS, commands being run locally and remotely, + and the Ansible Playbook running and provisioning your Wordpress server: + + ```bash + $ pulumi up + Updating (dev) + + Type Name Status Info + + pulumi:pulumi:Stack pulumi-ansible-wordpress-dev created + + ├─ aws:ec2:Vpc prod-vpc created + + ├─ aws:ec2:KeyPair wordpress-keypair created + + ├─ aws:ec2:Subnet prod-subnet-private-1 created + + ├─ aws:ec2:InternetGateway prod-igw created + + ├─ aws:ec2:Subnet prod-subnet-private-2 created + + ├─ aws:ec2:Subnet prod-subnet-public-1 created + + ├─ aws:ec2:SecurityGroup ec2-allow-rule created + + ├─ aws:ec2:RouteTable prod-public-rt created + + ├─ aws:rds:SubnetGroup rds-subnet-grp created + + ├─ aws:ec2:SecurityGroup rds-allow-rule created + + ├─ aws:rds:Instance wordpressdb created + + ├─ aws:ec2:RouteTableAssociation prod-rta-public-subnet-1 created + + ├─ aws:ec2:Instance wordpress-instance created + + ├─ command:local:Command renderPlaybookCmd created + + ├─ aws:ec2:Eip wordpress-eip created + + ├─ command:remote:Command updatePythonCmd created 12 messages + + └─ command:local:Command playAnsiblePlaybookCmd created + + Diagnostics: + command:remote:Command (updatePythonCmd): + ... + + Outputs: + url: "35.83.214.168" + + Resources: + + 18 created + + Duration: 8m13s + ``` + +5. After a few minutes, your new server will be ready! Its automatically-allocated EIP is printed at the end + as `url`. You can access it with the `pulumi stack output` command: + + ```bash + $ pulumi stack output url + 35.83.214.168 + ``` + +6. Because of the network configuration, the EC2 server is available over port 80 on the Internet. (The RDS + database, on the other hand, is not). Let's `curl` the endpoint: + + ```bash + $ curl -L http://$(pulumi stack output url) + + + ... + + ... + ``` + + Alternatively, open a web browser to interact with your new Wordpress server: + + ```bash + $ open http://$(pulumi stack output url) + ``` + + ![Wordpress Screenshot](https://raw.githubusercontent.com/pulumi/examples/master/aws-cs-ansible-wordpress/wordpress.png) + +7. From there, feel free to experiment. You can simply make edits, rerun `pulumi up`, and it will incrementally + update and deploy any changes you have made. + +8. After you're done, you can destroy your stack and remove it, eliminating all AWS resources: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-assume-role.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-assume-role.md new file mode 100644 index 00000000000..06ff2d47527 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-assume-role.md @@ -0,0 +1,105 @@ +--- +title: "AWS Resources Using AssumeRole | C#" +h1: "AWS Resources Using AssumeRole" +linktitle: "AWS Resources Using AssumeRole" +meta_desc: "AWS Resources Using AssumeRole How-to Guide using C#" +no_edit_this_page: true +cloud: aws +language: cs +layout: package +--- + + + + +

+ + View Code + +

+ + +This example shows how to use the AssumeRole functionality of the AWS provider to create resources in the security context of an IAM Role assumed by the IAM User running the Pulumi programs. + +## Deploying the Example + +### Part 1: Privileged Components + +The Pulumi program in `create-role` requires credentials with permissions to create an IAM User, an IAM Role, and assign +an AWS Access Key to the user. The program creates a new, unprivileged user with no policies attached, and a role which +specifies a trust policy allowing assumption by the unprivileged user. The role allows the `s3:*` actions on all +resources. + +You'll need to set the `create-role:unprivilegedUsername` configuration variable to the name of the unprivilged user, as +well as the AWS region in which to operate. + +```bash +$ cd create-role +$ pulumi stack init assume-role-create +$ pulumi config set create-role:unprivilegedUsername somebody@pulumi.com +$ pulumi config set aws:region us-east-1 +$ pulumi up +``` + +The program can then be run with `pulumi up`. The outputs of the program tell you the ARN of the Role, and the Access +Key ID and Secret associated with the User: + + +``` +$ pulumi stack output --json +{ + "accessKeyId": "AKIAI7JE74TLY2LOEIJA", + "secretAccessKey": "[secret]", + "roleArn": "arn:aws:iam:::role/allow-s3-management-ad477e6" +} +``` + +If we just use the above command then the secretAccessKey would not be shown. In order to show the secret value use this + +``` +$ pulumi stack output --json --show-secrets +{ + "accessKeyId": "AKIAYJ7EUPHL3DSDH4CX", + "secretAccessKey": "[plain text value]", + "roleArn": "arn:aws:iam::571173272023:role/allow-s3-management-fcc71c0" +} +``` + +### Part 2: Assuming the Role + +The Pulumi program in `assume-role` creates an S3 bucket after assuming the Role created in Part 1. It should be run +with the unprivileged user credentials created in Part 1. This can be configured as follows, from the `assume-role` +directory, replacing `{YOUR_STACK_PATH/assume-role-create}` with the full name of your stack from Part 1. Full name of your stack is available at [`app.pulumi.com`][app] + +```bash +$ cd assume-role +$ npm install +$ export AWS_ACCESS_KEY_ID="$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} accessKeyId)" +$ export AWS_SECRET_ACCESS_KEY="$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} --show-secrets secretAccessKey)" +``` + +The configuration variable `roleToAssumeARN` must be set to the ARN of the role allowing S3 access, and the AWS region +must be set to the region in which you wish to operate: + +```bash +$ pulumi stack init assume-role-assume +$ pulumi config set roleToAssumeARN "$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} roleArn)" +$ pulumi config set aws:region us-east-1 +``` + +Unset the AWS_SESSION_TOKEN or any additional credential setting if you have set for previous access + +```bash +$ unset AWS_SESSION_TOKEN +``` + +The program can then be run with `pulumi up`. You can verify that the role is indeed assumed by looking at the +CloudTrail logs of the bucket creation operation, or by commenting out the `assumeRole` configuration in the provider +and ensuring creation is not successful. + +### Clean up + +To clean up your resources, run `pulumi destroy` and respond yes to the +confirmation prompt. + +[app]: https://app.pulumi.com/ diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-eks.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-eks.md new file mode 100644 index 00000000000..d18b8c779da --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-eks.md @@ -0,0 +1,83 @@ +--- +title: "AWS C# EKS Cluster | C#" +h1: "AWS C# EKS Cluster" +linktitle: "AWS C# EKS Cluster" +meta_desc: "AWS C# EKS Cluster How-to Guide using C#" +no_edit_this_page: true +cloud: aws +language: cs +layout: package +--- + + + + +

+ + View Code + +

+ +This example creates an AWS EKS Cluster and deploys a sample container application to it + +## Deploying the App + + To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Install DotNet SDK](https://docs.microsoft.com/en-us/dotnet/core/install/sdk?pivots=os-windows) +3. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +4. [Install `aws-iam-authenticator`](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) +4. [Install `kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) + +### Steps + +After cloning this repo, run these commands from the working directory: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init dev + ``` + +2. Set your desired AWS region: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region will work + ``` + +4. Execute the Pulumi program to create our EKS Cluster: + + ```bash + pulumi up + ``` + +5. After 10-15 minutes, your cluster will be ready, and the kubeconfig JSON you'll use to connect to the cluster will + be available as an output. You can save this kubeconfig to a file like so: + + ```bash + $ pulumi stack output kubeconfig --show-secrets >kubeconfig.json + ``` + + Once you have this file in hand, you can interact with your new cluster as usual via `kubectl`: + + ```bash + $ KUBECONFIG=./kubeconfig.json kubectl get nodes + ``` + +6. Ensure that the application is running as expected: + + ```bash + $ curl $(pulumi stack output Url) + ``` + + +7. Afterwards, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-fargate.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-fargate.md new file mode 100644 index 00000000000..0aa60fb8ad9 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-fargate.md @@ -0,0 +1,145 @@ +--- +title: "Dockerized ASP.NET App on AWS ECS Fargate | C#" +h1: "Dockerized ASP.NET App on AWS ECS Fargate" +linktitle: "Dockerized ASP.NET App on AWS ECS Fargate" +meta_desc: "Dockerized ASP.NET App on AWS ECS Fargate How-to Guide using C#" +no_edit_this_page: true +cloud: aws +language: cs +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example defines a [basic ASP.NET application](https://github.com/pulumi/examples/blob/master/aws-cs-fargate/App) and +[all of the infrastructure required to run it in AWS](https://github.com/pulumi/examples/blob/master/aws-cs-fargate/Infra) in C#. + +This infrastructure includes everything needed to: + +* Build and publish the ASP.NET application as a Docker container image +* Store images in a private [Amazon Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/) repository +* Scale out 3 load-balanced replicas using [Amazon Elastic Container Service (ECS)](https://aws.amazon.com/ecs/) "Fargate" +* Accept Internet traffic on port 80 using [Amazon Elastic Application Load Balancer (ELB)](https://aws.amazon.com/elasticloadbalancing/) + +This example is inspired by [Docker's](https://docs.docker.com/get-started/) and +[ASP.NET's](https://docs.microsoft.com/en-us/aspnet/core/getting-started/?view=aspnetcore-3.1) Getting Started +tutorials. The result is a simple development experience and yet an end result that uses modern, production-ready AWS +infrastructure. [`./Infra/Program.cs`](https://github.com/pulumi/examples/blob/master/aws-cs-fargate/Infra/Program.cs) defines the project's infrastructure. + +## Prerequisites + +* [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +* [Configure Pulumi to Use AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) (if your AWS CLI is configured, no further changes are required) +* [Install .NET Core 3](https://dotnet.microsoft.com/download) +* [Install Docker](https://docs.docker.com/install/) + +## Running the Example + +Clone this repo and `cd` into it. + +Next, to deploy the application and its infrastructure, follow these steps: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init dev + ``` + +2. Set your desired AWS region: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region will work + ``` + +3. Deploy everything with a single `pulumi up` command. This will show you a preview of changes first, which + includes all of the required AWS resources (clusters, services, and the like). Don't worry if it's more than + you expected -- this is one of the benefits of Pulumi, it configures everything so that so you don't need to! + + ```bash + $ pulumi up + ``` + + After being prompted and selecting "yes", your deployment will begin. It'll complete in a few minutes: + + ``` + Updating (dev): + Type Name Status + + pulumi:pulumi:Stack aws-cs-fargate-dev created + + ├─ aws:ec2:SecurityGroup web-sg created + + ├─ aws:ecs:Cluster app-cluster created + + ├─ aws:iam:Role task-exec-role created + + ├─ aws:elasticloadbalancingv2:TargetGroup web-tg created + + ├─ aws:ecr:Repository app-repo created + + ├─ docker:image:Image app-img created + + ├─ aws:iam:RolePolicyAttachment task-exec-policy created + + ├─ aws:ecs:TaskDefinition app-task created + + ├─ aws:elasticloadbalancingv2:LoadBalancer web-lb created + + └─ aws:ecs:Service app-svc created + + Outputs: + url: "http://web-lb-23139b7-1806442625.us-east-1.elb.amazonaws.com" + + Resources: + + 11 created + + Duration: 3m41s + + Permalink: https://app.pulumi.com/acmecorp/aws-cs-fargate/dev/updates/1 + ``` + + Notice that the automatically assigned load-balancer URL is printed as a stack output. + +4. At this point, your app is running -- let's curl it. The CLI makes it easy to grab the URL: + + ```bash + $ curl $(pulumi stack output url) + Hello World! + ``` + +5. Try making some changes and rerunning `pulumi up`. + + If you just change the application code, and deploy the results, for example, only the Docker image + will be updated and rolled out. Try changing `"Hello World!"` inside of `App/Startup.cs` to `"Hello Pulumi!"`: + + ```bash + $ pulumi up + Updating (dev): + Type Name Plan Info + pulumi:pulumi:Stack aws-cs-fargate-dev + +- ├─ aws:ecs:TaskDefinition app-task replaced [diff: ~containerDefinitions] + ~ ├─ aws:ecs:Service app-svc updated [diff: ~taskDefinition] + └─ docker:image:Image app-img + + Resources: + ~ 1 updated + +-1 replaced + 2 changes. 9 unchanged + ``` + + Notice that `pulumi up` redeploys just the parts of the application/infrastructure that you've edited. + + Now the endpoint will run the newly updated application code: + + ```bash + $ curl $(pulumi stack output Url) + Hello Pulumi! + ``` + +6. Once you are done, you can destroy all of the resources, and the stack: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-lambda.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-lambda.md new file mode 100644 index 00000000000..8a3ebba3efc --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-lambda.md @@ -0,0 +1,70 @@ +--- +title: "AWS C# Lambda | C#" +h1: "AWS C# Lambda" +linktitle: "AWS C# Lambda" +meta_desc: "AWS C# Lambda How-to Guide using C#" +no_edit_this_page: true +cloud: aws +language: cs +layout: package +--- + + + + +

+ + View Code + +

+ +This example creates an AWS Lambda function that does a simple `.ToUpper` on the string input and returns it. + +## Deploying the App + +To deploy your infrastructure, follow the steps below. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Build and publish the lambda function, making the output available to our Pulumi program. + + ```bash + dotnet publish ./DotnetLambda/src/DotnetLambda/ + ``` + +2. Execute our Pulumi program to archive our published function output, and create our lambda. + + ```bash + pulumi up -C ./pulumi + ``` + +3. Call our Lambda function from the AWS CLI with "foo" as the payload. + + ```bash + aws lambda invoke \ + --function-name $(pulumi stack output Lambda -C ./pulumi) \ + --region $(pulumi config get aws:region -C ./pulumi) \ + --cli-binary-format raw-in-base64-out \ + --payload '"foo"' \ + output.json + + cat output.json # view the output file with your tool of choice + # "FOO" + ``` + +6. From there, feel free to experiment. Simply making edits, rebuilding your handler, and running `pulumi up` will update your function. + +7. Afterwards, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-s3-folder.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-s3-folder.md new file mode 100644 index 00000000000..e041c676aa3 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-s3-folder.md @@ -0,0 +1,79 @@ +--- +title: "Host a Static Website on Amazon S3 | C#" +h1: "Host a Static Website on Amazon S3" +linktitle: "Host a Static Website on Amazon S3" +meta_desc: "Host a Static Website on Amazon S3 How-to Guide using C#" +no_edit_this_page: true +cloud: aws +language: cs +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A static website that uses [S3's website support](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes. + + ```bash + Previewing update (dev): + Type Name Plan + + pulumi:pulumi:Stack aws-cs-s3-folder-dev create + + └─ aws:s3:Bucket my-bucket create + + ├─ aws:s3:BucketObject index.html create + + └─ aws:s3:BucketObject favicon.png create + + Resources: + + 4 to create + + Do you want to perform this update? yes + Updating (dev): + Type Name Status + + pulumi:pulumi:Stack aws-cs-s3-folder-dev created + + └─ aws:s3:Bucket my-bucket created + + ├─ aws:s3:BucketObject index.html created + + └─ aws:s3:BucketObject favicon.png created + + Outputs: + Endpoint: "http://my-bucket-1234567.s3-website.us-west-2.amazonaws.com" + ``` + +1. Navigate to the website URL: + + ```bash + $ curl $(pulumi stack output Endpoint) + + Hello S3 + + +

Hello, world!

Made with ❤️ with Pulumi

+ + ``` + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-secrets-manager.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-secrets-manager.md new file mode 100644 index 00000000000..8110b65a04d --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-secrets-manager.md @@ -0,0 +1,71 @@ +--- +title: "Setup AWS Secrets manager | C#" +h1: "Setup AWS Secrets manager" +linktitle: "Setup AWS Secrets manager" +meta_desc: "Setup AWS Secrets manager How-to Guide using C#" +no_edit_this_page: true +cloud: aws +language: cs +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple program that creates an AWS secret and a version under AWS Secrets Manager + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-1 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (dev) + ... + + Updating (dev) + + View Live: https://app.pulumi.com/acmecorp/aws-cs-secrets-manager/dev/updates/1 + + Type Name Status + + pulumi:pulumi:Stack aws-cs-secrets-manager-dev created + + ├─ aws:secretsmanager:Secret secretContainer created + + └─ aws:secretsmanager:SecretVersion secret created + + Outputs: + SecretId: "arn:aws:secretsmanager:us-east-1:xxxxxxxx:secret:secretContainer-eec74e1-PYcuM8" + + Resources: + + 3 created + + Duration: 10s + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-webserver.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-webserver.md new file mode 100644 index 00000000000..cebcd7e8d10 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-cs-webserver.md @@ -0,0 +1,86 @@ +--- +title: "Web Server Using Amazon EC2 | C#" +h1: "Web Server Using Amazon EC2" +linktitle: "Web Server Using Amazon EC2" +meta_desc: "Web Server Using Amazon EC2 How-to Guide using C#" +no_edit_this_page: true +cloud: aws +language: cs +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +An example based on the Amazon sample at: +http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/deploying.applications.html. The example deploys an EC2 instance and opens port 80. + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +1. [Install .NET Core 3.0+](https://dotnet.microsoft.com/download) + +## Deploying and running the program + +1. Create a new stack: + + ``` + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing changes: + ... + + Performing changes: + ... + info: 10 changes performed: + + 10 resources created + Update duration: 26.470339302s + ``` + +1. View the host name and IP address of the instance via `stack output`: + + ``` + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + PublicDns ec2-34-217-176-141.us-west-2.compute.amazonaws.com + PublicIp 34.217.176.141 + ``` + +1. Verify that the EC2 instance exists, by either using the AWS Console or running `aws ec2 describe-instances`. + +1. From there, feel free to experiment. Simply making edits and running `pulumi up` will incrementally update your stack. + +1. Once you've finished experimenting, tear down your stack's resources by destroying and removing it: + + ```bash + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-fs-lambda-webserver.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-fs-lambda-webserver.md new file mode 100644 index 00000000000..d5ca3173914 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-fs-lambda-webserver.md @@ -0,0 +1,48 @@ +--- +title: "AWS F# Lambda Web Server | F#" +h1: "AWS F# Lambda Web Server" +linktitle: "AWS F# Lambda Web Server" +meta_desc: "AWS F# Lambda Web Server How-to Guide using F#" +no_edit_this_page: true +cloud: aws +language: fs +layout: package +--- + + + + +

+ + View Code + +

+ +This example creates a web server in AWS lambda using the Giraffe web server + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Build and publish the lambda function, making the output available to our Pulumi program. + +```bash +dotnet publish ./LambdaWebServer +``` + +2. Execute our Pulumi program to archive our published function output, and create our lambda. +```bash +pulumi up -C ./pulumi +``` + +3. In a browser, navigate to the URL for `websiteUrl`. You should see the welcome message. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-fs-s3-folder.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-fs-s3-folder.md new file mode 100644 index 00000000000..74f7bb04224 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-fs-s3-folder.md @@ -0,0 +1,79 @@ +--- +title: "Host a Static Website on Amazon S3 | F#" +h1: "Host a Static Website on Amazon S3" +linktitle: "Host a Static Website on Amazon S3" +meta_desc: "Host a Static Website on Amazon S3 How-to Guide using F#" +no_edit_this_page: true +cloud: aws +language: fs +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A static website that uses [S3's website support](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes. + + ```bash + Previewing update (dev): + Type Name Plan + + pulumi:pulumi:Stack aws-cs-s3-folder-dev create + + └─ aws:s3:Bucket my-bucket create + + ├─ aws:s3:BucketObject index.html create + + └─ aws:s3:BucketObject favicon.png create + + Resources: + + 4 to create + + Do you want to perform this update? yes + Updating (dev): + Type Name Status + + pulumi:pulumi:Stack aws-cs-s3-folder-dev created + + └─ aws:s3:Bucket my-bucket created + + ├─ aws:s3:BucketObject index.html created + + └─ aws:s3:BucketObject favicon.png created + + Outputs: + endpoint: "http://my-bucket-1234567.s3-website.us-west-2.amazonaws.com" + ``` + +1. Navigate to the website URL: + + ```bash + $ curl $(pulumi stack output endpoint) + + Hello S3 + + +

Hello, world!

Made with ❤️ with Pulumi

+ + ``` + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-ansible-wordpress.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-ansible-wordpress.md new file mode 100644 index 00000000000..6dd7857fe25 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-ansible-wordpress.md @@ -0,0 +1,165 @@ +--- +title: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible | Go" +h1: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +linktitle: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +meta_desc: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + +

+ + +This project demonstrates how to use Pulumi and Ansible together. Pulumi handles provisioning the AWS infrastructure +required to run Wordpress on an EC2 instance, with an RDS MySQL database, running inside of a VPC with proper public +and private subnets, and exposed to the Internet using an Elastic IP address. Ansible handles configuring the EC2 +virtual machine after it's been provisioned with a playbook that knows how to install and configure Wordpress. +The entire deployment is orchestrated by Pulumi in a single `pulumi up` thanks to the +[Command package](https://www.pulumi.com/registry/packages/command) which runs a combination of local and remote SSH +commands to accomplish the desired effect. The result is repeatable automation that both provisions and configures. + +> Note: This code was adapted from https://github.com/devbhusal/terraform-ansible-wordpress. Thank you devbhusal! + +> Note: This example is available in many languages: +> +> * [C#](../aws-cs-ansible-wordpress) +> * [Java](../aws-java-ansible-wordpress) +> * [Go](../aws-go-ansible-wordpress) +> * [TypeScript](../aws-ts-ansible-wordpress) +> * [YAML](../aws-yaml-ansible-wordpress) + +## Prerequisites + +* [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +* [Install Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) +* [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +## Deploying Your Infrastructure + +After cloning this repo, from this working directory, run these commands: + +1. Create a new stack, an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Generate a key pair which will be used to access your EC2 instance over SSH: + + ```bash + $ ssh-keygen -f wordpress-keypair + ``` + + This will create two files: your private (`wordpress-keypair`) and your public (`wordpress-keypair.pub`) + keys. Keep your private key safe, since anybody with access to it can log into your EC2 machine! + + Note that you may choose a different file name if you're creating multiple stacks, for instance. + +3. Set the required configuration variables, choosing any valid AWS region. The code is written in such + a way to work in any AWS region, including fetching the right Amazon Linux 2 AMI and availability zones: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region + $ pulumi config set publicKeyPath wordpress-keypair.pub # your newly generated public key + $ pulumi config set privateKeyPath wordpress-keypair # your newly generated private key + $ pulumi config set dbPassword Sup45ekreT#123 --secret # your RDS database password -- keep it safe! + ``` + + There are some other optional variables you can set if you choose. Feel free to skip these. If you don't + set them, they'll receive the default values shown below: + + ```bash + $ pulumi config set dbInstanceSize db.t3.small # the RDS instance size to use + $ pulumi config set dbName wordpressdb # the name of the Wordpress database in RDS + $ pulumi config set dbUsername admin # the name of the Wordpress user that will be used + $ pulumi config set ec2InstanceSize t3.small # the EC2 instance size to provision + ``` + +4. Now all you need to do is run `pulumi up`. This will do all of the magic, and you'll see various + things going on in the output: resources being created in AWS, commands being run locally and remotely, + and the Ansible Playbook running and provisioning your Wordpress server: + + ```bash + $ pulumi up + Updating (dev) + + Type Name Status Info + + pulumi:pulumi:Stack pulumi-ansible-wordpress-dev created + + ├─ aws:ec2:Vpc prod-vpc created + + ├─ aws:ec2:KeyPair wordpress-keypair created + + ├─ aws:ec2:Subnet prod-subnet-private-1 created + + ├─ aws:ec2:InternetGateway prod-igw created + + ├─ aws:ec2:Subnet prod-subnet-private-2 created + + ├─ aws:ec2:Subnet prod-subnet-public-1 created + + ├─ aws:ec2:SecurityGroup ec2-allow-rule created + + ├─ aws:ec2:RouteTable prod-public-rt created + + ├─ aws:rds:SubnetGroup rds-subnet-grp created + + ├─ aws:ec2:SecurityGroup rds-allow-rule created + + ├─ aws:rds:Instance wordpressdb created + + ├─ aws:ec2:RouteTableAssociation prod-rta-public-subnet-1 created + + ├─ aws:ec2:Instance wordpress-instance created + + ├─ command:local:Command renderPlaybookCmd created + + ├─ aws:ec2:Eip wordpress-eip created + + ├─ command:remote:Command updatePythonCmd created 12 messages + + └─ command:local:Command playAnsiblePlaybookCmd created + + Diagnostics: + command:remote:Command (updatePythonCmd): + ... + + Outputs: + url: "35.83.214.168" + + Resources: + + 18 created + + Duration: 8m13s + ``` + +5. After a few minutes, your new server will be ready! Its automatically-allocated EIP is printed at the end + as `url`. You can access it with the `pulumi stack output` command: + + ```bash + $ pulumi stack output url + 35.83.214.168 + ``` + +6. Because of the network configuration, the EC2 server is available over port 80 on the Internet. (The RDS + database, on the other hand, is not). Let's `curl` the endpoint: + + ```bash + $ curl -L http://$(pulumi stack output url) + + + ... + + ... + ``` + + Alternatively, open a web browser to interact with your new Wordpress server: + + ```bash + $ open http://$(pulumi stack output url) + ``` + + ![Wordpress Screenshot](https://raw.githubusercontent.com/pulumi/examples/master/aws-go-ansible-wordpress/wordpress.png) + +7. From there, feel free to experiment. You can simply make edits, rerun `pulumi up`, and it will incrementally + update and deploy any changes you have made. + +8. After you're done, you can destroy your stack and remove it, eliminating all AWS resources: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-appsync.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-appsync.md new file mode 100644 index 00000000000..43460dfde89 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-appsync.md @@ -0,0 +1,88 @@ +--- +title: "GraphQL Endpoint in AWS AppSync (in Go) | Go" +h1: "GraphQL Endpoint in AWS AppSync (in Go)" +linktitle: "GraphQL Endpoint in AWS AppSync (in Go)" +meta_desc: "GraphQL Endpoint in AWS AppSync (in Go) How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example shows how to setup a basic GraphQL endpoint in AWS AppSync. The endpoint contains one query and one mutation that get and put items to a Dynamo DB table. + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Go](https://golang.org/doc/install) +2. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +3. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Create a new Pulumi stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init dev + ``` + +2. Set the required configuration variables for this program (AWS Region): + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + +3. Run `pulumi up` up to preview and deploy changes: + ```bash + $ pulumi up + Previewing update (dev): + ... + + Updating (dev): + ... + Resources: + + 10 created + Duration: 20s + ``` + +4. Check the deployed GraphQL endpoint: + + ```bash + $ pulumi stack output endpoint + https://***.appsync-api.us-west-2.amazonaws.com/graphql + $ pulumi stack output key + ***sensitivekey*** + $ curl -XPOST -H "Content-Type:application/graphql" -H "x-api-key:$(pulumi stack output key)" -d '{ "query": "mutation AddTenant { addTenant(id: \"123\", name: \"FirstCorp\") { id name } }" }' "$(pulumi stack output endpoint)" + { + "data": { + "addTenant": { + "id": "123", + "name": "FirstCorp" + } + } + } + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +2. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-assume-role.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-assume-role.md new file mode 100644 index 00000000000..6f34d05f6dc --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-assume-role.md @@ -0,0 +1,99 @@ +--- +title: "AWS Resources Using AssumeRole | Go" +h1: "AWS Resources Using AssumeRole" +linktitle: "AWS Resources Using AssumeRole" +meta_desc: "AWS Resources Using AssumeRole How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + +

+ + +This example shows how to use the AssumeRole functionality of the AWS provider to create resources in the security context of an IAM Role assumed by the IAM User running the Pulumi programs. + +## Deploying the Example + +### Part 1: Privileged Components + +The Pulumi program in `create-role` requires credentials with permissions to create an IAM User, an IAM Role, and assign +an AWS Access Key to the user. The program creates a new, unprivileged user with no policies attached, and a role which +specifies a trust policy allowing assumption by the unprivileged user. The role allows the `s3:*` actions on all +resources. + +You'll need to set the `create-role:unprivilegedUsername` configuration variable to the name of the unprivilged user, as +well as the AWS region in which to operate. + +```bash +$ cd create-role +$ pulumi stack init assume-role-create +$ pulumi config set create-role:unprivilegedUsername somebody@pulumi.com +$ pulumi config set aws:region us-east-1 +$ pulumi up +``` + +The program can then be run with `pulumi up`. The outputs of the program tell you the ARN of the Role, and the Access +Key ID and Secret associated with the User: + +``` +$ pulumi stack output --json +{ + accessKeyId : "AKIAY65FYVYP2MBSRQZK" + roleArn : "arn:aws:iam::616138583583:role/allow-s3-management-2c45483" + secretAccessKey: "[secret]" +} +``` + +If we just use the above command then the secretAccessKey would not be shown. In order to show the secret value use this + +``` +$ pulumi stack output --json --show-secrets +{ + "accessKeyId": "AKIAYJ7EUPHL3DSDH4CX", + "roleArn": "arn:aws:iam::571173272023:role/allow-s3-management-fcc71c0", + "secretAccessKey": "[plain text value]" +} +``` + +### Part 2: Assuming the Role + +The Pulumi program in `assume-role` creates an S3 bucket after assuming the Role created in Part 1. It should be run +with the unprivileged user credentials created in Part 1. This can be configured as follows, from the `assume-role` +directory, replacing `{YOUR_STACK_PATH/assume-role-create}` with the full name of your stack from Part 1. Full name of your stack is available at [`app.pulumi.com`][app] + +```bash +$ cd assume-role +$ npm install +$ export AWS_ACCESS_KEY_ID="$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} accessKeyId)" +$ export AWS_SECRET_ACCESS_KEY="$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} --show-secrets secretAccessKey)" +``` + +The configuration variable `roleToAssumeARN` must be set to the ARN of the role allowing S3 access, and the AWS region +must be set to the region in which you wish to operate: + +```bash +$ pulumi stack init assume-role-assume +$ pulumi config set roleToAssumeARN "$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} roleArn)" +$ pulumi config set aws:region us-east-1 +``` + +Unset the AWS_SESSION_TOKEN or any additional credential setting if you have set for previous access + +```bash +$ unset AWS_SESSION_TOKEN +``` + +The program can then be run with `pulumi up`. You can verify that the role is indeed assumed by looking at the +CloudTrail logs of the bucket creation operation, or by commenting out the `assumeRole` configuration in the provider +and ensuring creation is not successful. + +[app]: https://app.pulumi.com/ diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-console-slack-notification.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-console-slack-notification.md new file mode 100644 index 00000000000..5a7943cd1a6 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-console-slack-notification.md @@ -0,0 +1,107 @@ +--- +title: "AWS Console Change Slack Notifier in Go | Go" +h1: "AWS Console Change Slack Notifier in Go" +linktitle: "AWS Console Change Slack Notifier in Go" +meta_desc: "AWS Console Change Slack Notifier in Go How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + +

+ + +This example deploys a Lambda function and relevant CloudTrail and CloudWatch resources to send a +Slack notification for any resource operation that is performed via the AWS Console. + +Note: This application sets up the necessary infrastructure across _each_ AWS region in your +account that is `opt-in-not-required` or `opted-in`. The Pulumi application uses the +[DescribeRegions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRegions.html) API +via [aws-sdk-go](https://github.com/aws/aws-sdk-go) to query for available regions. + +## Deploying the App + + To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, run these commands from the working directory: + +1. Build the handler: + + - For developers on Linux and macOS: + + ```bash + make + ``` + + - For developers on Windows: + + - Get the `build-lambda-zip` tool: + + ```bash + set GO111MODULE=on + go.exe get -u github.com/aws/aws-lambda-go/cmd/build-lambda-zip + ``` + + - Use the tool from your GOPATH: + + ```bash + set GOOS=linux + set GOARCH=amd64 + set CGO_ENABLED=0 + go build -o handler\dist\handler handler\handler.go + %USERPROFILE%\Go\bin\build-lambda-zip.exe -o handler\dist\handler.zip handler\dist\handler + ``` + +1. Create a new Pulumi stack, which is an isolated deployment target for this example: + + ```bash + pulumi stack init + ``` + +1. Set the required configuration variables for this program: + + ```bash + pulumi config set slackWebhookURL 'YOUR_SLACK_WEBHOOK_URL' + ``` + +1. Execute the Pulumi program to create our lambda: + + ```bash + pulumi up + ``` + +1. Perform a change in the AWS Console and look for a notification in your Slack channel. Note: you +must perform a _write_ such as adding or removing tags from a resource, launching an instance, or +deleting a resource. + +1. From there, feel free to experiment. Simply making edits, rebuilding your handler, and running +`pulumi up` will update your lambda. Customize the Slack message username or text with the following +configuration values: + + ```bash + pulumi config set slackMessageUsername 'Console Change Monitor' + pulumi config set slackMessageText ':warning: Somebody made a change in the console!' + ``` + +1. Afterwards, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-eks.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-eks.md new file mode 100644 index 00000000000..b183e914c0d --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-eks.md @@ -0,0 +1,83 @@ +--- +title: "AWS Golang EKS Cluster | Go" +h1: "AWS Golang EKS Cluster" +linktitle: "AWS Golang EKS Cluster" +meta_desc: "AWS Golang EKS Cluster How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + +

+ +This example creates an AWS EKS Cluster and deploys a sample container application to it + +## Deploying the App + + To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Install Go](https://golang.org/doc/install) +3. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +4. [Install `aws-iam-authenticator`](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) +4. [Install `kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) + +### Steps + +After cloning this repo, run these commands from the working directory: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init dev + ``` + +2. Set your desired AWS region: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region will work + ``` + +4. Execute the Pulumi program to create our EKS Cluster: + + ```bash + pulumi up + ``` + +5. After 10-15 minutes, your cluster will be ready, and the kubeconfig JSON you'll use to connect to the cluster will + be available as an output. You can save this kubeconfig to a file like so: + + ```bash + $ pulumi stack output kubeconfig --show-secrets >kubeconfig.json + ``` + + Once you have this file in hand, you can interact with your new cluster as usual via `kubectl`: + + ```bash + $ KUBECONFIG=./kubeconfig.json kubectl get nodes + ``` + +6. Ensure that the application is running as expected: + + ```bash + $ curl $(pulumi stack output url) + ``` + + +7. Afterwards, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-fargate.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-fargate.md new file mode 100644 index 00000000000..10b1232fd8f --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-fargate.md @@ -0,0 +1,143 @@ +--- +title: "NGINX on AWS ECS Fargate using Go IaC | Go" +h1: "NGINX on AWS ECS Fargate using Go IaC" +linktitle: "NGINX on AWS ECS Fargate using Go IaC" +meta_desc: "NGINX on AWS ECS Fargate using Go IaC How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example shows authoring Infrastructure as Code in the [Go programming language](https://golang.org). It +provisions a full [Amazon Elastic Container Service (ECS) "Fargate"](https://aws.amazon.com/ecs) cluster and +related infrastructure, building a docker image, pushing it to ECR, and using it to run a web server accessible over the Internet on port 80. +This example is inspired by [Docker's Getting Started Tutorial](https://docs.docker.com/get-started/). + +## Prerequisites + +* [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +* [Configure Pulumi to Use AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) (if your AWS CLI is configured, no further changes are required) +* [Install Go](https://golang.org/doc/install) + +## Running the Example + +Clone this repo and `cd` into it. + +Next, to deploy the application and its infrastructure, follow these steps: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init dev + ``` + +2. Set your desired AWS region: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region will work + ``` + +5. Deploy everything with a single `pulumi up` command. This will show you a preview of changes first, which + includes all of the required AWS resources (clusters, services, and the like). Don't worry if it's more than + you expected -- this is one of the benefits of Pulumi, it configures everything so that so you don't need to! + + ```bash + $ pulumi up + ``` + + After being prompted and selecting "yes", your deployment will begin. It'll complete in a few minutes: + + ``` + Updating (dev): + Type Name Status + + pulumi:pulumi:Stack aws-go-fargate-dev created + + ├─ aws:ec2:SecurityGroup web-sg created + + ├─ aws:ecs:Cluster app-cluster created + + ├─ aws:iam:Role task-exec-role created + + ├─ aws:elasticloadbalancingv2:TargetGroup web-tg created + + ├─ aws:ecr:Repository app-repo created + + ├─ docker:image:Image app-img created + + ├─ aws:iam:RolePolicyAttachment task-exec-policy created + + ├─ aws:ecs:TaskDefinition app-task created + + ├─ aws:elasticloadbalancingv2:LoadBalancer web-lb created + + └─ aws:ecs:Service app-svc created + + Outputs: + url: "web-lb-651d804-400248986.us-west-2.elb.amazonaws.com" + + Resources: + + 11 created + + Duration: 3m41s + + Permalink: https://app.pulumi.com/acmecorp/aws-go-fargate/dev/updates/1 + ``` + + Notice that the automatically assigned load-balancer URL is printed as a stack output. + +6. At this point, your app is running -- let's curl it. The CLI makes it easy to grab the URL: + + ```bash + $ curl http://$(pulumi stack output url) + 42 + $ curl http://$(pulumi stack output url) + 19 + $ curl http://$(pulumi stack output url) + 88 + ``` + +7. Try making some changes, rebuilding, and rerunning `pulumi up`. For example, let's scale up to 5 instances: + + ```diff + - DesiredCount: pulumi.Int(3), + + DesiredCount: pulumi.Int(5), + ``` + + Running `pulumi up` will show you the delta and then, after confirming, will deploy just those changes: + + ```bash + $ pulumi up + ``` + + Notice that `pulumi up` redeploys just the parts of the application/infrastructure that you've edited. + + ``` + Updating (dev): + + Type Name Status Info + pulumi:pulumi:Stack aws-go-fargate-dev + ~ └─ aws:ecs:Service app-svc updated [diff: ~desiredCount] + + Outputs: + url: "web-lb-651d804-400248986.us-west-2.elb.amazonaws.com" + + Resources: + ~ 1 updated + 9 unchanged + + Duration: 5s + + Permalink: https://app.pulumi.com/acmecorp/aws-go-fargate/dev/updates/2 + ``` + +8. Once you are done, you can destroy all of the resources, and the stack: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-lambda-gateway.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-lambda-gateway.md new file mode 100644 index 00000000000..3b53816cbae --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-lambda-gateway.md @@ -0,0 +1,135 @@ +--- +title: "AWS Golang Lambda With API Gateway | Go" +h1: "AWS Golang Lambda With API Gateway" +linktitle: "AWS Golang Lambda With API Gateway" +meta_desc: "AWS Golang Lambda With API Gateway How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + +

+ + +This example creates a lambda that does a simple `ToUpper` on the path input of an API request and returns it. + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +3. [Clone aws-go-lambda](https://github.com/aws/aws-lambda-go) + +### Steps + +After cloning this repo, run these commands from the working directory: + +1. Build the handler: + + - For developers on Linux and macOS: + + ```bash + make build + ``` + + - For developers on Windows: + + - Get the `build-lambda-zip` tool: + + ```bash + set GO111MODULE=on + go.exe get -u github.com/aws/aws-lambda-go/cmd/build-lambda-zip + ``` + + - Use the tool from your GOPATH: + + ```bash + set GOOS=linux + set GOARCH=amd64 + set CGO_ENABLED=0 + go build -o handler\handler handler\handler.go + %USERPROFILE%\Go\bin\build-lambda-zip.exe -o handler\handler.zip handler\handler + ``` + + +2. Create a new Pulumi stack, which is an isolated deployment target for this example: + + ```bash + pulumi stack init + ``` + +3. Set the required configuration variables for this program: + ```bash + $ pulumi config set aws:region us-west-2 + ``` + +4. Execute the Pulumi program to create our lambda: + + ```bash + $ pulumi up + Previewing update (dev): + Type Name Plan + + pulumi:pulumi:Stack go-lambda-dev create + + ├─ aws:apigateway:RestApi UpperCaseGateway create + + ├─ aws:iam:Role task-exec-role create + + ├─ aws:apigateway:Resource UpperAPI create + + ├─ aws:iam:RolePolicy lambda-log-policy create + + ├─ aws:apigateway:Method AnyMethod create + + ├─ aws:lambda:Function basicLambda create + + ├─ aws:lambda:Permission APIPermission create + + ├─ aws:apigateway:Integration LambdaIntegration create + + └─ aws:apigateway:Deployment APIDeployment create + + Resources: + + 10 to create + + Do you want to perform this update? yes + Updating (dev): + Type Name Status + + pulumi:pulumi:Stack go-lambda-dev created + + ├─ aws:apigateway:RestApi UpperCaseGateway created + + ├─ aws:iam:Role task-exec-role created + + ├─ aws:apigateway:Resource UpperAPI created + + ├─ aws:iam:RolePolicy lambda-log-policy created + + ├─ aws:apigateway:Method AnyMethod created + + ├─ aws:lambda:Function basicLambda created + + ├─ aws:apigateway:Integration LambdaIntegration created + + ├─ aws:lambda:Permission APIPermission created + + └─ aws:apigateway:Deployment APIDeployment created + + Outputs: + invocation URL: "https://.execute-api.us-west-2.amazonaws.com/prod/{message}" + + Resources: + + 10 created + + Duration: 29s + ``` + +5. Call our lambda function from the cli: + + ```bash + curl https://.execute-api.us-west-2.amazonaws.com/prod/helloworld + HELLOWORLD% + ``` + +6. From there, feel free to experiment. Simply making edits, rebuilding your handler, and running `pulumi up` will update your lambda. + +7. Afterwards, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-lambda.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-lambda.md new file mode 100644 index 00000000000..15a15580732 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-lambda.md @@ -0,0 +1,105 @@ +--- +title: "AWS Golang Lambda | Go" +h1: "AWS Golang Lambda" +linktitle: "AWS Golang Lambda" +meta_desc: "AWS Golang Lambda How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + +

+ +This example creates an AWS Lambda function that does a simple `ToUpper` on the string input and returns it. + +## Deploying the App + + To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +3. [Clone aws-go-lambda](https://github.com/aws/aws-lambda-go) + +### Steps + +After cloning this repo, run these commands from the working directory: + +1. Build the handler: + + - For developers on Linux and macOS: + + ```bash + make build + ``` + + - For developers on Windows: + + - Get the `build-lambda-zip` tool: + + ```bash + set GO111MODULE=on + go.exe get -u github.com/aws/aws-lambda-go/cmd/build-lambda-zip + ``` + + - Use the tool from your GOPATH: + + ```bash + set GOOS=linux + set GOARCH=amd64 + set CGO_ENABLED=0 + go build -o handler\handler handler\handler.go + %USERPROFILE%\Go\bin\build-lambda-zip.exe -o handler\handler.zip handler\handler + ``` + + +2. Create a new Pulumi stack, which is an isolated deployment target for this example: + + ```bash + pulumi stack init + ``` + +3. Set the required configuration variables for this program: + + ```bash + pulumi config set aws:region us-east-1 + ``` + +4. Execute the Pulumi program to create our lambda: + + ```bash + pulumi up + ``` + +5. Call our Lambda function from the AWS CLI with "foo" as the payload: + + ```bash + aws lambda invoke \ + --function-name $(pulumi stack output lambda) \ + --region $(pulumi config get aws:region) \ + --cli-binary-format raw-in-base64-out \ + --payload '"foo"' \ + output.json + + cat output.json # view the output file with your tool of choice + # "FOO" + ``` + +6. From there, feel free to experiment. Simply making edits, rebuilding your handler, and running `pulumi up` will update your function. + +7. Afterwards, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-resources.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-resources.md new file mode 100644 index 00000000000..918afb58a1c --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-resources.md @@ -0,0 +1,72 @@ +--- +title: "AWS Resources (in Go) | Go" +h1: "AWS Resources (in Go)" +linktitle: "AWS Resources (in Go)" +meta_desc: "AWS Resources (in Go) How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A Pulumi program that demonstrates creating various AWS resources in Golang + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Go](https://golang.org/doc/install) +2. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +3. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Next, create a new Pulumi stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Set the required configuration variables for this program: + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + +3. Run `pulumi up` to preview and deploy changes: + + ```bash + $ pulumi up + Previewing update (dev): + ... + + Updating (dev): + ... + Resources: + + 28 created + Duration: 44s + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +2. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-s3-folder-component.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-s3-folder-component.md new file mode 100644 index 00000000000..50b845bd877 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-s3-folder-component.md @@ -0,0 +1,102 @@ +--- +title: "Static Website on Amazon S3 | Go" +h1: "Static Website on Amazon S3" +linktitle: "Static Website on Amazon S3" +meta_desc: "Static Website on Amazon S3 How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +The component version of [aws-go-s3-folder](../aws-go-s3-folder/). For a detailed walkthrough of this example, see [Tutorial: Pulumi Components](https://www.pulumi.com/docs/tutorials/aws/s3-folder-component/). + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ```bash + $ pulumi stack init website-component-testing + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes. After showing the preview you will be + prompted if you want to continue or not. + + ```bash + $ pulumi up + Previewing stack 'website-component-testing' + Previewing changes: + ... + + Updating stack 'website-component-testing' + Performing changes: + + Type Name Status + + pulumi:pulumi:Stack aws-go-s3-folder-component-website-component-testing created + + └─ pulumi:example:S3Folder pulumi-static-site created + + ├─ aws:s3:Bucket pulumi-static-site created + + ├─ aws:s3:BucketPolicy bucketPolicy created + + ├─ aws:s3:BucketObject index.html created + + └─ aws:s3:BucketObject favicon.png created + + Outputs: + bucketName: "pulumi-static-site-***" + websiteUrl: "pulumi-static-site-***.s3-website-us-west-2.amazonaws.com" + + Resources: + + 6 created + + Duration: 14s + + Permalink: *** + ``` + +1. To see the resources that were created, run `pulumi stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + bucketName pulumi-static-site-*** + websiteUrl pulumi-static-site-***.s3-website-us-west-2.amazonaws.com + ``` + +1. To see that the S3 objects exist, you can either use the AWS Console or the AWS CLI: + + ```bash + $ aws s3 ls $(pulumi stack output bucketName) + 2020-04-20 22:52:15 13731 favicon.png + 2020-04-20 22:52:15 249 index.html + ``` + +1. Open the site URL in a browser to see both the rendered HTML and the favicon: + + ```bash + $ pulumi stack output websiteUrl + pulumi-static-site-***.s3-website-us-west-2.amazonaws.com + ``` + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-s3-folder.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-s3-folder.md new file mode 100644 index 00000000000..ae2a319a928 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-s3-folder.md @@ -0,0 +1,86 @@ +--- +title: "Host a Static Website on Amazon S3 | Go" +h1: "Host a Static Website on Amazon S3" +linktitle: "Host a Static Website on Amazon S3" +meta_desc: "Host a Static Website on Amazon S3 How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A static website that uses [S3's website support](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). +For a detailed walkthrough of this example, see the tutorial [Static Website on AWS S3](https://www.pulumi.com/docs/tutorials/aws/s3-website/). + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init website-testing + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes. + + ```bash + $ pulumi up + Previewing stack 'website-testing' + Previewing changes: + ... + + Performing changes: + + #: Resource Type Name Status Extra Inf + 1: pulumi:pulumi:Stack website-testing + created + 2: aws:s3:Bucket s3-website-bucket + created + 3: aws:s3:BucketPolicy bucketPolicy + created + 4: aws:s3:BucketObject favicon.png + created + 5: aws:s3:BucketObject index.html + created + + info: 5 changes performed: + + 5 resources created + Update duration: 8.827698762s + ``` + +1. To see the resources that were created, run `pulumi stack`: + + ```bash + $ pulumi stack + Current stack is go-website-testing: + Managed by https://api.pulumi.com + Owner: swgillespie + Last updated: 13 minutes ago (2018-06-15 14:19:06.856631155 -0700 PDT) + Pulumi version: v0.14.0-rc1 + Plugin go [language] version: 0.14.0-rc1 + Plugin aws [resource] version: 0.14.0-rc1 + + Current stack resources (5): + TYPE NAME + pulumi:pulumi:Stack website-testing + aws:s3/bucket:Bucket s3-website-bucket + aws:s3/bucketPolicy:BucketPolicy bucketPolicy + aws:s3/bucketObject:BucketObject www/index.html + aws:s3/bucketObject:BucketObject www/favicon.png + ``` + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-secrets-manager.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-secrets-manager.md new file mode 100644 index 00000000000..789332f29dc --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-secrets-manager.md @@ -0,0 +1,71 @@ +--- +title: "Setup AWS Secrets manager | Go" +h1: "Setup AWS Secrets manager" +linktitle: "Setup AWS Secrets manager" +meta_desc: "Setup AWS Secrets manager How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple program that creates an AWS secret and a version under AWS Secrets Manager + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-1 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (dev) + ... + + Updating (dev) + + View Live: https://app.pulumi.com/acmecorp/aws-go-secrets-manager/dev/updates/1 + + Type Name Status + + pulumi:pulumi:Stack aws-go-secrets-manager-dev created + + ├─ aws:secretsmanager:Secret secretcontainer created + + └─ aws:secretsmanager:SecretVersion secret created + + Outputs: + secretContainer: "arn:aws:secretsmanager:us-east-1:xxxxxxxx:secret:secretcontainer-562188f-67Rt8n" + + Resources: + + 3 created + + Duration: 11s + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-slackbot.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-slackbot.md new file mode 100644 index 00000000000..f93e72dbeee --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-slackbot.md @@ -0,0 +1,171 @@ +--- +title: "Create a Slackbot for Posting Mention Notifications | Go" +h1: "Create a Slackbot for Posting Mention Notifications" +linktitle: "Create a Slackbot for Posting Mention Notifications" +meta_desc: "Create a Slackbot for Posting Mention Notifications How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This is an example of a simple Slackbot (called '@mentionbot') that posts a notification to a specific channel any time you're @mentioned anywhere, whether in various channels or via direct message. This bot is useful for when you need a time-ordered list of @mentions to go through at a later point. + +Slack users can subscribe/unsubscribe from notifications easily. To receive notifications, add `@mentionbot` to a channel you want to be notified in. Then send any message to `@mentionbot` to subscribe. To stop getting messages, send a message to `@mentionbot` containing the word `unsubscribe`. + +1. We set up an ApiGateway API to receive push notifications from Slack whenever important events happen. +2. Slack has strict requirements on how quickly the push endpoint must respond with `200` notifications before they consider the message as "not received", triggering back-off and resending of those same messages. For this reason, our example does not process Slack `event` messages as they come in. Instead, they are immediately added to an [AWS SNS Topic](https://aws.amazon.com/sns/) to be processed at a later point in time. This allows the ApiGateway call to return quickly, satisfying Slack's requirements. +3. Two [AWS Lambdas](https://aws.amazon.com/lambda/) are created naturally using simple Python functions. One function is used to create the Lambda that is called when Slack pushes a notification. The other is used to specify the Lamdba that will process the messages added to the Topic. These functions can easily access the other Pulumi resources created, avoiding the need to figure out ways to pass Resource ARNs/IDs/etc. to the Lambdas to ensure they can talk to the right resources. If these resources are swapped out in the future (for example, using RDS instead of DynamoDB, or SQS instead of SNS), Pulumi will make sure that the Lambdas were updated properly. +4. [Pulumi Secrets](https://www.pulumi.com/docs/intro/concepts/secrets/) provides a simple way to pass important credentials (like your Slack tokens) without having to directly embed them in your application code. + +First, we'll set up the Pulumi App. Then, we'll go create and configure a Slack App and Bot to interact with our Pulumi App. + +## Deploy the App + +> **Note:** Some values in this example will be different from run to run. These values are indicated +with `***`. + +### Step 1: Create a new stack + +```bash +$ pulumi stack init mentionbot +``` + +### Step 2: Set the AWS region + +``` +$ pulumi config set aws:region us-east-2 +``` + +### Step 3: Build the handler + +```bash +make build +``` + +### Step 4: Preview and deploy your app + +Run `pulumi up` to preview and deploy your AWS resources. + +``` +$ pulumi up +Previewing update (mentionbot): +``` + +### Step 5: Create a new Slackbot + +To create a new Slackbot, first go to https://api.slack.com/apps and create an account if necessary. Next, click on 'Create New App' here: + +

+ +

+ +Pick your desired name for the app, and the Workspace the app belongs to. Here we choose `MentionBot`: + +

+ +

+ +Once created, you will need to 'Add features and functionality' to your app. You'll eventually need all these configured: + +

+ +

+ +First, we'll enable 'Incoming Webhooks'. This allows your Slack bot to post messages into Slack for you: + +

+ +

+ +Next, create a bot user like so: + +

+ +

+ +Next, we'll enable 'Event Subscriptions'. This will tell Slack to push events to your ApiGateway endpoint when changes happen. Note that we put the Stack-Output `url` shown above (along with the `events` suffix). This corresponds to the specific ApiGateway Route that was defined in the Pulumi app. Note that Slack will test this endpoint to ensure it is accepting Slack notifications and responding to them in a valid manner. We'll also setup notifications for the events we care about. Importantly, our Slackbot will have to hear about when people mention it (for subscribing/unsubscribing), as well as hearing about all messages (so it can look for @-mentions): + +

+ + +

+ +Next, we'll go to 'Permissions'. Here, we can find the OAuth tokens your Pulumi App will need. Specifically, we'll need the 'Bot User OAuth Token' listed here: + +

+ +

+ +Underneath this, we'll set the following Scopes defining the permissions of the bot: + +

+ +

+ +Now, we're almost done. The only thing left to do is supply your Pulumi App with the appropriate secrets/tokens. We'll need the Bot OAuth token (shown above), and the 'Verification Token' (found under 'Basic Information'): + +

+ +

+ +Supply these both like so: + +``` +$ pulumi config set --secret mentionbot:slackToken xoxb-... +$ pulumi config set --secret mentionbot:verificationToken d... +``` + +Next, install the Slack App into your workspace: + +

+ +

+ +And we're done! + +### Step 6: Interact with the Slackbot + +From Slack you can now create your own private channel: + +

+ +

+ +Invite the bot to the channel: + +

+ +

+ +Then send it a message. Note that it may take several seconds for the bot to respond due to Slack push notification delays, SNS Topic delays, and Slack incoming message delays. + +

+ +

+ +And you're set! From now on when someone from your team mentions you, you'll get a little message with a direct mention in your channel like so: + +

+ +

+ +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-go-webserver.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-webserver.md new file mode 100644 index 00000000000..03eb7c5926f --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-go-webserver.md @@ -0,0 +1,84 @@ +--- +title: "Web Server Using Amazon EC2 (in Go) | Go" +h1: "Web Server Using Amazon EC2 (in Go)" +linktitle: "Web Server Using Amazon EC2 (in Go)" +meta_desc: "Web Server Using Amazon EC2 (in Go) How-to Guide using Go" +no_edit_this_page: true +cloud: aws +language: go +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example deploys a simple AWS EC2 virtual machine running a Python web server. It uses Go as its infrastructure as +code language. + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Go](https://golang.org/doc/install) +2. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +3. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +2. Next, create a new Pulumi stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +3. Set the required configuration variables for this program: + + ```bash + $ pulumi config set aws:region us-east-1 + ``` + +4. Stand up the VM, which will also boot up your Python web server on port 80: + + ```bash + $ pulumi up + ``` + +5. After a couple minutes, your VM will be ready, and two stack outputs are printed: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + publicIp 53.40.227.82 + ``` + +6. Thanks to the security group making port 80 accessible to the 0.0.0.0/0 CIDR block, we can curl it: + + ```bash + $ curl $(pulumi stack output publicIp) + Hello, World! + ``` + +7. From there, feel free to experiment. Simply making edits and running `pulumi up` will incrementally update your VM. + +8. Afterwards, destroy your stack and remove it: + + ```bash + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-java-ansible-wordpress.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-java-ansible-wordpress.md new file mode 100644 index 00000000000..7f21696f2a5 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-java-ansible-wordpress.md @@ -0,0 +1,165 @@ +--- +title: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible | Java" +h1: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +linktitle: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +meta_desc: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible How-to Guide using Java" +no_edit_this_page: true +cloud: aws +language: java +layout: package +--- + + + + +

+ + View Code + +

+ + +This project demonstrates how to use Pulumi and Ansible together. Pulumi handles provisioning the AWS infrastructure +required to run Wordpress on an EC2 instance, with an RDS MySQL database, running inside of a VPC with proper public +and private subnets, and exposed to the Internet using an Elastic IP address. Ansible handles configuring the EC2 +virtual machine after it's been provisioned with a playbook that knows how to install and configure Wordpress. +The entire deployment is orchestrated by Pulumi in a single `pulumi up` thanks to the +[Command package](https://www.pulumi.com/registry/packages/command) which runs a combination of local and remote SSH +commands to accomplish the desired effect. The result is repeatable automation that both provisions and configures. + +> Note: This code was adapted from https://github.com/devbhusal/terraform-ansible-wordpress. Thank you devbhusal! + +> Note: This example is available in many languages: +> +> * [C#](../aws-cs-ansible-wordpress) +> * [Java](../aws-java-ansible-wordpress) +> * [Go](../aws-go-ansible-wordpress) +> * [TypeScript](../aws-ts-ansible-wordpress) +> * [YAML](../aws-yaml-ansible-wordpress) + +## Prerequisites + +* [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +* [Install Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) +* [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +## Deploying Your Infrastructure + +After cloning this repo, from this working directory, run these commands: + +1. Create a new stack, an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Generate a key pair which will be used to access your EC2 instance over SSH: + + ```bash + $ ssh-keygen -f wordpress-keypair + ``` + + This will create two files: your private (`wordpress-keypair`) and your public (`wordpress-keypair.pub`) + keys. Keep your private key safe, since anybody with access to it can log into your EC2 machine! + + Note that you may choose a different file name if you're creating multiple stacks, for instance. + +3. Set the required configuration variables, choosing any valid AWS region. The code is written in such + a way to work in any AWS region, including fetching the right Amazon Linux 2 AMI and availability zones: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region + $ pulumi config set publicKeyPath wordpress-keypair.pub # your newly generated public key + $ pulumi config set privateKeyPath wordpress-keypair # your newly generated private key + $ pulumi config set dbPassword Sup45ekreT#123 --secret # your RDS database password -- keep it safe! + ``` + + There are some other optional variables you can set if you choose. Feel free to skip these. If you don't + set them, they'll receive the default values shown below: + + ```bash + $ pulumi config set dbInstanceSize db.t3.small # the RDS instance size to use + $ pulumi config set dbName wordpressdb # the name of the Wordpress database in RDS + $ pulumi config set dbUsername admin # the name of the Wordpress user that will be used + $ pulumi config set ec2InstanceSize t3.small # the EC2 instance size to provision + ``` + +4. Now all you need to do is run `pulumi up`. This will do all of the magic, and you'll see various + things going on in the output: resources being created in AWS, commands being run locally and remotely, + and the Ansible Playbook running and provisioning your Wordpress server: + + ```bash + $ pulumi up + Updating (dev) + + Type Name Status Info + + pulumi:pulumi:Stack pulumi-ansible-wordpress-dev created + + ├─ aws:ec2:Vpc prod-vpc created + + ├─ aws:ec2:KeyPair wordpress-keypair created + + ├─ aws:ec2:Subnet prod-subnet-private-1 created + + ├─ aws:ec2:InternetGateway prod-igw created + + ├─ aws:ec2:Subnet prod-subnet-private-2 created + + ├─ aws:ec2:Subnet prod-subnet-public-1 created + + ├─ aws:ec2:SecurityGroup ec2-allow-rule created + + ├─ aws:ec2:RouteTable prod-public-rt created + + ├─ aws:rds:SubnetGroup rds-subnet-grp created + + ├─ aws:ec2:SecurityGroup rds-allow-rule created + + ├─ aws:rds:Instance wordpressdb created + + ├─ aws:ec2:RouteTableAssociation prod-rta-public-subnet-1 created + + ├─ aws:ec2:Instance wordpress-instance created + + ├─ command:local:Command renderPlaybookCmd created + + ├─ aws:ec2:Eip wordpress-eip created + + ├─ command:remote:Command updatePythonCmd created 12 messages + + └─ command:local:Command playAnsiblePlaybookCmd created + + Diagnostics: + command:remote:Command (updatePythonCmd): + ... + + Outputs: + url: "35.83.214.168" + + Resources: + + 18 created + + Duration: 8m13s + ``` + +5. After a few minutes, your new server will be ready! Its automatically-allocated EIP is printed at the end + as `url`. You can access it with the `pulumi stack output` command: + + ```bash + $ pulumi stack output url + 35.83.214.168 + ``` + +6. Because of the network configuration, the EC2 server is available over port 80 on the Internet. (The RDS + database, on the other hand, is not). Let's `curl` the endpoint: + + ```bash + $ curl -L http://$(pulumi stack output url) + + + ... + + ... + ``` + + Alternatively, open a web browser to interact with your new Wordpress server: + + ```bash + $ open http://$(pulumi stack output url) + ``` + + ![Wordpress Screenshot](https://raw.githubusercontent.com/pulumi/examples/master/aws-java-ansible-wordpress/wordpress.png) + +7. From there, feel free to experiment. You can simply make edits, rerun `pulumi up`, and it will incrementally + update and deploy any changes you have made. + +8. After you're done, you can destroy your stack and remove it, eliminating all AWS resources: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-java-eks-minimal.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-java-eks-minimal.md new file mode 100644 index 00000000000..ce734ac27ff --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-java-eks-minimal.md @@ -0,0 +1,68 @@ +--- +title: "eks-minimal | Java" +h1: "eks-minimal" +linktitle: "eks-minimal" +meta_desc: "eks-minimal How-to Guide using Java" +no_edit_this_page: true +cloud: aws +language: java +layout: package +--- + + + + +

+ + View Code + +

+ + +This example demonstrates consuming +[Pulumi AWS EKS Components](https://github.com/pulumi/pulumi-eks) +from Java. + +The high-level Cluster component automatically provisions roles, +security groups and other necessary resources with good defaults, +making it easy to get started. For more information, checkout the +relevant +[Pulumi blog](https://www.pulumi.com/blog/easily-create-and-manage-aws-eks-kubernetes-clusters-with-pulumi) + + +## Running the example + +1. Start a new stack: + + ```bash + pulumi stack init dev + ``` + +1. Configure your AWS region, for example: + + ```bash + pulumi config set aws:region us-east-1 + ``` + +1. Deploy the example. Note it will take up to 10 minutes to provision + the EKS cluster: + + ```bash + pulumi up + ``` + +1. Access the Kubernetes Cluster using `kubectl`. + + To access your new Kubernetes cluster using `kubectl`, we need to + setup the `kubeconfig` file and download `kubectl`. We can leverage + the Pulumi stack output in the CLI, as Pulumi facilitates exporting + these objects for us. + + ```bash + $ pulumi stack output kubeconfig --show-secrets > kubeconfig + $ export KUBECONFIG=$PWD/kubeconfig + $ kubectl version + $ kubectl cluster-info + $ kubectl get nodes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-java-webserver.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-java-webserver.md new file mode 100644 index 00000000000..eba825b9ccf --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-java-webserver.md @@ -0,0 +1,80 @@ +--- +title: "Web Server Using Amazon EC2 | Java" +h1: "Web Server Using Amazon EC2" +linktitle: "Web Server Using Amazon EC2" +meta_desc: "Web Server Using Amazon EC2 How-to Guide using Java" +no_edit_this_page: true +cloud: aws +language: java +layout: package +--- + + + + +

+ + View Code + +

+ + +This example deploys a simple AWS EC2 virtual machine running a Python web server. + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Set the required configuration variables for this program: + + ```bash + $ pulumi config set aws:region us-east-1 + ``` + +3. Stand up the VM, which will also boot up your Python web server on port 80: + + ```bash + $ pulumi up + ``` + +4. After a couple minutes, your VM will be ready, and two stack outputs are printed: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + publicHostName ec2-53-40-227-82.compute-1.amazonaws.com + publicIp 53.40.227.82 + ``` + +5. Thanks to the security group making port 80 accessible to the 0.0.0.0/0 CIDR block (all addresses), we can curl it: + + ```bash + $ curl $(pulumi stack output publicIp) + Hello, World! + ``` + +6. From there, feel free to experiment. Simply making edits and running `pulumi up` will incrementally update your VM. + +7. Afterwards, destroy your stack and remove it: + + ```bash + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-js-containers.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-containers.md new file mode 100644 index 00000000000..d6ada641210 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-containers.md @@ -0,0 +1,96 @@ +--- +title: "ECS Fargate Containers | JavaScript" +h1: "ECS Fargate Containers" +linktitle: "ECS Fargate Containers" +meta_desc: "ECS Fargate Containers How-to Guide using JavaScript" +no_edit_this_page: true +cloud: aws +language: js +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +Companion to the tutorial [Provision containers on AWS](https://www.pulumi.com/docs/tutorials/aws/ecs-fargate/). + +## Prerequisites + +To run this example, make sure [Docker Engine - Community](https://docs.docker.com/engine/installation/) is installed and running. + +## Deploy the App + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +### Step 1: Create a new stack + + ``` + $ pulumi stack init containers-dev + ``` + +### Step 2: Configure AWS region for Pulumi + +For this example, you need to set an AWS region that supports Fargate. Refer to the [AWS Region Table](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/) for product availability. + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +### Step 3: Restore NPM modules + +You can do this via `npm install` or `yarn install`. + +### Step 4:. Preview and deploy the app + +Run the following command: + + ``` + $ pulumi up + ``` +The preview will take a few minutes, as it builds a Docker container. A total of 19 resources are created. + +### Step 5: View the endpoint URL + +Run [`pulumi stack output`](https://www.pulumi.com/docs/reference/cli/pulumi_stack_output/) to view your stack's output properties, and then `curl` the command to view the resulting page. `$(pulumi stack output url)` evaluates to the load balancer’s URL. + + ```bash + $ pulumi stack output + Current stack outputs (1) + OUTPUT VALUE + hostname http://***.elb.us-west-2.amazonaws.com + + $ curl $(pulumi stack output hostname) + + + Hello, Pulumi! + +

Hello, S3!

+

Made with ❤️ with Pulumi

+ + ``` + +### Step 6: View runtime logs from the container + +Use the [`pulumi logs`](https://www.pulumi.com/docs/reference/cli/pulumi_logs/) command. To get a log stream, use `pulumi logs --follow`. + + ``` + $ pulumi logs --follow + Collecting logs for stack aws-js-containers-dev since 2018-05-22T14:25:46.000-07:00. + 2018-05-22T15:33:22.057-07:00[ pulumi-nginx] 172.31.13.248 - - [22/May/2018:22:33:22 +0000] "GET / HTTP/1.1" 200 189 "-" "curl/7.54.0" "-" + ``` + +## Clean Up + +To clean up resources, run [`pulumi destroy`](https://www.pulumi.com/docs/reference/cli/pulumi_destroy/) to avoid incurring any costs. Select `yes` on the confirmation prompt so Pulumi will remove all of the resources that you've created. To delete the stack itself, run [`pulumi stack rm`](https://www.pulumi.com/docs/reference/cli/pulumi_stack_rm/). Note that this command deletes all deployment history from the Pulumi console, unless you've explicitly [chosen a different backend](https://www.pulumi.com/docs/intro/concepts/state/) for storing your infrastructure state. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-js-s3-folder-component.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-s3-folder-component.md new file mode 100644 index 00000000000..a924ee75649 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-s3-folder-component.md @@ -0,0 +1,100 @@ +--- +title: "Static Website Hosted on AWS S3 | JavaScript" +h1: "Static Website Hosted on AWS S3" +linktitle: "Static Website Hosted on AWS S3" +meta_desc: "Static Website Hosted on AWS S3 How-to Guide using JavaScript" +no_edit_this_page: true +cloud: aws +language: js +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +The component version of [aws-js-s3-folder](../aws-js-s3-folder/). For a detailed walkthrough of this example, see [Tutorial: Pulumi Components](https://www.pulumi.com/docs/tutorials/aws/s3-folder-component/). + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ```bash + $ pulumi stack init website-component-testing + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up` to preview and deploy changes. After the preview is shown you will be + prompted if you want to continue or not. + + ```bash + $ pulumi up + Previewing update of stack 'website-component-testing' + Previewing changes: + ... + + Updating stack 'website-component-testing' + Performing changes: + + Type Name Status Info + + pulumi:pulumi:Stack aws-js-s3-folder-component-website-component-testing created + + └─ examples:S3Folder pulumi-static-site created + + ├─ aws:s3:Bucket pulumi-static-site created + + ├─ aws:s3:BucketPolicy bucketPolicy created + + ├─ aws:s3:BucketObject favicon.png created + + └─ aws:s3:BucketObject index.html created + + ---outputs:--- + info: 6 changes performed: + + 6 resources created + Update duration: *** + + Permalink: https://app.pulumi.com/*** + ``` + +1. To see the resources that were created, run `pulumi stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + bucketName s3-website-bucket-*** + websiteUrl ***.s3-website-us-west-2.amazonaws.com + ``` + +1. To see that the S3 objects exist, you can either use the AWS Console or the AWS CLI: + + ```bash + $ aws s3 ls $(pulumi stack output bucketName) + 2018-04-17 15:40:47 13731 favicon.png + 2018-04-17 15:40:48 249 index.html + ``` + +1. Open the site URL in a browser to see both the rendered HTML and the favicon: + + ```bash + $ pulumi stack output websiteUrl + ***.s3-website-us-west-2.amazonaws.com + ``` + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-js-s3-folder.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-s3-folder.md new file mode 100644 index 00000000000..b3ae647e8a5 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-s3-folder.md @@ -0,0 +1,99 @@ +--- +title: "Host a Static Website on Amazon S3 | JavaScript" +h1: "Host a Static Website on Amazon S3" +linktitle: "Host a Static Website on Amazon S3" +meta_desc: "Host a Static Website on Amazon S3 How-to Guide using JavaScript" +no_edit_this_page: true +cloud: aws +language: js +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A static website that uses [S3's website support](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). +For a detailed walkthrough of this example, see the tutorial [Static Website on AWS S3](https://www.pulumi.com/docs/tutorials/aws/s3-website/). + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ```bash + $ pulumi stack init website-testing + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up` to preview and deploy changes. After the preview is shown you will be + prompted if you want to continue or not. + + ```bash + $ pulumi up + Previewing update of stack 'website-testing' + Previewing changes: + ... + + Updating stack 'website-testing' + Performing changes: + + Type Name Status Info + + pulumi:pulumi:Stack aws-js-s3-folder-website-testing created + + ├─ aws:s3:Bucket s3-website-bucket created + + ├─ aws:s3:BucketPolicy bucketPolicy created + + ├─ aws:s3:BucketObject favicon.png created + + └─ aws:s3:BucketObject index.html created + + info: 5 changes performed: + + 5 resources created + Update duration: *** + + Permalink: https://app.pulumi.com/*** + ``` + +1. To see the resources that were created, run `pulumi stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + bucketName s3-website-bucket-*** + websiteUrl ***.s3-website-us-west-2.amazonaws.com + ``` + +1. To see that the S3 objects exist, you can either use the AWS Console or the AWS CLI: + + ```bash + $ aws s3 ls $(pulumi stack output bucketName) + 2018-04-17 15:40:47 13731 favicon.png + 2018-04-17 15:40:48 249 index.html + ``` + +1. Open the site URL in a browser to see both the rendered HTML and the favicon: + + ```bash + $ pulumi stack output websiteUrl + ***.s3-website-us-west-2.amazonaws.com + ``` + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-js-sqs-slack.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-sqs-slack.md new file mode 100644 index 00000000000..357d8b8bc26 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-sqs-slack.md @@ -0,0 +1,105 @@ +--- +title: "Post AWS SQS Messages to Slack using Serverless Lambdas | JavaScript" +h1: "Post AWS SQS Messages to Slack using Serverless Lambdas" +linktitle: "Post AWS SQS Messages to Slack using Serverless Lambdas" +meta_desc: "Post AWS SQS Messages to Slack using Serverless Lambdas How-to Guide using JavaScript" +no_edit_this_page: true +cloud: aws +language: js +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example wires up a serverless AWS Lambda to an AWS SQS queue and demonstrates posting a +message to Slack. This program provisions resources using Pulumi's deployment system, but lets +you write serverless code as ordinary JavaScript functions. + +## Prerequisites + +This program requires the Pulumi CLI. If you don't have it installed already, +[get it here](https://www.pulumi.com/docs/get-started/install/) or simply run `curl -fsSL https://get.pulumi.com | sh`. + +After that, you'll need to [configure your AWS credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) so that Pulumi can +deploy into your account. If your AWS CLI is already configured, everything should just work. + +Since this example uses Slack, you'll also need +[an access token](https://get.slack.help/hc/en-us/articles/215770388-Create-and-regenerate-API-tokens). + +## Running the Program + +After installing the CLI and cloning the repo, `cd` into the directory, and run these commands: + +1. Install NPM modules using `npm install` (or `yarn install` if you prefer Yarn). + +2. Create a new stack: + + ``` + $ pulumi stack init sqs-slack-dev + ``` + +3. Configure the required variables: + + ``` + # Set the AWS region to deploy into: + $ pulumi config set aws:region us-west-2 + # Configure the Slack channel and access token to use: + $ pulumi config set slackChannel "#general" + $ pulumi config set slackToken xoxb-123456789012-Xw937qtWSXJss1lFaKeqFAKE --secret + ``` + +4. Deploy your program to AWS using the `pulumi up` command: + + ``` + $ pulumi up + ``` + + This command will show you the changes before it makes them. As soon as you select `yes`, it will begin + provisioning resources, uploading your lambda, etc. After it completes, your program is live! + +5. To test this out, push a message into your SQS queue using the AWS CLI: + + ``` + $ aws sqs send-message --queue-url $(pulumi stack output queueURL) --message-body "Pulumi+AWS rocks :boom:" + ``` + + If you've done everything right, you'll see a message posted to your Slack channel! + + ![SQS Slack](https://raw.githubusercontent.com/pulumi/examples/master/aws-js-sqs-slack/sqs_slack.png) + + Notice we've used the `pulumi stack output` command to read the SQS queue URL that was provisioned. + +6. Run the `pulumi logs --follow` command to follow the logs. After a short while, you should see `console.log` + output that your message was posted to Slack. + + ``` + $ pulumi logs --follow + 2018-07-05T16:46:03.708-07:00[mySlackPoster-queue-subscripti] 2018-07-05T23:46:03.708Z 68b50931-a005-5e85-b5c4-5a890fee5519 Posted SQS message 3caa4069-f549-44d7-8534-6d61840d3420 to Slack channel #general + ``` + +7. If you'd like to make some edits, try changing the `index.js` file, and then just run `pulumi up` again. + Pulumi will detect the minimal set of edits needed to deploy your code. + +8. After you're done playing around, you can destroy your program and stack by simply running two commands: + + ``` + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + +## Learning More + +To learn more about Pulumi, try checking out the [Get Started](https://www.pulumi.com/docs/get-started/) guide and +[Docs](https://www.pulumi.com/docs/). + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-js-webserver-component.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-webserver-component.md new file mode 100644 index 00000000000..477165f72d2 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-webserver-component.md @@ -0,0 +1,28 @@ +--- +title: "AWS Web Server Component | JavaScript" +h1: "AWS Web Server Component" +linktitle: "AWS Web Server Component" +meta_desc: "AWS Web Server Component How-to Guide using JavaScript" +no_edit_this_page: true +cloud: aws +language: js +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +Deploy an EC2 instance with the `@pulumi/aws` package, using a common module for creating an instance. We define a function, `createInstance`, in [webserver.js](https://github.com/pulumi/examples/blob/master/aws-js-webserver-component/webserver.js) and use it in the main program, [index.js](https://github.com/pulumi/examples/blob/master/aws-js-webserver-component/index.js). + +For a walkthrough of the main example, see [Simple Web Server Using Amazon EC2](https://www.pulumi.com/docs/tutorials/aws/ec2-webserver/). + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-js-webserver.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-webserver.md new file mode 100644 index 00000000000..f5b426e46f1 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-js-webserver.md @@ -0,0 +1,82 @@ +--- +title: "Web Server Using Amazon EC2 | JavaScript" +h1: "Web Server Using Amazon EC2" +linktitle: "Web Server Using Amazon EC2" +meta_desc: "Web Server Using Amazon EC2 How-to Guide using JavaScript" +no_edit_this_page: true +cloud: aws +language: js +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example deploys a simple AWS EC2 virtual machine running a Python web server. + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Set the required configuration variables for this program: + + ```bash + $ pulumi config set aws:region us-east-1 + ``` + +3. Stand up the VM, which will also boot up your Python web server on port 80: + + ```bash + $ pulumi up + ``` + +4. After a couple minutes, your VM will be ready, and two stack outputs are printed: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + publicIp 53.40.227.82 + ``` + +5. Thanks to the security group making port 80 accessible to the 0.0.0.0/0 CIDR block, we can curl it: + + ```bash + $ curl $(pulumi stack output publicIp) + Hello, World! + ``` + +6. From there, feel free to experiment. Simply making edits and running `pulumi up` will incrementally update your VM. + +7. Afterwards, destroy your stack and remove it: + + ```bash + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-ansible-wordpress.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-ansible-wordpress.md new file mode 100644 index 00000000000..3fa26003333 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-ansible-wordpress.md @@ -0,0 +1,165 @@ +--- +title: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible | Python" +h1: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +linktitle: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +meta_desc: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +This project demonstrates how to use Pulumi and Ansible together. Pulumi handles provisioning the AWS infrastructure +required to run Wordpress on an EC2 instance, with an RDS MySQL database, running inside of a VPC with proper public +and private subnets, and exposed to the Internet using an Elastic IP address. Ansible handles configuring the EC2 +virtual machine after it's been provisioned with a playbook that knows how to install and configure Wordpress. +The entire deployment is orchestrated by Pulumi in a single `pulumi up` thanks to the +[Command package](https://www.pulumi.com/registry/packages/command) which runs a combination of local and remote SSH +commands to accomplish the desired effect. The result is repeatable automation that both provisions and configures. + +> Note: This code was adapted from https://github.com/devbhusal/terraform-ansible-wordpress. Thank you devbhusal! + +> Note: This example is available in many languages: +> +> * [C#](../aws-cs-ansible-wordpress) +> * [Java](../aws-java-ansible-wordpress) +> * [Go](../aws-go-ansible-wordpress) +> * [TypeScript](../aws-ts-ansible-wordpress) +> * [YAML](../aws-yaml-ansible-wordpress) + +## Prerequisites + +* [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +* [Install Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) +* [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +## Deploying Your Infrastructure + +After cloning this repo, from this working directory, run these commands: + +1. Create a new stack, an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Generate a key pair which will be used to access your EC2 instance over SSH: + + ```bash + $ ssh-keygen -f wordpress-keypair + ``` + + This will create two files: your private (`wordpress-keypair`) and your public (`wordpress-keypair.pub`) + keys. Keep your private key safe, since anybody with access to it can log into your EC2 machine! + + Note that you may choose a different file name if you're creating multiple stacks, for instance. + +3. Set the required configuration variables, choosing any valid AWS region. The code is written in such + a way to work in any AWS region, including fetching the right Amazon Linux 2 AMI and availability zones: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region + $ pulumi config set publicKeyPath wordpress-keyipair.pub # your newly generated public key + $ pulumi config set privateKeyPath wordpress-keypair # your newly generated private key + $ pulumi config set dbPassword Sup45ekreT#123 --secret # your RDS database password -- keep it safe! + ``` + + There are some other optional variables you can set if you choose. Feel free to skip these. If you don't + set them, they'll receive the default values shown below: + + ```bash + $ pulumi config set dbInstanceSize db.t3.small # the RDS instance size to use + $ pulumi config set dbName wordpressdb # the name of the Wordpress database in RDS + $ pulumi config set dbUsername admin # the name of the Wordpress user that will be used + $ pulumi config set ec2InstanceSize t3.small # the EC2 instance size to provision + ``` + +4. Now all you need to do is run `pulumi up`. This will do all of the magic, and you'll see various + things going on in the output: resources being created in AWS, commands being run locally and remotely, + and the Ansible Playbook running and provisioning your Wordpress server: + + ```bash + $ pulumi up + Updating (dev) + + Type Name Status Info + + pulumi:pulumi:Stack pulumi-ansible-wordpress-dev created + + ├─ aws:ec2:Vpc prod-vpc created + + ├─ aws:ec2:KeyPair wordpress-keypair created + + ├─ aws:ec2:Subnet prod-subnet-private-1 created + + ├─ aws:ec2:InternetGateway prod-igw created + + ├─ aws:ec2:Subnet prod-subnet-private-2 created + + ├─ aws:ec2:Subnet prod-subnet-public-1 created + + ├─ aws:ec2:SecurityGroup ec2-allow-rule created + + ├─ aws:ec2:RouteTable prod-public-rt created + + ├─ aws:rds:SubnetGroup rds-subnet-grp created + + ├─ aws:ec2:SecurityGroup rds-allow-rule created + + ├─ aws:rds:Instance wordpressdb created + + ├─ aws:ec2:RouteTableAssociation prod-rta-public-subnet-1 created + + ├─ aws:ec2:Instance wordpress-instance created + + ├─ command:local:Command renderPlaybookCmd created + + ├─ aws:ec2:Eip wordpress-eip created + + ├─ command:remote:Command updatePythonCmd created 12 messages + + └─ command:local:Command playAnsiblePlaybookCmd created + + Diagnostics: + command:remote:Command (updatePythonCmd): + ... + + Outputs: + url: "35.83.214.168" + + Resources: + + 18 created + + Duration: 8m13s + ``` + +5. After a few minutes, your new server will be ready! Its automatically-allocated EIP is printed at the end + as `url`. You can access it with the `pulumi stack output` command: + + ```bash + $ pulumi stack output url + 35.83.214.168 + ``` + +6. Because of the network configuration, the EC2 server is available over port 80 on the Internet. (The RDS + database, on the other hand, is not). Let's `curl` the endpoint: + + ```bash + $ curl -L http://$(pulumi stack output url) + + + ... + + ... + ``` + + Alternatively, open a web browser to interact with your new Wordpress server: + + ```bash + $ open http://$(pulumi stack output url) + ``` + + ![Wordpress Screenshot](https://raw.githubusercontent.com/pulumi/examples/master/aws-py-ansible-wordpress/wordpress.png) + +7. From there, feel free to experiment. You can simply make edits, rerun `pulumi up`, and it will incrementally + update and deploy any changes you have made. + +8. After you're done, you can destroy your stack and remove it, eliminating all AWS resources: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigateway-lambda-serverless.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigateway-lambda-serverless.md new file mode 100644 index 00000000000..537697a187c --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigateway-lambda-serverless.md @@ -0,0 +1,84 @@ +--- +title: "Lambda-backed API Gateway | Python" +h1: "Lambda-backed API Gateway" +linktitle: "Lambda-backed API Gateway" +meta_desc: "Lambda-backed API Gateway How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +This example provides API endpoints which are executed by AWS Lambda using Python. +The example sets up up two Lambda-backed API Gateways: an API Gateway V1 (REST) and an API Gateway V2 (HTTP). AWS provides some information on the differences between these two API Gateway types: [Announcing HTTP APIs for Amazon API Gateway](https://aws.amazon.com/blogs/compute/announcing-http-apis-for-amazon-api-gateway/) and [API Gateway V2 FAQs](https://aws.amazon.com/api-gateway/faqs/) + +This sample uses the following AWS products: + +- [Amazon API Gateway](https://aws.amazon.com/api-gateway/) is used as an API proxy +- [AWS Lambda](https://aws.amazon.com/lambda/) is used to process API events by executing typescript/javascript code + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. Create a new stack: + + ```bash + $ pulumi stack init aws-py-apigateway-lambda-serverless + ``` + +3. Set the AWS region: + + ```bash + $ pulumi config set aws:region us-east-2 + ``` + +## Deploy the App + +1. Run `pulumi up` to preview and deploy changes: + +2. To view the runtime logs of the Lambda function, use the `pulumi logs` command. To get a log stream, use `pulumi logs --follow`. + +## Test the Endpoints + +Use a HTTP tool like `curl` or [`httpie`](https://github.com/httpie/httpie) (`pip3 install httpie`) to query the API Gateway endpoints using the Pulumi stack outputs. + +Example using `curl`: + +``` +curl $(pulumi stack output apigateway-rest-endpoint) +curl $(pulumi stack output apigatewayv2-http-endpoint) +``` + +Example using `httpie`: + +``` +http $(pulumi stack output apigateway-rest-endpoint) +http $(pulumi stack output apigatewayv2-http-endpoint) +``` + +Output should include `"Cheers from AWS Lambda!!"`. + +## Clean Up + +1. Run `pulumi destroy` to tear down all resources. + +2. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + +## Summary + +In this tutorial, you built a lambda-backed API on AWS using API Gateway, lambda functions, and Pulumi. This serverless solution is highly scaleable, resilient, and stateless. + +## Next Steps + +- [Create a frontend to interact with this api](https://www.pulumi.com/docs/tutorials/aws/s3-website/) + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigatewayv2-eventbridge.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigatewayv2-eventbridge.md new file mode 100644 index 00000000000..e2ecb675f88 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigatewayv2-eventbridge.md @@ -0,0 +1,90 @@ +--- +title: "API Gateway V2 to EventBridge | Python" +h1: "API Gateway V2 to EventBridge" +linktitle: "API Gateway V2 to EventBridge" +meta_desc: "API Gateway V2 to EventBridge How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +[![Deploy with Pulumi](https://get.pulumi.com/new/button.svg)](https://app.pulumi.com/new?template=https://github.com/pulumi/examples/tree/master/aws-py-apigatewayv2-eventbridge) + +This example creates an AWS API Gateway proxy integration with EventBridge and Lambda. It defines a single API Gateway endpoint that publishes events to an EventBridge event bus and an accompanying event rule that matches those events and invokes a Lambda function. + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/). +1. [Install Python](https://www.pulumi.com/docs/intro/languages/python/). +1. Configure your [AWS credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/). + +### Deploying the App + +1. Clone this repo, change to this directory, then create a new [stack](https://www.pulumi.com/docs/intro/concepts/stack/) for the project: + + ```bash + pulumi stack init + ``` + +1. Specify an AWS region to deploy into: + + ```bash + pulumi config set aws:region us-west-2 + ``` + +1. Install Python dependencies and run Pulumi: + + ```bash + python3 -m venv venv + source venv/bin/activate + pip install -r requirements.txt + + pulumi up + ``` + +1. In a few moments, the API Gateway instance service will be up and running and its public URL emitted as a Pulumi [stack output](https://www.pulumi.com/docs/intro/concepts/stack/#outputs). + + ```bash + ... + Outputs: + url: "https://andchh8hg8.execute-api.us-west-2.amazonaws.com/dev" + ``` + +1. Verify the deployment with `curl` and `pulumi logs`: + + ```bash + curl --data '{"some-key": "some-value"}' --header "Content-Type: application/json" "$(pulumi stack output url)/uploads" + + {"Entries":[{"EventId":"cdc44763-6976-286c-9378-7cce674dff81"}],"FailedEntryCount":0} + ``` + + ```bash + pulumi logs --follow + + Collecting logs for stack dev since 2022-01-06T16:18:48.000-08:00. + ... + + { + source: 'my-event-source', + detail: { 'some-key': 'some-value' } + } + ``` + +1. When you're ready, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigatewayv2-http-api-quickcreate.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigatewayv2-http-api-quickcreate.md new file mode 100644 index 00000000000..a3265f0dec1 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-apigatewayv2-http-api-quickcreate.md @@ -0,0 +1,102 @@ +--- +title: "AWS API Gateway V2 HTTP API Quickstart | Python" +h1: "AWS API Gateway V2 HTTP API Quickstart" +linktitle: "AWS API Gateway V2 HTTP API Quickstart" +meta_desc: "AWS API Gateway V2 HTTP API Quickstart How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +Set up a simple HTTP API using AWS API Gateway V2. The API executes a simple Lambda function +found in `/app/index.js`. + +## Prerequisites +1. Install [Pulumi](https://www.pulumi.com/docs/get-started/install/). +2. Configure [Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/). +3. Install [Python](https://www.pulumi.com/docs/intro/languages/python). + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ```bash + $ pulumi stack init http-api + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-2 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (http-api) + ... + + Updating (http-api) + + Type Name Status + + pulumi:pulumi:Stack aws-py-apigatewayv2-quickstart-http-api created + + ├─ aws:iam:Role lambdaRole created + + ├─ aws:lambda:Function lambdaFunction created + + ├─ aws:iam:RolePolicyAttachment lambdaRoleAttachment created + + ├─ aws:apigatewayv2:Api httpApiGateway created + + └─ aws:lambda:Permission lambdapermission created + + Outputs: + endpoint: "https://***.execute-api.us-east-2.amazonaws.com" + + Resources: + + 6 created + + Duration: 22s + ``` + Note: this command will create a virtual environment and restore dependencies automatically as + described in [Pulumi docs](https://www.pulumi.com/docs/intro/languages/python/#virtual-environments). + +1. View the endpoint URL and curl a few routes: + + ```bash + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + endpoint https://***.execute-api.us-east-2.amazonaws.com + + $ curl $(pulumi stack output endpoint) + Hello, Pulumi! + ``` + +1. To view the runtime logs of the Lambda function, use the `pulumi logs` command. To get a log stream, use `pulumi logs --follow`. + +1. At this point, you have a running HTTP API. Feel free to modify your program, and run `pulumi up` +to redeploy changes. The Pulumi CLI automatically detects what has changed and makes the minimal +edits necessary to accomplish these changes. This could be altering the function used by the Lambda, +or anything else you'd like! + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-appsync.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-appsync.md new file mode 100644 index 00000000000..5d8892fe095 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-appsync.md @@ -0,0 +1,78 @@ +--- +title: "GraphQL Endpoint in AWS AppSync | Python" +h1: "GraphQL Endpoint in AWS AppSync" +linktitle: "GraphQL Endpoint in AWS AppSync" +meta_desc: "GraphQL Endpoint in AWS AppSync How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example shows how to setup a basic GraphQL endpoint in AWS AppSync. The endpoint contains one query and one mutation that get and put items to a Dynamo DB table. + +## Deploying and running the Pulumi App + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ```bash + $ pulumi config set aws:region us-east-2 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ```bash + $ pulumi up + Previewing update (dev): + ... + + Updating (dev): + ... + Resources: + + 10 created + Duration: 20s + ``` + +1. Check the deployed GraphQL endpoint: + + ```bash + $ pulumi stack output endpoint + https://***.appsync-api.us-east-2.amazonaws.com/graphql + $ pulumi stack output key + ***sensitivekey*** + $ curl -XPOST -H "Content-Type:application/graphql" -H "x-api-key:$(pulumi stack output key)" -d '{ "query": "mutation AddTenant { addTenant(id: \"123\", name: \"FirstCorp\") { id name } }" }' "$(pulumi stack output endpoint)" + { + "data": { + "addTenant": { + "id": "123", + "name": "FirstCorp" + } + } + } + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-assume-role.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-assume-role.md new file mode 100644 index 00000000000..2d18983ab41 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-assume-role.md @@ -0,0 +1,112 @@ +--- +title: "AWS Resources Using AssumeRole | Python" +h1: "AWS Resources Using AssumeRole" +linktitle: "AWS Resources Using AssumeRole" +meta_desc: "AWS Resources Using AssumeRole How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +This example shows how to use the AssumeRole functionality of the AWS provider +to create resources in the security context of an IAM Role assumed by the IAM +User running the Pulumi programs. + +## Deploying the Example + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +3. [Configure Pulumi for Python](https://www.pulumi.com/docs/intro/languages/python/) + + +### Part 1: Privileged Components + +The Pulumi program in `create-role` requires credentials with permissions to create an IAM User, an IAM Role, and assign +an AWS Access Key to the user. The program creates a new, unprivileged user with no policies attached, and a role which +specifies a trust policy allowing assumption by the unprivileged user. The role allows the `s3:*` actions on all +resources. + +You'll need to set the `create-role:unprivilegedUsername` configuration variable to the name of the unprivilged user, as +well as the AWS region in which to operate. + +First, you need to create a new stack: + +```bash +$ cd create-role +$ pulumi stack init assume-role-create +$ pulumi config set create-role:unprivilegedUsername somebody@pulumi.com +$ pulumi config set aws:region us-east-1 +$ pulumi up +``` + +The program can then be run with `pulumi up`. The outputs of the program tell you the ARN of the Role, and the Access +Key ID and Secret associated with the User: + +``` +$ pulumi stack output --json +{ + "accessKeyId": "AKIAYJ7EUPHL3DSDH4CX", + "roleArn": "arn:aws:iam::571173272023:role/allow-s3-management-fcc71c0", + "secretAccessKey": [secret] +} +``` +If we just use the above command then the secretAccessKey would not be shown. In order to show the secret value use this + +``` +$ pulumi stack output --json --show-secrets +{ + "accessKeyId": "AKIAYJ7EUPHL3DSDH4CX", + "roleArn": "arn:aws:iam::571173272023:role/allow-s3-management-fcc71c0", + "secretAccessKey": "[plain text value]" +} +``` +### Part 2: Assuming the Role + +The Pulumi program in `assume-role` creates an S3 bucket after assuming the Role created in Part 1. It should be run +with the unprivileged user credentials created in Part 1. This can be configured as follows, from the `assume-role` +directory, replacing `{YOUR_STACK_PATH/assume-role-create}` with the full name of your stack from Part 1. Full name of your stack is available at [`app.pulumi.com`][app] + +```bash +$ cd ../assume-role +$ export AWS_ACCESS_KEY_ID="$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} accessKeyId)" +$ export AWS_SECRET_ACCESS_KEY="$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} --show-secrets secretAccessKey)" +``` + +The configuration variable `roleToAssumeARN` must be set to the ARN of the role allowing S3 access, and the AWS region +must be set to the region in which you wish to operate: + +```bash +$ pulumi stack init assume-role-assume +$ pulumi config set roleToAssumeARN "$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} roleArn)" +$ pulumi config set aws:region us-east-1 +``` + +Unset the AWS_SESSION_TOKEN or any additional credential setting if you have set for previous access + +```bash +$ unset AWS_SESSION_TOKEN +``` + +The program can then be run with `pulumi up`. You can verify that the role is indeed assumed by looking at the +CloudTrail logs of the bucket creation operation, or by commenting out the `assumeRole` configuration in the provider +and ensuring creation is not successful. + +### Clean up + +To clean up your resources, run `pulumi destroy` and respond yes to the +confirmation prompt. + +[app]: https://app.pulumi.com/ diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-django-voting-app.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-django-voting-app.md new file mode 100644 index 00000000000..bafa4e11ac0 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-django-voting-app.md @@ -0,0 +1,122 @@ +--- +title: "Voting app Using Django and MySQL | Python" +h1: "Voting app Using Django and MySQL" +linktitle: "Voting app Using Django and MySQL" +meta_desc: "Voting app Using Django and MySQL How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple voting app that uses MySQL for data storage and a Python Django app for the frontend. + +The example shows how easy it is to deploy containers into production and to connect them to one another. Since the example defines a custom container, Pulumi does the following: + +- Builds the Docker image +- Provisions AWS Container Registry (ECR) instance +- Pushes the image to the ECR instance +- Creates a new ECS task definition, pointing to the ECR image definition + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +1. [Configure Pulumi for Python](https://www.pulumi.com/docs/intro/languages/python/) +1. [Install Docker](https://docs.docker.com/engine/installation/) + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init aws-py-django-voting-app + ``` + +1. Set the AWS region, the usernames and passwords for a set of accounts the project uses, and a random 50-character string to serve as Django's secret key: + + ```bash + $ pulumi config set aws:region us-west-2 + $ pulumi config set sql-admin-name + $ pulumi config set sql-admin-password --secret + $ pulumi config set sql-user-name + $ pulumi config set sql-user-password --secret + $ pulumi config set django-admin-name + $ pulumi config set django-admin-password --secret + $ pulumi config set django-secret-key --secret + ``` + +1. Run `pulumi up -y` to deploy changes: + + ```bash + Updating (aws-py-django-voting-app): + Type Name Status Info + + pulumi:pulumi:Stack voting-app-aws-py-django-voting-app created + + ├─ docker:image:Image django-dockerimage created 1 warning + + ├─ aws:ec2:Vpc app-vpc created + + ├─ aws:ecs:Cluster app-cluster created + + ├─ aws:iam:Role app-exec-role created + + ├─ aws:iam:Role app-task-role created + + ├─ aws:ecr:Repository app-ecr-repo created + + ├─ aws:cloudwatch:LogGroup django-log-group created + + ├─ aws:ecr:LifecyclePolicy app-lifecycle-policy created + + ├─ aws:iam:RolePolicyAttachment app-exec-policy created + + ├─ aws:iam:RolePolicyAttachment app-access-policy created + + ├─ aws:iam:RolePolicyAttachment app-lambda-policy created + + ├─ aws:ec2:InternetGateway app-gateway created + + ├─ aws:ec2:SecurityGroup security-group created + + ├─ aws:ec2:Subnet app-vpc-subnet created + + ├─ aws:ec2:Subnet extra-rds-subnet created + + ├─ aws:lb:TargetGroup django-targetgroup created + + ├─ aws:lb:LoadBalancer django-balancer created + + ├─ aws:ec2:RouteTable app-routetable created + + ├─ aws:rds:SubnetGroup app-database-subnetgroup created + + ├─ aws:ec2:MainRouteTableAssociation app_routetable_association created + + ├─ aws:rds:Instance mysql-server created + + ├─ aws:lb:Listener django-listener created + + ├─ pulumi:providers:mysql mysql-provider created + + ├─ mysql:index:Database mysql-database created + + ├─ mysql:index:User mysql-standard-user created + + ├─ mysql:index:Grant mysql-access-grant created + + ├─ aws:ecs:TaskDefinition django-site-task-definition created + + ├─ aws:ecs:TaskDefinition django-database-task-definition created + + ├─ aws:ecs:Service django-site-service created + + └─ aws:ecs:Service django-database-service created + + Outputs: + app-url: "django-balancer-2f4f9fe-c6e6893a1972a811.elb.us-west-2.amazonaws.com" + + Resources: + + 31 created + + Duration: 4m16s + ``` + +1. View the DNS address of the instance via `pulumi stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + app-url django-balancer-2f4f9fe-c6e6893a1972a811.elb.us-west-2.amazonaws.com + ``` + +1. Verify that the ECS instance exists by connecting to it in a browser window. + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-dynamicresource.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-dynamicresource.md new file mode 100644 index 00000000000..f7e34351415 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-dynamicresource.md @@ -0,0 +1,93 @@ +--- +title: "Pulumi Python Dynamic Resource demonstration | Python" +h1: "Pulumi Python Dynamic Resource demonstration" +linktitle: "Pulumi Python Dynamic Resource demonstration" +meta_desc: "Pulumi Python Dynamic Resource demonstration How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple example demonstrating how to write Dynamic Providers using Pulumi. + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +1. [Configure Pulumi for Python](https://www.pulumi.com/docs/intro/languages/python/) + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init aws-py-dynamicresource + ``` + +1. Set the AWS region and the names and passwords for admin and user: + + ```bash + $ pulumi config set aws:region us-west-2 + $ pulumi config set sql-admin-name + $ pulumi config set sql-admin-password --secret + $ pulumi config set sql-user-name + $ pulumi config set sql-user-password --secret + ``` + +1. Run `pulumi up -y` to deploy changes: + + ```bash + Updating (aws-py-dynamicresource): + Type Name Status + + pulumi:pulumi:Stack aws-py-dynamicresource-aws-py-dynamicresource created + + ├─ aws:ec2:Vpc app-vpc created + + ├─ aws:ec2:InternetGateway app-gateway created + + ├─ aws:ec2:SecurityGroup security-group created + + ├─ aws:ec2:Subnet app-vpc-subnet created + + ├─ aws:ec2:Subnet extra-rds-subnet created + + ├─ aws:ec2:RouteTable app-routetable created + + ├─ aws:rds:SubnetGroup app-database-subnetgroup created + + ├─ aws:ec2:MainRouteTableAssociation app_routetable_association created + + ├─ aws:rds:Instance mysql-server created + + ├─ pulumi:providers:mysql mysql-provider created + + ├─ mysql:index:Database mysql-database created + + ├─ mysql:index:User mysql-standard-user created + + ├─ mysql:index:Grant mysql-access-grant created + + └─ pulumi-python:dynamic:Resource mysql_votes_table created + + Outputs: + dynamic-resource-id: "schema-44462d37c8e04c18be08cbf05670a328" + + Resources: + + 15 created + + Duration: 3m31s + ``` + +1. View the ID of the dynamic resource via `stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + dynamic-resource-id schema-44462d37c8e04c18be08cbf05670a328 + ``` + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-ec2-provisioners.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-ec2-provisioners.md new file mode 100644 index 00000000000..b0a24e6dbd3 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-ec2-provisioners.md @@ -0,0 +1,57 @@ +--- +title: "AWS WebServer with Manual Provisioning (in Python) | Python" +h1: "AWS WebServer with Manual Provisioning (in Python)" +linktitle: "AWS WebServer with Manual Provisioning (in Python)" +meta_desc: "AWS WebServer with Manual Provisioning (in Python) How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +This demonstrates using the [`pulumi_command`](https://www.pulumi.com/registry/packages/command/) package to accomplish post-provisioning configuration steps. + +Using these building blocks, one can accomplish much of the same as Terraform provisioners. + +## Running the Example + +First, create a stack, using `pulumi stack init`. + +Next, generate an OpenSSH keypair for use with your server - as per the AWS [Requirements][1] + +``` +$ ssh-keygen -t rsa -f rsa -b 4096 -m PEM +``` + +This will output two files, `rsa` and `rsa.pub`, in the current directory. Be sure not to commit these files! + +We then need to configure our stack so that the public key is used by our EC2 instance, and the private key used +for subsequent SCP and SSH steps that will configure our server after it is stood up. + +``` +$ cat rsa.pub | pulumi config set publicKey -- +$ cat rsa | pulumi config set privateKey --secret -- +``` + +Notice that we've used `--secret` for `privateKey`. This ensures the private key is stored as an encrypted [Pulumi secret](https://www.pulumi.com/docs/intro/concepts/secrets/). + +Also set your desired AWS region: + +``` +$ pulumi config set aws:region us-west-2 +``` + +From there, you can run `pulumi up` and all resources will be provisioned and configured. + +[1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#how-to-generate-your-own-key-and-import-it-to-aws + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-ecs-instances-autoapi.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-ecs-instances-autoapi.md new file mode 100644 index 00000000000..019798399e2 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-ecs-instances-autoapi.md @@ -0,0 +1,102 @@ +--- +title: "AWS ECS with Container Instances and Delete Orchestration | Python" +h1: "AWS ECS with Container Instances and Delete Orchestration" +linktitle: "AWS ECS with Container Instances and Delete Orchestration" +meta_desc: "AWS ECS with Container Instances and Delete Orchestration How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +This example demonstrates three use-cases: + +- AWS ECS using Container Instances (Python): A Python Pulumi program that stands up a custom AWS ECS cluster that uses instances instead of fargate for the infrastructure. +- Automation API Orchestration: Destroying this stack without any sort of orchestration will fail due to this issue in the underlying provider: https://github.com/hashicorp/terraform-provider-aws/issues/4852. So, Automation API to the rescue. By orchestrating sizing of the autoscaling group to 0 before the destroy, the destroy is able to complete as expected. +- Automation API cross-language support: Although the automation logic is written in TypeScript, the ECS cluster stack is written in Python. + +## Project Structure + +### `/py-ecs-instance`: + +This is a Pulumi project/stack python program that deploys the following: + +- ECS Cluster using "container instances" instead of Fargate. +- An nginx "hello world" test container and related load balancer and networking. + One can change to this directory and run `pulumi up` and deploy the stack just as would be done with any Pulumi project ... + +But wait, there's more ... + +### `/automation` + +This directory contains the automation api code (`index.ts`) that handles deploying and, more importantly, orchestrating the deletion of the stack to avoid a dependency constraint. + +## How to Use + +To run this example you'll need a few pre-reqs: + +1. A Pulumi CLI installation ([v2.15.6](https://www.pulumi.com/docs/get-started/install/versions/) or later) +2. Python 3.6+ +3. The AWS CLI, with appropriate credentials. + +To run our automation program we just `cd` to the `automation` directory and use `yarn` to run the automation api code. + +```shell +$ yarn install +$ yarn start +yarn run v1.19.1 +$ ./node_modules/ts-node/dist/bin.js index.ts +successfully initialized stack +setting up config +config set +refreshing stack... +Refreshing (dev) +... +refresh complete +updating stack... +Updating (dev) +... + +update summary: +{ + "same": 0, + "update": 16 +} +website url: http://load-balancer-xxxxxxxxx.us-east-1.elb.amazonaws.com +``` + +To destroy the stack, we run the automation program with an additional `destroy` argument: + +```shell +$ yarn start destroy +yarn run v1.19.1 +$ ./node_modules/ts-node/dist/bin.js index.ts destroy +successfully initialized stack +setting up config +config set +refreshing stack... +Refreshing (dev) +destroying stack ... +Destroying (dev) +... +@ Destroying ... +... +Resources: + - 16 deleted + +The resources in the stack have been deleted, but the history and configuration associated with the stack are still maintained. +If you want to remove the stack completely, run 'pulumi stack rm dev'. + +stack destroy complete +``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-eks.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-eks.md new file mode 100644 index 00000000000..935683e9a64 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-eks.md @@ -0,0 +1,121 @@ +--- +title: "Amazon EKS Cluster | Python" +h1: "Amazon EKS Cluster" +linktitle: "Amazon EKS Cluster" +meta_desc: "Amazon EKS Cluster How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +This example deploys an EKS Kubernetes cluster inside a AWS VPC with proper NodeGroup and Networking Configured + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +1. [Configure Pulumi for Python](https://www.pulumi.com/docs/intro/languages/python/) +1. *Optional for K8 Auth* [Install `iam-authenticator`](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) + +## Deploying and running the program + +1. Create a new stack: + + ``` + $ pulumi stack init python-eks-testing + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-2 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing stack 'python-eks-testing' + Previewing changes: + ... + + Do you want to perform this update? yes + Updating (python-eks-testing): + + Type Name Status + + pulumi:pulumi:Stack aws-py-eks-python-eks-testing created + + ├─ aws:iam:Role ec2-nodegroup-iam-role created + + ├─ aws:iam:Role eks-iam-role created + + ├─ aws:ec2:Vpc eks-vpc created + + ├─ aws:iam:RolePolicyAttachment eks-workernode-policy-attachment created + + ├─ aws:iam:RolePolicyAttachment eks-cni-policy-attachment created + + ├─ aws:iam:RolePolicyAttachment ec2-container-ro-policy-attachment created + + ├─ aws:iam:RolePolicyAttachment eks-service-policy-attachment created + + ├─ aws:iam:RolePolicyAttachment eks-cluster-policy-attachment created + + ├─ aws:ec2:InternetGateway vpc-ig created + + ├─ aws:ec2:Subnet vpc-sn-1 created + + ├─ aws:ec2:Subnet vpc-sn-2 created + + ├─ aws:ec2:SecurityGroup eks-cluster-sg created + + ├─ aws:ec2:RouteTable vpc-route-table created + + ├─ aws:eks:Cluster eks-cluster created + + ├─ aws:ec2:RouteTableAssociation vpc-1-route-table-assoc created + + ├─ aws:ec2:RouteTableAssociation vpc-2-route-table-assoc created + + └─ aws:eks:NodeGroup eks-node-group created + + Outputs: + cluster-name: "eks-cluster-96b87e8" + + Resources: + + 18 created + + Duration: 14m15s + + ``` + +1. View the cluster name via `stack output`: + + ``` + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + cluster-name eks-cluster-96b87e8 + ``` + +1. Verify that the EKS cluster exists, by either using the AWS Console or running `aws eks list-clusters`. + +1. Update your KubeConfig, Authenticate to your Kubernetes Cluster and verify you have API access and nodes running. + +``` +$ aws eks --region us-east-2 update-kubeconfig --name $(pulumi stack output cluster-name) + + Added new context arn:aws:eks:us-east-2:account:cluster/eks-cluster-96b87e8 +``` + + +``` +$ kubectl get nodes + + NAME STATUS ROLES AGE VERSION + ip-10-100-0-182.us-east-2.compute.internal Ready 10m v1.14.7-eks-1861c5 + ip-10-100-1-174.us-east-2.compute.internal Ready 10m v1.14.7-eks-1861c5 +``` + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-fargate.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-fargate.md new file mode 100644 index 00000000000..aefe52cc1fc --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-fargate.md @@ -0,0 +1,158 @@ +--- +title: "NGINX on AWS ECS Fargate using Python | Python" +h1: "NGINX on AWS ECS Fargate using Python" +linktitle: "NGINX on AWS ECS Fargate using Python" +meta_desc: "NGINX on AWS ECS Fargate using Python How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example shows authoring Infrastructure as Code in Python. It +provisions a full [Amazon Elastic Container Service (ECS) "Fargate"](https://aws.amazon.com/ecs) cluster and +related infrastructure, running a load-balanced NGINX web server accessible over the Internet on port 80. +This example is inspired by [Docker's Getting Started Tutorial](https://docs.docker.com/get-started/). + +## Prerequisites + +* [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +* [Configure Pulumi to Use AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) (if your AWS CLI is configured, no further changes are required) + +## Running the Example + +Clone [the examples repo](https://github.com/pulumi/examples/tree/master/aws-py-fargate) and `cd` into it. + +Next, to deploy the application and its infrastructure, follow these steps: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init dev + ``` + +1. Set your desired AWS region: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region will work + ``` + +1. Deploy everything with a single `pulumi up` command. This will show you a preview of changes first, which + includes all of the required AWS resources (clusters, services, and the like). Don't worry if it's more than + you expected -- this is one of the benefits of Pulumi, it configures everything so that so you don't need to! + + ```bash + $ pulumi up + ``` + + After being prompted and selecting "yes", your deployment will begin. It'll complete in a few minutes: + + ```bash + Updating (dev): + Type Name Status + + pulumi:pulumi:Stack aws-py-fargate-dev created + + ├─ aws:ecs:Cluster cluster created + + ├─ aws:ec2:SecurityGroup web-secgrp created + + ├─ aws:iam:Role task-exec-role created + + ├─ aws:lb:TargetGroup app-tg created + + ├─ aws:ecs:TaskDefinition app-task created + + ├─ aws:iam:RolePolicyAttachment task-exec-policy created + + ├─ aws:lb:LoadBalancer app-lb created + + ├─ aws:lb:Listener web created + + └─ aws:ecs:Service app-svc created + + Outputs: + url: "app-lb-ad43707-1433933240.us-west-2.elb.amazonaws.com" + + Resources: + + 10 created + + Duration: 2m56s + + Permalink: https://app.pulumi.com/acmecorp/aws-python-fargate/dev/updates/1 + ``` + + Notice that the automatically assigned load-balancer URL is printed as a stack output. + +1. At this point, your app is running -- let's curl it. The CLI makes it easy to grab the URL: + + ```bash + $ curl http://$(pulumi stack output url) + + + + Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and + working. Further configuration is required.

+ +

For online documentation and support please refer to + nginx.org.
+ Commercial support is available at + nginx.com.

+ +

Thank you for using nginx.

+ + + ``` + +**Please Note**: It may take a few minutes for the app to start up. Until that point, you may receive a 503 error response code. + +1. Try making some changes, and rerunning `pulumi up`. For example, let's scale up to 3 instances: + + Running `pulumi up` will show you the delta and then, after confirming, will deploy just those changes: + + ```bash + $ pulumi up + ``` + + Notice that `pulumi up` redeploys just the parts of the application/infrastructure that you've edited. + + ```bash + Updating (dev): + + Type Name Status Info + pulumi:pulumi:Stack aws-py-fargate-dev + ~ └─ aws:ecs:Service app-svc updated [diff: ~desiredCount] + + Outputs: + url: "app-lb-ad43707-1433933240.us-west-2.elb.amazonaws.com" + + Resources: + ~ 1 updated + 9 unchanged + + Duration: 14s + + Permalink: https://app.pulumi.com/acmecorp/aws-python-fargate/dev/updates/2 + ``` + +1. Once you are done, you can destroy all of the resources, and the stack: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-hub-and-spoke-network.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-hub-and-spoke-network.md new file mode 100644 index 00000000000..4ad147ed4b6 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-hub-and-spoke-network.md @@ -0,0 +1,120 @@ +--- +title: "Hub-and-Spoke Network with Centralized Egress and Traffic Inspection use AWS Transit Gateway and AWS Firewall | Python" +h1: "Hub-and-Spoke Network with Centralized Egress and Traffic Inspection use AWS Transit Gateway and AWS Firewall" +linktitle: "Hub-and-Spoke Network with Centralized Egress and Traffic Inspection use AWS Transit Gateway and AWS Firewall" +meta_desc: "Hub-and-Spoke Network with Centralized Egress and Traffic Inspection use AWS Transit Gateway and AWS Firewall How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +This example creates a hub and spoke network in AWS with centralized egress and (optional) traffic inspection using AWS VPC, AWS Transit Gateway, and AWS Firewall for traffic inspection. The code creates 2 spoke networks, but additional networks can be added quickly added by modifying the code (see "Additional Options" below). + +## About the Architecture + +A hub-and-spoke network is a common architecture for creating a network topology that provides isolation and security for your workloads. The hub-and-spoke architecture you'll be creating on AWS has three main components: an inspection VPC, AWS Transit Gateway, and a series of spoke VPCs. + +* The **inspection VPC** provides centralized egress. It is the only VPC that has a route to the internet, so all other VPCs in the architecture must route their traffic through the inspection VPC. The inspection VPC has optional traffic inspection capabilities. +* Network connectivity between VPCs is accomplished via **[AWS Transit Gateway](https://aws.amazon.com/transit-gateway/)**. The Transit Gateway maintains a central routing table that is used to route traffic from the spoke VPCs to the internet. We also need to maintain routes so that return traffic from the internet can be routed back to the correct spoke VPC. +* The **spoke VPCs** are where we run our application workloads. They are isolated from each other and cannot communicate with each other unless we explicitly allow a network path. They will be able to communicate with the internet by default, but only through the inspection VPC's NAT gateways. + +![Diagram of a hub and spoke network architecture with centralized egress and traffic inspection](https://raw.githubusercontent.com/pulumi/examples/master/aws-py-hub-and-spoke-network/hub-and-spoke-architecture.png "Hub and spoke network") + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure AWS Credentials](https://www.pulumi.com/registry/packages/aws/installation-configuration/) +3. [Install Python](https://www.pulumi.com/docs/intro/languages/python/) + +## Deploy The App + +### Step 1: Initialize the Project + +For Pulumi examples, we typically start by creating a directory and changing into it. Then, we create a new Pulumi project from a template. For example, `azure-javascript`. + +1. Install packages: + + ```bash + python3 -m venv venv + venv/bin/pip install -r requirements.txt + ``` + +2. Create a new Pulumi stack: + + ```bash + pulumi stack init + ``` + +3. Configure the AWS region to deploy into: + + ```bash + pulumi config set aws:region us-east-2 + ``` + +4. Deploy the Pulumi stack: + + ```bash + pulumi up + ``` + +### Step 2: Test the Network + +1. Take note of the `nat-gateway-eip` output from the stack. This is the Elastic IP address of the NAT gateway in the inspection VPC. +1. Log into the AWS Console in the region in which you deployed the project. +1. Navigate to the EC2 service home page. +1. Select one of the spoke workload instances and under "Actions", click "Connect". +1. Under the Session Manager section, click "Connect". This will create an terminal session to the instance. +1. Run the following command. The resulting output should be identical to the `nat-gateway-eip` output from the stack. This means that your EC2 instance is able to reach the internet through the NAT gateway in the inspection VPC. + + ```bash + curl -s http://icanhazip.com + ``` + +You can comment out the `SpokeWorkload` components after testing as it is not required for the network to function. + +### Additional Options + +There are several modifications to the code that can be made: + +1. To enable traffic inspection, set the `create-firewall` config variable to `true`. + + ```bash + pulumi config set create-firewall true + ``` + + By default, the firewall rules will only allow traffic to amazon.com. You can modify the rules by editing the contents of `firewall.py`. + +1. To add additional spoke networks, initiate additional instances of the `SpokeVpc` component resource in `__main__.py`. Be sure that each spoke VPC has a CIDR block that does not overlap with any other spoke VPCs. + +## Clean Up + +Once you're finished experimenting, you can destroy your stack and remove it to avoid incurring any additional cost: + +```bash +pulumi destroy +pulumi stack rm +``` + +## Troubleshooting + +You may encounter a condition where the security group fails to delete. This may be due to incomplete deletion of VPC endpoints. To fix this condition, perform the following in the AWS console: + +1. Delete all VPC endpoints in the VPC that contains the security group that is failing to delete. Wait for the endpoints to finish deleting. +1. Once the VPC endpoints are deleted, attempt to delete the security group in the console. If any ENIs are still using the security group, wait a few seconds and try again. ENIs created for VPC endpoints may take an additional minute or two to be deleted after deleting the associated VPC endpoint. +1. Run `pulumi destroy` again. + +## Summary + +In this tutorial, you created a hub and spoke network with centralized egress and (optional) traffic inspection. Now you can deploy workloads into the VPCs and enjoy the benefits of this architecture. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-oidc-provider-pulumi-cloud.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-oidc-provider-pulumi-cloud.md new file mode 100644 index 00000000000..e70a645414e --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-oidc-provider-pulumi-cloud.md @@ -0,0 +1,116 @@ +--- +title: "Provisioning an OIDC Provider in AWS for Pulumi Cloud | Python" +h1: "Provisioning an OIDC Provider in AWS for Pulumi Cloud" +linktitle: "Provisioning an OIDC Provider in AWS for Pulumi Cloud" +meta_desc: "Provisioning an OIDC Provider in AWS for Pulumi Cloud How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +This example will create OIDC configuration between Pulumi Cloud and AWS, specifically demonstrating connectivity with [Pulumi ESC](https://www.pulumi.com/docs/pulumi-cloud/esc/). The program automates the process detailed in the AWS documentation for the following activities: + +- [Obtaining the thumbprint for an OpenID Connect Identity Provider](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html) +- [Creating an OpenID Connect Identity Provider](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html) + +## Prerequisites + +* [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +* [Configure Pulumi to Use AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) (if your AWS CLI is configured, no further changes are required) +* Install Python 3.x + +Make sure to deploy this example in an AWS account that does not already have a provider configured for Pulumi, otherwise the deployment will fail with the following error: + +`creating IAM OIDC Provider: EntityAlreadyExists: Provider with url https://api.pulumi.com/oidc already exists.` + +## Running the Example + +Clone [the examples repo](https://github.com/pulumi/examples) and navigate to the folder for this example. + +```bash +git clone https://github.com/pulumi/examples.git +cd examples/aws-py-oidc-provider-pulumi-cloud +``` + +Next, to deploy the application and its infrastructure, follow these steps: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init dev + ``` + +1. Set your desired AWS region: + + ```bash + pulumi config set aws:region us-east-1 # any valid AWS region will work + ``` + +1. Install requirements. + + ```bash + python3 -m venv venv + venv/bin/pip install -r requirements.txt + ``` + +1. Run `pulumi up -y`. Once the program completes, it will output a YAML template for you to use in the next step. + +## Validating the OIDC Configuration + +This next section will walk you through validating your OIDC configuration using [Pulumi ESC](https://www.pulumi.com/docs/pulumi-cloud/esc/). + +Start by [creating a new Pulumi ESC environment](https://www.pulumi.com/docs/pulumi-cloud/esc/get-started/#create-an-environment). Then, copy the template definition from the output in the CLI and paste it into your environment. Save your environment file and run the `pulumi env open /` command in the CLI. You should see output similar to the following: + +```bash +$ pulumi env open myOrg/myEnvironment +{ + "aws": { + "login": { + "accessKeyId": "ASIA......", + "secretAccessKey": "PYP.....", + "sessionToken": "FwoGZ....." + } + } +} +``` + +You can configure more granular access control by adding the `sub` claim to the Provider role's trust policy conditions with the appropriate pattern. In the following example, the role may only be assumed by the specific Pulumi ESC environment that you designate. + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Federated": "arn:aws:iam::616138583583:oidc-provider/api.pulumi.com/oidc" + }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "api.pulumi.com/oidc:aud": "", + "api.pulumi.com/oidc:sub": "pulumi:environments:org::env:" + } + } + } + ] +} +``` +Once you are done, you can destroy all of the resources as well as the stack: + +```bash +$ pulumi destroy +$ pulumi stack rm +``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-redshift-glue-etl.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-redshift-glue-etl.md new file mode 100644 index 00000000000..b1af4cd17a9 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-redshift-glue-etl.md @@ -0,0 +1,76 @@ +--- +title: "ETL pipeline with Amazon Redshift and AWS Glue | Python" +h1: "ETL pipeline with Amazon Redshift and AWS Glue" +linktitle: "ETL pipeline with Amazon Redshift and AWS Glue" +meta_desc: "ETL pipeline with Amazon Redshift and AWS Glue How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +[![Deploy with Pulumi](https://get.pulumi.com/new/button.svg)](https://app.pulumi.com/new?template=https://github.com/pulumi/examples/tree/master/aws-py-redshift-glue-etl) + +This example creates an ETL pipeline using Amazon Redshift and AWS Glue. The pipeline extracts data from an S3 bucket with a Glue crawler, transforms it with a Python script wrapped in a Glue job, and loads it into a Redshift database deployed in a VPC. + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/). +1. [Install Python](https://www.pulumi.com/docs/intro/languages/python/). +1. Configure your [AWS credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/). + +### Deploying the App + +1. Clone this repo, change to this directory, then create a new [stack](https://www.pulumi.com/docs/intro/concepts/stack/) for the project: + + ```bash + pulumi stack init + ``` + +1. Specify an AWS region to deploy into: + + ```bash + pulumi config set aws:region us-west-2 + ``` + +1. Install Python dependencies and run Pulumi: + + ```bash + python3 -m venv venv + source venv/bin/activate + pip install -r requirements.txt + + pulumi up + ``` + +1. In a few moments, the Redshift cluster and Glue components will be up and running and the S3 bucket name emitted as a Pulumi [stack output](https://www.pulumi.com/docs/intro/concepts/stack/#outputs). + + ```bash + ... + Outputs: + dataBucketName: "events-56e424a" + ``` + +1. Upload the included sample data file to S3 to verify the automation works as expected: + + ```bash + aws s3 cp events-1.txt s3://$(pulumi stack output dataBucketName) + ``` + +1. When you're ready, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-resources.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-resources.md new file mode 100644 index 00000000000..29d3218bb2a --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-resources.md @@ -0,0 +1,39 @@ +--- +title: "AWS Resources | Python" +h1: "AWS Resources" +linktitle: "AWS Resources" +meta_desc: "AWS Resources How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A Pulumi program that demonstrates creating various AWS resources in Python + +```bash +# Create and configure a new stack +$ pulumi stack init dev +$ pulumi config set aws:region us-east-2 + +# Preview and run the deployment +$ pulumi up + +# Remove the app +$ pulumi destroy +$ pulumi stack rm +``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-s3-folder.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-s3-folder.md new file mode 100644 index 00000000000..a2d9fa7f94f --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-s3-folder.md @@ -0,0 +1,95 @@ +--- +title: "Host a Static Website on Amazon S3 | Python" +h1: "Host a Static Website on Amazon S3" +linktitle: "Host a Static Website on Amazon S3" +meta_desc: "Host a Static Website on Amazon S3 How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A static website that uses [S3's website support](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). +For a detailed walkthrough of this example, see the tutorial [Static Website on AWS S3](https://www.pulumi.com/docs/tutorials/aws/s3-website/). + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ```bash + $ pulumi stack init website-testing + ``` + +1. Set the AWS region: + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes. After the preview is shown you will be + prompted if you want to continue or not. + + ```bash + $ pulumi up + Previewing update (dev): + + Type Name Plan + + pulumi:pulumi:Stack aws-py-s3-folder-dev create + + ├─ aws:s3:Bucket s3-website-bucket create + + ├─ aws:s3:BucketObject index.html create + + ├─ aws:s3:BucketObject python.png create + + ├─ aws:s3:BucketObject favicon.png create + + └─ aws:s3:BucketPolicy bucket-policy create + + Resources: + + 6 to create + + Do you want to perform this update? + > yes + no + details + ``` + +1. To see the resources that were created, run `pulumi stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + bucket_name s3-website-bucket-*** + website_url ***.s3-website-us-west-2.amazonaws.com + ``` + +1. To see that the S3 objects exist, you can either use the AWS Console or the AWS CLI: + + ```bash + $ aws s3 ls $(pulumi stack output bucket_name) + 2018-04-17 15:40:47 13731 favicon.png + 2018-04-17 15:40:48 249 index.html + ``` + +1. Open the site URL in a browser to see both the rendered HTML, the favicon, and Python splash image: + + ```bash + $ pulumi stack output website_url + ***.s3-website-us-west-2.amazonaws.com + ``` + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-secrets-manager.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-secrets-manager.md new file mode 100644 index 00000000000..57e964e3a0c --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-secrets-manager.md @@ -0,0 +1,71 @@ +--- +title: "Setup AWS Secrets manager | Python" +h1: "Setup AWS Secrets manager" +linktitle: "Setup AWS Secrets manager" +meta_desc: "Setup AWS Secrets manager How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple program that creates an AWS secret and a version under AWS Secrets Manager + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-1 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (dev) + ... + + Updating (dev) + + View Live: https://app.pulumi.com/acmecorp/aws-py-secrets-manager/dev/updates/1 + + Type Name Status + + - pulumi:pulumi:Stack aws-py-secrets-manager-dev created + - ├─ aws:secretsmanager:Secret secret_container created + - └─ aws:secretsmanager:SecretVersion secret_version created + + Outputs: + secret_id: "arn:aws:secretsmanager:us-east-1:xxxxxxxx:secret:secret_container-d07f0c4-N3OSrw" + + Resources: + 3 created + + Duration: 6s + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-serverless-raw.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-serverless-raw.md new file mode 100644 index 00000000000..1c8dae064dd --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-serverless-raw.md @@ -0,0 +1,99 @@ +--- +title: "Serverless C# App | Python" +h1: "Serverless C# App" +linktitle: "Serverless C# App" +meta_desc: "Serverless C# App How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example deploys a complete serverless C# application using raw `aws.apigateway.RestApi`, `aws.lambda_.Function` and +`aws.dynamodb.Table` resources from `pulumi_aws`. Although this doesn't feature any of the higher-level abstractions +from the `pulumi_cloud` package, it demonstrates that you can program the raw resources directly available in AWS +to accomplish all of the same things this higher-level package offers. + +The deployed Lambda function is a simple C# application, highlighting the ability to manage existing application code +in a Pulumi application, even if your Pulumi code is written in a different language like JavaScript or Python. + +The Lambda function is a C# application using .NET Core 3.1 (a similar approach works for any other language supported by +AWS Lambda). + +## Deploying and running the Pulumi App + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Build the C# application. + + ```bash + dotnet publish app + ``` + +1. Set the AWS region: + + ```bash + $ pulumi config set aws:region us-east-2 + ``` + +1. Optionally, set AWS Lambda provisioned concurrency: + + ```bash + $ pulumi config set provisionedConcurrency 1 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (dev): + ... + + Updating (dev): + ... + Resources: + + 10 created + Duration: 1m 20s + ``` + +1. Check the deployed GraphQL endpoint: + + ``` + $ curl $(pulumi stack output endpoint)/hello + {"Path":"/hello","Count":0} + ``` + +1. See the logs + + ``` + $ pulumi logs -f + 2018-03-21T18:24:52.670-07:00[ mylambda-d719650] START RequestId: d1e95652-2d6f-11e8-93f6-2921c8ae65e7 Version: $LATEST + 2018-03-21T18:24:56.171-07:00[ mylambda-d719650] Getting count for '/hello' + 2018-03-21T18:25:01.327-07:00[ mylambda-d719650] Got count 0 for '/hello' + 2018-03-21T18:25:02.267-07:00[ mylambda-d719650] END RequestId: d1e95652-2d6f-11e8-93f6-2921c8ae65e7 + 2018-03-21T18:25:02.267-07:00[ mylambda-d719650] REPORT RequestId: d1e95652-2d6f-11e8-93f6-2921c8ae65e7 Duration: 9540.93 ms Billed Duration: 9600 ms Memory Size: 128 MB Max Memory Used: 37 MB + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-slackbot.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-slackbot.md new file mode 100644 index 00000000000..a988c0a7f47 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-slackbot.md @@ -0,0 +1,165 @@ +--- +title: "Create a Slackbot for Posting Mention Notifications | Python" +h1: "Create a Slackbot for Posting Mention Notifications" +linktitle: "Create a Slackbot for Posting Mention Notifications" +meta_desc: "Create a Slackbot for Posting Mention Notifications How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This is an example of a simple Slackbot (called '@mentionbot') that posts a notification to a specific channel any time you're @mentioned anywhere, whether in various channels or via direct message. This bot is useful for when you need a time-ordered list of @mentions to go through at a later point. + +Slack users can subscribe/unsubscribe from notifications easily. To receive notifications, add `@mentionbot` to a channel you want to be notified in. Then send any message to `@mentionbot` to subscribe. To stop getting messages, send a message to `@mentionbot` containing the word `unsubscribe`. + +1. We set up an ApiGateway API to receive push notifications from Slack whenever important events happen. +2. Slack has strict requirements on how quickly the push endpoint must respond with `200` notifications before they consider the message as "not received", triggering back-off and resending of those same messages. For this reason, our example does not process Slack `event` messages as they come in. Instead, they are immediately added to an [AWS SNS Topic](https://aws.amazon.com/sns/) to be processed at a later point in time. This allows the ApiGateway call to return quickly, satisfying Slack's requirements. +3. Two [AWS Lambdas](https://aws.amazon.com/lambda/) are created naturally using simple Python functions. One function is used to create the Lambda that is called when Slack pushes a notification. The other is used to specify the Lamdba that will process the messages added to the Topic. These functions can easily access the other Pulumi resources created, avoiding the need to figure out ways to pass Resource ARNs/IDs/etc. to the Lambdas to ensure they can talk to the right resources. If these resources are swapped out in the future (for example, using RDS instead of DynamoDB, or SQS instead of SNS), Pulumi will make sure that the Lambdas were updated properly. +4. [Pulumi Secrets](https://www.pulumi.com/docs/intro/concepts/secrets/) provides a simple way to pass important credentials (like your Slack tokens) without having to directly embed them in your application code. + +First, we'll set up the Pulumi App. Then, we'll go create and configure a Slack App and Bot to interact with our Pulumi App. + +## Deploy the App + +> **Note:** Some values in this example will be different from run to run. These values are indicated +with `***`. + +### Step 1: Create a new stack + +```bash +$ pulumi stack init mentionbot +``` + +### Step 2: Set the AWS region + +``` +$ pulumi config set aws:region us-east-2 +``` + +### Step 3: Preview and deploy your app + +Run `pulumi up` to preview and deploy your AWS resources. + +``` +$ pulumi up +Previewing update (mentionbot): +``` + +### Step 5: Create a new Slackbot + +To create a new Slackbot, first go to https://api.slack.com/apps and create an account if necessary. Next, click on 'Create New App' here: + +

+ +

+ +Pick your desired name for the app, and the Workspace the app belongs to. Here we choose `MentionBot`: + +

+ +

+ +Once created, you will need to 'Add features and functionality' to your app. You'll eventually need all these configured: + +

+ +

+ +First, we'll enable 'Incoming Webhooks'. This allows your Slack bot to post messages into Slack for you: + +

+ +

+ +Next, create a bot user like so: + +

+ +

+ +Next, we'll enable 'Event Subscriptions'. This will tell Slack to push events to your ApiGateway endpoint when changes happen. Note that we put the Stack-Output `url` shown above (along with the `events` suffix). This corresponds to the specific ApiGateway Route that was defined in the Pulumi app. Note that Slack will test this endpoint to ensure it is accepting Slack notifications and responding to them in a valid manner. We'll also setup notifications for the events we care about. Importantly, our Slackbot will have to hear about when people mention it (for subscribing/unsubscribing), as well as hearing about all messages (so it can look for @-mentions): + +

+ + +

+ +Next, we'll go to 'Permissions'. Here, we can find the OAuth tokens your Pulumi App will need. Specifically, we'll need the 'Bot User OAuth Token' listed here: + +

+ +

+ +Underneath this, we'll set the following Scopes defining the permissions of the bot: + +

+ +

+ +Now, we're almost done. The only thing left to do is supply your Pulumi App with the appropriate secrets/tokens. We'll need the Bot OAuth token (shown above), and the 'Verification Token' (found under 'Basic Information'): + +

+ +

+ +Supply these both like so: + +``` +$ pulumi config set --secret mentionbot:slackToken xoxb-... +$ pulumi config set --secret mentionbot:verificationToken d... +``` + +Next, install the Slack App into your workspace: + +

+ +

+ +And we're done! + +### Step 6: Interact with the Slackbot + +From Slack you can now create your own private channel: + +

+ +

+ +Invite the bot to the channel: + +

+ +

+ +Then send it a message. Note that it may take several seconds for the bot to respond due to Slack push notification delays, SNS Topic delays, and Slack incoming message delays. + +

+ +

+ +And you're set! From now on when someone from your team mentions you, you'll get a little message with a direct mention in your channel like so: + +

+ +

+ +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-stackreference.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-stackreference.md new file mode 100644 index 00000000000..23c44ce53fe --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-stackreference.md @@ -0,0 +1,200 @@ +--- +title: "StackReference Example | Python" +h1: "StackReference Example" +linktitle: "StackReference Example" +meta_desc: "StackReference Example How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +This example creates a "team" EC2 Instance with tags set from _upstream_ "company" and "department" +stacks via [StackReference](https://www.pulumi.com/docs/intro/concepts/stack/#stackreferences). + +```sh +/** + * company + * └─ department + * └─ team + */ +``` + +## Getting Started + +1. Change directory to `company` and install dependencies. + + ```bash + $ cd company + ```` + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the required configuration variables: + + ```bash + $ pulumi config set companyName 'ACME Widget Company' + ``` + +1. Deploy everything with the `pulumi up` command. + + ```bash + $ pulumi up + Previewing update (dev): + + Type Name Plan + + pulumi:pulumi:Stack aws-py-stackreference-company-dev create + + Resources: + + 1 to create + + Do you want to perform this update? yes + Updating (dev): + + Type Name Status + + pulumi:pulumi:Stack aws-py-stackreference-company-dev created + + Outputs: + companyName: "ACME Widget Company" + + Resources: + + 1 created + + Duration: 1s + + Permalink: https://app.pulumi.com/clstokes/aws-py-stackreference-company/dev/updates/1 + ``` + +1. Change directory to `department` and install dependencies. + + ```bash + $ cd ../department + ```` + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the required configuration variables: + + ```bash + $ pulumi config set departmentName 'E-Commerce' + ``` + +1. Deploy everything with the `pulumi up` command. + + ```bash + $ pulumi up + Previewing update (dev): + + Type Name Plan + + pulumi:pulumi:Stack aws-py-stackreference-department-dev create + + Resources: + + 1 to create + + Do you want to perform this update? yes + Updating (dev): + + Type Name Status + + pulumi:pulumi:Stack aws-py-stackreference-department-dev created + + Outputs: + departmentName: "E-Commerce" + + Resources: + + 1 created + + Duration: 1s + + Permalink: https://app.pulumi.com/clstokes/aws-py-stackreference-department/dev/updates/1 + ``` + +1. Change directory to `team` and install dependencies. + + ```bash + $ cd ../team + ```` + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the required configuration variables, replacing `YOUR_ORG` with the name of your Pulumi organization: + + ```bash + $ pulumi config set companyStack YOUR_ORG/aws-py-stackreference-company/dev + $ pulumi config set departmentStack YOUR_ORG/aws-py-stackreference-department/dev + $ pulumi config set teamName 'Frontend Dev' + $ pulumi config set aws:region us-west-2 # any valid AWS zone works + ``` + +1. Deploy everything with the `pulumi up` command. + + ```bash + $ envchain aws pulumi up + Previewing update (dev): + + Type Name Plan + + pulumi:pulumi:Stack aws-py-stackreference-team-dev create + >- ├─ pulumi:pulumi:StackReference clstokes/aws-py-stackreference-department/dev read + >- ├─ pulumi:pulumi:StackReference clstokes/aws-py-stackreference-company/dev read + + └─ aws:ec2:Instance tagged create + + Resources: + + 2 to create + + Do you want to perform this update? yes + Updating (dev): + + Type Name Status + + pulumi:pulumi:Stack aws-py-stackreference-team-dev created + >- ├─ pulumi:pulumi:StackReference clstokes/aws-py-stackreference-company/dev read + >- ├─ pulumi:pulumi:StackReference clstokes/aws-py-stackreference-department/dev read + + └─ aws:ec2:Instance tagged created + + Outputs: + instanceId : "i-0a9ede9c446503903" + instanceTags: { + Managed By: "Pulumi" + company : "ACME Widget Company" + department: "E-Commerce" + team : "Frontend Dev" + } + + Resources: + + 2 created + + Duration: 28s + + Permalink: https://app.pulumi.com/clstokes/aws-py-stackreference-team/dev/updates/1 + ``` + +## Clean Up + +1. Once you are done, destroy all of the resources and the stack. Repeat this in each +of the `company`, `department`, and `team` directories from above that you ran `pulumi up` within. + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-static-website.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-static-website.md new file mode 100644 index 00000000000..584cdde6c4f --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-static-website.md @@ -0,0 +1,150 @@ +--- +title: "Secure Static Website Using Amazon S3, CloudFront, Route53, and Certificate Manager | Python" +h1: "Secure Static Website Using Amazon S3, CloudFront, Route53, and Certificate Manager" +linktitle: "Secure Static Website Using Amazon S3, CloudFront, Route53, and Certificate Manager" +meta_desc: "Secure Static Website Using Amazon S3, CloudFront, Route53, and Certificate Manager How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example serves a static website using Python and AWS. + +This sample uses the following AWS products: + +- [Amazon S3](https://aws.amazon.com/s3/) is used to store the website's contents. +- [Amazon CloudFront](https://aws.amazon.com/cloudfront/) is the CDN serving content. +- [Amazon Route53](https://aws.amazon.com/route53/) is used to set up the DNS for the website. +- [Amazon Certificate Manager](https://aws.amazon.com/certificate-manager/) is used for securing things via HTTPS. + +## Getting Started + +Configure the Pulumi program. There are several configuration settings that need to be +set: + +- `targetDomain` - The domain to serve the website at (e.g. www.example.com). It is assumed that + the parent domain (example.com) is a Route53 Hosted Zone in the AWS account you are running the + Pulumi program in. +- `pathToWebsiteContents` - Directory of the website's contents. e.g. the `./www` folder. + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ```bash + $ pulumi stack init website-testing + ``` + +1. Set the AWS region: + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes. After the preview is shown you will be + prompted if you want to continue or not. + + ```bash + $ pulumi up + Previewing update (example): + Type Name Plan + + pulumi:pulumi:Stack static-website-example create + + ├─ pulumi:providers:aws east create + + ├─ aws:s3:Bucket requestLogs create + + ├─ aws:s3:Bucket contentBucket create + + │ ├─ aws:s3:BucketObject 404.html create + + │ └─ aws:s3:BucketObject index.html create + + ├─ aws:acm:Certificate certificate create + + ├─ aws:route53:Record ***-validation create + + ├─ aws:acm:CertificateValidation certificateValidation create + + ├─ aws:cloudfront:Distribution cdn create + + └─ aws:route53:Record *** create + ``` + +1. To see the resources that were created, run `pulumi stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (4): + OUTPUT VALUE + cloudfront_domain ***.cloudfront.net + content_bucket_url s3://*** + content_bucket_website_endpoint ***.s3-website-us-west-2.amazonaws.com + target_domain_endpoint https://***/ + ``` + +1. To see that the S3 objects exist, you can either use the AWS Console or the AWS CLI: + + ```bash + $ aws s3 ls $(pulumi stack output content_bucket_url) + 2020-02-21 16:58:48 262 404.html + 2020-02-21 16:58:48 394 index.html + ``` + +1. Open a browser to the target domain endpoint from above to see your beautiful static website. (Since we don't wait for the CloudFront distribution to completely sync, you may have to wait a few minutes) + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + +## Troubleshooting + +### Scary HTTPS Warning + +When you create an S3 bucket and CloudFront distribution shortly after one another, you'll see +what looks to be HTTPS configuration issues. This has to do with the replication delay between +S3, CloudFront, and the world-wide DNS system. + +Just wait 15 minutes or so, and the error will go away. Be sure to refresh in an incognito +window, which will avoid any local caches your browser might have. + +### "PreconditionFailed: The request failed because it didn't meet the preconditions" + +Sometimes updating the CloudFront distribution will fail with: + +```text +"PreconditionFailed: The request failed because it didn't meet the preconditions in one or more +request-header fields." +``` + +This is caused by CloudFront confirming the ETag of the resource before applying any updates. +ETag is essentially a "version", and AWS is rejecting any requests that are trying to update +any version but the "latest". + +This error will occur when the state of the ETag gets out of sync between Pulumi Cloud +and AWS. (This can happen when inspecting the CloudFront distribution in the AWS console.) + +You can fix this by running `pulumi refresh` to pickup the newer ETag values. + +## Deployment Speed + +This example creates an `aws.S3.BucketObject` for every file served from the website. When deploying +large websites, that can lead to very long updates as every individual file is checked for any +changes. + +It may be more efficient to not manage individual files using Pulumi and instead just use the +AWS CLI to sync local files with the S3 bucket directly. + +Remove the call to `crawlDirectory` and run `pulumi up`. Pulumi will then delete the contents +of the S3 bucket, and no longer manage their contents. Then do a bulk upload outside of Pulumi +using the AWS CLI. + +```bash +aws s3 sync ./www/ s3://example-bucket/ +``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-stepfunctions.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-stepfunctions.md new file mode 100644 index 00000000000..eb8aca71729 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-stepfunctions.md @@ -0,0 +1,41 @@ +--- +title: "AWS Step Functions | Python" +h1: "AWS Step Functions" +linktitle: "AWS Step Functions" +meta_desc: "AWS Step Functions How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A basic example that demonstrates using AWS Step Functions with a Lambda function, written in Python. + +```bash +# Create and configure a new stack +pulumi stack init stepfunctions-dev +pulumi config set aws:region us-east-2 + +# Preview and run the deployment +pulumi up + +# Start execution using the AWS CLI (or from the console at https://console.aws.amazon.com/states) +aws stepfunctions start-execution --state-machine-arn $(pulumi stack output state_machine_arn) + +# Remove the app and its stack +pulumi destroy && pulumi stack rm -y +``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-voting-app.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-voting-app.md new file mode 100644 index 00000000000..eec0b0c5800 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-voting-app.md @@ -0,0 +1,110 @@ +--- +title: "Voting app Using Redis and Flask | Python" +h1: "Voting app Using Redis and Flask" +linktitle: "Voting app Using Redis and Flask" +meta_desc: "Voting app Using Redis and Flask How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple voting app that uses Redis for a data store and a Python Flask app for the frontend. The example has been ported from https://github.com/Azure-Samples/azure-voting-app-redis. + +The example shows how easy it is to deploy containers into production and to connect them to one another. Since the example defines a custom container, Pulumi does the following: +- Builds the Docker image +- Provisions AWS Container Registry (ECR) instance +- Pushes the image to the ECR instance +- Creates a new ECS task definition, pointing to the ECR image definition + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +1. [Configure Pulumi for Python](https://www.pulumi.com/docs/intro/languages/python/) +1. [Install Docker](https://docs.docker.com/engine/installation/) + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init aws-py-voting-app + ``` + +1. Set the AWS region and Redis password: + + ```bash + $ pulumi config set aws:region us-west-2 + $ pulumi config set redis-password --secret + ``` + +1. Run `pulumi up -y` to deploy changes: + ```bash + Updating (aws-py-voting-app): + Type Name Status Info + + pulumi:pulumi:Stack webserver-py-aws-py-voting-app created + + ├─ docker:image:Image flask-dockerimage created + + ├─ aws:ec2:Vpc app-vpc created + + ├─ aws:ecs:Cluster app-cluster created + + ├─ aws:iam:Role app-exec-role created + + ├─ aws:iam:Role app-task-role created + + ├─ aws:ecr:Repository app-ecr-repo created + + ├─ aws:ecr:LifecyclePolicy app-lifecycle-policy created + + ├─ aws:iam:RolePolicyAttachment app-exec-policy created + + ├─ aws:iam:RolePolicyAttachment app-access-policy created + + ├─ aws:iam:RolePolicyAttachment app-lambda-policy created + + ├─ aws:ecs:TaskDefinition redis-task-definition created + + ├─ aws:ec2:InternetGateway app-gateway created + + ├─ aws:ec2:SecurityGroup security-group created + + ├─ aws:ec2:Subnet app-vpc-subnet created + + ├─ aws:lb:TargetGroup redis-targetgroup created + + ├─ aws:lb:TargetGroup flask-targetgroup created + + ├─ aws:ec2:RouteTable app-routetable created + + ├─ aws:lb:LoadBalancer redis-balancer created + + ├─ aws:lb:LoadBalancer flask-balancer created + + ├─ aws:ec2:MainRouteTableAssociation app_routetable_association created + + ├─ aws:lb:Listener flask-listener created + + ├─ aws:lb:Listener redis-listener created + + ├─ aws:ecs:TaskDefinition flask-task-definition created + + ├─ aws:ecs:Service redis-service created + + └─ aws:ecs:Service flask-service created + + Outputs: + app-url: "flask-balancer-3987b84-b596c9ee2027f152.elb.us-west-2.amazonaws.com" + + Resources: + + 26 created + + Duration: 3m10s + ``` + +1. View the DNS address of the instance via `stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + app-url flask-balancer-3987b84-b596c9ee2027f152.elb.us-west-2.amazonaws.com + + ``` + +1. Verify that the EC2 instance exists, by connecting to it in a browser window. + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-webserver.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-webserver.md new file mode 100644 index 00000000000..f2d9a091071 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-webserver.md @@ -0,0 +1,87 @@ +--- +title: "Web Server Using Amazon EC2 | Python" +h1: "Web Server Using Amazon EC2" +linktitle: "Web Server Using Amazon EC2" +meta_desc: "Web Server Using Amazon EC2 How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +An example based on the Amazon sample at: +http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/deploying.applications.html. The example deploys an EC2 instance and opens port 80. + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +1. [Configure Pulumi for Python](https://www.pulumi.com/docs/intro/languages/python/) + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init python-webserver-testing + ``` + +1. Set the AWS region: + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ```bash + $ pulumi up + Previewing stack 'python-webserver-testing' + Previewing changes: + ... + + Do you want to proceed? yes + Updating stack 'python-webserver-testing' + Performing changes: + + #: Resource Type Name Status Extra Info + 1: pulumi:pulumi:Stack webserver-py-python-webserver-testing + created + 2: aws:ec2:SecurityGroup web-secgrp + created + 3: aws:ec2:Instance web-server-www + created + + info: 3 changes performed: + + 3 resources created + Update duration: 26.470339302s + + Permalink: https://pulumi.com/lindydonna/examples/webserver-py/python-webserver-testing/updates/1 + ``` + +1. View the host name and IP address of the instance via `stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + public_dns ec2-34-217-176-141.us-west-2.compute.amazonaws.com + public_ip 34.217.176.141 + ``` + +1. Verify that the EC2 instance exists, by either using the AWS Console or running `aws ec2 describe-instances`. + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-py-wordpress-fargate-rds.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-wordpress-fargate-rds.md new file mode 100644 index 00000000000..86fbba41032 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-py-wordpress-fargate-rds.md @@ -0,0 +1,111 @@ +--- +title: "WordPress Site in AWS Fargate with RDS DB Backend | Python" +h1: "WordPress Site in AWS Fargate with RDS DB Backend" +linktitle: "WordPress Site in AWS Fargate with RDS DB Backend" +meta_desc: "WordPress Site in AWS Fargate with RDS DB Backend How-to Guide using Python" +no_edit_this_page: true +cloud: aws +language: py +layout: package +--- + + + + +

+ + View Code + +

+ + +This example serves a WordPress site in AWS ECS Fargate using an RDS MySQL Backend. + +It leverages the following Pulumi concepts/constructs: + +- [Component Resources](https://www.pulumi.com/docs/intro/concepts/programming-model/#components): Allows one to create custom resources that encapsulate one's best practices. In this example, component resource is used to define a "VPC" custom resource, a "Backend" custom resource that sets up the RDS DB, and a "Frontend" resource that sets up the ECS cluster and load balancer and tasks. +- [Other Providers](https://www.pulumi.com/docs/reference/pkg/): Beyond the providers for the various clouds and Kubernetes, etc, Pulumi allows one to create and manage non-cloud resources. In this case, the program uses the Random provider to create a random password if necessary. + +This sample uses the following AWS products (and related Pulumi providers): + +- [Amazon VPC](https://aws.amazon.com/vpc): Used to set up a new virtual network in which the system is deployed. +- [Amazon RDS](https://aws.amazon.com/rds): A managed DB service used to provide the MySQL backend for WordPress. +- [Amazon ECS Fargate](https://aws.amazon.com/fargate): A container service used to run the WordPress frontend. + +## Getting Started + +There are no required configuration parameters for this project since the code will use defaults or generate values as needed - see the beginning of `__main__.py` to see the defaults. +However, you can override these defaults by using `pulumi config` to set the following values (e.g. `pulumi config set service_name my-wp-demo`). + +- `service_name` - This is used as a prefix for resources created by the Pulumi program. +- `db_name` - The name of the MySQL DB created in RDS. +- `db_user` - The user created with access to the MySQL DB. +- `db_password` - The password for the DB user. Be sure to use `--secret` if creating this config value (e.g. `pulumi config set db_password --secret`). + +## Deploying and running the program + +Note: some values in this example will be different from run to run. + +1. Create a new stack: + + ```bash + $ pulumi stack init lamp-test + ``` + +1. Set the AWS region: + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes. After the preview is shown you will be + prompted if you want to continue or not. Note: If you set the `db_password` in the configuration as described above, you will not see the `RandomPassword` resource below. + + ```bash + $ pulumi up + + pulumi:pulumi:Stack lamp-rds-wordpress-testing create + + ├─ custom:resource:VPC wp-example-net create + + │ ├─ aws:ec2:Vpc wp-example-net-vpc create + + pulumi:pulumi:Stack lamp-rds-wordpress-testing create. + + pulumi:pulumi:Stack lamp-rds-wordpress-testing create + + │ ├─ aws:ec2:Subnet wp-example-net-subnet-us-west-2a create + + │ ├─ aws:ec2:Subnet wp-example-net-subnet-us-west-2b create + + │ ├─ aws:ec2:SecurityGroup wp-example-net-rds-sg create + + │ ├─ aws:ec2:SecurityGroup wp-example-net-fe-sg create + + │ ├─ aws:ec2:RouteTableAssociation vpc-route-table-assoc-us-west-2a create + + │ └─ aws:ec2:RouteTableAssociation vpc-route-table-assoc-us-west-2b create + + ├─ random:index:RandomPassword db_password create + + ├─ custom:resource:Backend wp-example-be create + + │ ├─ aws:rds:SubnetGroup wp-example-be-sng create + + │ └─ aws:rds:Instance wp-example-be-rds create + + └─ custom:resource:Frontend wp-example-fe create + + ├─ aws:ecs:Cluster wp-example-fe-ecs create + + ├─ aws:iam:Role wp-example-fe-task-role create + + ├─ aws:lb:TargetGroup wp-example-fe-app-tg create + + ├─ aws:iam:RolePolicyAttachment wp-example-fe-task-policy create + + ├─ aws:lb:LoadBalancer wp-example-fe-alb create + + ├─ aws:lb:Listener wp-example-fe-listener create + + └─ aws:ecs:Service wp-example-fe-app-svc create + + ``` + +1. The program outputs the following values: + +- `DB Endpoint`: This is the RDS DB endpoint. By default, the DB is deployed to disallow public access. This can be overriden in the resource declaration for the backend. +- `DB Password`: This is managed as a secret. To see the value, you can use `pulumi stack output --show-secrets` +- `DB User Name`: The user name for access the DB. +- `ECS Cluster Name`: The name of the ECS cluster created by the stack. +- `Web Service URL`: This is a link to the load balancer fronting the WordPress container. Note: It may take a few minutes for AWS to complete deploying the service and so you may see a 503 error initially. + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + +## Troubleshooting + +### 503 Error for the Web Service + +AWS can take a few minutes to complete deploying the WordPress container and connect the load balancer to the service. So you may see a 503 error for a few minutes right after launching the stack. You can see the status of the service by looking at the cluster in AWS. + +## Deployment Speed + +Since the stack creates an RDS instance, ECS cluster, load balancer, ECS service, as well as other elements, the stack can take about 4-5 minutes to launch and become ready. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-airflow.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-airflow.md new file mode 100644 index 00000000000..1d7aaa42192 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-airflow.md @@ -0,0 +1,62 @@ +--- +title: "RDS Postgres and Containerized Airflow | TypeScript" +h1: "RDS Postgres and Containerized Airflow" +linktitle: "RDS Postgres and Containerized Airflow" +meta_desc: "RDS Postgres and Containerized Airflow How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A Pulumi program to deploy an RDS Postgres instance and containerized Airflow. + +## Deploying and running the program + +For more information on how to run this example, see: https://www.pulumi.com/docs/ and https://www.pulumi.com/docs/get-started/ + +1. Create a new stack: + + ```bash + $ pulumi stack init airflow + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-1 + ``` + +1. Set the desired RDS password with: + + ``` + $ pulumi config set --secret airflow:dbPassword DESIREDPASSWORD + ``` + +1. Restore NPM modules via `yarn install`. +1. Run `pulumi up` to preview and deploy changes. After the preview is shown you will be + prompted if you want to continue or not. + +``` +Previewing update of stack 'airflow' +Previewing changes: + + Type Name Plan Info + + pulumi:pulumi:Stack airflow create +... +``` + + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ansible-wordpress.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ansible-wordpress.md new file mode 100644 index 00000000000..7d2c77e60ec --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ansible-wordpress.md @@ -0,0 +1,165 @@ +--- +title: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible | TypeScript" +h1: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +linktitle: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +meta_desc: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +This project demonstrates how to use Pulumi and Ansible together. Pulumi handles provisioning the AWS infrastructure +required to run Wordpress on an EC2 instance, with an RDS MySQL database, running inside of a VPC with proper public +and private subnets, and exposed to the Internet using an Elastic IP address. Ansible handles configuring the EC2 +virtual machine after it's been provisioned with a playbook that knows how to install and configure Wordpress. +The entire deployment is orchestrated by Pulumi in a single `pulumi up` thanks to the +[Command package](https://www.pulumi.com/registry/packages/command) which runs a combination of local and remote SSH +commands to accomplish the desired effect. The result is repeatable automation that both provisions and configures. + +> Note: This code was adapted from https://github.com/devbhusal/terraform-ansible-wordpress. Thank you devbhusal! + +> Note: This example is available in many languages: +> +> * [C#](../aws-cs-ansible-wordpress) +> * [Java](../aws-java-ansible-wordpress) +> * [Go](../aws-go-ansible-wordpress) +> * [TypeScript](../aws-ts-ansible-wordpress) +> * [YAML](../aws-yaml-ansible-wordpress) + +## Prerequisites + +* [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +* [Install Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) +* [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +## Deploying Your Infrastructure + +After cloning this repo, from this working directory, run these commands: + +1. Create a new stack, an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Generate a key pair which will be used to access your EC2 instance over SSH: + + ```bash + $ ssh-keygen -f wordpress-keypair + ``` + + This will create two files: your private (`wordpress-keypair`) and your public (`wordpress-keypair.pub`) + keys. Keep your private key safe, since anybody with access to it can log into your EC2 machine! + + Note that you may choose a different file name if you're creating multiple stacks, for instance. + +3. Set the required configuration variables, choosing any valid AWS region. The code is written in such + a way to work in any AWS region, including fetching the right Amazon Linux 2 AMI and availability zones: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region + $ pulumi config set publicKeyPath wordpress-keypair.pub # your newly generated public key + $ pulumi config set privateKeyPath wordpress-keypair # your newly generated private key + $ pulumi config set dbPassword Sup45ekreT#123 --secret # your RDS database password -- keep it safe! + ``` + + There are some other optional variables you can set if you choose. Feel free to skip these. If you don't + set them, they'll receive the default values shown below: + + ```bash + $ pulumi config set dbInstanceSize db.t3.small # the RDS instance size to use + $ pulumi config set dbName wordpressdb # the name of the Wordpress database in RDS + $ pulumi config set dbUsername admin # the name of the Wordpress user that will be used + $ pulumi config set ec2InstanceSize t3.small # the EC2 instance size to provision + ``` + +4. Now all you need to do is run `pulumi up`. This will do all of the magic, and you'll see various + things going on in the output: resources being created in AWS, commands being run locally and remotely, + and the Ansible Playbook running and provisioning your Wordpress server: + + ```bash + $ pulumi up + Updating (dev) + + Type Name Status Info + + pulumi:pulumi:Stack pulumi-ansible-wordpress-dev created + + ├─ aws:ec2:Vpc prod-vpc created + + ├─ aws:ec2:KeyPair wordpress-keypair created + + ├─ aws:ec2:Subnet prod-subnet-private-1 created + + ├─ aws:ec2:InternetGateway prod-igw created + + ├─ aws:ec2:Subnet prod-subnet-private-2 created + + ├─ aws:ec2:Subnet prod-subnet-public-1 created + + ├─ aws:ec2:SecurityGroup ec2-allow-rule created + + ├─ aws:ec2:RouteTable prod-public-rt created + + ├─ aws:rds:SubnetGroup rds-subnet-grp created + + ├─ aws:ec2:SecurityGroup rds-allow-rule created + + ├─ aws:rds:Instance wordpressdb created + + ├─ aws:ec2:RouteTableAssociation prod-rta-public-subnet-1 created + + ├─ aws:ec2:Instance wordpress-instance created + + ├─ command:local:Command renderPlaybookCmd created + + ├─ aws:ec2:Eip wordpress-eip created + + ├─ command:remote:Command updatePythonCmd created 12 messages + + └─ command:local:Command playAnsiblePlaybookCmd created + + Diagnostics: + command:remote:Command (updatePythonCmd): + ... + + Outputs: + url: "35.83.214.168" + + Resources: + + 18 created + + Duration: 8m13s + ``` + +5. After a few minutes, your new server will be ready! Its automatically-allocated EIP is printed at the end + as `url`. You can access it with the `pulumi stack output` command: + + ```bash + $ pulumi stack output url + 35.83.214.168 + ``` + +6. Because of the network configuration, the EC2 server is available over port 80 on the Internet. (The RDS + database, on the other hand, is not). Let's `curl` the endpoint: + + ```bash + $ curl -L http://$(pulumi stack output url) + + + ... + + ... + ``` + + Alternatively, open a web browser to interact with your new Wordpress server: + + ```bash + $ open http://$(pulumi stack output url) + ``` + + ![Wordpress Screenshot](https://raw.githubusercontent.com/pulumi/examples/master/aws-ts-ansible-wordpress/wordpress.png) + +7. From there, feel free to experiment. You can simply make edits, rerun `pulumi up`, and it will incrementally + update and deploy any changes you have made. + +8. After you're done, you can destroy your stack and remove it, eliminating all AWS resources: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-auth0.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-auth0.md new file mode 100644 index 00000000000..de3a3871ac1 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-auth0.md @@ -0,0 +1,134 @@ +--- +title: "Secure Serverless REST API Using Auth0 | TypeScript" +h1: "Secure Serverless REST API Using Auth0" +linktitle: "Secure Serverless REST API Using Auth0" +meta_desc: "Secure Serverless REST API Using Auth0 How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple REST API that is protected by a custom AWS Lambda Authorizer. The Authorizer uses [Auth0](https://auth0.com/) to authorize requests. + +This example is similar to Auth0's tutorial: [Secure AWS API Gateway Endpoints Using Custom Authorizers](https://auth0.com/docs/integrations/aws-api-gateway/custom-authorizers), but uses Pulumi to create the Serverless app and Custom Authorizer. + +## Set Up Auth0 + +You can follow the steps below or alternatively you can follow [Auth0's Part 1: Create an Auth0 API](https://auth0.com/docs/integrations/aws-api-gateway/custom-authorizers/part-1). + +1. [Sign up](https://auth0.com/signup) for an Auth0 account or login if you already have one. + +1. Click on `APIs` in the left-hand menu. + +1. Click `Create API`. + + * Enter a name and Identifier for you New API. + * Select RS256 as the Signing Algorithm. + * Click `Create`. + +1. Under the `Quick Start` tab, the Node.js example will show you the values for `jwksUri`, `audience` and `issuer` you will need in the next section. + +## Deploying and Running the Program + +1. Create a new stack: + + ```bash + pulumi stack init auth0-api-testing + ``` + +1. Set the AWS region: + + ```bash + pulumi config set aws:region us-east-2 + ``` + +1. Set up the Auth0 configuration values as secrets in Pulumi: + + Run the following commands after replacing ``, `` and `` with the appropriate values. + + ```bash + pulumi config set --secret jwksUri + pulumi config set --secret audience + pulumi config set --secret issuer + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up` to preview and deploy changes: + +```bash +$ pulumi up +Previewing update (dev): + +... + +Updating (dev): + + Type Name Status Info + + pulumi:pulumi:Stack lambda-authorizer-dev created 1 message + + ├─ aws:apigateway:x:API myapi created + + │ ├─ aws:iam:Role myapi70a45a97 created + + │ ├─ aws:iam:RolePolicyAttachment myapi70a45a97-32be53a2 created + + │ ├─ aws:lambda:Function myapi70a45a97 created + + │ ├─ aws:apigateway:RestApi myapi created + + │ ├─ aws:apigateway:Deployment myapi created + + │ ├─ aws:lambda:Permission myapi-31a4e902 created + + │ └─ aws:apigateway:Stage myapi created + + ├─ aws:iam:Role jwt-rsa-custom-authorizer created + + ├─ aws:iam:Role jwt-rsa-custom-authorizer-authorizer-role created + + ├─ aws:iam:RolePolicyAttachment jwt-rsa-custom-authorizer-32be53a2 created + + ├─ aws:lambda:Function jwt-rsa-custom-authorizer created + + └─ aws:iam:RolePolicy jwt-rsa-custom-authorizer-invocation-policy created + +Outputs: + url: "https://***.execute-api.us-east-2.amazonaws.com/stage/" + +Resources: + + 14 created + +Duration: 18s +``` + +## Testing Our API + +We can now use cURL to test out our new endpoint. If we cURL without a token, we should get a 401 Unauthorized response. + +```bash +$ curl $(pulumi stack output url)hello +{"message":"Unauthorized"} +``` + +We can curl our endpoint with an invalid token and should once again get a 401 Unauthorized response. + +```bash +$ curl $(pulumi stack output url)hello -H "Authorization: Bearer invalid" +{"message":"Unauthorized"} +``` + +Finally, we expect a 200 response when we obtain a token from Auth0 and use it to call our API. We can get a token by visiting the API Details page for our API and clicking the Test tab. Using the provided access token and the API a 200 response: Hello world! + +```bash +$ curl $(pulumi stack output url)hello -H "Authorization: Bearer " +

Hello world!

+``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-eventbridge.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-eventbridge.md new file mode 100644 index 00000000000..27a630ac4f7 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-eventbridge.md @@ -0,0 +1,101 @@ +--- +title: "API Gateway V1 to EventBridge | TypeScript" +h1: "API Gateway V1 to EventBridge" +linktitle: "API Gateway V1 to EventBridge" +meta_desc: "API Gateway V1 to EventBridge How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +[![Deploy with Pulumi](https://get.pulumi.com/new/button.svg)](https://app.pulumi.com/new?template=https://github.com/pulumi/examples/tree/master/aws-ts-apigateway-eventbridge) + +This example demonstrates an API Gateway V1 integration with EventBridge and Lambda that also validates request bodies (using an API Gateway model) and returns a custom HTTP response. + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/). +1. [Install Node.js](https://www.pulumi.com/docs/intro/languages/javascript/). +1. Configure your [AWS credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/). + +### Deploying the App + +1. Clone this repo, change to this directory, then create a new [stack](https://www.pulumi.com/docs/intro/concepts/stack/) for the project: + + ```bash + pulumi stack init + ``` + +1. Specify an AWS region to deploy into: + + ```bash + pulumi config set aws:region us-west-2 + ``` + +1. Install Node dependencies and run Pulumi: + + ```bash + npm install + pulumi up + ``` + +1. In a few moments, the API Gateway instance service will be up and running and its public URL emitted as a Pulumi [stack output](https://www.pulumi.com/docs/intro/concepts/stack/#outputs). + + ```bash + ... + Outputs: + url: "https://andchh8hg8.execute-api.us-west-2.amazonaws.com/dev" + ``` + +1. Verify the deployment with `curl`: + + With invalid POST data: + + ```bash + curl --data '{"some-invalid-property-name": "Chris"}' --header "Content-Type: application/json" "$(pulumi stack output url)/uploads" + + HTTP/2 400 + {"message": "Invalid request body"} + ``` + + With valid POST data: + + ```bash + curl --data '{"name": "Chris"}' --header "Content-Type: application/json" "$(pulumi stack output url)/uploads" + + HTTP/2 201 + {"accepted":true} + ``` + +1. Verify the Lambda was invoked with `pulumi logs`: + + ```bash + pulumi logs --follow + + Collecting logs for stack dev since 2022-01-06T16:18:48.000-08:00. + ... + + { + source: 'my-event-source', + detail: { 'name': 'Chris' } + } + ``` + +1. When you're ready, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-lambda-serverless.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-lambda-serverless.md new file mode 100644 index 00000000000..a0f293ae5bd --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway-lambda-serverless.md @@ -0,0 +1,109 @@ +--- +title: "Lambda-backed REST API | TypeScript" +h1: "Lambda-backed REST API" +linktitle: "Lambda-backed REST API" +meta_desc: "Lambda-backed REST API How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple API demonstrating an integration between AWS API Gateway (REST) and AWS Lambda. + +## Deploying and running the program + +This example provides API endpoints which are executed by lambda using TypeScript and AWS. + +This sample uses the following AWS products: + +- [Amazon API Gateway](https://aws.amazon.com/api-gateway/) is used as an API proxy +- [AWS Lambda](https://aws.amazon.com/lambda/) is used to process API events by executing typescript/javascript code + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. Create a new stack: + + ```bash + $ pulumi stack init aws-ts-apigateway-lambda-serverless + ``` + +3. Set the AWS region: + + ```bash + $ pulumi config set aws:region us-east-2 + ``` + +4. Install NPM modules via `npm install` or `yarn install`. + +## Deploy the App + +1. Run `pulumi up` to preview and deploy changes: + + ```bash + `Updating (aws-ts-apigateway-lambda-serverless) + + View Live: https://app.pulumi.com/***/aws-ts-apigateway-lambda-serverless/aws-ts-apigateway-lambda-serverless/updates/1 + + Type Name Status + + pulumi:pulumi:Stack aws-ts-apigateway-lambda-serverless-aws-ts-apigateway-lambda-serverless created + + └─ aws:apigateway:x:API hello-world created + + ├─ aws:iam:Role hello-world40ecbb97 created + + ├─ aws:iam:Policy hello-world2bb21f83-LambdaFullAccess created + + ├─ aws:iam:Role hello-world2bb21f83 created + + ├─ aws:iam:Role hello-world4fcc7b60 created + + ├─ aws:iam:Policy hello-world40ecbb97-LambdaFullAccess created + + ├─ aws:iam:Policy hello-world4fcc7b60-LambdaFullAccess created + + ├─ aws:lambda:Function hello-world40ecbb97 created + + ├─ aws:lambda:Function hello-world2bb21f83 created + + ├─ aws:iam:RolePolicyAttachment hello-world2bb21f83-lambdaFullAccessCopyAttachment created + + ├─ aws:iam:RolePolicyAttachment hello-world40ecbb97-lambdaFullAccessCopyAttachment created + + ├─ aws:lambda:Function hello-world4fcc7b60 created + + ├─ aws:iam:RolePolicyAttachment hello-world4fcc7b60-lambdaFullAccessCopyAttachment created + + ├─ aws:apigateway:RestApi hello-world created + + ├─ aws:apigateway:Deployment hello-world created + + ├─ aws:lambda:Permission hello-world-29d762f7 created + + ├─ aws:lambda:Permission hello-world-86405973 created + + ├─ aws:lambda:Permission hello-world-d21e9c98 created + + └─ aws:apigateway:Stage hello-world created + + Outputs: + endpointUrl: "https://***.execute-api.us-east-2.amazonaws.com/stage/" + + Resources: + + 20 created + + Duration: 36s` + ``` + +2. To view the runtime logs of the Lambda function, use the `pulumi logs` command. To get a log stream, use `pulumi logs --follow`. + +## Clean Up + +1. Run `pulumi destroy` to tear down all resources. + +2. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + +## Summary + +In this tutorial, you built a lambda-backed API on AWS using API Gateway, lambda functions, and Pulumi. This serverless solution is highly scaleable, resilient, and stateless. + + +## Next Steps + +- [Create a frontend to interact with this api](https://www.pulumi.com/docs/tutorials/aws/s3-website/) + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway.md new file mode 100644 index 00000000000..59c50df946d --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigateway.md @@ -0,0 +1,99 @@ +--- +title: "Serverless REST API | TypeScript" +h1: "Serverless REST API" +linktitle: "Serverless REST API" +meta_desc: "Serverless REST API How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple REST API that counts the number of times a route has been hit. For a detailed walkthrough of this example, see the article [Create a Serverless REST API](https://www.pulumi.com/docs/tutorials/aws/rest-api/). + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ```bash + $ pulumi stack init count-api-testing + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-2 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update of stack 'count-api-testing' + ... + + Updating (count-api-testing): + + Type Name Status + + pulumi:pulumi:Stack aws-ts-apigateway-count-api-testing created + + ├─ aws:apigateway:x:API hello-world created + + │ ├─ aws:iam:Role hello-world4fcc7b60 created + + │ ├─ aws:iam:RolePolicyAttachment hello-world4fcc7b60-32be53a2 created + + │ ├─ aws:lambda:Function hello-world4fcc7b60 created + + │ ├─ aws:apigateway:RestApi hello-world created + + │ ├─ aws:apigateway:Deployment hello-world created + + │ ├─ aws:lambda:Permission hello-world-a552609d created + + │ └─ aws:apigateway:Stage hello-world created + + └─ aws:dynamodb:Table counterTable created + + Outputs: + endpoint: "https://***execute-api.us-east-2.amazonaws.com/stage/" + + Resources: + + 10 created + + Duration: 24s + ``` + +1. View the endpoint URL and curl a few routes: + + ```bash + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + endpoint https://***.us-east-2.amazonaws.com/stage/ + + $ curl $(pulumi stack output endpoint)/hello + {"route":"hello","count":1} + $ curl $(pulumi stack output endpoint)/hello + {"route":"hello","count":2} + $ curl $(pulumi stack output endpoint)/woohoo + {"route":"woohoo","count":1} + ``` + +1. To view the runtime logs of the Lambda function, use the `pulumi logs` command. To get a log stream, use `pulumi logs --follow`. + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-eventbridge.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-eventbridge.md new file mode 100644 index 00000000000..9337bc2c651 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-eventbridge.md @@ -0,0 +1,87 @@ +--- +title: "API Gateway V2 to EventBridge | TypeScript" +h1: "API Gateway V2 to EventBridge" +linktitle: "API Gateway V2 to EventBridge" +meta_desc: "API Gateway V2 to EventBridge How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +[![Deploy with Pulumi](https://get.pulumi.com/new/button.svg)](https://app.pulumi.com/new?template=https://github.com/pulumi/examples/tree/master/aws-ts-apigatewayv2-eventbridge) + +This example creates an API Gateway V2 proxy integration with EventBridge and Lambda. It defines a single API Gateway endpoint that publishes events to an EventBridge event bus, and an accompanying event rule that matches those events and invokes a Lambda function. + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/). +1. [Install Node.js](https://www.pulumi.com/docs/intro/languages/javascript/). +1. Configure your [AWS credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/). + +### Deploying the App + +1. Clone this repo, change to this directory, then create a new [stack](https://www.pulumi.com/docs/intro/concepts/stack/) for the project: + + ```bash + pulumi stack init + ``` + +1. Specify an AWS region to deploy into: + + ```bash + pulumi config set aws:region us-west-2 + ``` + +1. Install Node dependencies and run Pulumi: + + ```bash + npm install + pulumi up + ``` + +1. In a few moments, the API Gateway instance service will be up and running and its public URL emitted as a Pulumi [stack output](https://www.pulumi.com/docs/intro/concepts/stack/#outputs). + + ```bash + ... + Outputs: + url: "https://andchh8hg8.execute-api.us-west-2.amazonaws.com/dev" + ``` + +1. Verify the deployment with `curl` and `pulumi logs`: + + ```bash + curl --data '{"some-key": "some-value"}' --header "Content-Type: application/json" "$(pulumi stack output url)/uploads" + + {"Entries":[{"EventId":"cdc44763-6976-286c-9378-7cce674dff81"}],"FailedEntryCount":0} + ``` + + ```bash + pulumi logs --follow + + Collecting logs for stack dev since 2022-01-06T16:18:48.000-08:00. + ... + + { + source: 'my-event-source', + detail: { 'some-key': 'some-value' } + } + ``` + +1. When you're ready, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-http-api-quickcreate.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-http-api-quickcreate.md new file mode 100644 index 00000000000..b2cd9d2fd14 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-http-api-quickcreate.md @@ -0,0 +1,91 @@ +--- +title: "AWS API Gateway V2 HTTP API Quickstart | TypeScript" +h1: "AWS API Gateway V2 HTTP API Quickstart" +linktitle: "AWS API Gateway V2 HTTP API Quickstart" +meta_desc: "AWS API Gateway V2 HTTP API Quickstart How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +Set up a simple HTTP API using AWS API Gateway V2 + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ```bash + $ pulumi stack init http-api + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-2 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (http-api) + ... + + Updating (http-api) + + Type Name Status + + pulumi:pulumi:Stack aws-ts-apigatewayv2-quickstart-http-api created + + ├─ aws:iam:Role lambdaRole created + + ├─ aws:lambda:Function lambdaFunction created + + ├─ aws:iam:RolePolicyAttachment lambdaRoleAttachment created + + ├─ aws:apigatewayv2:Api httpApiGateway created + + └─ aws:lambda:Permission lambdapermission created + + Outputs: + endpoint: "https://****.execute-api.us-east-2.amazonaws.com" + + Resources: + + 6 created + + Duration: 22s + ``` + +1. View the endpoint URL and curl a few routes: + + ```bash + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + endpoint https://***.execute-api.us-east-2.amazonaws.com + + $ curl $(pulumi stack output endpoint) + Hello, Pulumi! + ``` + +1. To view the runtime logs of the Lambda function, use the `pulumi logs` command. To get a log stream, use `pulumi logs --follow`. + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-http-api.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-http-api.md new file mode 100644 index 00000000000..879bf1fb032 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-apigatewayv2-http-api.md @@ -0,0 +1,93 @@ +--- +title: "AWS API Gateway V2 HTTP API | TypeScript" +h1: "AWS API Gateway V2 HTTP API" +linktitle: "AWS API Gateway V2 HTTP API" +meta_desc: "AWS API Gateway V2 HTTP API How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +Set up a HTTP API using AWS API Gateway V2, complete with a route, stage and integration. + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ```bash + $ pulumi stack init http-api + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-2 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (http-api) + ... + + Updating (http-api) + + Type Name Status + + pulumi:pulumi:Stack aws-ts-apigatewayv2-http-api-http-api created + + ├─ aws:apigatewayv2:Api httpApiGateway created + + ├─ aws:iam:Role lambdaRole created + + ├─ aws:lambda:Function lambdaFunction created + + ├─ aws:iam:RolePolicyAttachment lambdaRoleAttachment created + + ├─ aws:lambda:Permission lambdaPermission created + + ├─ aws:apigatewayv2:Integration lambdaIntegration created + + ├─ aws:apigatewayv2:Route apiRoute created + + └─ aws:apigatewayv2:Stage apiStage created + + Outputs: + endpoint: "https://****.execute-api.us-east-2.amazonaws.com/http-api" + + Resources: + + 9 created + + Duration: 33s + ``` + +1. View the endpoint URL and curl a few routes: + + ```bash + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + endpoint https://***.execute-api.us-east-2.amazonaws.com/http-api + + $ curl $(pulumi stack output endpoint) + Hello, Pulumi! + ``` + +1. To view the runtime logs of the Lambda function, use the `pulumi logs` command. To get a log stream, use `pulumi logs --follow`. + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-appsync.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-appsync.md new file mode 100644 index 00000000000..8c3f6c86d71 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-appsync.md @@ -0,0 +1,80 @@ +--- +title: "GraphQL Endpoint in AWS AppSync | TypeScript" +h1: "GraphQL Endpoint in AWS AppSync" +linktitle: "GraphQL Endpoint in AWS AppSync" +meta_desc: "GraphQL Endpoint in AWS AppSync How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example shows how to set up a basic GraphQL endpoint in AWS AppSync. The endpoint contains one query and one mutation that get and put items to a Dynamo DB table. + +## Deploying and running the Pulumi App + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-2 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (dev): + ... + + Updating (dev): + ... + Resources: + + 10 created + Duration: 20s + ``` + +1. Check the deployed GraphQL endpoint: + + ``` + $ pulumi stack output endpoint + https://***.appsync-api.us-east-2.amazonaws.com/graphql + $ pulumi stack output key + ***sensitivekey*** + $ curl -XPOST -H "Content-Type:application/graphql" -H "x-api-key:$(pulumi stack output key)" -d '{ "query": "mutation AddTenant { addTenant(id: \"123\", name: \"FirstCorp\") { id name } }" }' "$(pulumi stack output endpoint)" + { + "data": { + "addTenant": { + "id": "123", + "name": "FirstCorp" + } + } + } + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-assume-role.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-assume-role.md new file mode 100644 index 00000000000..7503e9ea361 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-assume-role.md @@ -0,0 +1,114 @@ +--- +title: "AWS Resources Using AssumeRole | TypeScript" +h1: "AWS Resources Using AssumeRole" +linktitle: "AWS Resources Using AssumeRole" +meta_desc: "AWS Resources Using AssumeRole How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +This example demonstrates how to use the AssumeRole functionality of the AWS provider in order to create resources in +the security context of an IAM Role assumed by the IAM User running the Pulumi program. + +## Deploying the Example + +These instructions assume you are familiar with running Pulumi programs written in TypeScript. Some other examples which +describe each step in more detail are: + +- [`aws-ts-eks`][eks] - Deploying an AWS EKS cluster +- [`aws-ts-ruby-on-rails`][rails] - Deploying a Ruby on Rails app to EC2 instances + +### Part 1: Privileged Components + +The Pulumi program in `create-role` requires credentials with permissions to create an IAM User, an IAM Role, and assign +an AWS Access Key to the user. The program creates a new, unprivileged user with no policies attached, and a role which +specifies a trust policy allowing assumption by the unprivileged user. The role allows the `s3:*` actions on all +resources. + +You'll need to set the `create-role:unprivilegedUsername` configuration variable to the name of the unprivilged user, as +well as the AWS region in which to operate. + +```bash +$ cd create-role +$ npm install +$ pulumi stack init assume-role-create +$ pulumi config set create-role:unprivilegedUsername somebody@pulumi.com +$ pulumi config set aws:region us-east-1 +$ pulumi up +``` + +The program can then be run with `pulumi up`. The outputs of the program tell you the ARN of the Role, and the Access +Key ID and Secret associated with the User: + +``` +$ pulumi stack output --json +{ + "accessKeyId": "AKIAI7JE74TLY2LOEIJA", + "secretAccessKey": "[secret]", + "roleArn": "arn:aws:iam:::role/allow-s3-management-ad477e6" +} +``` +If we just use the above command then the secretAccessKey would not be shown. In order to show the secret value use this + +``` +$ pulumi stack output --json --show-secrets +{ + "accessKeyId": "AKIAYJ7EUPHL3DSDH4CX", + "secretAccessKey": "[plain text value]", + "roleArn": "arn:aws:iam::571173272023:role/allow-s3-management-fcc71c0" +} +``` + +### Part 2: Assuming the Role + +The Pulumi program in `assume-role` creates an S3 bucket after assuming the Role created in Part 1. It should be run +with the unprivileged user credentials created in Part 1. This can be configured as follows, from the `assume-role` +directory, replacing `{YOUR_STACK_PATH/assume-role-create}` with the full name of your stack from Part 1. Full name of your stack is available at [`app.pulumi.com`][app] + +```bash +$ cd assume-role +$ npm install +$ export AWS_ACCESS_KEY_ID="$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} accessKeyId)" +$ export AWS_SECRET_ACCESS_KEY="$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} --show-secrets secretAccessKey)" +``` + +The configuration variable `roleToAssumeARN` must be set to the ARN of the role allowing S3 access, and the AWS region +must be set to the region in which you wish to operate: + +```bash +$ pulumi stack init assume-role-assume +$ pulumi config set roleToAssumeARN "$(pulumi stack output --stack {YOUR_STACK_PATH/assume-role-create} roleArn)" +$ pulumi config set aws:region us-east-1 +``` + +Unset the AWS_SESSION_TOKEN or any additional credential setting if you have set for previous access + +``` +$ unset AWS_SESSION_TOKEN +``` + +The program can then be run with `pulumi up`. You can verify that the role is indeed assumed by looking at the +CloudTrail logs of the bucket creation operation, or by commenting out the `assumeRole` configuration in the provider +and ensuring creation is not successful. + +### Clean up + +To clean up your resources, run `pulumi destroy` and respond yes to the +confirmation prompt. + +[app]: https://app.pulumi.com/ +[eks]: https://github.com/pulumi/examples/tree/master/aws-ts-eks +[rails]: https://github.com/pulumi/examples/tree/master/aws-ts-ruby-on-rails + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-containers.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-containers.md new file mode 100644 index 00000000000..f04f011b2c3 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-containers.md @@ -0,0 +1,85 @@ +--- +title: "Easy container example | TypeScript" +h1: "Easy container example" +linktitle: "Easy container example" +meta_desc: "Easy container example How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +Companion to the tutorial [Provision containers on AWS](https://www.pulumi.com/docs/tutorials/aws/ecs-fargate/). + +## Prerequisites + +To run this example, make sure [Docker](https://docs.docker.com/engine/installation/) is installed and running. + +## Running the App + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ``` + $ pulumi stack init containers-dev + ``` + +1. Configure Pulumi to use an AWS region that supports Fargate (you can view a list of supported regions in the [AWS documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate-Regions.html)): + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Preview and deploy the app via `pulumi up`. The preview will take a few minutes, as it builds a Docker container. A total of 19 resources are created. + + ``` + $ pulumi up + ``` + +1. View the endpoint URL, and run curl: + + ```bash + $ pulumi stack output + Current stack outputs (1) + OUTPUT VALUE + hostname http://***.elb.us-west-2.amazonaws.com + + $ curl $(pulumi stack output hostname) + + + Hello, Pulumi! + +

Hello, S3!

+

Made with ❤️ with Pulumi

+ + ``` + +1. To view the runtime logs from the container, use the `pulumi logs` command. To get a log stream, use `pulumi logs --follow`. + + ``` + $ pulumi logs --follow + Collecting logs for stack aws-ts-containers-dev since 2018-05-22T14:25:46.000-07:00. + 2018-05-22T15:33:22.057-07:00[ pulumi-nginx] 172.31.13.248 - - [22/May/2018:22:33:22 +0000] "GET / HTTP/1.1" 200 189 "-" "curl/7.54.0" "-" + ``` + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ec2-provisioners.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ec2-provisioners.md new file mode 100644 index 00000000000..8d87adaa5f2 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ec2-provisioners.md @@ -0,0 +1,63 @@ +--- +title: "AWS WebServer with Manual Provisioning | TypeScript" +h1: "AWS WebServer with Manual Provisioning" +linktitle: "AWS WebServer with Manual Provisioning" +meta_desc: "AWS WebServer with Manual Provisioning How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +This demonstrates using the [`@pulumi/command`](https://www.pulumi.com/registry/packages/command/) package to accomplish post-provisioning configuration steps. + +Using these building blocks, one can accomplish much of the same as Terraform provisioners. + +## Running the Example + +First, create a stack, using `pulumi stack init`. + +Now, we need to ensure that our dependencies are installed: + +``` +$ npm install +``` + +Next, generate an OpenSSH keypair for use with your server - as per the AWS [Requirements][1] + +``` +$ ssh-keygen -t rsa -f rsa -m PEM +``` + +This will output two files, `rsa` and `rsa.pub`, in the current directory. Be sure not to commit these files! + +We then need to configure our stack so that the public key is used by our EC2 instance, and the private key used +for subsequent SCP and SSH steps that will configure our server after it is stood up. + +``` +$ cat rsa.pub | pulumi config set publicKey -- +$ cat rsa | pulumi config set privateKey --secret -- +``` + +Notice that we've used `--secret` for `privateKey`. This ensures the private key is stored as an encrypted [Pulumi secret](https://www.pulumi.com/docs/intro/concepts/secrets/). + +Also set your desired AWS region: + +``` +$ pulumi config set aws:region us-west-2 +``` + +From there, you can run `pulumi up` and all resources will be provisioned and configured. + +[1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#how-to-generate-your-own-key-and-import-it-to-aws + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ecs-anywhere.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ecs-anywhere.md new file mode 100644 index 00000000000..c8b45860324 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ecs-anywhere.md @@ -0,0 +1,172 @@ +--- +title: "ECS Anywhere | TypeScript" +h1: "ECS Anywhere" +linktitle: "ECS Anywhere" +meta_desc: "ECS Anywhere How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example from our [ECS Anywhere launchblog post](https://pulumi.com/blog/ecs-anywhere-launch/) shows how to deploy an ECS cluster along with a dockerized app to Digital Ocean. + +To do this, we use Pulumi infrastructure as code to provision an +[Elastic Container Service (ECS)](https://aws.amazon.com/ecs/) cluster, build our `Dockerfile` and deploy the +resulting image to a private [Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/) repository, and then create +a set of DigitalOcean droplets behind a load balancer to allow for zero downtime updates. + +## Prerequisites + +- [Node.js](https://nodejs.org/en/download/) +- [Download and install the Pulumi CLI](https://www.pulumi.com/docs/get-started/install/) +- [Connect Pulumi with your AWS account](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) (if your AWS CLI is configured, no further changes are required) +- [Connect Pulumi with your DigitalOcean account](https://www.pulumi.com/docs/intro/cloud-providers/digitalocean/setup/) + +## Running the Example + +After cloning this repo, `cd` into it and run these commands: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init dev + ``` + +2. Set your desired AWS region: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region will work + ``` + +3. Deploy everything with a single `pulumi up` command. This will show you a preview of changes first, which + includes all of the required AWS resources (clusters, services, and the like). Don't worry if it's more than + you expected -- this is one of the benefits of Pulumi, it configures everything so that so you don't need to! + + ```bash + $ pulumi up + ``` + + After being prompted and selecting "yes", your deployment will begin. It'll complete in a few minutes: + + ``` + Updating (dev) + + View Live: https://app.pulumi.com/acmecorp/ecs-anywhere/dev/updates/1 + + Type Name Status Info + + pulumi:pulumi:Stack ecs-anywhere-dev created + + ├─ awsx:ecr:Repository app created 1 warning + + │ ├─ aws:ecr:Repository app created + + │ └─ aws:ecr:LifecyclePolicy app created + + ├─ aws:ecs:Cluster cluster created + + ├─ aws:cloudwatch:LogGroup logGroup created + + ├─ digitalocean:index:Tag lb created + + ├─ aws:iam:Role taskRole created + + ├─ aws:iam:Role taskExecutionRole created + + ├─ aws:iam:Role ssmRole created + + ├─ digitalocean:index:LoadBalancer lb created + + ├─ aws:iam:RolePolicy taskRolePolicy created + + ├─ aws:iam:RolePolicyAttachment rpa-ecsanywhere-ecstaskexecution created + + ├─ aws:ssm:Activation ecsanywhere-ssmactivation created + + ├─ aws:iam:RolePolicyAttachment rpa-ssmrole-ec2containerservice created + + ├─ aws:iam:RolePolicyAttachment rpa-ssmrole-ssminstancecore created + + ├─ digitalocean:index:Droplet droplet-2 created + + ├─ digitalocean:index:Droplet droplet-1 created + + ├─ aws:ecs:TaskDefinition taskdefinition created + + └─ aws:ecs:Service service created + + Diagnostics: + awsx:ecr:Repository (app): + warning: #1 [internal] load build definition from Dockerfile + #1 sha256:38516bdd0cbad0e22408bbea5254622aec0138fd2cf3ef0adfec28b25b5fc3f6 + #1 transferring dockerfile: 242B 0.0s done + #1 DONE 0.0s + + #2 [internal] load .dockerignore + #2 sha256:48fc15527102239b1078c71214dc7f13b0f1e36f5b6d2bb92b7843c8a52eca87 + #2 transferring context: 52B done + #2 DONE 0.0s + + #3 [internal] load metadata for docker.io/library/node:15-alpine + #3 sha256:3dbc53286eb8c9cc61fc3436f438c14e603ff5a4a39b4dbf83e6403c8122734d + #3 DONE 1.4s + + #4 [stage-1 1/3] FROM docker.io/library/node:15-alpine@sha256:79dbee139880686354d8ea31ae98c287a1ac03a04923c75af22cbb24d396ade6 + #4 sha256:2fcd13beb7d7fc0a7254bcedd47bd6a63daf83eef047e0a57721ac2dee22c8d8 + #4 resolve docker.io/library/node:15-alpine@sha256:79dbee139880686354d8ea31ae98c287a1ac03a04923c75af22cbb24d396ade6 done + #4 DONE 0.0s + + #6 [internal] load build context + #6 sha256:9d76b7d0c1af07cbdc9cd5909bc6cd7d2279f635389c493d5c3fcc10b5487351 + #6 transferring context: 37.94kB done + #6 DONE 0.0s + + #9 [build 5/5] COPY index.js . + #9 sha256:88e8c9c9c09399aaf351c61e82acfea790c8358238358ce36bafb2f4aaed1268 + #9 CACHED + + #5 [stage-1 2/3] WORKDIR /app + #5 sha256:e5cd7fae8686796a3a22187c0d8fc7d5f1d574933d8709ec36c1cdf5014fc961 + #5 CACHED + + #8 [build 4/5] RUN npm ci --only=production + #8 sha256:aa2429a1c7cf640d6696a8b313e79c480bbb4e1c2ce88c6cbd089d034f009772 + #8 CACHED + + #7 [build 3/5] COPY package*.json . + #7 sha256:1d00ba63335e1c92d8ef10babe377b4fafc733d922b999eb284cde3794b86cac + #7 CACHED + + #10 [stage-1 3/3] COPY --from=build /app . + #10 sha256:837831837e33fb84cd5c45920963c5c001d6579901f00b878698dd057a518485 + #10 CACHED + + #11 exporting to image + #11 sha256:e8c613e07b0b7ff33893b694f7759a10d42e180f2b4dc349fb57dc6b71dcab00 + #11 exporting layers done + #11 writing image sha256:80162f7caaef878182a6d0c102fc713dd3aca9ab69cd04e28ab7e2e1e410b0c0 done + #11 naming to docker.io/library/12fda807-container done + #11 DONE 0.0s + + Outputs: + clusterName: "cluster-de98e7f" + ip : "165.227.252.130" + + Resources: + + 20 created + + Duration: 1m30s + ``` + +4. At this point, your app is running! The URL was published so it's easy to interact with: + + ```bash + $ curl http://$(pulumi stack output ip) + Hello World from Pulumi + ``` + +5. Once you are done, there is an additional step before running the usual pulumi destroy. This is because the nodes are registered to AWS Systems Manager and the ECS cluster as part of the node setup and happen outside of the Pulumi stack. Run the following in your command line (you’ll need to install [jq](https://stedolan.github.io/jq/) for this to work): + + ```bash + $ aws ssm describe-instance-information | jq ".InstanceInformationList | .[] | .InstanceId" | grep "mi-" | xargs -L 1 aws ssm deregister-managed-instance --instance-id + + $ aws ecs list-container-instances --cluster ${pulumi stack output clusterName} | jq ".containerInstanceArns | .[]" | xargs -L 1 aws ecs deregister-container-instance --cluster ${pulumi stack output clusterName} --force --container-instance + + $ pulumi refresh -y + $ pulumi destroy + $ pulumi stack rm + ``` diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-distro.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-distro.md new file mode 100644 index 00000000000..8bddbe47e07 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-distro.md @@ -0,0 +1,119 @@ +--- +title: "Amazon EKS Distro Cluster | TypeScript" +h1: "Amazon EKS Distro Cluster" +linktitle: "Amazon EKS Distro Cluster" +meta_desc: "Amazon EKS Distro Cluster How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example deploys an Amazon EKS Distro cluster using a [dynamic provider](https://www.pulumi.com/docs/intro/concepts/resources/#dynamicproviders) which utilizes [kops](https://github.com/kubernetes/kops) + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Install Node.js](https://nodejs.org/en/download/) +3. [Install Kops](https://kops.sigs.k8s.io/getting_started/install/) +4. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +5. [Install `aws-iam-authenticator`](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Install the required Node.js packages: + + ```bash + $ npm install + ``` + +2. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +3. Set the required configuration variables for this program: + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + +4. Stand up the EKS cluster, which will also deploy the Kubernetes Dashboard: + + ```bash + $ pulumi up + ``` + +5. After 10-15 minutes, your cluster will be ready, and the kubeconfig JSON you'll use to connect to the cluster will + be available as an output. You can save this kubeconfig to a file like so: + + ```bash + $ pulumi stack output kubeconfig --show-secrets >kubeconfig.json + ``` + + Once you have this file in hand, you can interact with your new cluster as usual via `kubectl`: + + ```bash + $ KUBECONFIG=./kubeconfig.json kubectl get nodes + ``` + + +7. From there, feel free to experiment. Make edits and run `pulumi up` to incrementally update your stack. + For example, in order to deploy a Helm chart into your cluster, import the `@pulumi/kubernetes/helm` package, + add a `Chart` resource that targets the EKS cluster to `index.ts`, and run `pulumi up`. Note that the Helm client + must be set up in order for the chart to deploy. For more details, see the [Prerequisites](https://github.com/pulumi/examples/blob/master/aws-ts-eks-distro/#prerequisites) list. + + ```typescript + import * as helm from "@pulumi/kubernetes/helm"; + + // ... existing code here ... + + const myk8s = new k8s.Provider("myk8s", { + kubeconfig: cluster.kubeconfig.apply(JSON.stringify), + }); + + const postgres = new helm.v2.Chart("postgres", { + // stable/postgresql@0.15.0 + repo: "stable", + chart: "postgresql", + version: "0.15.0", + values: { + // Use a stable password. + postgresPassword: "some-password", + // Expose the postgres server via a load balancer. + service: { + type: "LoadBalancer", + }, + }, + }, { providers: { kubernetes: myk8s } }); + ``` + + Once the chart has been deployed, you can find its public, load-balanced endpoint via the Kubernetes Dashboard. + +8. Once you've finished experimenting, tear down your stack's resources by destroying and removing it: + + ```bash + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-hello-world.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-hello-world.md new file mode 100644 index 00000000000..514e44ef59f --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-hello-world.md @@ -0,0 +1,346 @@ +--- +title: "Amazon EKS Cluster: Hello World! | TypeScript" +h1: "Amazon EKS Cluster: Hello World!" +linktitle: "Amazon EKS Cluster: Hello World!" +meta_desc: "Amazon EKS Cluster: Hello World! How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example deploys an EKS Kubernetes cluster with an EBS-backed StorageClass, and deploys a Kubernetes Namespace and Deployment of NGINX into the cluster. + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Install Node.js](https://nodejs.org/en/download/) +1. Install a package manager for Node.js, such as [npm](https://www.npmjs.com/get-npm) or [Yarn](https://yarnpkg.com/en/docs/install). +1. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +1. [Install `aws-iam-authenticator`](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Install the required Node.js packages: + + This installs the dependent packages [needed](https://www.pulumi.com/docs/intro/concepts/how-pulumi-works/) for our Pulumi program. + + ```bash + $ npm install + ``` + +1. Create a new stack, which is an isolated deployment target for this example: + + This will initialize the Pulumi program in TypeScript. + + ```bash + $ pulumi stack init + ``` + +1. Set the required AWS configuration variables: + + This sets configuration options and default values for our cluster. + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + +1. Stand up the EKS cluster: + + To preview and deploy changes, run `pulumi update` and select "yes." + + The `update` sub-command shows a preview of the resources that will be created + and prompts on whether to proceed with the deployment. Note that the stack + itself is counted as a resource, though it does not correspond + to a physical cloud resource. + + You can also run `pulumi up --diff` to see and inspect the diffs of the + overall changes expected to take place. + + Running `pulumi up` will deploy the EKS cluster. Note, provisioning a + new EKS cluster takes between 10-15 minutes. + + ```bash + $ pulumi update + Previewing update (eks-demo): + + Type Name Plan + + pulumi:pulumi:Stack eks-hello-world-eks-demo create + + ├─ eks:index:Cluster helloworld create + + │ ├─ eks:index:ServiceRole helloworld-eksRole create + + │ │ ├─ aws:iam:Role helloworld-eksRole-role create + + │ │ ├─ aws:iam:RolePolicyAttachment helloworld-eksRole-90eb1c99 create + + │ │ └─ aws:iam:RolePolicyAttachment helloworld-eksRole-4b490823 create + + │ ├─ eks:index:ServiceRole helloworld-instanceRole create + + │ │ ├─ aws:iam:Role helloworld-instanceRole-role create + + │ │ ├─ aws:iam:RolePolicyAttachment helloworld-instanceRole-03516f97 create + + │ │ ├─ aws:iam:RolePolicyAttachment helloworld-instanceRole-e1b295bd create + + │ │ └─ aws:iam:RolePolicyAttachment helloworld-instanceRole-3eb088f2 create + + │ ├─ pulumi-nodejs:dynamic:Resource helloworld-cfnStackName create + + │ ├─ aws:ec2:SecurityGroup helloworld-eksClusterSecurityGroup create + + │ ├─ aws:iam:InstanceProfile helloworld-instanceProfile create + + │ ├─ aws:eks:Cluster helloworld-eksCluster create + + │ ├─ pulumi-nodejs:dynamic:Resource helloworld-vpc-cni create + + │ ├─ pulumi:providers:kubernetes helloworld-eks-k8s create + + │ ├─ aws:ec2:SecurityGroup helloworld-nodeSecurityGroup create + + │ ├─ kubernetes:core:ConfigMap helloworld-nodeAccess create + + │ ├─ kubernetes:storage.k8s.io:StorageClass helloworld-gp2 create + + │ ├─ aws:ec2:SecurityGroupRule helloworld-eksClusterIngressRule create + + │ ├─ aws:ec2:LaunchConfiguration helloworld-nodeLaunchConfiguration create + + │ ├─ aws:cloudformation:Stack helloworld-nodes create + + │ └─ pulumi:providers:kubernetes helloworld-provider create + + └─ aws-infra:network:Network vpc create + + ├─ aws:ec2:Vpc vpc create + + ├─ aws:ec2:Eip vpc-nat-0 create + + ├─ aws:ec2:Eip vpc-nat-1 create + + ├─ aws:ec2:InternetGateway vpc create + + ├─ aws:ec2:Subnet vpc-nat-1 create + + ├─ aws:ec2:Subnet vpc-0 create + + ├─ aws:ec2:Subnet vpc-nat-0 create + + ├─ aws:ec2:Subnet vpc-1 create + + ├─ aws:ec2:RouteTable vpc create + + ├─ aws:ec2:NatGateway vpc-nat-1 create + + ├─ aws:ec2:RouteTableAssociation vpc-nat-1 create + + ├─ aws:ec2:NatGateway vpc-nat-0 create + + ├─ aws:ec2:RouteTableAssociation vpc-nat-0 create + + ├─ aws:ec2:RouteTable vpc-nat-1 create + + ├─ aws:ec2:RouteTable vpc-nat-0 create + + ├─ aws:ec2:RouteTableAssociation vpc-1 create + + └─ aws:ec2:RouteTableAssociation vpc-0 create + + Resources: + + 42 to create + + clusterng (eks-demo): + + Type Name Status Info + + pulumi:pulumi:Stack eks-hello-world-eks-demo created + + ├─ eks:index:Cluster helloworld created + + │ ├─ eks:index:ServiceRole helloworld-eksRole created + + │ │ ├─ aws:iam:Role helloworld-eksRole-role created + + │ │ ├─ aws:iam:RolePolicyAttachment helloworld-eksRole-90eb1c99 created + + │ │ └─ aws:iam:RolePolicyAttachment helloworld-eksRole-4b490823 created + + │ ├─ eks:index:ServiceRole helloworld-instanceRole created + + │ │ ├─ aws:iam:Role helloworld-instanceRole-role created + + │ │ ├─ aws:iam:RolePolicyAttachment helloworld-instanceRole-3eb088f2 created + + │ │ ├─ aws:iam:RolePolicyAttachment helloworld-instanceRole-03516f97 created + + │ │ └─ aws:iam:RolePolicyAttachment helloworld-instanceRole-e1b295bd created + + │ ├─ pulumi-nodejs:dynamic:Resource helloworld-cfnStackName created + + │ ├─ aws:iam:InstanceProfile helloworld-instanceProfile created + + │ ├─ aws:ec2:SecurityGroup helloworld-eksClusterSecurityGroup created + + │ ├─ aws:eks:Cluster helloworld-eksCluster created + + │ ├─ pulumi:providers:kubernetes helloworld-eks-k8s created + + │ ├─ pulumi-nodejs:dynamic:Resource helloworld-vpc-cni created + + │ ├─ aws:ec2:SecurityGroup helloworld-nodeSecurityGroup created + + │ ├─ kubernetes:core:ConfigMap helloworld-nodeAccess created + + │ ├─ kubernetes:storage.k8s.io:StorageClass helloworld-gp2 created + + │ ├─ aws:ec2:SecurityGroupRule helloworld-eksClusterIngressRule created + + │ ├─ aws:ec2:LaunchConfiguration helloworld-nodeLaunchConfiguration created + + │ ├─ aws:cloudformation:Stack helloworld-nodes created + + │ └─ pulumi:providers:kubernetes helloworld-provider created + + └─ aws-infra:network:Network vpc created + + ├─ aws:ec2:Vpc vpc created + + ├─ aws:ec2:Eip vpc-nat-0 created + + ├─ aws:ec2:Eip vpc-nat-1 created + + ├─ aws:ec2:InternetGateway vpc created + + ├─ aws:ec2:Subnet vpc-nat-1 created + + ├─ aws:ec2:Subnet vpc-0 created + + ├─ aws:ec2:Subnet vpc-nat-0 created + + ├─ aws:ec2:Subnet vpc-1 created + + ├─ aws:ec2:RouteTable vpc created + + ├─ aws:ec2:NatGateway vpc-nat-1 created + + ├─ aws:ec2:NatGateway vpc-nat-0 created + + ├─ aws:ec2:RouteTableAssociation vpc-nat-0 created + + ├─ aws:ec2:RouteTableAssociation vpc-nat-1 created + + ├─ aws:ec2:RouteTable vpc-nat-1 created + + ├─ aws:ec2:RouteTableAssociation vpc-1 created + + ├─ aws:ec2:RouteTable vpc-nat-0 created + + └─ aws:ec2:RouteTableAssociation vpc-0 created + + Diagnostics: + pulumi:pulumi:Stack (eks-hello-world-eks-demo): + + Outputs: + kubeconfig: { + apiVersion : "v1" + clusters : [ + [0]: { + cluster: { + certificate-authority-data: "" + server : "https://.us-west-2.eks.amazonaws.com" + } + name : "kubernetes" + } + ] + contexts : [ + [0]: { + context: { + cluster: "kubernetes" + user : "aws" + } + name : "aws" + } + ] + current-context: "aws" + kind : "Config" + users : [ + [0]: { + name: "aws" + user: { + exec: { + apiVersion: "client.authentication.k8s.io/v1beta1" + args : [ + [0]: "token" + [1]: "-i" + [2]: "helloworld-eksCluster-e9e1711" + ] + command : "aws-iam-authenticator" + } + } + } + ] + } + + Resources: + + 42 created + + Duration: 13m7s + ``` + +1. After 10-15 minutes, your cluster will be ready, and the kubeconfig JSON you'll use to connect to the cluster will + be available as an output. + + As part of the update, you'll see some new objects in the output: a + `Namespace` in Kubernetes to deploy into, a `Deployment` resource for + the NGINX app, and a LoadBalancer `Service` to publicly access NGINX. + + Pulumi understands which changes to a given cloud resource can be made + in place, and which require replacement, and computes + the minimally disruptive change to achieve the desired state. + + > **Note:** Pulumi auto-generates a suffix for all objects. + > See the [Pulumi Programming Model](https://www.pulumi.com/docs/intro/concepts/resources/#autonaming) for more info. + > + > ``` + > deploymentName : "helloworld-58jkmc7c" + > ... + > namespaceName : "helloworld-xaldhgca" + > serviceHostname: "a71f5ab3f2a6e11e3ac39200f4a9ad5d-1297981966.us-west-2.elb.amazonaws.com" + > serviceName : "helloworld-3fc2uhh7" + > ``` + + If you visit the FQDN listed in `serviceHostname` you should land on the + NGINX welcome page. Note that it may take a minute or so for the + LoadBalancer to become active on AWS. + +1. Access the Kubernetes Cluster using `kubectl` + + To access your new Kubernetes cluster using `kubectl`, we need to set up the + `kubeconfig` file and download `kubectl`. We can leverage the Pulumi + stack output in the CLI, as Pulumi facilitates exporting these objects for us. + + ```bash + $ pulumi stack output kubeconfig --show-secrets > kubeconfig + $ export KUBECONFIG=$PWD/kubeconfig + $ export KUBERNETES_VERSION=1.11.5 && sudo curl -s -o /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl && sudo chmod +x /usr/local/bin/kubectl + + $ kubectl version + $ kubectl cluster-info + $ kubectl get nodes + ``` + + We can also use the stack output to query the cluster for our newly created Deployment: + + ```bash + $ kubectl get deployment $(pulumi stack output deploymentName) --namespace=$(pulumi stack output namespaceName) + $ kubectl get service $(pulumi stack output serviceName) --namespace=$(pulumi stack output namespaceName) + ``` + + We can also create another NGINX Deployment into the `default` namespace using + `kubectl` natively: + + ```bash + $ kubectl create deployment my-nginx --image=nginx + $ kubectl get pods + $ kubectl delete deployment my-nginx + ``` + + By deploying the NGINX image in this way, it is outside of Pulumi's control. But this is simply to show that we can control our cluster via the CLI as well. + +1. Experimentation + + From here on, feel free to experiment. Make edits and run `pulumi up` afterwards to incrementally update your stack. + + ### Running Off-the-Shelf Guestbook YAML + + For example, if you wish to pull existing Kubernetes YAML manifests into + Pulumi to aid in your transition, append the following code block to the existing + `index.ts` file and run `pulumi up`. + + This is an example of how to create the standard Kubernetes Guestbook manifests in + Pulumi using the Guestbook YAML manifests. We take the additional steps of transforming + its properties to use the same Namespace and metadata labels that + the NGINX stack uses, and also make its frontend service use a + LoadBalancer typed Service to expose it publicly. + + ```typescript + // Create resources for the Kubernetes Guestbook from its YAML manifests + const guestbook = new k8s.yaml.ConfigFile("guestbook", + { + file: "https://raw.githubusercontent.com/pulumi/pulumi-kubernetes/master/tests/sdk/nodejs/examples/yaml-guestbook/yaml/guestbook.yaml", + transformations: [ + (obj: any) => { + // Do transformations on the YAML to use the same namespace and + // labels as the NGINX stack above + if (obj.metadata.labels) { + obj.metadata.labels['appClass'] = namespaceName + } else { + obj.metadata.labels = appLabels + } + + // Make the 'frontend' Service public by setting it to be of type + // LoadBalancer + if (obj.kind == "Service" && obj.metadata.name == "frontend") { + if (obj.spec) { + obj.spec.type = "LoadBalancer" + } + } + } + ], + }, + { + providers: { "kubernetes": clusterProvider }, + }, + ); + + // Export the Guestbook public LoadBalancer endpoint + export const guestbookPublicIP = + guestbook.getResourceProperty("v1/Service", "frontend", "status").apply(s => s.loadBalancer.ingress[0].ip); + ``` + +1. Once you've finished experimenting, tear down your stack's resources by destroying and removing it: + + ```bash + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-migrate-nodegroups.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-migrate-nodegroups.md new file mode 100644 index 00000000000..8d887fba2f5 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks-migrate-nodegroups.md @@ -0,0 +1,29 @@ +--- +title: "Zero Downtime Migration of EKS Node Groups | TypeScript" +h1: "Zero Downtime Migration of EKS Node Groups" +linktitle: "Zero Downtime Migration of EKS Node Groups" +meta_desc: "Zero Downtime Migration of EKS Node Groups How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +Creates an EKS cluster with node groups and a workload, and showcases adding a +node group to use for workload migration with zero downtime. + +For step-by-step instructions, check out the [tutorial][tutorial-migrate-nodegroups]. + +[tutorial-migrate-nodegroups]: https://www.pulumi.com/docs/tutorials/kubernetes/eks-migrate-nodegroups/ + + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks.md new file mode 100644 index 00000000000..b50bde887d2 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-eks.md @@ -0,0 +1,173 @@ +--- +title: "Amazon EKS Cluster | TypeScript" +h1: "Amazon EKS Cluster" +linktitle: "Amazon EKS Cluster" +meta_desc: "Amazon EKS Cluster How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example deploys an EKS Kubernetes cluster with an EBS-backed StorageClass and deploys the Kubernetes Dashboard into the cluster. + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Install Node.js](https://nodejs.org/en/download/) +3. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +4. [Install `aws-iam-authenticator`](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) + +If you'd like to follow the optional instructions in step 7 in order to deploy a Helm chart into your cluster, you'll +also need to set up the Helm client: + +1. [Install the Helm client binaries](https://docs.helm.sh/using_helm/#installing-helm) +2. If you are using Helm v2, initialize the Helm client: + + ```bash + $ helm init --client-only + ``` + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Install the required Node.js packages: + + ```bash + $ npm install + ``` + +2. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +3. Set the required configuration variables for this program: + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + + We recommend using `us-west-2` to host your EKS cluster as other regions (notably `us-east-1`) may have capacity + issues that prevent EKS clusters from creating: + + ``` + Diagnostics: + aws:eks:Cluster: eksCluster + error: Plan apply failed: creating urn:pulumi:aws-ts-eks-example::aws-ts-eks::EKSCluster$aws:eks/cluster:Cluster::eksCluster: error creating EKS Cluster (eksCluster-233c968): UnsupportedAvailabilityZoneException: Cannot create cluster 'eksCluster-233c968' because us-east-1a, the targeted availability zone, does not currently have sufficient capacity to support the cluster. Retry and choose from these availability zones: us-east-1b, us-east-1c, us-east-1d + status code: 400, request id: 9f031e89-a0b0-11e8-96f8-534c1d26a353 + ``` + + We are tracking enabling the creation of VPCs limited to specific AZs to unblock this in `us-east-1`: pulumi/pulumi-awsx#32 + +4. Stand up the EKS cluster, which will also deploy the Kubernetes Dashboard: + + ```bash + $ pulumi up + ``` + +5. After 10-15 minutes, your cluster will be ready, and the kubeconfig JSON you'll use to connect to the cluster will + be available as an output. You can save this kubeconfig to a file like so: + + ```bash + $ pulumi stack output kubeconfig --show-secrets >kubeconfig.json + ``` + + Once you have this file in hand, you can interact with your new cluster as usual via `kubectl`: + + ```bash + $ KUBECONFIG=./kubeconfig.json kubectl get nodes + ``` + + +6. You can now connect to the Kubernetes Dashboard by fetching an authentication token and starting the kubectl proxy. + + - Fetch an authentication token: + + ```bash + $ KUBECONFIG=./kubeconfig.json kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}' + eks-admin-token-b5zv4 + $ KUBECONFIG=./kubeconfig.json kubectl -n kube-system describe secret eks-admin-token-b5zv4 + Name: eks-admin-token-b5zv4 + Namespace: kube-system + Labels: + Annotations: kubernetes.io/service-account.name=eks-admin + kubernetes.io/service-account.uid=bcfe66ac-39be-11e8-97e8-026dce96b6e8 + + Type: kubernetes.io/service-account-token + + Data + ==== + token: + ca.crt: 1025 bytes + namespace: 11 bytes + ``` + + - Run the kubectl proxy: + + ```bash + $ KUBECONFIG=./kubeconfig.json kubectl proxy + ``` + + - Open `http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/` in a web + browser. + - Choose `Token` authentication, paste the token retrieved earlier into the `Token` field, and sign in. + +7. From there, feel free to experiment. Make edits and run `pulumi up` to incrementally update your stack. + For example, in order to deploy a Helm chart into your cluster, import the `@pulumi/kubernetes/helm` package, + add a `Chart` resource that targets the EKS cluster to `index.ts`, and run `pulumi up`. Note that the Helm client + must be set up in order for the chart to deploy. For more details, see the [Prerequisites](https://github.com/pulumi/examples/blob/master/aws-ts-eks/#prerequisites) list. + + ```typescript + import * as helm from "@pulumi/kubernetes/helm"; + + // ... existing code here ... + + const myk8s = new k8s.Provider("myk8s", { + kubeconfig: cluster.kubeconfig.apply(JSON.stringify), + }); + + const postgres = new helm.v2.Chart("postgres", { + // stable/postgresql@0.15.0 + repo: "stable", + chart: "postgresql", + version: "0.15.0", + values: { + // Use a stable password. + postgresPassword: "some-password", + // Expose the postgres server via a load balancer. + service: { + type: "LoadBalancer", + }, + }, + }, { providers: { kubernetes: myk8s } }); + ``` + + Once the chart has been deployed, you can find its public, load-balanced endpoint via the Kubernetes Dashboard. + +8. Once you've finished experimenting, tear down your stack's resources by destroying and removing it: + + ```bash + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-hello-fargate.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-hello-fargate.md new file mode 100644 index 00000000000..01699d3cdaa --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-hello-fargate.md @@ -0,0 +1,140 @@ +--- +title: "Dockerized App Using ECS, ECR, and Fargate | TypeScript" +h1: "Dockerized App Using ECS, ECR, and Fargate" +linktitle: "Dockerized App Using ECS, ECR, and Fargate" +meta_desc: "Dockerized App Using ECS, ECR, and Fargate How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example, inspired by the [Docker Getting Started Tutorial](https://docs.docker.com/get-started/), builds, deploys, +and runs a simple containerized application to a private container registry, and scales out five load balanced replicas, +all in just a handful of lines of Node.js code, and leveraging modern and best-in-class AWS features. + +To do this, we use Pulumi infrastructure as code to provision an +[Elastic Container Service (ECS)](https://aws.amazon.com/ecs/) cluster, build our `Dockerfile` and deploy the +resulting image to a private [Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/) repository, and then create +a scaled-out [Fargate](https://aws.amazon.com/fargate/) service behind an +[Elastic Application Load Balancer](https://aws.amazon.com/elasticloadbalancing/) that allows traffic from the Internet +on port 80. Because this example using AWS services directly, you can mix in other resources, like S3 buckets, RDS +databases, and so on. + +## Prerequisites + +- [Node.js](https://nodejs.org/en/download/) +- [Download and install the Pulumi CLI](https://www.pulumi.com/docs/get-started/install/) +- [Connect Pulumi with your AWS account](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) (if your AWS CLI is configured, no further changes are required) + +## Running the Example + +After cloning this repo, `cd` into it and run these commands: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init dev + ``` + +2. Set your desired AWS region: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region will work + ``` + +3. Deploy everything with a single `pulumi up` command. This will show you a preview of changes first, which + includes all of the required AWS resources (clusters, services, and the like). Don't worry if it's more than + you expected -- this is one of the benefits of Pulumi, it configures everything so that so you don't need to! + + ```bash + $ pulumi up + ``` + + After being prompted and selecting "yes", your deployment will begin. It'll complete in a few minutes: + + ``` + Updating (dev): + + Type Name Status + + pulumi:pulumi:Stack aws-ts-hello-fargate-dev created + + ├─ awsx:x:ecs:Cluster cluster created + + │ ├─ awsx:x:ec2:SecurityGroup cluster created + + │ │ ├─ awsx:x:ec2:EgressSecurityGroupRule cluster-egress created + + │ │ │ └─ aws:ec2:SecurityGroupRule cluster-egress created + + │ │ ├─ awsx:x:ec2:IngressSecurityGroupRule cluster-ssh created + + │ │ │ └─ aws:ec2:SecurityGroupRule cluster-ssh created + + │ │ ├─ awsx:x:ec2:IngressSecurityGroupRule cluster-containers created + + │ │ │ └─ aws:ec2:SecurityGroupRule cluster-containers created + + │ │ └─ aws:ec2:SecurityGroup cluster created + + │ └─ aws:ecs:Cluster cluster created + + ├─ awsx:x:elasticloadbalancingv2:ApplicationLoadBalancer net-lb created + + │ ├─ awsx:x:elasticloadbalancingv2:ApplicationTargetGroup web created + + │ │ └─ aws:elasticloadbalancingv2:TargetGroup ca84d134 created + + │ ├─ awsx:x:elasticloadbalancingv2:ApplicationListener web created + + │ │ ├─ awsx:x:ec2:IngressSecurityGroupRule web-external-0-ingress created + + │ │ │ └─ aws:ec2:SecurityGroupRule web-external-0-ingress created + + │ │ └─ aws:elasticloadbalancingv2:Listener web created + + │ └─ aws:elasticloadbalancingv2:LoadBalancer 218ffe37 created + + ├─ awsx:x:ec2:Vpc default-vpc created + + │ ├─ awsx:x:ec2:Subnet default-vpc-public-0 created + + │ ├─ awsx:x:ec2:Subnet default-vpc-public-1 created + > │ ├─ aws:ec2:Subnet default-vpc-public-0 read + > │ └─ aws:ec2:Subnet default-vpc-public-1 read + + ├─ awsx:x:ecs:FargateTaskDefinition app-svc created + + │ ├─ aws:ecr:Repository app-img created + + │ ├─ aws:cloudwatch:LogGroup app-svc created + + │ ├─ aws:iam:Role app-svc-task created + + │ ├─ aws:iam:Role app-svc-execution created + + │ ├─ aws:ecr:LifecyclePolicy app-img created + + │ ├─ aws:iam:RolePolicyAttachment app-svc-task-32be53a2 created + + │ ├─ aws:iam:RolePolicyAttachment app-svc-task-fd1a00e5 created + + │ ├─ aws:iam:RolePolicyAttachment app-svc-execution-9a42f520 created + + │ └─ aws:ecs:TaskDefinition app-svc created + + ├─ awsx:x:ecs:FargateService app-svc created + + │ └─ aws:ecs:Service app-svc created + > └─ aws:ec2:Vpc default-vpc read + + Outputs: + url: "218ffe37-e8023b7-1429118690.us-east-1.elb.amazonaws.com" + + Resources: + + 34 created + + Duration: 3m30s + + Permalink: https://app.pulumi.com/acmecorp/aws-ts-hello-fargate/dev/updates/1 + ``` + +4. At this point, your app is running! The URL was published so it's easy to interact with: + + ```bash + $ curl http://$(pulumi stack output url) +

Hello World!

+ Hostname: ip-172-31-39-18.ec2.internal
+ Visits: cannot connect to Redis, counter disabled + ``` + + For more details on how to enable Redis or advanced options, please see the instructions in the + [Docker Getting Started guide](https://docs.docker.com/get-started/part6/). + +6. Once you are done, you can destroy all of the resources, and the stack: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-k8s-mern-voting-app.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-k8s-mern-voting-app.md new file mode 100644 index 00000000000..64a7e7b3322 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-k8s-mern-voting-app.md @@ -0,0 +1,123 @@ +--- +title: "Kubernetes MERN Stack Voting App | TypeScript" +h1: "Kubernetes MERN Stack Voting App" +linktitle: "Kubernetes MERN Stack Voting App" +meta_desc: "Kubernetes MERN Stack Voting App How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple voting app that uses Kubernetes. + +The example shows how easy it is to deploy a containerized application to Amazon EKS. Pulumi does the following: +- Builds the Docker images +- Provisions AWS Container Registry (ECR) instance +- Pushes the images to the ECR instance +- Provisions AWS EKS cluster +- Uses the images to create Kubernetes deployments + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +1. [Configure Pulumi for Python](https://www.pulumi.com/docs/intro/languages/python/) +1. [Install Docker](https://docs.docker.com/engine/installation/) + +## Deploying and running the program + + +1. Create a new stack: + + ```bash + $ pulumi stack init aws-ts-k8s-mern-voting-app + ``` + +1. Set the AWS region and the usernames and passwords for a set of accounts the project uses: + + ```bash + $ pulumi config set aws:region us-west-2 + $ pulumi config set sqlUserName + $ pulumi config set sqlUserPassword --secret + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up -y` to deploy changes: + ```bash + Updating (aws-ts-k8s-mern-voting-app): + Type Name Status Info + + pulumi:pulumi:Stack voting-app-aws-ts-k8s-mern-voting-app created + + ├─ eks:index:Cluster eksCluster created + + │ ├─ eks:index:ServiceRole eksCluster-eksRole created + + │ │ ├─ aws:iam:Role eksCluster-eksRole-role created + + │ │ ├─ aws:iam:RolePolicyAttachment eksCluster-eksRole-90eb1c99 created + + │ │ └─ aws:iam:RolePolicyAttachment eksCluster-eksRole-4b490823 created + + │ ├─ eks:index:ServiceRole eksCluster-instanceRole created + + │ │ ├─ aws:iam:Role eksCluster-instanceRole-role created + + │ │ ├─ aws:iam:RolePolicyAttachment eksCluster-instanceRole-e1b295bd created + + │ │ ├─ aws:iam:RolePolicyAttachment eksCluster-instanceRole-3eb088f2 created + + │ │ └─ aws:iam:RolePolicyAttachment eksCluster-instanceRole-03516f97 created + + │ ├─ pulumi-nodejs:dynamic:Resource eksCluster-cfnStackName created + + │ ├─ aws:ec2:SecurityGroup eksCluster-eksClusterSecurityGroup created + + │ ├─ aws:iam:InstanceProfile eksCluster-instanceProfile created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksClusterInternetEgressRule created + + │ ├─ aws:eks:Cluster eksCluster-eksCluster created + + │ ├─ aws:ec2:SecurityGroup eksCluster-nodeSecurityGroup created + + │ ├─ pulumi-nodejs:dynamic:Resource eksCluster-vpc-cni created + + │ ├─ pulumi:providers:kubernetes eksCluster-eks-k8s created + + │ ├─ kubernetes:core:ConfigMap eksCluster-nodeAccess created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksClusterIngressRule created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksExtApiServerClusterIngressRule created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksNodeIngressRule created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksNodeInternetEgressRule created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksNodeClusterIngressRule created + + │ ├─ aws:ec2:LaunchConfiguration eksCluster-nodeLaunchConfiguration created + + │ ├─ aws:cloudformation:Stack eksCluster-nodes created + + │ └─ pulumi:providers:kubernetes eksCluster-provider created + + ├─ awsx:ecr:Repository server-side-service created + + │ ├─ aws:ecr:Repository server-side-service created + + │ └─ aws:ecr:LifecyclePolicy server-side-service created + + ├─ awsx:ecr:Repository client-side-service created + + │ ├─ aws:ecr:Repository client-side-service created + + │ └─ aws:ecr:LifecyclePolicy client-side-service created + + ├─ awsx:ecr:Repository database-side-service created + + │ ├─ aws:ecr:Repository database-side-service created + + │ └─ aws:ecr:LifecyclePolicy database-side-service created + + ├─ aws:ebs:Volume storage-volume created + + ├─ kubernetes:apps:Deployment database-side-service created + + ├─ kubernetes:core:Service database-side-listener created + + ├─ kubernetes:apps:Deployment server-side-service created + + ├─ kubernetes:core:Service server-side-listener created + + ├─ kubernetes:apps:Deployment client-side-service created + + └─ kubernetes:core:Service client-side-listener created + + Outputs: + URL : "ab89804d273d8484cb9e64c93975f4ad-1303584037.us-west-2.elb.amazonaws.com" + kubeConfig: {...} + + Resources: + + 44 created + + Duration: 18m10s + ``` + +1. Verify that the ECS instance exists by connecting to it on port 3000 in a browser window. + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-k8s-voting-app.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-k8s-voting-app.md new file mode 100644 index 00000000000..a3e19dfdbac --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-k8s-voting-app.md @@ -0,0 +1,125 @@ +--- +title: "Kubernetes Voting App | TypeScript" +h1: "Kubernetes Voting App" +linktitle: "Kubernetes Voting App" +meta_desc: "Kubernetes Voting App How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple voting app that uses Kubernetes. + +The example shows how easy it is to deploy a containerized application to Amazon EKS. Pulumi does the following: +- Builds the Docker images +- Provisions AWS Container Registry (ECR) instance +- Pushes the images to the ECR instance +- Provisions AWS EKS cluster +- Uses the images to create Kubernetes deployments + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +1. [Configure Pulumi for Python](https://www.pulumi.com/docs/intro/languages/python/) +1. [Install Docker](https://docs.docker.com/engine/installation/) + +## Deploying and running the program + + +1. Create a new stack: + + ```bash + $ pulumi stack init aws-ts-k8s-voting-app + ``` + +1. Set the AWS region and the usernames and passwords for a set of accounts the project uses: + + ```bash + $ pulumi config set aws:region us-west-2 + $ pulumi config set sqlAdminName + $ pulumi config set sqlsqlAdminPassword --secret + $ pulumi config set sqlUserName + $ pulumi config set sqlUserPassword --secret + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up -y` to deploy changes: + ```bash + Updating (aws-ts-k8s-voting-app): + Type Name Status + + pulumi:pulumi:Stack voting-app-aws-ts-k8s-voting-app created + + ├─ awsx:ecr:Repository server-side-service created + + │ ├─ aws:ecr:Repository server-side-service created + + │ └─ aws:ecr:LifecyclePolicy server-side-service created + + ├─ awsx:ecr:Repository client-side-service created + + │ ├─ aws:ecr:Repository client-side-service created + + │ └─ aws:ecr:LifecyclePolicy client-side-service created + + ├─ eks:index:Cluster eksCluster created + + │ ├─ eks:index:ServiceRole eksCluster-eksRole created + + │ │ ├─ aws:iam:Role eksCluster-eksRole-role created + + │ │ ├─ aws:iam:RolePolicyAttachment eksCluster-eksRole-4b490823 created + + │ │ └─ aws:iam:RolePolicyAttachment eksCluster-eksRole-90eb1c99 created + + │ ├─ eks:index:ServiceRole eksCluster-instanceRole created + + │ │ ├─ aws:iam:Role eksCluster-instanceRole-role created + + │ │ ├─ aws:iam:RolePolicyAttachment eksCluster-instanceRole-e1b295bd created + + │ │ ├─ aws:iam:RolePolicyAttachment eksCluster-instanceRole-3eb088f2 created + + │ │ └─ aws:iam:RolePolicyAttachment eksCluster-instanceRole-03516f97 created + + │ ├─ pulumi-nodejs:dynamic:Resource eksCluster-cfnStackName created + + │ ├─ aws:ec2:SecurityGroup eksCluster-eksClusterSecurityGroup created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksClusterInternetEgressRule created + + │ ├─ aws:eks:Cluster eksCluster-eksCluster created + + │ ├─ aws:iam:InstanceProfile eksCluster-instanceProfile created + + │ ├─ aws:ec2:SecurityGroup eksCluster-nodeSecurityGroup created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksNodeClusterIngressRule created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksNodeIngressRule created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksNodeInternetEgressRule created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksClusterIngressRule created + + │ ├─ aws:ec2:SecurityGroupRule eksCluster-eksExtApiServerClusterIngressRule created + + │ ├─ aws:ec2:LaunchConfiguration eksCluster-nodeLaunchConfiguration created + + │ ├─ pulumi:providers:kubernetes eksCluster-eks-k8s created + + │ ├─ pulumi-nodejs:dynamic:Resource eksCluster-vpc-cni created + + │ ├─ kubernetes:core:ConfigMap eksCluster-nodeAccess created + + │ ├─ aws:cloudformation:Stack eksCluster-nodes created + + │ └─ pulumi:providers:kubernetes eksCluster-provider created + + ├─ awsx:ecr:Repository database-side-service created + + │ ├─ aws:ecr:Repository database-side-service created + + │ └─ aws:ecr:LifecyclePolicy database-side-service created + + ├─ aws:ebs:Volume storage-volume created + + ├─ kubernetes:apps:Deployment database-side-service created + + ├─ kubernetes:core:Service database-side-listener created + + ├─ kubernetes:apps:Deployment server-side-service created + + ├─ kubernetes:core:Service server-side-listener created + + ├─ kubernetes:apps:Deployment client-side-service created + + └─ kubernetes:core:Service client-side-listener created + + Outputs: + URL : "ab368f798ca564be295df514dfbc7a0e-519435073.us-west-2.elb.amazonaws.com" + kubeConfig: {...} + + Resources: + + 44 created + + Duration: 15m45s + ``` + +1. Verify that the ECS instance exists by connecting to it on port 3000 in a browser window. + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-lambda-efs.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-lambda-efs.md new file mode 100644 index 00000000000..d000c250006 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-lambda-efs.md @@ -0,0 +1,163 @@ +--- +title: "Using Amazon EFS with AWS Lambda | TypeScript" +h1: "Using Amazon EFS with AWS Lambda" +linktitle: "Using Amazon EFS with AWS Lambda" +meta_desc: "Using Amazon EFS with AWS Lambda How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example shows how to use Amazon EFS with AWS Lambda in Pulumi. See the [Using AWS Lambda with Amazon Elastic File System (EFS)](https://www.pulumi.com/blog/aws-lambda-efs) blog post for a detailed walkthrough of this example. + +![Architecture Diagram](https://raw.githubusercontent.com/pulumi/examples/master/aws-ts-lambda-efs/lambdaefs.png) + +## Prerequisites + +- [Node.js](https://nodejs.org/en/download/) +- [Download and install the Pulumi CLI](https://www.pulumi.com/docs/get-started/install/) +- [Connect Pulumi with your AWS account](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) (if your AWS CLI is configured, no further changes are required) + +## Running the Example + +After cloning this repo, `cd` into it and run these commands: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init dev + ``` + +2. Set your desired AWS region: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region will work + ``` + +3. Deploy everything with a single `pulumi up` command. This will show you a preview of changes first, which + includes all of the required AWS resources (clusters, services, and the like). Don't worry if it's more than + you expected -- this is one of the benefits of Pulumi, it configures everything so that so you don't need to! + + ```bash + $ pulumi up + ``` + + After being prompted and selecting "yes", your deployment will begin. It'll complete in a few minutes: + + ``` + Updating (demo): + Type Name Status + + pulumi:pulumi:Stack aws-ts-lambda-efs-demo created + + ├─ awsx:x:ec2:Vpc vpc created + + │ ├─ aws:ec2:Vpc vpc created + + │ ├─ awsx:x:ec2:Subnet vpc-public-0 created + + │ │ ├─ aws:ec2:Subnet vpc-public-0 created + + │ │ ├─ aws:ec2:RouteTable vpc-public-0 created + + │ │ ├─ aws:ec2:Route vpc-public-0-ig created + + │ │ └─ aws:ec2:RouteTableAssociation vpc-public-0 created + + │ ├─ awsx:x:ec2:Subnet vpc-public-1 created + + │ │ ├─ aws:ec2:RouteTable vpc-public-1 created + + │ │ ├─ aws:ec2:Subnet vpc-public-1 created + + │ │ ├─ aws:ec2:RouteTableAssociation vpc-public-1 created + + │ │ └─ aws:ec2:Route vpc-public-1-ig created + + │ ├─ awsx:x:ec2:NatGateway vpc-1 created + + │ │ ├─ aws:ec2:Eip vpc-1 created + + │ │ └─ aws:ec2:NatGateway vpc-1 created + + │ ├─ awsx:x:ec2:Subnet vpc-private-0 created + + │ │ ├─ aws:ec2:RouteTable vpc-private-0 created + + │ │ ├─ aws:ec2:Subnet vpc-private-0 created + + │ │ ├─ aws:ec2:RouteTableAssociation vpc-private-0 created + + │ │ └─ aws:ec2:Route vpc-private-0-nat-0 created + + │ ├─ awsx:x:ec2:InternetGateway vpc created + + │ │ └─ aws:ec2:InternetGateway vpc created + + │ ├─ awsx:x:ec2:Subnet vpc-private-1 created + + │ │ ├─ aws:ec2:RouteTable vpc-private-1 created + + │ │ ├─ aws:ec2:Subnet vpc-private-1 created + + │ │ ├─ aws:ec2:RouteTableAssociation vpc-private-1 created + + │ │ └─ aws:ec2:Route vpc-private-1-nat-1 created + + │ └─ awsx:x:ec2:NatGateway vpc-0 created + + │ ├─ aws:ec2:Eip vpc-0 created + + │ └─ aws:ec2:NatGateway vpc-0 created + + ├─ aws:apigateway:x:API api created + + │ ├─ aws:apigateway:RestApi api created + + │ ├─ aws:apigateway:Deployment api created + + │ ├─ aws:lambda:Permission api-2c087c3e created + + │ ├─ aws:lambda:Permission api-c171fd88 created + + │ ├─ aws:lambda:Permission api-7857d17d created + + │ └─ aws:apigateway:Stage api created + + ├─ awsx:x:ecs:FargateService nginx created + + │ └─ aws:ecs:Service nginx created + + ├─ awsx:x:ecs:FargateTaskDefinition nginx created + + │ ├─ aws:iam:Role nginx-execution created + + │ ├─ aws:cloudwatch:LogGroup nginx created + + │ ├─ aws:iam:Role nginx-task created + + │ ├─ aws:iam:RolePolicyAttachment nginx-execution-9a42f520 created + + │ ├─ aws:iam:RolePolicyAttachment nginx-task-32be53a2 created + + │ ├─ aws:iam:RolePolicyAttachment nginx-task-fd1a00e5 created + + │ └─ aws:ecs:TaskDefinition nginx created + + ├─ awsx:x:ec2:SecurityGroup nginx-0 created + + ├─ awsx:x:ecs:Cluster cluster created + + │ ├─ aws:ecs:Cluster cluster created + + │ └─ awsx:x:ec2:SecurityGroup cluster created + + │ ├─ awsx:x:ec2:IngressSecurityGroupRule cluster-containers created + + │ │ └─ aws:ec2:SecurityGroupRule cluster-containers created + + │ ├─ awsx:x:ec2:EgressSecurityGroupRule cluster-egress created + + │ │ └─ aws:ec2:SecurityGroupRule cluster-egress created + + │ ├─ awsx:x:ec2:IngressSecurityGroupRule cluster-ssh created + + │ │ └─ aws:ec2:SecurityGroupRule cluster-ssh created + + │ └─ aws:ec2:SecurityGroup cluster created + + ├─ aws:iam:Role getHandler created + + ├─ aws:iam:Role execHandler created + + ├─ aws:efs:FileSystem filesystem created + + ├─ aws:iam:Role uploadHandler created + + ├─ aws:iam:RolePolicyAttachment execHandler-32be53a2 created + + ├─ aws:iam:RolePolicyAttachment execHandler-23f1a522 created + + ├─ aws:iam:RolePolicyAttachment getHandler-32be53a2 created + + ├─ aws:iam:RolePolicyAttachment getHandler-23f1a522 created + + ├─ aws:iam:RolePolicyAttachment uploadHandler-32be53a2 created + + ├─ aws:iam:RolePolicyAttachment uploadHandler-23f1a522 created + + ├─ aws:efs:MountTarget fs-mount-1 created + + ├─ aws:efs:MountTarget fs-mount-0 created + + ├─ aws:efs:AccessPoint ap created + + ├─ aws:lambda:Function getHandler created + + ├─ aws:lambda:Function uploadHandler created + + └─ aws:lambda:Function execHandler created + + Outputs: + url: "https://280f2167f1.execute-api.us-east-1.amazonaws.com/stage/" + + Resources: + + 75 created + + Duration: 5m52s + ``` + +4. At this point, your app is running! The URL was published so it's easy to interact with: + + ```bash + $ curl -X POST -d '

Hello world

' $(pulumi stack output url)files/index.html + $ curl -X GET $(pulumi stack output url)files/index.html +

Hello world

+ ``` + +5. Once you are done, you can destroy all of the resources, and the stack: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-lambda-thumbnailer.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-lambda-thumbnailer.md new file mode 100644 index 00000000000..1662128ffbe --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-lambda-thumbnailer.md @@ -0,0 +1,142 @@ +--- +title: "Video Thumbnailer Using AWS Lambda | TypeScript" +h1: "Video Thumbnailer Using AWS Lambda" +linktitle: "Video Thumbnailer Using AWS Lambda" +meta_desc: "Video Thumbnailer Using AWS Lambda How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A video thumbnail extractor using serverless functions. The video processing function is packaged as a Docker container. + +Navigate to [Running Container Images in AWS Lambda](https://www.pulumi.com/blog/aws-lambda-container-support/) for a full walkthrough. + +## Prerequisites + +To run this example, make sure [Docker](https://docs.docker.com/engine/installation/) is installed and running. + +## Running the App + +1. Create a new stack: + + ``` + pulumi stack init dev + ``` + +1. Configure Pulumi to use an AWS region of your choice, for example: + + ``` + pulumi config set aws:region us-west-2 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Preview and deploy the app via `pulumi up`. The preview will take some time, as it builds a Docker container. A total of 16 resources are created. + + ``` + $ pulumi up + Previewing update (dev) + + ... + + Do you want to perform this update? yes + Updating (dev) + + Type Name Status + + pulumi:pulumi:Stack video-thumbnailer-lambda-dev created + + ├─ awsx:ecr:Repository sampleapp created + + │ ├─ aws:ecr:Repository sampleapp created + + │ └─ aws:ecr:LifecyclePolicy sampleapp created + + ├─ aws:s3:Bucket bucket created + + │ ├─ aws:s3:BucketEventSubscription onNewThumbnail created + + │ │ └─ aws:lambda:Permission onNewThumbnail created + + │ ├─ aws:s3:BucketEventSubscription onNewVideo created + + │ │ └─ aws:lambda:Permission onNewVideo created + + │ └─ aws:s3:BucketNotification onNewVideo created + + ├─ aws:iam:Role onNewThumbnail created + + ├─ aws:iam:Role thumbnailerRole created + + ├─ aws:lambda:Function onNewThumbnail created + + ├─ aws:iam:RolePolicyAttachment onNewThumbnail-32be53a2 created + + ├─ aws:iam:RolePolicyAttachment lambdaFullAccess created + + └─ aws:lambda:Function thumbnailer created + + Outputs: + bucketName: "bucket-7c6b55a" + + Resources: + + 16 created + + Duration: 1m41s + ``` + +1. View the stack outputs: + + ``` + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + bucketName bucket-7c6b55a + ``` + +1. Upload a video, embedding the timestamp in the filename: + + ``` + $ aws s3 cp ./sample/cat.mp4 s3://$(pulumi stack output bucketName)/cat_00-01.mp4 + upload: sample/cat.mp4 to s3://***/cat_00-01.mp4 + ``` + +1. View the logs from both Lambda functions: + + ``` + $ pulumi logs -f + Collecting logs for stack dev since 2020-12-02T08:58:43.000+01:00. + + 2020-12-02T09:58:39.747+01:00[ thumbnailer-dbb2a35] START RequestId: 3ec2886e-e739-4764-be3b-a8e5a48a4986 Version: $LATEST + 2020-12-02T09:58:39.750+01:00[ thumbnailer-dbb2a35] 2020-12-02T08:58:39.748Z 3ec2886e-e739-4764-be3b-a8e5a48a4986 INFO Video handler called + 2020-12-02T09:58:39.750+01:00[ thumbnailer-dbb2a35] 2020-12-02T08:58:39.750Z 3ec2886e-e739-4764-be3b-a8e5a48a4986 INFO aws s3 cp s3://bucket-33b87c2/cat_00-01.mp4 /tmp/cat_00-01.mp4 + download: s3://bucket-33b87c2/cat_00-01.mp4 to ../../tmp/cat_00-01.mp4ed 256.0 KiB/666.5 KiB (1.2 MiB/s) with 1 file(s) remaining + 2020-12-02T09:58:53.068+01:00[ thumbnailer-dbb2a35] 2020-12-02T08:58:53.068Z 3ec2886e-e739-4764-be3b-a8e5a48a4986 INFO ffmpeg -v error -i /tmp/cat_00-01.mp4 -ss 00:01 -vframes 1 -f image2 -an -y /tmp/cat.jpg + 2020-12-02T09:59:01.701+01:00[ thumbnailer-dbb2a35] 2020-12-02T08:59:01.701Z 3ec2886e-e739-4764-be3b-a8e5a48a4986 INFO aws s3 cp /tmp/cat.jpg s3://bucket-33b87c2/cat.jpg + upload: ../../tmp/cat.jpg to s3://bucket-33b87c2/cat.jpg pleted 86.6 KiB/86.6 KiB (315.8 KiB/s) with 1 file(s) remaining + 2020-12-02T09:59:11.628+01:00[ thumbnailer-dbb2a35] 2020-12-02T08:59:11.627Z 3ec2886e-e739-4764-be3b-a8e5a48a4986 INFO *** New thumbnail: file cat_00-01.mp4 was saved at 2020-12-02T08:58:33.845Z. + 2020-12-02T09:59:11.668+01:00[ thumbnailer-dbb2a35] END RequestId: 3ec2886e-e739-4764-be3b-a8e5a48a4986 + 2020-12-02T09:59:11.668+01:00[ thumbnailer-dbb2a35] REPORT RequestId: 3ec2886e-e739-4764-be3b-a8e5a48a4986 Duration: 31920.84 ms Billed Duration: 32733 ms Memory Size: 128 MB Max Memory Used: 128 MB Init Duration: 811.55 ms + 2020-12-02T09:59:11.777+01:00[ onNewThumbnail-2f969e0] START RequestId: 07c13039-eccb-4e38-a3cf-c7fa11982b84 Version: $LATEST + 2020-12-02T09:59:11.788+01:00[ onNewThumbnail-2f969e0] 2020-12-02T08:59:11.782Z 07c13039-eccb-4e38-a3cf-c7fa11982b84 INFO onNewThumbnail called + 2020-12-02T09:59:11.788+01:00[ onNewThumbnail-2f969e0] 2020-12-02T08:59:11.788Z 07c13039-eccb-4e38-a3cf-c7fa11982b84 INFO *** New thumbnail: file cat.jpg was saved at 2020-12-02T08:59:06.333Z. + 2020-12-02T09:59:11.809+01:00[ onNewThumbnail-2f969e0] END RequestId: 07c13039-eccb-4e38-a3cf-c7fa11982b84 + 2020-12-02T09:59:11.809+01:00[ onNewThumbnail-2f969e0] REPORT RequestId: 07c13039-eccb-4e38-a3cf-c7fa11982b84 Duration: 31.96 ms Billed Duration: 32 ms Memory Size: 128 MB Max Memory Used: 65 MB Init Duration: 171.22 ms + ``` + +1. Download the key frame: + + ``` + $ aws s3 cp s3://$(pulumi stack output bucketName)/cat.jpg . + download: s3://***/cat.jpg to ./cat.jpg + ``` + +## Clean up + +To clean up the resources, you will first need to clear the contents of the bucket. + +```bash +aws s3 rm s3://$(pulumi stack output bucketName) --recursive +``` + +Then, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-netlify-cms-and-oauth.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-netlify-cms-and-oauth.md new file mode 100644 index 00000000000..806524e200f --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-netlify-cms-and-oauth.md @@ -0,0 +1,33 @@ +--- +title: "About the CMS and OAuth | TypeScript" +h1: "About the CMS and OAuth" +linktitle: "About the CMS and OAuth" +meta_desc: "About the CMS and OAuth How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ +Netlify CMS web apps and all the templates they have given on [Netlify CMS website](https://www.netlifycms.org/docs/start-with-a-template/) deployed on Netlify and lies inside the target repositories user would like to make change. However, in some case, we do not want the implementation detail of the CMS to locate in the target repositories and we want to deploy it on AWS instead of Netlify. This example shows how to do this. + +Both folder has README.md inside them here are some general thoughts: + +## ./cms +- It contains implementation that made the CMS app a stand-alone React App that is not located inside the target repositories. Now it is able to make edits to another target repository that is under the same account. Moreover, the infrastructure deployes the cms app as a static website onto the AWS S3 and use AWS CloudFront to connect to the CDN and Certificate Manger to provide certificate. + +## ./cms-oauth +Because we are deploying the CMS onto the AWS rather than Netlify, we could not use Netlify's Identity Service to retrieve Github tokens to access. Therefore we have build the [External OAuth Client](https://www.netlifycms.org/docs/external-oauth-clients/#header). We made some changes to the existing Golang OAuth Client example to make it work. Also, we deployed it on AWS by specify a Fargate Service and generated its domain and certificate as well. + +## How two part fit together +Both cms and cms-oauth are deployed onto the AWS and have their own domains. In cms configuration yaml file cms/public/config.yml, we specify their domain in the site_domain (cms domain) and base_url (cms-oauth domain) for Neltify CMS to reference. +See "Development Details" section of cms/README.md diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-nextjs.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-nextjs.md new file mode 100644 index 00000000000..a526b8ca5fd --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-nextjs.md @@ -0,0 +1,92 @@ +--- +title: "Next.js on AWS | TypeScript" +h1: "Next.js on AWS" +linktitle: "Next.js on AWS" +meta_desc: "Next.js on AWS How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example deploys a Next.js site on AWS using [OpenNext](https://open-next.js.org/). + +## Deploying the App + +To deploy your app, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Install Node.js](https://nodejs.org/en/download/) +3. [Configure AWS Credentials](https://www.pulumi.com/registry/packages/aws/installation-configuration/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Install the required Node.js packages: + + ```bash + $ npm install + ``` + +2. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +3. Set the required configuration variables for this program: + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + + You can select any AWS region you would like to use. + +4. Deploy your application to it's own dedicated serving infrastructure in AWS. + + ```bash + $ pulumi up + ``` + +5. Most of the infrastructure will deploy within about 30s, but the CloudFront CDN can take 4-5 minutes. After this is complete, a CloudFront URL where your application is served will be shown. + + + ```bash + Outputs: + url: "https://d119mwdwutz4hu.cloudfront.net" + + Resources: + + 45 created + + Duration: 4m14s + ``` + +6. You can open that URL in your browser to see your Next.js demo app. + + ![Screenshot of demo app](https://raw.githubusercontent.com/pulumi/examples/master/aws-ts-nextjs/screenshot.png) + +7. Make changes to the Next.js app in the `demoapp` folder, or bring your own Next.js app and point the Pulumi component at it instead. + +8. Once you've finished experimenting, tear down your stack's resources by destroying and removing it: + + ```bash + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-organizations.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-organizations.md new file mode 100644 index 00000000000..330f6b5745e --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-organizations.md @@ -0,0 +1,89 @@ +--- +title: "AWS Organizations | TypeScript" +h1: "AWS Organizations" +linktitle: "AWS Organizations" +meta_desc: "AWS Organizations How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +[![Deploy](https://get.pulumi.com/new/button.svg)](https://app.pulumi.com/new?template=https://github.com/pulumi/examples/blob/master/aws-ts-organizations/README.md) + +This example shows you how you can automate the creation of member accounts in AWS Organizations with Pulumi. This example is written in TypeScript, however, the concepts used within can be used with any of the supported SDKs in Pulumi. Read the associated [blog post](https://www.pulumi.com/blog/organizing-aws-accounts-with-pulumi) to learn more. + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Enable policy types + +This example also creates sample backup policy and tag policy at the organization unit-level. +You should first enable those policy types for your management account by navigating to the +AWS Organizations service > Policies, then click **Backup policies** as well as **Tag policies** +and enable them. + +**Note**: This app requires credentials that have permissions to +AWS Organizations service. The IAM user running this app should +also be granted permissions to assume the role identified by `OrganizationalAccountAccessRole` in any account. + +## Deploying and running the program + +Note that unlike other resources that can be created/destroyed easily, +this app creates an AWS account and closed accounts are in a suspended state +for 90 days. That means, you won't be able to delete the organizational until until +the 90 days has elapsed. + +1. Create a new stack: + + ```bash + $ pulumi stack init accounts + ``` + +1. Set the AWS region and the email contact to use for the dev AWS account that this app creates: + +> The email contact for each member account needs to be unique. You can take advantage of email aliases +> that some email services provide by using the `+` character. Check with your email provider to see +> how if you can use email aliases. + + ```bash + $ pulumi config set aws:region us-west-2 + $ pulumi config set devAccountEmailContact --secret + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up -y` to deploy changes. + +Note that the flag to automatically close an account when the +associated resource is destroyed in Pulumi is set to `false`, +so the account won't be closed automatically. You can, of course, +change that flag in the code to `true` but that decision left +to you. + +## Destroying the stack + +Before you can destroy all the resoruces deployed by this stack with +a `pulumi destroy`, there are a couple of things to note. + +1. The single AWS account that this example creates is protected from deletion + by using Pulumi's `protect` resource option. That means, you should first tell + Pulumi to release the protection. See the [docs](https://www.pulumi.com/docs/intro/concepts/resources/options/protect/) + to learn how you can do that quickly. +1. As mentioned before, closed accounts will enter into in a suspended state for 90 days. + That means you will encounter an error about not being able to delete the organizational + unit (OU) despite having closed the AWS account that was under it. You will need to wait for 90 days + before you can delete the OU. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pern-voting-app.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pern-voting-app.md new file mode 100644 index 00000000000..c10076db8fa --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pern-voting-app.md @@ -0,0 +1,154 @@ +--- +title: "PERN Stack Voting App | TypeScript" +h1: "PERN Stack Voting App" +linktitle: "PERN Stack Voting App" +meta_desc: "PERN Stack Voting App How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple voting app that uses React, Express, PostgreSQL, and NodeJS. + +The example shows how easy it is to deploy containers into production and to connect them to one another. Since the example defines a custom container, Pulumi does the following: + +- Builds the Docker image +- Provisions AWS Container Registry (ECR) instance +- Pushes the image to the ECR instance +- Creates a new ECS task definition, pointing to the ECR image definition + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) +1. [Configure Pulumi for Python](https://www.pulumi.com/docs/intro/languages/python/) +1. [Install Docker](https://docs.docker.com/engine/installation/) + +## Deploying and running the program + + +1. Create a new stack: + + ```bash + $ pulumi stack init aws-ts-pern-voting-app + ``` + +1. Set the AWS region and the usernames and passwords for a set of accounts the project uses: + + ```bash + $ pulumi config set aws:region us-west-2 + $ pulumi config set sqlAdminName + $ pulumi config set sqlsqlAdminPassword --secret + $ pulumi config set sqlUserName + $ pulumi config set sqlUserPassword --secret + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up -y` to deploy changes: + + ```bash + Updating (aws-ts-pern-voting-app): + Type Name Status Info + + pulumi:pulumi:Stack voting-app-aws-ts-pern-voting-app created + + ├─ awsx:x:ecs:FargateTaskDefinition server-side-service created + + ├─ awsx:x:ecs:FargateTaskDefinition server-side-service created + + │ ├─ aws:iam:Role server-side-service-execution created + + ├─ awsx:x:ecs:FargateTaskDefinition server-side-service created + + │ ├─ aws:cloudwatch:LogGroup server-side-service created + + │ ├─ aws:iam:RolePolicyAttachment server-side-service-task-fd1a00e5 created + + ├─ awsx:x:ecs:FargateTaskDefinition server-side-service created + + pulumi:pulumi:Stack voting-app-aws-ts-pern-voting-app created + + pulumi:pulumi:Stack voting-app-aws-ts-pern-voting-app created + + pulumi:pulumi:Stack voting-app-aws-ts-pern-voting-app created + + pulumi:pulumi:Stack voting-app-aws-ts-pern-voting-app created + + pulumi:pulumi:Stack voting-app-aws-ts-pern-voting-app created + + pulumi:pulumi:Stack voting-app-aws-ts-pern-voting-app created + + pulumi:pulumi:Stack voting-app-aws-ts-pern-voting-app created + + │ ├─ aws:iam:Role client-side-service-execution created + + │ ├─ aws:iam:Role client-side-service-execution created + + │ ├─ aws:iam:Role client-side-service-execution created + + │ ├─ aws:ecr:LifecyclePolicy client-side-service created + + │ ├─ aws:iam:RolePolicyAttachment client-side-service-task-fd1a00e5 created + + │ ├─ aws:iam:RolePolicyAttachment client-side-service-task-32be53a2 created + + │ ├─ aws:iam:RolePolicyAttachment client-side-service-execution-9a42f520 created + + │ └─ aws:ecs:TaskDefinition client-side-service created + + ├─ awsx:lb:NetworkLoadBalancer client-side-listener created + + │ ├─ awsx:lb:NetworkTargetGroup client-side-listener created + + │ │ └─ aws:lb:TargetGroup client-side-listener created + + │ ├─ awsx:lb:NetworkListener client-side-listener created + + │ │ └─ aws:lb:Listener client-side-listener created + + │ └─ aws:lb:LoadBalancer client-side-listener created + + ├─ awsx:lb:NetworkLoadBalancer server-side-listener created + + │ ├─ awsx:lb:NetworkTargetGroup server-side-listener created + + │ │ └─ aws:lb:TargetGroup server-side-listener created + + │ ├─ awsx:lb:NetworkListener server-side-listener created + + │ │ └─ aws:lb:Listener server-side-listener created + + │ └─ aws:lb:LoadBalancer server-side-listener created + + ├─ awsx:x:ecs:FargateService client-side-service created + + │ └─ aws:ecs:Service client-side-service created + + ├─ awsx:x:ecs:Cluster default-cluster created + + │ ├─ awsx:x:ec2:SecurityGroup default-cluster created + + │ │ ├─ awsx:x:ec2:EgressSecurityGroupRule default-cluster-egress created + + │ │ │ └─ aws:ec2:SecurityGroupRule default-cluster-egress created + + │ │ ├─ awsx:x:ec2:IngressSecurityGroupRule default-cluster-ssh created + + │ │ │ └─ aws:ec2:SecurityGroupRule default-cluster-ssh created + + │ │ ├─ awsx:x:ec2:IngressSecurityGroupRule default-cluster-containers created + + │ │ │ └─ aws:ec2:SecurityGroupRule default-cluster-containers created + + │ │ └─ aws:ec2:SecurityGroup default-cluster created + + │ └─ aws:ecs:Cluster default-cluster created + + ├─ aws:ec2:Vpc app-vpc created + + ├─ awsx:x:ec2:Vpc default-vpc created + + │ ├─ awsx:x:ec2:Subnet default-vpc-public-1 created + + │ └─ awsx:x:ec2:Subnet default-vpc-public-0 created + + ├─ aws:ec2:Subnet second-rds-subnet created + + ├─ aws:ec2:Subnet first-rds-subnet created + + ├─ aws:ec2:InternetGateway app-gateway created + + ├─ aws:ec2:SecurityGroup rds-security-group created + + ├─ aws:rds:SubnetGroup rds-subnet-group created + + ├─ aws:ec2:RouteTable app-routetable created + + ├─ aws:ec2:MainRouteTableAssociation app-routetable-association created + + ├─ aws:rds:Instance postgresql-rds-server created + + ├─ pulumi:providers:postgresql postgresql-provider created + + ├─ postgresql:index:Database postgresql-database created + + ├─ postgresql:index:Role postgres-standard-role created + + └─ pulumi-nodejs:dynamic:Resource postgresql-votes-schema created + + Outputs: + URL: "client-side-listener-086d27d-bb5f264d141c31b7.elb.us-west-2.amazonaws.com" + + Resources: + + 63 created + + Duration: 4m2s + ``` + +1. View the DNS address of the instance via `pulumi stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + URL client-side-listener-086d27d-bb5f264d141c31b7.elb.us-west-2.amazonaws.com + ``` + +1. Verify that the ECS instance exists by connecting to it in a browser window. + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pulumi-miniflux.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pulumi-miniflux.md new file mode 100644 index 00000000000..d9241538889 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pulumi-miniflux.md @@ -0,0 +1,73 @@ +--- +title: "Run an RSS Service with Miniflux | TypeScript" +h1: "Run an RSS Service with Miniflux" +linktitle: "Run an RSS Service with Miniflux" +meta_desc: "Run an RSS Service with Miniflux How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +[Miniflux](https://miniflux.app/) is an open-source RSS service written in Go and backed by PostgreSQL. This example demonstrates how to stand up a Miniflux service using AWS Fargate and RDS. + +[![Deploy](https://get.pulumi.com/new/button.svg)](https://app.pulumi.com/new?template=https://github.com/pulumi/examples/blob/master/aws-ts-pulumi-miniflux/README.md) + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/). +1. [Install Node.js](https://www.pulumi.com/docs/intro/languages/javascript/). +1. Configure your [AWS credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/). + +### Deploying the App + +1. Clone this repo, change to this directory, then create a new [stack](https://www.pulumi.com/docs/intro/concepts/stack/) for the project: + + ```bash + pulumi stack init + ``` + +1. Apply the required configuration properties, making adjustments as you like, and taking care to choose strong passwords for the database user and service administrator (which will be stored as encrypted [Pulumi secrets](https://www.pulumi.com/docs/intro/concepts/secrets/): + + ```bash + pulumi config set aws:region us-west-2 + pulumi config set db_name miniflux + pulumi config set db_username miniflux + pulumi config set db_password --secret + pulumi config set admin_username admin + pulumi config set admin_password --secret + ``` + +1. With your configuration values applied, stand up the service: + + ```bash + pulumi up + ``` + +1. In a few minutes, your service will be up and running, with the service URL printed as a Pulumi [stack output](https://www.pulumi.com/docs/intro/concepts/stack/#outputs). + + ```bash + ... + Outputs: + url: "http://lb-f90d03f-5c638bd4535d4c6a.elb.us-west-2.amazonaws.com:8080" + ``` + + Sign in using the administrative user and password you configured above, and start RSSing! + +1. When you're ready, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pulumi-webhooks.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pulumi-webhooks.md new file mode 100644 index 00000000000..72917333d60 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-pulumi-webhooks.md @@ -0,0 +1,115 @@ +--- +title: "Pulumi Webhook Handler | TypeScript" +h1: "Pulumi Webhook Handler" +linktitle: "Pulumi Webhook Handler" +meta_desc: "Pulumi Webhook Handler How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example creates a Pulumi `cloud.HttpEndpoint` that will receive webhook events delivered +by Pulumi Cloud. It then echos the event to Slack. + +## Prerequisites +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) + - [Create an Organization](https://www.pulumi.com/docs/intro/console/organizations/) +2. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +## Steps + +After cloning this repo, run these commands from the working directory: + +1. Install prerequisites: + + ```bash + npm install + ``` + +1. Create a new Pulumi stack, which is an isolated deployment target for this example: + + ```bash + pulumi stack init + ``` + +1. Create a [Slack App](https://api.slack.com/apps): + + - Give your app the [`incoming-webhook`](https://api.slack.com/scopes/incoming-webhook) scope. + + - Add your Slack app to the Slack channel in which you want to post webhook events. + +1. Set the region for this program: + + ```bash + pulumi config set aws:region + ``` + +1. Set the Slack webhook for your app. You can find yours by going to `Features -> Incoming Webhooks` from your Slack app's API page. + + ```bash + pulumi config set slackWebhook --secret + ``` + +1. Set the Slack channel for your app. This should be the same channel in which you added your Slack app. For example, `#pulumi-events`. + + ```bash + pulumi config set slackChannel + ``` + +1. (Optional) Set the shared secret for your app. Webhook deliveries can optionally be signed with a shared secret token. The shared secret is given to Pulumi, and will be used to verify the contents of the message. You can find yours by going to `Settings -> Basic Information -> Signing Secret` from your Slack app's API page. + + ```bash + pulumi config set sharedSecret --secret + ``` + +1. Execute the Pulumi program: + + ```bash + pulumi up + ``` + +1. Retrieve our new URL: + + ```bash + pulumi stack output url + ``` + +1. Create a [Pulumi webhook](https://www.pulumi.com/docs/intro/console/extensions/webhooks/). Use the output from the previous step as the `Payload URL`. + +1. Ping our webhook by clicking `Ping` under `Deliveries` from your webhook's page. You should see the message `Just a friendly ping from Pulumi` in your Slack channel. + +1. From there, feel free to experiment. Simply making edits and running `pulumi up` will update your program. + +1. Afterwards, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + +## Troubleshooting + +### Message Delivery + +If you aren't seeing webhook deliveries in Slack, there are several places to look for more information. + +- Pulumi Cloud: If you go to the webhook's page within the Pulumi console, you can navigate to + recent webhook deliveries. If Pulumi Cloud has any trouble contacting your webhook handler, + you will see the error there. +- The Pulumi stack's logs: If the webhooks are being delivered, but aren't showing up in Slack for some + reason, you can view the webhook handler's runtime logs by running the `pulumi logs` command. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-redshift-glue-etl.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-redshift-glue-etl.md new file mode 100644 index 00000000000..6cc08e1c2f8 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-redshift-glue-etl.md @@ -0,0 +1,74 @@ +--- +title: "ETL pipeline with Amazon Redshift and AWS Glue | TypeScript" +h1: "ETL pipeline with Amazon Redshift and AWS Glue" +linktitle: "ETL pipeline with Amazon Redshift and AWS Glue" +meta_desc: "ETL pipeline with Amazon Redshift and AWS Glue How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +[![Deploy with Pulumi](https://get.pulumi.com/new/button.svg)](https://app.pulumi.com/new?template=https://github.com/pulumi/examples/tree/master/aws-ts-redshift-glue-etl) + +This example creates an ETL pipeline using Amazon Redshift and AWS Glue. The pipeline extracts data from an S3 bucket with a Glue crawler, transforms it with a Python script wrapped in a Glue job, and loads it into a Redshift database deployed in a VPC. + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/). +1. [Install Node.js](https://www.pulumi.com/docs/intro/languages/javascript/). +1. Configure your [AWS credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/). + +### Deploying the App + +1. Clone this repo, change to this directory, then create a new [stack](https://www.pulumi.com/docs/intro/concepts/stack/) for the project: + + ```bash + pulumi stack init + ``` + +1. Specify an AWS region to deploy into: + + ```bash + pulumi config set aws:region us-west-2 + ``` + + +1. Install Node dependencies and run Pulumi: + + ```bash + npm install + pulumi up + ``` + +1. In a few moments, the Redshift cluster and Glue components will be up and running and the S3 bucket name emitted as a Pulumi [stack output](https://www.pulumi.com/docs/intro/concepts/stack/#outputs). + + ```bash + ... + Outputs: + dataBucketName: "events-56e424a" + ``` + +1. Upload the included sample data file to S3 to verify the automation works as expected: + + ```bash + aws s3 cp events-1.txt s3://$(pulumi stack output dataBucketName) + ``` + +1. When you're ready, destroy your stack and remove it: + + ```bash + pulumi destroy --yes + pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-resources.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-resources.md new file mode 100644 index 00000000000..6a9a5deeede --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-resources.md @@ -0,0 +1,42 @@ +--- +title: "AWS Resources | TypeScript" +h1: "AWS Resources" +linktitle: "AWS Resources" +meta_desc: "AWS Resources How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A Pulumi program that demonstrates creating various AWS resources. + +```bash +# Create and configure a new stack +$ pulumi stack init aws-resources-dev +$ pulumi config set aws:region us-east-2 + +# Install dependencies +$ npm install + +# Preview and run the deployment +$ pulumi up + +# Remove the app +$ pulumi destroy +$ pulumi stack rm +``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ruby-on-rails.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ruby-on-rails.md new file mode 100644 index 00000000000..9040949fdd6 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-ruby-on-rails.md @@ -0,0 +1,87 @@ +--- +title: "Ruby on Rails Server Using Amazon EC2 | TypeScript" +h1: "Ruby on Rails Server Using Amazon EC2" +linktitle: "Ruby on Rails Server Using Amazon EC2" +meta_desc: "Ruby on Rails Server Using Amazon EC2 How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This is a conversion of the AWS CloudFormation Application Framework template for a basic Ruby on Rails server. +It creates a single EC2 virtual machine instance and uses a local MySQL database for storage. Sourced from +https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/sample-templates-appframeworks-us-west-2.html. + +## Deploying the App + +To deploy your Ruby on Rails application, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Set the required configuration variables for this program: + + ```bash + $ pulumi config set aws:region us-east-1 + $ pulumi config set dbUser [your-mysql-user-here] + $ pulumi config set dbPassword [your-mysql-password-here] --secret + $ pulumi config set dbRootPassword [your-mysql-root-password-here] --secret + ``` + +3. Stand up the VM, which will also install and configure Ruby on Rails and MySQL: + + ```bash + $ pulumi up + ``` + +4. After several minutes, your VM will be ready, and two stack outputs are printed: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + vmIP 53.40.227.82 + websiteURL http://ec2-53-40-227-82.us-west-2.compute.amazonaws.com/notes + ``` + +5. Visit your new website by entering the websiteURL into your browser, or running: + + ```bash + $ curl $(pulumi stack output websiteURL) + ``` + +6. From there, feel free to experiment. Simply making edits and running `pulumi up` will incrementally update your VM. + +7. Afterwards, destroy your stack and remove it: + + ```bash + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-s3-folder.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-s3-folder.md new file mode 100644 index 00000000000..6f4b909b9ce --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-s3-folder.md @@ -0,0 +1,101 @@ +--- +title: "Host a Static Website on Amazon S3 | TypeScript" +h1: "Host a Static Website on Amazon S3" +linktitle: "Host a Static Website on Amazon S3" +meta_desc: "Host a Static Website on Amazon S3 How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A static website that uses [S3's website support](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). +For a detailed walkthrough of this example, see the tutorial [Static Website on AWS S3](https://www.pulumi.com/docs/tutorials/aws/s3-website/). + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ```bash + $ pulumi stack init website-testing + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up` to preview and deploy changes. After the preview is shown you will be + prompted if you want to continue or not. + + ```bash + $ pulumi up + Previewing update of stack 'website-testing' + Previewing changes: + ... + + Updating stack 'website-testing' + Performing changes: + + Type Name Status Info + + pulumi:pulumi:Stack aws-js-s3-folder-website-testing created + + ├─ aws:s3:Bucket s3-website-bucket created + + ├─ aws:s3:BucketPolicy bucketPolicy created + + ├─ aws:s3:BucketObject favicon.png created + + └─ aws:s3:BucketObject index.html created + + info: 5 changes performed: + + 5 resources created + Update duration: *** + + Permalink: https://app.pulumi.com/*** + ``` + +1. To see the resources that were created, run `pulumi stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + bucketName s3-website-bucket-*** + websiteUrl ***.s3-website-us-west-2.amazonaws.com + ``` + +1. To see that the S3 objects exist, you can either use the AWS Console or the AWS CLI: + + ```bash + $ aws s3 ls $(pulumi stack output bucketName) + 2018-04-17 15:40:47 13731 favicon.png + 2018-04-17 15:40:48 249 index.html + ``` + +1. Open the site URL in a browser to see both the rendered HTML and the favicon: + + ```bash + $ pulumi stack output websiteUrl + ***.s3-website-us-west-2.amazonaws.com + ``` + + ![Hello S3 example](https://user-images.githubusercontent.com/274700/116912066-9384e300-abfc-11eb-8130-dbcff512a9de.png) + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-s3-lambda-copyzip.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-s3-lambda-copyzip.md new file mode 100644 index 00000000000..ac4887c641f --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-s3-lambda-copyzip.md @@ -0,0 +1,111 @@ +--- +title: "Serverless App to Copy and Zip Objects Between Amazon S3 Buckets | TypeScript" +h1: "Serverless App to Copy and Zip Objects Between Amazon S3 Buckets" +linktitle: "Serverless App to Copy and Zip Objects Between Amazon S3 Buckets" +meta_desc: "Serverless App to Copy and Zip Objects Between Amazon S3 Buckets How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example sets up two AWS S3 Buckets and a single Lambda that listens to one and, upon each new +object arriving in it, zips it up and copies it to the second bucket. Its architecture looks like this: + +![Architecture](https://raw.githubusercontent.com/pulumi/examples/master/aws-ts-s3-lambda-copyzip/arch.png) + +This example is also featured in the blog post [Easy Serverless Apps and Infrastructure -- +Real Events, Real Code](https://www.pulumi.com/blog/easy-serverless-apps-and-infrastructure-real-events-real-code/). + +## Deploying the App + +To deploy your new serverless application, follow the below steps. + +### Prerequisites + +0. [Ensure you have Node.js](https://nodejs.org/en/download/) +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +0. Install Node.js dependencies, either using NPM or Yarn: + + ```bash + $ npm install + ``` + +1. Create a new Pulumi stack, which is an isolated environment for this example: + + ```bash + $ pulumi stack init + ``` + + This will ask you to give your stack a name; `dev` is a fine name to begin with. + +2. Configure the AWS region for this program -- any valid AWS region will do: + + ```bash + $ pulumi config set aws:region us-east-1 + ``` + +3. Deploy the application: + + ```bash + $ pulumi up + ``` + +4. After about 20 seconds, your buckets and lambda will have been deployed. Their names are printed: + + ```bash + Outputs: + tpsReportsBucket: "tpsreports-21b7b7a" + tpsZipsBucket : "tpszips-c869600" + ``` + +5. Now copy a file to the `tpsReportsBucket` using the AWS CLI: + + ```bash + $ aws s3 cp ./myTpsReport001.txt s3://$(pulumi stack output tpsReportsBucket) + ``` + +6. Tail the logs to see evidence the Lambda ran: + + ```bash + $ pulumi logs -f + Collecting logs for stack dev since 2019-03-10T10:09:56.000-07:00... + 2019-03-10T11:10:48.617-07:00[zipTpsReports] Zipping + tpsreports-96458ef/tps001.txt into tpszips-edfde11/tps001.txt.zip + ``` + +7. ^C out of `pulumi logs -f`, and then download your new zipfile! + + ```bash + $ aws s3 cp s3://$(pulumi stack output tpsZipsBucket)/myTpsReport001.txt.zip . + ``` + +7. Once you're done, destroy your stack and remove it -- eliminating all traces of running: + + ```bash + # First, delete files so we can destroy the buckets (by default, bucket content isn't auto-deleted): + $ aws s3 rm s3://$(pulumi stack output tpsReportsBucket)/myTpsReport001.txt + $ aws s3 rm s3://$(pulumi stack output tpsZipsBucket)/myTpsReport001.txt.zip + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-scheduled-function.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-scheduled-function.md new file mode 100644 index 00000000000..4afc5e56cfb --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-scheduled-function.md @@ -0,0 +1,80 @@ +--- +title: "Scheduled Function on AWS | TypeScript" +h1: "Scheduled Function on AWS" +linktitle: "Scheduled Function on AWS" +meta_desc: "Scheduled Function on AWS How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple function in AWS that executes based on a schedule using CloudWatch. + +In this example, an S3 Bucket will be created. A function will run every Friday at 11:00pm UTC +that will delete all of the objects it contains. + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-1 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update of stack 'dev' + ... + + Updating (dev): + + Type Name Status + + pulumi:pulumi:Stack aws-ts-scheduled-function-dev created + + ├─ aws:cloudwatch:EventRuleEventSubscription emptyTrash created + + │ ├─ aws:cloudwatch:EventRule emptyTrash created + + │ ├─ aws:iam:Role emptyTrash created + + │ ├─ aws:iam:RolePolicyAttachment emptyTrash-32be53a2 created + + │ ├─ aws:lambda:Function emptyTrash created + + │ ├─ aws:cloudwatch:EventTarget emptyTrash created + + │ └─ aws:lambda:Permission emptyTrash created + + └─ aws:s3:Bucket trash created + + Outputs: + bucketName: "trash-28693b6" + + Resources: + + 9 created + + Duration: 16s + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-secrets-manager.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-secrets-manager.md new file mode 100644 index 00000000000..2d2edc14078 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-secrets-manager.md @@ -0,0 +1,73 @@ +--- +title: "Setup AWS Secrets manager | TypeScript" +h1: "Setup AWS Secrets manager" +linktitle: "Setup AWS Secrets manager" +meta_desc: "Setup AWS Secrets manager How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple program that creates an AWS secret and a version under AWS Secrets Manager + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-1 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (dev) + ... + + Updating (dev) + + View Live: https://app.pulumi.com/acmecorp/aws-secrets-manager/dev/updates/1 + + Type Name Status + + pulumi:pulumi:Stack aws-secrets-manager-dev created + + ├─ aws:secretsmanager:Secret secretContainer created + + └─ aws:secretsmanager:SecretVersion secret created + + Outputs: + secretContainerId: "arn:aws:secretsmanager:us-east-1:xxxxxxxx:secret:secretContainer-369b7ea-Wrt9Ba" + + Resources: + + 3 created + + Duration: 8s + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-serverless-datawarehouse.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-serverless-datawarehouse.md new file mode 100644 index 00000000000..3a570d321bf --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-serverless-datawarehouse.md @@ -0,0 +1,267 @@ +--- +title: "Serverless Datawarehouse | TypeScript" +h1: "Serverless Datawarehouse" +linktitle: "Serverless Datawarehouse" +meta_desc: "Serverless Datawarehouse How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +A sample project that deploys a serverless data warehouse. This highly scalable data warehouse is pay as you go, scales read and write workload independently, and uses fully managed services. + +![Serverless Data Warehouse Architecture](https://raw.githubusercontent.com/pulumi/examples/master/aws-ts-serverless-datawarehouse/architecture.png) + +## Deploy and run the program +1. Create a new stack +```sh +pulumi stack init dev +``` + +2. Install dependencies +```sh +npm install +``` + +3. Deploy + +```sh +pulumi up +``` + +4. Open Athena in the AWS Console, and perform some queries: + +```sql +select * from analytics_dw.clicks; +``` + +5. Clean up the stack +``` +pulumi destroy +``` + +## Testing + +### Unit Tests +```sh +npm run test:unit +``` +### Integration Tests +There is an integration test that deploys a fresh stack, ingests sample data, and verifies that the data can be queried on the other end through Athena. + +Because `ServerlessDataWarehouse` statically names Glue Databases, the integration test will fail with a `409 conflict` if you already have a dev stack running. + +```sh +# make sure you have run a pulumi destroy against your dev stack first +npm run test:int +``` + +## API + +### `ServerlessDataWarehouse: class` +A container for your data warehouse that creates and manages a Glue Database, an S3 Bucket to store data, and another S3 bucket for Athena query results. + +### Constructor + +#### `ServerlessDataWarehouse(name: string, args?: DataWarehouseArgs, opts?: pulumi.ComponentResourceOptions)` + +Parameters: +- `name: string`: Name of the Pulumi resource. Will also be used for the Glue Database. +- `args: DataWarehouseArgs`: + - `database?: aws.glue.CatalogDatabase`: optionally provide an existing Glue Database. + - `isDev?: boolean`: flag for development, enables force destroy on S3 buckets to simplify stack teardown. + +```ts +const dataWarehouse = new ServerlessDataWarehouse("analytics_dw"); + +// make available as pulumi stack output +export dwBucket = dataWarehouse.dataWarehouseBucket; +``` + + +### Members: +- `dataWarehouseBucket: aws.s3.bucket`: Bucket to store table data. +- `queryResultsBucket: aws.s3.Bucket`: Bucket used by Athena for query output. +- `database: aws.glue.CatalogDatabase`: Glue Database to hold all tables created through method calls. + +### Methods: +#### `withTable: function` + +Creats a glue table owned by creates a Glue Table owned by `this.database` configured to read data from `${this.dataWarehouseBucket}/${name}` + +Parameters: +- `name: string`: The name of the table. The table will be configured to read data from `${this.dataWarehouseBucket}/${name}`. +- `args: TableArgs`: + - `columns: input.glue.CatalogTableStorageDescriptorColumn[]`: Description of the schema. + - `partitionKeys?: input.glue.CatalogTablePartitionKey[]`: Partition keys to be associated with the schema. + - `dataFormat?: "JSON" | "parquet"`: Specifies the encoding of files written to `${this.dataWarehouseBucket}/${name}`. Defaults to parquet. Will be used to configure serializers and metadata that enable Athena and other engines to execute queries. + +```ts +const factTableName = "facts"; +const factColumns = [ + { + name: "thing", + type: "string" + }, + { + name: "color", + type: "string" + } +]; + +const factTableArgs: TableArgs = { + columns: factColumns, + dataFormat: "JSON" +}; + +dataWarehouse.withTable("facts", factTableArgs); +``` + +#### `withStreamingBatchInputTable: function` +Creates a table implements the above architecture diagram. It creates a Kinesis input stream for JSON records, a Glue Table, and Kinesis Firehose that vets JSON records against the schema, converts them to parquet, and writes files into hourly folders `${dataWarehouseBucket}/${tableName}/YYYY/MM/DD/HH`. Partitions are automatically registered for a key `inserted_at="YYYY/MM/DD/HH` to enable processing time queries. + +Parameters: +- `name: string`: The name of the table. The table will be configured to read data from `${this.dataWarehouseBucket}/${name}`. +- `args: StreamingInputTableArgs` + - `columns: input.glue.CatalogTableStorageDescriptorColumn[]`: Description of the schema. + - `inputStreamShardCount: number`: Number of shards to provision for the input Kinesis steam. This is how you scale your write workload. + - `region: string`: region to localize resources like Kinesis and Lambda + - `partitionKeyName?: string`: Name of the `YYYY/MM/DD/HH` partition key. Defaulst to `inserted_at`. + - `partitionScheduleExpression?: string` AWS Lambda cron expression used to schedule the job that writes partition keys to Glue. Defaults to `rate(1 hour)`. Useful for development or integration testing where you want to ensure that partitions are writtin in a timely manner. +- `fileFlushIntervalSeconds?: number`: Period in seconds that Kinesis shards flush files to S3. Defaults to the max of 900 (15 minutes). Min 60 seconds. + +```ts +const columns = [ + { + name: "id", + type: "string" + }, + { + name: "session_id", + type: "string" + }, + { + name: "event_time", + type: "string" + } +]; + +const impressionsTableName = "impressions"; + +const streamingTableArgs: StreamingInputTableArgs = { + columns, + inputStreamShardCount: 1, + region: "us-west-2", + partitionScheduleExpression: "rate(1 minute)", + fileFlushIntervalSeconds: 60 +}; + + +const dataWarehouse = new ServerlessDataWarehouse("analytics_dw", { isDev }) + .withStreamingInputTable("impressions", streamingTableArgs); +``` + + +#### `withBatchInputTable: function` + +Designed for batch loading tables on a regular cadence. Creates a Glue Table and executes the user specified function on the specified interval. Function runs inside of Lambda, and must be able to operate within the Lambda runtime constraints on memory, disk, and execution time. Runs with 3GB RAM, 500MB disk, and 15 min timeout. + +Parameters: +- `name: string`: The name of the table. The table will be configured to read data from `${this.dataWarehouseBucket}/${name}`. +- `args: BatchInputTableArgs`: + - `columns: input.glue.CatalogTableStorageDescriptorColumn[]`: Description of the schema. + - `partitionKeys?: input.glue.CatalogTablePartitionKey[]`: Partition keys to be associated with the schema. + - `jobFn: (event: EventRuleEvent) => any`: Code to be executed in the lambda that will write data to `${this.dataWarehouseBucket}/${name}`. + - `scheduleExpression: string`: AWS Lambda cron expression that `jobFn` will execute on. + - `policyARNsToAttach?: pulumi.Input[]`: List of ARNs needed by the Lambda role for `jobFn` to run successfully. (Athena access, S3 access, Glue access, etc). + - `dataFormat?: "JSON" | "parquet"`: Specifies the encoding of files written to `${this.dataWarehouseBucket}/${name}`. Defaults to parquet. Will be used to configure serializers and metadata that enable Athena and other engines to execute queries. + +```ts +const aggregateTableName = "aggregates"; + +const aggregateTableColumns = [ + { + name: "event_type", + type: "string" + }, + { + name: "count", + type: "int" + }, + { + name: "time", + type: "string" + } +]; + +// Function reads from other tables via Athena and writes JSON to S3. +const aggregationFunction = async (event: EventRuleEvent) => { + const athena = require("athena-client"); + const bucketUri = `s3://${athenaResultsBucket.get()}`; + const clientConfig = { + bucketUri + }; + const awsConfig = { + region + }; + const athenaClient = athena.createClient(clientConfig, awsConfig); + let date = moment(event.time); + const partitionKey = date.utc().format("YYYY/MM/DD/HH"); + const getAggregateQuery = (table: string) => `select count(*) from ${databaseName.get()}.${table} where inserted_at='${partitionKey}'`; + const clicksPromise = athenaClient.execute(getAggregateQuery(clicksTableName)).toPromise(); + const impressionsPromise = athenaClient.execute(getAggregateQuery(impressionsTableName)).toPromise(); + + const clickRows = await clicksPromise; + const impressionRows = await impressionsPromise; + const clickCount = clickRows.records[0]['_col0']; + const impressionsCount = impressionRows.records[0]['_col0']; + const data = `{ "event_type": "${clicksTableName}", "count": ${clickCount}, "time": "${partitionKey}" }\n{ "event_type": "${impressionsTableName}", "count": ${impressionsCount}, "time": "${partitionKey}"}`; + const s3Client = new S3(); + await s3Client.putObject({ + Bucket: dwBucket.get(), + Key: `${aggregateTableName}/${partitionKey}/results.json`, + Body: data + }).promise(); +}; + +const policyARNsToAttach: pulumi.Input[] = [ + aws.iam.ManagedPolicies.AmazonAthenaFullAccess, + aws.iam.ManagedPolicies.AmazonS3FullAccess +]; + +const aggregateTableArgs: BatchInputTableArgs = { + columns: aggregateTableColumns, + jobFn: aggregationFunction, + scheduleExpression, + policyARNsToAttach, + dataFormat: "JSON", +} + +dataWarehouse.withBatchInputTable(aggregateTableName, aggregateTableArgs); +``` + +#### `getTable: function` +Retrieves a table with the specified name. + +Parameters: +- `name: string` the name of the `ServerlessDataWarehouse` owned table to retrieve. + +#### `listTables: function` +Returns an array of table names managed by this data warehouse. + +#### `getInputStream: function` +Retrieves the input stream associated with the specified table name, if any. + +Parameters: +- `tableName: string`: Name of the table to find an associated inputStream for. diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-serverless-raw.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-serverless-raw.md new file mode 100644 index 00000000000..0b7df749af4 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-serverless-raw.md @@ -0,0 +1,101 @@ +--- +title: "Serverless C# App | TypeScript" +h1: "Serverless C# App" +linktitle: "Serverless C# App" +meta_desc: "Serverless C# App How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example deploys a complete serverless C# application using raw `aws.apigateway.RestAPI`, `aws.lambda.Function` and +`aws.dynamodb.Table` resources from `@pulumi/aws`. Although this doesn't feature any of the higher-level abstractions +from the `@pulumi/cloud` package, it demonstrates that you can program the raw resources directly available in AWS +to accomplish all of the same things this higher-level package offers. + +The deployed Lambda function is a simple C# application, highlighting the ability to manage existing application code +in a Pulumi application, even if your Pulumi code is written in a different language like JavaScript or Python. + +The Lambda function is a C# application using .NET Core 3.1 (a similar approach works for any other language supported by +AWS Lambda). + +## Deploying and running the Pulumi App + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Build the C# application. + + ```bash + dotnet publish app + ``` + +1. Set the AWS region: + + ```bash + $ pulumi config set aws:region us-east-2 + ``` + +1. Optionally, set AWS Lambda provisioned concurrency: + + ```bash + $ pulumi config set provisionedConcurrency 1 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (dev): + ... + + Updating (dev): + ... + Resources: + + 10 created + Duration: 1m 20s + ``` + +1. Check the deployed GraphQL endpoint: + + ``` + $ curl $(pulumi stack output endpoint)/hello + {"Path":"/hello","Count":0} + ``` + +1. See the logs + + ``` + $ pulumi logs -f + 2018-03-21T18:24:52.670-07:00[ mylambda-d719650] START RequestId: d1e95652-2d6f-11e8-93f6-2921c8ae65e7 Version: $LATEST + 2018-03-21T18:24:56.171-07:00[ mylambda-d719650] Getting count for '/hello' + 2018-03-21T18:25:01.327-07:00[ mylambda-d719650] Got count 0 for '/hello' + 2018-03-21T18:25:02.267-07:00[ mylambda-d719650] END RequestId: d1e95652-2d6f-11e8-93f6-2921c8ae65e7 + 2018-03-21T18:25:02.267-07:00[ mylambda-d719650] REPORT RequestId: d1e95652-2d6f-11e8-93f6-2921c8ae65e7 Duration: 9540.93 ms Billed Duration: 9600 ms Memory Size: 128 MB Max Memory Used: 37 MB + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-slackbot.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-slackbot.md new file mode 100644 index 00000000000..22c873aa654 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-slackbot.md @@ -0,0 +1,204 @@ +--- +title: "Create a Slackbot for Posting Mention Notifications | TypeScript" +h1: "Create a Slackbot for Posting Mention Notifications" +linktitle: "Create a Slackbot for Posting Mention Notifications" +meta_desc: "Create a Slackbot for Posting Mention Notifications How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This is an example of a simple Slackbot (called '@mentionbot') that posts a notification to a specific channel any time you're @mentioned anywhere, whether in various channels or via direct message. This bot is useful for when you need a time-ordered list of @mentions to go through at a later point. + +Slack users can subscribe/unsubscribe from notifications easily. To receive notifications, add `@mentionbot` to a channel you want to be notified in. Then send any message to `@mentionbot` to subscribe. To stop getting messages, send a message to `@mentionbot` containing the word `unsubscribe`. + +This Slackbot example contains a few useful patterns, showing you how to create a Slackbot while taking advantage of a lot of conveniences that Pulumi and the `aws` and `awsx` packages provide. + +1. We set up an ApiGateway API to receive push notifications from Slack whenever important events happen. +2. Slack has strict requirements on how quickly the push endpoint must respond with `200` notifications before they consider the message as "not received", triggering back-off and resending of those same messages. For this reason, our example does not process Slack `event` messages as they come in. Instead, they are immediately added to an [AWS SNS Topic](https://aws.amazon.com/sns/) to be processed at a later point in time. This allows the ApiGateway call to return quickly, satisfying Slack's requirements. +3. Two [AWS Lambdas](https://aws.amazon.com/lambda/) are created naturally using simple JavaScript functions. One function is used to create the Lambda that is called when Slack pushes a notification. The other is used to specify the Lamdba that will process the messages added to the Topic. These JavaScript functions can easily access the other Pulumi resources created, avoiding the need to figure out ways to pass Resource ARNs/IDs/etc. to the Lambdas to ensure they can talk to the right resources. If these resources are swapped out in the future (for example, using RDS instead of DynamoDB, or SQS instead of SNS), Pulumi will make sure that the Lambdas were updated properly. +4. [Pulumi Secrets](https://www.pulumi.com/docs/intro/concepts/secrets/) provides a simple way to pass important credentials (like your Slack tokens) without having to directly embed them in your application code. + +First, we'll set up the Pulumi App. Then, we'll go create and configure a Slack App and Bot to interact with our Pulumi App. + +## Deploy the App + +> **Note:** Some values in this example will be different from run to run. These values are indicated +with `***`. + +### Step 1: Create a new stack + +```bash +$ pulumi stack init mentionbot +``` + +### Step 2: Set the AWS region + +``` +$ pulumi config set aws:region us-east-2 +``` + +### Step 3: Restore NPM modules + +Run `npm install` or `yarn install` to restore your NPM modules. + +### Step 4: Preview and deploy your app + +Run `pulumi up` to preview and deploy your AWS resources. + +``` +$ pulumi up +Previewing update (mentionbot): +... + + Do you want to perform this update? yes + Updating (mentionbot): + + Type Name Status + + pulumi:pulumi:Stack aws-ts-slack-mentionbot created + + ├─ aws:sns:TopicEventSubscription processTopicMessage created + + │ ├─ aws:iam:Role processTopicMessage created + + │ ├─ aws:iam:RolePolicyAttachment processTopicMessage-32be53a2 created + + │ ├─ aws:lambda:Function processTopicMessage created + + │ ├─ aws:sns:TopicSubscription processTopicMessage created + + │ └─ aws:lambda:Permission processTopicMessage created + + ├─ aws:apigateway:x:API mentionbot created + + │ ├─ aws:iam:Role mentionbot8e3f228c created + + │ ├─ aws:iam:RolePolicyAttachment mentionbot8e3f228c-32be53a2 created + + │ ├─ aws:lambda:Function mentionbot8e3f228c created + + │ ├─ aws:apigateway:RestApi mentionbot created + + │ ├─ aws:apigateway:Deployment mentionbot created + + │ ├─ aws:lambda:Permission mentionbot-89b3ba11 created + + │ └─ aws:apigateway:Stage mentionbot created + + ├─ aws:dynamodb:Table subscriptions created + + └─ aws:sns:Topic messages created + + Outputs: + url: "https://***.execute-api.us-east-2.amazonaws.com/stage/" + + Resources: + + 17 created + + Duration: 25s + + Permalink: https://app.pulumi.com/***/mentionbot/updates/1 +``` + +### Step 5: Create a new Slackbot + +To create a new Slackbot, first go to https://api.slack.com/apps and create an account if necessary. Next, click on 'Create New App' here: + +

+ +

+ +Pick your desired name for the app, and the Workspace the app belongs to. Here we choose `MentionBot`: + +

+ +

+ +Once created, you will need to 'Add features and functionality' to your app. You'll eventually need all these configured: + +

+ +

+ +First, we'll enable 'Incoming Webhooks'. This allows your Slack bot to post messages into Slack for you: + +

+ +

+ +Next, create a bot user like so: + +

+ +

+ +Next, we'll enable 'Event Subscriptions'. This will tell Slack to push events to your ApiGateway endpoint when changes happen. Note that we put the Stack-Output `url` shown above (along with the `events` suffix). This corresponds to the specific ApiGateway Route that was defined in the Pulumi app. Note that Slack will test this endpoint to ensure it is accepting Slack notifications and responding to them in a valid manner. We'll also setup notifications for the events we care about. Importantly, our Slackbot will have to hear about when people mention it (for subscribing/unsubscribing), as well as hearing about all messages (so it can look for @-mentions): + +

+ + +

+ +Next, we'll go to 'Permissions'. Here, we can find the OAuth tokens your Pulumi App will need. Specifically, we'll need the 'Bot User OAuth Token' listed here: + +

+ +

+ +Underneath this, we'll set the following Scopes defining the permissions of the bot: + +

+ +

+ +Now, we're almost done. The only thing left to do is supply your Pulumi App with the appropriate secrets/tokens. We'll need the Bot OAuth token (shown above), and the 'Verification Token' (found under 'Basic Information'): + +

+ +

+ +Supply these both like so: + +``` +$ pulumi config set --secret mentionbot:slackToken xoxb-... +$ pulumi config set --secret mentionbot:verificationToken d... +``` + +Next, install the Slack App into your workspace: + +

+ +

+ +And we're done! + +### Step 6: Interact with the Slackbot + +From Slack you can now create your own private channel: + +

+ +

+ +Invite the bot to the channel: + +

+ +

+ +Then send it a message. Note that it may take several seconds for the bot to respond due to Slack push notification delays, SNS Topic delays, and Slack incoming message delays. + +

+ +

+ +And you're set! From now on when someone from your team mentions you, you'll get a little message with a direct mention in your channel like so: + +

+ +

+ +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stackreference-architecture.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stackreference-architecture.md new file mode 100644 index 00000000000..5c3905eb233 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stackreference-architecture.md @@ -0,0 +1,191 @@ +--- +title: "AWS StackReference Architecture | TypeScript" +h1: "AWS StackReference Architecture" +linktitle: "AWS StackReference Architecture" +meta_desc: "AWS StackReference Architecture How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +This will deploy a Data VPC and an application VPC that is peered. It will deploy an RDS Instance into the Data VPC and it will +run a sample application in ECS that is fronted with an ALB. + +The system has the following layers and need to be deployed in the following order to allow the correct data to be used +between the system: + +1. Networking +2. Database +3. Application + +## Pre-Requisites + +1. [Install Pulumi](https://www.pulumi.com/docs/reference/install). +1. Install [Node.js](https://nodejs.org/en/download). +1. Install a package manager for Node.js, such as [NPM](https://www.npmjs.com/get-npm) or [Yarn](https://yarnpkg.com/lang/en/docs/install). +1. [Configure AWS Credentials](https://www.pulumi.com/docs/reference/clouds/aws/setup/). + +## Network + +1. Change to the networking project + ```bash + cd networking + ``` + +1. Install the dependencies. + + ```bash + npm install + ``` + +1. Create a new Pulumi stack named `dev`. + + ```bash + pulumi stack init dev + ``` + +1. Set the Pulumi configuration variables for the project. + + ```bash + pulumi config set aws:region us-west-2 + ``` + + If you wish to control the number of availability zones that the VPC will be created within, you can do this by setting: + + ```bash + pulumi config set azCount 3 + ``` + +1. Deploy the networking stack + + ```bash + pulumi up + ``` + + +## Database + +1. Change to the database project + ```bash + cd database + ``` + +1. Install the dependencies. + + ```bash + npm install + ``` + +1. Create a new Pulumi stack named `dev`. + + ```bash + pulumi stack init dev + ``` + +1. Set the Pulumi configuration variables for the project: + + ```bash + pulumi config set aws:region us-west-2 + pulumi config set dbUsername MyRootUser + pulumi config set dbPassword --secret MyPassword1234! + ``` + + You need to set a stack reference to the networking stack so that the RDS Instance can be deployed into the correct VPC + that was created in the networking stack. The stack needs to be in the form `//` + e.g. `myUsername/multicloud/dev`: + + ```bash + pulumi config set networkingStack stack72/networking-layer/dev + ``` + + If you wish to specify an initial database name in the RDS Instance, then you can do so by setting the following: + + ```bash + pulumi config set dbName myDatbaseName + ``` + +1. Deploy the database stack + + ```bash + pulumi up + ``` + +## Application + +1. Change to the application project + ```bash + cd application + ``` + +1. Install the dependencies. + + ```bash + npm install + ``` + +1. Create a new Pulumi stack named `dev`. + + ```bash + pulumi stack init dev + ``` + +1. Set the Pulumi configuration variables for the project: + + ```bash + pulumi config set aws:region us-west-2 + ``` + + You need to set a stack reference to the networking stack so that the RDS Instance can be deployed into the correct VPC + that was created in the networking stack. The stack needs to be in the form `//`: + + ```bash + pulumi config set networkingStack stack72/networking-layer/dev + ``` + + You need to set a stack reference to the database stack so that the Application Instance can get the correct credentials + and database information for application startup. The stack needs to be in the form `//`: + + ```bash + pulumi config set application-layer:databaseStack stack72/database-layer/dev + ``` + +1. Deploy the application stack + + ```bash + pulumi up + ``` + +You can then take the output `albAddress` and hit it with `curl` or in the browser to see the application running. + +## Clean Up + +In each of the directories, run the following command to tear down the resources that are part of our +stack. + +1. Run `pulumi destroy` to tear down all resources. You'll be prompted to make + sure you really want to delete these resources. + + ```bash + pulumi destroy + ``` + +1. To delete the stack, run the following command. + + ```bash + pulumi stack rm + ``` + > **Note:** This command deletes all deployment history from the Pulumi + > Console and cannot be undone. + + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stackreference.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stackreference.md new file mode 100644 index 00000000000..b3dded437a5 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stackreference.md @@ -0,0 +1,204 @@ +--- +title: "StackReference Example | TypeScript" +h1: "StackReference Example" +linktitle: "StackReference Example" +meta_desc: "StackReference Example How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +This example creates a "team" EC2 Instance with tags set from _upstream_ "company" and "department" +stacks via [StackReference](https://www.pulumi.com/docs/intro/concepts/stack/#stackreferences). + +``` +/** + * company + * └─ department + * └─ team + */ +``` + +## Getting Started + +1. Change directory to `company` and install dependencies. + + ```bash + $ cd company + $ npm install + ``` + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the required configuration variables: + + ```bash + $ pulumi config set companyName 'ACME Widget Company' + ``` + +1. Deploy everything with the `pulumi up` command. + + ```bash + $ pulumi up + Previewing update (dev): + + Type Name Plan + + pulumi:pulumi:Stack aws-ts-stackreference-company-dev create + + Resources: + + 1 to create + + Do you want to perform this update? yes + Updating (dev): + + Type Name Status + + pulumi:pulumi:Stack aws-ts-stackreference-company-dev created + + Outputs: + companyName: "ACME Widget Company" + + Resources: + + 1 created + + Duration: 1s + + Permalink: https://app.pulumi.com/clstokes/aws-ts-stackreference-company/dev/updates/1 + ``` + +1. Change directory to `department` and install dependencies. + + ```bash + $ cd ../department + $ npm install + ```` + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the required configuration variables: + + ```bash + $ pulumi config set departmentName 'E-Commerce' + ``` + +1. Deploy everything with the `pulumi up` command. + + ```bash + $ pulumi up + Previewing update (dev): + + Type Name Plan + + pulumi:pulumi:Stack aws-ts-stackreference-department-dev create + + Resources: + + 1 to create + + Do you want to perform this update? yes + Updating (dev): + + Type Name Status + + pulumi:pulumi:Stack aws-ts-stackreference-department-dev created + + Outputs: + departmentName: "E-Commerce" + + Resources: + + 1 created + + Duration: 1s + + Permalink: https://app.pulumi.com/clstokes/aws-ts-stackreference-department/dev/updates/1 + ``` + +1. Change directory to `team` and install dependencies. + + ```bash + $ cd ../team + $ npm install + ```` + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the required configuration variables, replacing `YOUR_ORG` with the name of your Pulumi organization: + + ```bash + $ pulumi config set companyStack YOUR_ORG/aws-ts-stackreference-company/dev + $ pulumi config set departmentStack YOUR_ORG/aws-ts-stackreference-department/dev + $ pulumi config set teamName 'Frontend Dev' + $ pulumi config set aws:region us-west-2 # any valid AWS zone works + ``` + +1. Deploy everything with the `pulumi up` command. + + ```bash + $ envchain aws pulumi up + Previewing update (dev): + + Type Name Plan + + pulumi:pulumi:Stack aws-ts-stackreference-team-dev create + >- ├─ pulumi:pulumi:StackReference clstokes/aws-ts-stackreference-department/dev read + >- ├─ pulumi:pulumi:StackReference clstokes/aws-ts-stackreference-company/dev read + + └─ aws:ec2:Instance tagged create + + Resources: + + 2 to create + + Do you want to perform this update? yes + Updating (dev): + + Type Name Status + + pulumi:pulumi:Stack aws-ts-stackreference-team-dev created + >- ├─ pulumi:pulumi:StackReference clstokes/aws-ts-stackreference-company/dev read + >- ├─ pulumi:pulumi:StackReference clstokes/aws-ts-stackreference-department/dev read + + └─ aws:ec2:Instance tagged created + + Outputs: + instanceId : "i-0a9ede9c446503903" + instanceTags: { + Managed By: "Pulumi" + company : "ACME Widget Company" + department: "E-Commerce" + team : "Frontend Dev" + } + + Resources: + + 2 created + + Duration: 28s + + Permalink: https://app.pulumi.com/clstokes/aws-ts-stackreference-team/dev/updates/1 + ``` + + +## Clean Up + +1. Once you are done, destroy all of the resources and the stack. Repeat this in each +of the `company`, `department`, and `team` directories from above that you ran `pulumi up` within. + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-static-website.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-static-website.md new file mode 100644 index 00000000000..a0cbd2fb216 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-static-website.md @@ -0,0 +1,161 @@ +--- +title: "Secure Static Website Using Amazon S3, CloudFront, Route53, and Certificate Manager | TypeScript" +h1: "Secure Static Website Using Amazon S3, CloudFront, Route53, and Certificate Manager" +linktitle: "Secure Static Website Using Amazon S3, CloudFront, Route53, and Certificate Manager" +meta_desc: "Secure Static Website Using Amazon S3, CloudFront, Route53, and Certificate Manager How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example serves a static website using TypeScript and AWS. + +This sample uses the following AWS products: + +- [Amazon S3](https://aws.amazon.com/s3/) is used to store the website's contents. +- [Amazon CloudFront](https://aws.amazon.com/cloudfront/) is the CDN serving content. +- [Amazon Route53](https://aws.amazon.com/route53/) is used to set up the DNS for the website. +- [Amazon Certificate Manager](https://aws.amazon.com/certificate-manager/) is used for securing things via HTTPS. + +## Getting Started + +Install prerequisites with: + +```bash +npm install +``` + +Configure the Pulumi program using ```pulumi config set KEY VALUE```. There are several configuration settings that need to be +set: + +- `certificateArn` - ACM certificate to serve content from. ACM certificate creation needs to be + done manually. Also, any certificate used to secure a CloudFront distribution must be created + in the `us-east-1` region. +- `targetDomain` - The domain to serve the website at (e.g. www.example.com). It is assumed that + the parent domain (example.com) is a Route53 Hosted Zone in the AWS account you are running the + Pulumi program in. +- `pathToWebsiteContents` - Directory of the website's contents. e.g. the `./www` folder. +- `includeWWW` - If true this will create an additional alias record for the www subdomain to your cloudfront distribution. + +## How it works + +The Pulumi program constructs the S3 bucket, and constructs an `aws.s3.BucketObject` object +for every file in `config.pathToWebsiteContents`. This is essentially tracks every file on +your static website as a Pulumi-managed resource. So a subsequent `pulumi up` where the +file's contents have changed will result in an update to the `aws.s3.BucketObject` resource. + +Note how the `contentType` property is set by calling the NPM package [mime](https://www.npmjs.com/package/mime). + +```typescript +const contentFile = new aws.s3.BucketObject( + relativeFilePath, + { + key: relativeFilePath, + + acl: "public-read", + bucket: contentBucket, + contentType: mime.getType(filePath) || undefined, + source: new pulumi.asset.FileAsset(filePath), + }); +``` + +The Pulumi program then creates an `aws.cloudfront.Distribution` resource, which will serve +the contents of the S3 bucket. The CloudFront distribution can be configured to handle +things like custom error pages, cache TTLs, and so on. If `includeWWW` is set to true both the +cloudfront distribution and any generated certificate will contain an alias for accessing the site +from the www subdomain. + +Finally, an `aws.route53.Record(s)` is created to associate the domain name (example.com) +with the CloudFront distribution (which would be something like d3naiyyld9222b.cloudfront.net). + +```typescript +return new aws.route53.Record( + targetDomain, + { + name: domainParts.subdomain, + zoneId: hostedZone.zoneId, + type: "A", + aliases: [ + { + name: distribution.domainName, + zoneId: distribution.hostedZoneId, + evaluateTargetHealth: true, + }, + ], + }); +``` + +## Troubleshooting + +### Scary HTTPS Warning + +When you create an S3 bucket and CloudFront distribution shortly after one another, you'll see +what looks to be HTTPS configuration issues. This has to do with the replication delay between +S3, CloudFront, and the world-wide DNS system. + +Just wait 15 minutes or so, and the error will go away. Be sure to refresh in an incognito +window, which will avoid any local caches your browser might have. + +### "PreconditionFailed: The request failed because it didn't meet the preconditions" + +Sometimes updating the CloudFront distribution will fail with: + +```text +"PreconditionFailed: The request failed because it didn't meet the preconditions in one or more +request-header fields." +``` +This is caused by CloudFront confirming the ETag of the resource before applying any updates. +ETag is essentially a "version", and AWS is rejecting any requests that are trying to update +any version but the "latest". + +This error will occur when the state of the ETag get out of sync between Pulumi Cloud +and AWS. (This can happen when inspecting the CloudFront distribution in the AWS console.) + +You can fix this by running `pulumi refresh` to pickup the newer ETag values. + +## Deployment Speed + +This example creates a `aws.S3.BucketObject` for every file served from the website. When deploying +large websites, that can lead to very long updates as every individual file is checked for any +changes. + +It may be more efficient to not manage individual files using Pulumi and and instead just use the +AWS CLI to sync local files with the S3 bucket directly. + +Remove the call to `crawlDirectory` and run `pulumi up`. Pulumi will then delete the contents +of the S3 bucket, and no longer manage their contents. Then do a bulk upload outside of Pulumi +using the AWS CLI. + +```bash +aws s3 sync ./www/ s3://example-bucket/ +``` + +## Access Denied while creating S3 bucket + +This error can occur when a bucket with the same name as targetDomain already exists. Remove all items from the pre-existing bucket +and delete the bucket to continue. + +## Fail to delete S3 bucket while running pulumi destroy, this bucket is not empty. + +The contents of the S3 bucket are not automatically deleted. You can manually delete these contents in the AWS Console or with +the AWS CLI. + +## pulumi up fails when the targetDomain includes a www subdomain and includeWWW is set to true + +This will fail because the program will attempt to create an alias record and certificate for both the targetDomain +and `www.${targetDomain}` when includeWWW is set to true. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stepfunctions.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stepfunctions.md new file mode 100644 index 00000000000..31da4179d03 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-stepfunctions.md @@ -0,0 +1,46 @@ +--- +title: "AWS Step Functions | TypeScript" +h1: "AWS Step Functions" +linktitle: "AWS Step Functions" +meta_desc: "AWS Step Functions How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A basic example that demonstrates using AWS Step Functions with a Lambda function. + +This example also utilizes our [Stack Readme](https://www.pulumi.com/docs/intro/pulumi-cloud/projects-and-stacks/#stack-readme) feature. You can view the stack readme by going to the console by running `pulumi console` and selecting the README tab. See the [`stack-readme-ts`](https://github.com/pulumi/examples/tree/master/stack-readme-ts) example for a more detailed example. + +``` +# Create and configure a new stack +$ pulumi stack init stepfunctions-dev +$ pulumi config set aws:region us-east-2 + +# Install dependencies +$ npm install + +# Preview and run the deployment +$ pulumi up + +# Start execution using the AWS CLI (or from the console at https://console.aws.amazon.com/states) +$ aws stepfunctions start-execution --state-machine-arn $(pulumi stack output stateMachineArn) + +# Remove the app +$ pulumi destroy +``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-synthetics-canary.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-synthetics-canary.md new file mode 100644 index 00000000000..9ea0790e092 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-synthetics-canary.md @@ -0,0 +1,86 @@ +--- +title: "Deploy AWS Synthetics Canary Using a Local Script | TypeScript" +h1: "Deploy AWS Synthetics Canary Using a Local Script" +linktitle: "Deploy AWS Synthetics Canary Using a Local Script" +meta_desc: "Deploy AWS Synthetics Canary Using a Local Script How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +An example of deploying an [AWS Synthetics Canary](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries.html) using a script stored locally. + +This example does the following: +1. Zips up a colocated canary script. +1. Pushes the zip file to an S3 bucket. +1. Creates an IAM role and policy for the canary. +1. Deploys the canary. + +The canary used in this example is a simple no-op script that writes a message. +See [Writing Canary Scripts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_WritingCanary.html) for details regarding canary directory structure and naming conventions. +There are some prebaked canary scripts for doing things like checking an API or a link that can be found on AWS. + +## Deploying and running the program + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-1 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + ``` + npm install + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing update (dev) + ... + + Updating (dev) + View Live: https://app.pulumi.com/acmecorp/aws-synthetics-canary/dev/updates/1 + + Type Name Status + + pulumi:pulumi:Stack aws-synthetics-canary-dev created + + ├─ aws:s3:BucketV2 canary-results created + + ├─ aws:s3:BucketV2 canary-scripts created + + ├─ aws:iam:Role canary-exec-role created + + ├─ aws:iam:RolePolicy canary-exec-policy created + + ├─ aws:s3:BucketObjectv2 canary-simple-canary created + + └─ aws:synthetics:Canary canary-simple created + + Outputs: + canaryName : "canary-simple-a4a3974" + canaryNameArn: "arn:aws:synthetics:us-east-1:052848974346:canary:canary-simple-a4a3974" + ``` + +## Clean up + +1. Run `pulumi destroy` to tear down all resources. + + NOTE: Until https://github.com/hashicorp/terraform-provider-aws/issues/19288 is addressed, the Canary's lambda function and related layers are left after the stack is destroyed. So you will want to manually clean up these items. + +1. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi console. diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-thumbnailer.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-thumbnailer.md new file mode 100644 index 00000000000..a2bea84fe35 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-thumbnailer.md @@ -0,0 +1,131 @@ +--- +title: "Video Thumbnailer Using AWS Fargate | TypeScript" +h1: "Video Thumbnailer Using AWS Fargate" +linktitle: "Video Thumbnailer Using AWS Fargate" +meta_desc: "Video Thumbnailer Using AWS Fargate How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A video thumbnail extractor using serverless functions and containers. + +Loosely derived from the example at https://serverless.com/blog/serverless-application-for-long-running-process-fargate-lambda/. + +![When a new video is uploaded, extract a thumbnail](https://raw.githubusercontent.com/pulumi/examples/master/aws-ts-thumbnailer/thumbnailer-diagram.png) + +## Prerequisites + +To run this example, make sure [Docker](https://docs.docker.com/engine/installation/) is installed and running. + +## Running the App + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ``` + pulumi stack init thumbnailer-testing + ``` + +1. Configure Pulumi to use an AWS region where Fargate is supported, which is currently only available in `us-east-1`, `us-east-2`, `us-west-2`, and `eu-west-1`: + + ``` + pulumi config set aws:region us-west-2 + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Preview and deploy the app via `pulumi up`. The preview will take some time, as it builds a Docker container. A total of 32 resources are created. + + ``` + $ pulumi up + Previewing update of stack 'thumbnailer-testing' + Previewing changes: + + Type Name Plan Info + * global global no change 1 info message. info: Building container image 'pulum- + + pulumi:pulumi:Stack video-thumbnailer-thumbnailer-testing create... 1 info message. info: Successfully tagged pulum- + ... + + Do you want to perform this update? yes + Updating stack 'thumbnailer-testing' + Performing changes: + + Type Name Status Info + * global global unchanged 1 info message. info: Building container image 'pulum- + + pulumi:pulumi:Stack video-thumbnailer-thumbnailer-testing created 1 info message. info: 081c66fa4b0c: Pushed + + ... + ... + + info: 32 changes performed: + + 32 resources created + Update duration: *** + + Permalink: https://app.pulumi.com/*** + ``` + +1. View the stack outputs: + + ``` + $ pulumi stack output + Current stack outputs (1): + OUTPUT VALUE + bucketName *** + ``` + +1. Upload a video, embedding the timestamp in the filename: + + ``` + $ aws s3 cp ./sample/cat.mp4 s3://$(pulumi stack output bucketName)/cat_00-01.mp4 + upload: sample/cat.mp4 to s3://***/cat_00-01.mp4 + ``` + +1. View the logs from both the Lambda function and the ECS task: + + ``` + $ pulumi logs -f + Collecting logs for stack thumbnailer-testing since *** + + 2018-05-25T12:57:26.326-07:00[ onNewVideo] *** New video: file cat_00-01.mp4 was uploaded at 2018-05-25T19:57:25.507Z. + 2018-05-25T12:57:30.705-07:00[ onNewVideo] Running thumbnailer task. + 2018-05-25T12:58:34.960-07:00[ ffmpegThumbTask] Starting ffmpeg task... + 2018-05-25T12:58:34.960-07:00[ ffmpegThumbTask] Copying video from S3 bucket-5ea6b28/cat_00-01.mp4 to cat_00-01.mp4... + 2018-05-25T12:58:37.267-07:00[ ffmpegThumbTask] Completed 256.0 KiB/666.5 KiB (2.5 MiB/s) with 1 fildownload: s3://bucket-5ea6b28/cat_00-01.mp4 to ./cat_00-01.mp4 + 2018-05-25T12:58:40.306-07:00[ ffmpegThumbTask] Copying cat.jpg to S3 at bucket-5ea6b28/cat.jpg ... + 2018-05-25T12:58:43.034-07:00[ ffmpegThumbTask] Completed 86.6 KiB/86.6 KiB (619.7 KiB/s) with 1 filupload: ./cat.jpg to s3://bucket-5ea6b28/cat.jpg + 2018-05-25T12:58:43.758-07:00[ onNewThumbnail] *** New thumbnail: file cat.jpg was saved at 2018-05-25T19:58:43.028Z. + ``` + +1. Download the key frame: + + ``` + $ aws s3 cp s3://$(pulumi stack output bucketName)/cat.jpg . + download: s3://***/cat.jpg to ./cat.jpg + ``` + +## Clean up + +To clean up the resources, you will first need to clear the contents of the bucket. + +```bash +aws s3 rm s3://$(pulumi stack output bucketName) --recursive +``` + +Then, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-twitter-athena.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-twitter-athena.md new file mode 100644 index 00000000000..6c5863fe2b1 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-twitter-athena.md @@ -0,0 +1,88 @@ +--- +title: "Twitter Search in Athena | TypeScript" +h1: "Twitter Search in Athena" +linktitle: "Twitter Search in Athena" +meta_desc: "Twitter Search in Athena How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A sample project that queries Twitter every 2 minutes and stores the results in S3. The project also sets up an Athena table and query. This project demonstrates using `aws.cloudwatch.EventRule` to run a Lambda on an interval. + +## Setup + +Register a new [Twitter app](https://apps.twitter.com/). + +## Deploy and run the program + +1. Create a new stack: + + ``` + pulumi stack init twitter-athena + ``` + +1. In Twitter, get the keys for your application. Set configuration values for your Twitter consumer key/secret and application key/secret. Use the `--secret` flag to securely encrypt secret values. + + ``` + pulumi config set twitterAccessTokenKey + pulumi config set --secret twitterAccessTokenSecret + pulumi config set twitterConsumerKey + pulumi config set --secret twitterConsumerSecret + ``` + +1. Set a search term to query for: + + ``` + pulumi config set twitterQuery "Amazon Web Services" + ``` + +1. Set the AWS region: + + ```bash + pulumi config set aws:region us-west-2 + ``` + +1. Restore NPM modules via `npm install`. + +1. Preview and run the deployment via `pulumi up`. A total of 16 resources are created. + +1. Run `pulumi stack output` to view output properties (or view the stack on pulumi.com). + + ``` + $ pulumi stack output + Please choose a stack: aws-serverless-js-twitter-dev + Current stack outputs (4): + OUTPUT VALUE + athenaDatabase tweets_database + bucketName tweet-bucket-de18828 + createTableQueryUri https://us-west-2.console.aws.amazon.com/athena/home?force#query/saved/e394800e-a35e-44b3-b8ca-8b47b0f74469 + topUsersQueryUri https://us-west-2.console.aws.amazon.com/athena/home?force#query/saved/51fa5744-bab6-4e5f-8cd6-9447b6619f06 + ``` + +1. Navigate to the URL for `createTableQueryUri` and run the query in the Athena console. This will create a table called `tweets`. + +1. Navigate to the URL for `topUsersQueryUri` and run the query in Athena. You'll see tweets for your search term, by users with more than 1000 followers. + + ![Athena console](https://raw.githubusercontent.com/pulumi/examples/master/aws-ts-twitter-athena/athena-screenshot.png) + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + + + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-url-shortener-cache-http.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-url-shortener-cache-http.md new file mode 100644 index 00000000000..a08c796f97d --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-url-shortener-cache-http.md @@ -0,0 +1,93 @@ +--- +title: "Serverless URL Shortener with Redis Cache and HttpServer | TypeScript" +h1: "Serverless URL Shortener with Redis Cache and HttpServer" +linktitle: "Serverless URL Shortener with Redis Cache and HttpServer" +meta_desc: "Serverless URL Shortener with Redis Cache and HttpServer How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A sample URL shortener SPA that uses the high-level components. The example shows to combine serverless functions along with containers. This shows that you can create your own higher level +abstractions for your own use, your team's, or to share with the community using your language's package manager. + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Create a new stack: + + ``` + $ pulumi stack init url-cache-testing + ``` + +1. Configure Pulumi to use an AWS region that supports Fargate, which is currently only available in `us-east-1`, `us-east-2`, `us-west-2`, and `eu-west-1`: + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Set a value for the Redis password. The value can be an encrypted secret, specified with the `--secret` flag. If this flag is not provided, the value will be saved as plaintext in `Pulumi.url-cache-testing.yaml` (since `url-cache-testing` is the current stack name). + + ``` + $ pulumi config set --secret redisPassword S3cr37Password + ``` + +1. Add the 'www' directory to the uploaded function code so it can be served from the http server: + + ``` + $ pulumi config set cloud-aws:functionIncludePaths www + ``` + +1. Restore NPM modules via `npm install` or `yarn install`. + +1. Compile the program via `tsc` or `npm run build` or `yarn run build`. + +1. Preview and run the deployment via `pulumi update`. The operation will take about 5 minutes to complete. + + ``` + $ pulumi update + Previewing stack 'url-cache-testing' + ... + + Updating stack 'url-cache-testing' + Performing changes: + + #: Resource Type Name + 1: pulumi:pulumi:Stack url-shortener-cache-url- + ... + 49: aws:apigateway:Stage urlshortener + + info: 49 changes performed: + + 49 resources created + Update duration: *** + ``` + +1. To view the API endpoint, use the `stack output` command: + + ``` + $ pulumi stack output endpointUrl + https://***.us-east-1.amazonaws.com/stage/ + ``` + +1. Open this page in a browser and you'll see a single page app for creating and viewing short URLs. + +## Clean up + +To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-voting-app.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-voting-app.md new file mode 100644 index 00000000000..8c39a48afe3 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-voting-app.md @@ -0,0 +1,132 @@ +--- +title: "Voting app Using Redis and Flask | TypeScript" +h1: "Voting app Using Redis and Flask" +linktitle: "Voting app Using Redis and Flask" +meta_desc: "Voting app Using Redis and Flask How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A simple voting app that uses Redis for a data store and a Python Flask app for the frontend. The example has been ported from https://github.com/Azure-Samples/azure-voting-app-redis. + +The example shows how easy it is to deploy containers into production and to connect them to one another. Since the example defines a custom container, Pulumi does the following: +- Builds the Docker image +- Provisions AWS Container Registry (ECR) instance +- Pushes the image to the ECR instance +- Creates a new ECS task definition, pointing to the ECR image definition + +## Prerequisites + +To use this example, make sure [Docker](https://docs.docker.com/engine/installation/) is installed and running. + +## Deploying and running the program + +### Configure the deployment + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Login via `pulumi login`. + +1. Create a new stack: + + ``` + $ pulumi stack init voting-app-testing + ``` + +1. Set AWS as the provider: + + ``` + $ pulumi config set cloud:provider aws + ``` + +1. Configure Pulumi to use an AWS region that supports Fargate, which is currently only available in `us-east-1`, `us-east-2`, `us-west-2`, and `eu-west-1`: + + ``` + $ pulumi config set aws:region us-west-2 + ``` + +1. Set a value for the Redis password. The value can be an encrypted secret, specified with the `--secret` flag. If this flag is not provided, the value will be saved as plaintext in `Pulumi.testing.yaml` (since `testing` is the current stack name). + + ``` + $ pulumi config set --secret redisPassword S3cr37Password + ``` + +### Install dependencies + +1. Restore NPM modules via `npm install` or `yarn install`. + +### Preview and deploy + +1. Ensure the Docker daemon is running on your machine, then preview and deploy the program with `pulumi up`. The program deploys 24 resources and takes about 10 minutes to complete. + +1. View the stack output properties via `pulumi stack output`. The stack output property `frontendUrl` is the URL and port of the deployed app: + + ```bash + $ pulumi stack output frontendURL + ***.elb.us-west-2.amazonaws.com + ``` + +1. In a browser, navigate to the URL for `frontendURL`. You should see the voting app webpage. + + ![Voting app screenshot](https://raw.githubusercontent.com/pulumi/examples/master/aws-ts-voting-app/voting-app-webpage.png) + +### Delete resources + +When you're done, run `pulumi destroy` to delete the program's resources: + +``` +$ pulumi destroy +This will permanently destroy all resources in the 'testing' stack! +Please confirm that this is what you'd like to do by typing ("testing"): testing +``` + +## About the code + +At the start of the program, the following lines retrieve the value for the Redis password by reading a [configuration value](https://www.pulumi.com/docs/reference/config/). This is the same value that was set above with the command `pulumi config set redisPassword `: + +```typescript +let config = new pulumi.Config(); +let redisPassword = config.require("redisPassword"); +``` + +In the program, the value can be used like any other variable. + +### Resources + +The program provisions two top-level resources with the following commands: + +```typescript +let redisCache = new awsx.ecs.FargateService("voting-app-cache", ... ) +let frontend = new awsx.ecs.FargateService("voting-app-frontend", ... ) +``` + +The definition of `redisCache` uses the `image` property of `FargateService.taskDefinitionArgs` to point to an existing Docker image. In this case, this is the image `redis` at tag `alpine` on Docker Hub. The `redisPassword` variable is passed to the startup command for this image. + +The definition of `frontend` is more interesting, as it uses `image` property of `FargateService.taskDefinitionArgs` to point to a folder with a Dockerfile, which in this case is a Python Flask app. Pulumi automatically invokes `docker build` for you and pushes the container to ECR. + +So that the `frontend` container can connect to `redisCache`, the environment variables `REDIS`, `REDIS_PORT` are defined. Using the `redisListenre.endpoint` property, it's easy to declare the connection between the two containers. + +The Flask app uses these environment variables to connect to the Redis cache container. See the following in [`frontend/app/main.py`](https://github.com/pulumi/examples/blob/master/aws-ts-voting-app/frontend/app/main.py): + +```python +redis_server = os.environ['REDIS'] +redis_port = os.environ['REDIS_PORT'] +redis_password = os.environ['REDIS_PWD'] +``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-vpc-with-ecs-fargate-py.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-vpc-with-ecs-fargate-py.md new file mode 100644 index 00000000000..330f9d662a3 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-vpc-with-ecs-fargate-py.md @@ -0,0 +1,52 @@ +--- +title: "Using Pulumi for NGINX on AWS ECS Fargate using Python with a vpc built in Typescript | TypeScript" +h1: "Using Pulumi for NGINX on AWS ECS Fargate using Python with a vpc built in Typescript" +linktitle: "Using Pulumi for NGINX on AWS ECS Fargate using Python with a vpc built in Typescript" +meta_desc: "Using Pulumi for NGINX on AWS ECS Fargate using Python with a vpc built in Typescript How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +### What Is This? + +This is [Pulumi](https://www.pulumi.com/) code for deploying your own [ECS Fargate cluster with tags](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html) written in python on top of vpc built in typescript. + +### Why would you do this? +Code in whatever language you want, you can use things across go, python, typescript, and dotnet. Reuse whatever you can. + +### How is the vpc built? + +The [vpc](https://www.pulumi.com/docs/guides/crosswalk/aws/vpc/) is built using pulumi [crosswalk](https://www.pulumi.com/docs/guides/crosswalk/aws/) in `typescript`. + +### How is the ecs cluster built? +The ecs cluster is built in `python`. + +### How do we connect infrastructure written in typescript with python? +We do this via [StackReference](https://www.pulumi.com/docs/intro/concepts/stack/#stackreferences). +The vpc [outputs](https://www.pulumi.com/docs/reference/cli/pulumi_stack_output/) will be read as inputs in the ecs fargate. + +### Which Backend are we using? + +We are going to use the [Pulumi Cloud backend](https://www.pulumi.com/docs/intro/concepts/state/#pulumi-cloud-backend) for state storage. + +## Running the Example + +Clone [the examples repo](https://github.com/pulumi/examples/tree/master/aws-ts-vpc-with-ecs-fargate-py) and `cd` into it. + +1. `cd vpc-crosswalk-ts` directory for usage information. +2. `cd ecs-fargate-python` directory for usage information. + +The ecs fargate example is identical to original one https://github.com/pulumi/examples/tree/master/aws-py-fargate + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-webserver.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-webserver.md new file mode 100644 index 00000000000..c9cc87fd3e2 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-webserver.md @@ -0,0 +1,83 @@ +--- +title: "Web Server Using Amazon EC2 | TypeScript" +h1: "Web Server Using Amazon EC2" +linktitle: "Web Server Using Amazon EC2" +meta_desc: "Web Server Using Amazon EC2 How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +This example deploys a simple AWS EC2 virtual machine running a Python web server. + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +### Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +2. [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +### Steps + +After cloning this repo, from this working directory, run these commands: + +1. Create a new stack, which is an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Set the required configuration variables for this program: + + ```bash + $ pulumi config set aws:region us-east-1 + ``` + +3. Stand up the VM, which will also boot up your Python web server on port 80: + + ```bash + $ pulumi up + ``` + +4. After a couple minutes, your VM will be ready, and two stack outputs are printed: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + publicHostName ec2-53-40-227-82.compute-1.amazonaws.com + publicIp 53.40.227.82 + ``` + +5. Thanks to the security group making port 80 accessible to the 0.0.0.0/0 CIDR block (all addresses), we can curl it: + + ```bash + $ curl $(pulumi stack output publicIp) + Hello, World! + ``` + +6. From there, feel free to experiment. Simply making edits and running `pulumi up` will incrementally update your VM. + +7. Afterwards, destroy your stack and remove it: + + ```bash + $ pulumi destroy --yes + $ pulumi stack rm --yes + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-wordpress-fargate-rds.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-wordpress-fargate-rds.md new file mode 100644 index 00000000000..18aafd28b28 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-ts-wordpress-fargate-rds.md @@ -0,0 +1,89 @@ +--- +title: "WordPress Site in AWS Fargate with RDS DB Backend | TypeScript" +h1: "WordPress Site in AWS Fargate with RDS DB Backend" +linktitle: "WordPress Site in AWS Fargate with RDS DB Backend" +meta_desc: "WordPress Site in AWS Fargate with RDS DB Backend How-to Guide using TypeScript" +no_edit_this_page: true +cloud: aws +language: ts +layout: package +--- + + + + +

+ + View Code + +

+ + +This example serves a WordPress site in AWS ECS Fargate using an RDS MySQL Backend. + +It leverages the following Pulumi concepts/constructs: + +- [Component Resources](https://www.pulumi.com/docs/intro/concepts/programming-model/#components): Allows one to create custom resources that encapsulate one's best practices. In this example, component resource is used to define a "VPC" custom resource, a "Backend" custom resource that sets up the RDS DB, and a "Frontend" resource that sets up the ECS cluster and load balancer and tasks. +- [Other Providers](https://www.pulumi.com/docs/reference/pkg/): Beyond the providers for the various clouds and Kubernetes, etc, Pulumi allows one to create and manage non-cloud resources. In this case, the program uses the Random provider to create a random password if necessary. + +This sample uses the following AWS products (and related Pulumi providers): + +- [Amazon VPC](https://aws.amazon.com/vpc): Used to set up a new virtual network in which the system is deployed. +- [Amazon RDS](https://aws.amazon.com/rds): A managed DB service used to provide the MySQL backend for WordPress. +- [Amazon ECS Fargate](https://aws.amazon.com/fargate): A container service used to run the WordPress frontend. + +## Getting Started + +There are no required configuration parameters for this project since the code will use defaults or generate values as needed - see the beginning of `index.ts` to see the defaults. +However, you can override these defaults by using `pulumi config` to set the following values (e.g. `pulumi config set serviceName my-wp-demo`). + +- `serviceName` - This is used as a prefix for resources created by the Pulumi program. +- `dbName` - The name of the MySQL DB created in RDS. +- `dbUser` - The user created with access to the MySQL DB. +- `dbPassword` - The password for the DB user. Be sure to use `--secret` if creating this config value (e.g. `pulumi config set dbPassword --secret`). + +## Deploying and running the program + +Note: some values in this example will be different from run to run. + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ```bash + $ pulumi config set aws:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes. After the preview is shown you will be + prompted if you want to continue or not. Note: If you set the `dbPassword` in the configuration as described above, you will not see the `RandomPassword` resource below. + + ```bash + $ pulumi up + + TBD + + ``` + +1. The program outputs the following values: + +- `DB Endpoint`: This is the RDS DB endpoint. By default, the DB is deployed to disallow public access. This can be overriden in the resource declaration for the backend. +- `DB Password`: This is managed as a secret. To see the value, you can use `pulumi stack output --show-secrets` +- `DB User Name`: The user name for access the DB. +- `ECS Cluster Name`: The name of the ECS cluster created by the stack. +- `Web Service URL`: This is a link to the load balancer fronting the WordPress container. Note: It may take a few minutes for AWS to complete deploying the service and so you may see a 503 error initially. + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + +## Troubleshooting + +### 503 Error for the Web Service + +AWS can take a few minutes to complete deploying the WordPress container and connect the load balancer to the service. So you may see a 503 error for a few minutes right after launching the stack. You can see the status of the service by looking at the cluster in AWS. + +## Deployment Speed + +Since the stack creates an RDS instance, ECS cluster, load balancer, ECS service, as well as other elements, the stack can take about 4-5 minutes to launch and become ready. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-ansible-wordpress.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-ansible-wordpress.md new file mode 100644 index 00000000000..ecb6b116eab --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-ansible-wordpress.md @@ -0,0 +1,165 @@ +--- +title: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible | YAML" +h1: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +linktitle: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible" +meta_desc: "Deploy Wordpress to AWS EC2 using Pulumi and Ansible How-to Guide using YAML" +no_edit_this_page: true +cloud: aws +language: yaml +layout: package +--- + + + + +

+ + View Code + +

+ + +This project demonstrates how to use Pulumi and Ansible together. Pulumi handles provisioning the AWS infrastructure +required to run Wordpress on an EC2 instance, with an RDS MySQL database, running inside of a VPC with proper public +and private subnets, and exposed to the Internet using an Elastic IP address. Ansible handles configuring the EC2 +virtual machine after it's been provisioned with a playbook that knows how to install and configure Wordpress. +The entire deployment is orchestrated by Pulumi in a single `pulumi up` thanks to the +[Command package](https://www.pulumi.com/registry/packages/command) which runs a combination of local and remote SSH +commands to accomplish the desired effect. The result is repeatable automation that both provisions and configures. + +> Note: This code was adapted from https://github.com/devbhusal/terraform-ansible-wordpress. Thank you devbhusal! + +> Note: This example is available in many languages: +> +> * [C#](../aws-cs-ansible-wordpress) +> * [Java](../aws-java-ansible-wordpress) +> * [Go](../aws-go-ansible-wordpress) +> * [TypeScript](../aws-ts-ansible-wordpress) +> * [YAML](../aws-yaml-ansible-wordpress) + +## Prerequisites + +* [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +* [Install Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) +* [Configure AWS Credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +## Deploying Your Infrastructure + +After cloning this repo, from this working directory, run these commands: + +1. Create a new stack, an isolated deployment target for this example: + + ```bash + $ pulumi stack init + ``` + +2. Generate a key pair which will be used to access your EC2 instance over SSH: + + ```bash + $ ssh-keygen -f wordpress-keypair + ``` + + This will create two files: your private (`wordpress-keypair`) and your public (`wordpress-keypair.pub`) + keys. Keep your private key safe, since anybody with access to it can log into your EC2 machine! + + Note that you may choose a different file name if you're creating multiple stacks, for instance. + +3. Set the required configuration variables, choosing any valid AWS region. The code is written in such + a way to work in any AWS region, including fetching the right Amazon Linux 2 AMI and availability zones: + + ```bash + $ pulumi config set aws:region us-east-1 # any valid AWS region + $ pulumi config set publicKeyPath wordpress-keypair.pub # your newly generated public key + $ pulumi config set privateKeyPath wordpress-keypair # your newly generated private key + $ pulumi config set dbPassword Sup45ekreT#123 --secret # your RDS database password -- keep it safe! + ``` + + There are some other optional variables you can set if you choose. Feel free to skip these. If you don't + set them, they'll receive the default values shown below: + + ```bash + $ pulumi config set dbInstanceSize db.t3.small # the RDS instance size to use + $ pulumi config set dbName wordpressdb # the name of the Wordpress database in RDS + $ pulumi config set dbUsername admin # the name of the Wordpress user that will be used + $ pulumi config set ec2InstanceSize t3.small # the EC2 instance size to provision + ``` + +4. Now all you need to do is run `pulumi up`. This will do all of the magic, and you'll see various + things going on in the output: resources being created in AWS, commands being run locally and remotely, + and the Ansible Playbook running and provisioning your Wordpress server: + + ```bash + $ pulumi up + Updating (dev) + + Type Name Status Info + + pulumi:pulumi:Stack pulumi-ansible-wordpress-dev created + + ├─ aws:ec2:Vpc prod-vpc created + + ├─ aws:ec2:KeyPair wordpress-keypair created + + ├─ aws:ec2:Subnet prod-subnet-private-1 created + + ├─ aws:ec2:InternetGateway prod-igw created + + ├─ aws:ec2:Subnet prod-subnet-private-2 created + + ├─ aws:ec2:Subnet prod-subnet-public-1 created + + ├─ aws:ec2:SecurityGroup ec2-allow-rule created + + ├─ aws:ec2:RouteTable prod-public-rt created + + ├─ aws:rds:SubnetGroup rds-subnet-grp created + + ├─ aws:ec2:SecurityGroup rds-allow-rule created + + ├─ aws:rds:Instance wordpressdb created + + ├─ aws:ec2:RouteTableAssociation prod-rta-public-subnet-1 created + + ├─ aws:ec2:Instance wordpress-instance created + + ├─ command:local:Command renderPlaybookCmd created + + ├─ aws:ec2:Eip wordpress-eip created + + ├─ command:remote:Command updatePythonCmd created 12 messages + + └─ command:local:Command playAnsiblePlaybookCmd created + + Diagnostics: + command:remote:Command (updatePythonCmd): + ... + + Outputs: + url: "35.83.214.168" + + Resources: + + 18 created + + Duration: 8m13s + ``` + +5. After a few minutes, your new server will be ready! Its automatically-allocated EIP is printed at the end + as `url`. You can access it with the `pulumi stack output` command: + + ```bash + $ pulumi stack output url + 35.83.214.168 + ``` + +6. Because of the network configuration, the EC2 server is available over port 80 on the Internet. (The RDS + database, on the other hand, is not). Let's `curl` the endpoint: + + ```bash + $ curl -L http://$(pulumi stack output url) + + + ... + + ... + ``` + + Alternatively, open a web browser to interact with your new Wordpress server: + + ```bash + $ open http://$(pulumi stack output url) + ``` + + ![Wordpress Screenshot](https://raw.githubusercontent.com/pulumi/examples/master/aws-yaml-ansible-wordpress/wordpress.png) + +7. From there, feel free to experiment. You can simply make edits, rerun `pulumi up`, and it will incrementally + update and deploy any changes you have made. + +8. After you're done, you can destroy your stack and remove it, eliminating all AWS resources: + + ```bash + $ pulumi destroy + $ pulumi stack rm + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-eks.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-eks.md new file mode 100644 index 00000000000..214352a2142 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-eks.md @@ -0,0 +1,68 @@ +--- +title: "Amazon EKS Cluster | YAML" +h1: "Amazon EKS Cluster" +linktitle: "Amazon EKS Cluster" +meta_desc: "Amazon EKS Cluster How-to Guide using YAML" +no_edit_this_page: true +cloud: aws +language: yaml +layout: package +--- + + + + +

+ + View Code + +

+ + +This example deploys an EKS Kubernetes cluster inside the default AWS VPC. + +## Deploying the App + +To deploy your infrastructure, follow the below steps. + +## Prerequisites + +1. [Install Pulumi](https://www.pulumi.com/docs/get-started/install/) +1. [Configure Pulumi for AWS](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/) + +## Deploying and running the program + +1. Create a new stack: + + ``` + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + ``` + $ pulumi config set aws:region us-east-2 + ``` + +1. Run `pulumi up` to preview and deploy changes: + + ``` + $ pulumi up + Previewing changes: + ... + + Performing changes: + ... + Resources: + + 28 created + + Duration: 10m0s + ``` + +1. Check the deployed kubeconfig: + + ``` + $ pulumi stack output kubeconfig + {"apiVersion":"v1","clusters":[{"cluster":{"certificate-authority-data":"LS0tLS1CRUdJTiBDR... + ``` + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-static-website.md b/themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-static-website.md new file mode 100644 index 00000000000..ca3839526d0 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/aws-yaml-static-website.md @@ -0,0 +1,120 @@ +--- +title: "Host a Static Website on Amazon S3 with the AWS Native Provider | YAML" +h1: "Host a Static Website on Amazon S3 with the AWS Native Provider" +linktitle: "Host a Static Website on Amazon S3 with the AWS Native Provider" +meta_desc: "Host a Static Website on Amazon S3 with the AWS Native Provider How-to Guide using YAML" +no_edit_this_page: true +cloud: aws +language: yaml +layout: package +--- + + + + +

+ + View Code + + + Deploy + +

+ + +A static website that uses [S3's website support](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). +For a detailed walkthrough of this example, see the tutorial [Static Website on AWS S3](https://www.pulumi.com/docs/tutorials/aws/s3-website/). + +Note: Some resources are not yet supported by the Native AWS provider, so we are using both the Native +and Classic provider in this example. The resources will be updated to use native resources as they are +available in AWS's Cloud Control API. + +## Deploying and running the program + +Note: some values in this example will be different from run to run. These values are indicated +with `***`. + +1. Install required plugins: + + ```bash + $ pulumi plugin install resource aws 4.37.3 + $ pulumi plugin install resource aws-native 0.11.0 + ``` + +1. Create a new stack: + + ```bash + $ pulumi stack init dev + ``` + +1. Set the AWS region: + + Either using an environment variable + ```bash + $ export AWS_REGION=us-west-2 + ``` + + Or with the stack config + ```bash + $ pulumi config set aws:region us-west-2 + $ pulumi config set aws-native:region us-west-2 + ``` + +1. Run `pulumi up` to preview and deploy changes. After the preview is shown you will be + prompted if you want to continue or not. + + ```bash + $ pulumi up + Previewing update (dev) + ... + + Updating (dev) + + View Live: https://app.pulumi.com/***/aws-native-ts-s3-folder/dev/updates/1 + + Type Name Status + + pulumi:pulumi:Stack aws-native-ts-s3-folder-dev created + + ├─ aws-native:s3:Bucket s3-website-bucket created + + ├─ aws:s3:BucketPolicy bucketPolicy created + + ├─ aws:s3:BucketObject index.html created + + └─ aws:s3:BucketObject favicon.png created + + Outputs: + bucketName: "***" + websiteUrl: "http://***.s3-website-us-west-2.amazonaws.com" + + Resources: + + 5 created + + Duration: *** + ``` + +1. To see the resources that were created, run `pulumi stack output`: + + ```bash + $ pulumi stack output + Current stack outputs (2): + OUTPUT VALUE + bucketName *** + websiteUrl http://***.s3-website-us-west-2.amazonaws.com + ``` + +1. To see that the S3 objects exist, you can either use the AWS Console or the AWS CLI: + + ```bash + $ aws s3 ls $(pulumi stack output bucketName) + 2021-09-30 15:27:58 13731 favicon.png + 2021-09-30 15:27:58 198 index.html + ``` + +1. Open the site URL in a browser to see both the rendered HTML and the favicon: + + ```bash + $ pulumi stack output websiteUrl + ***.s3-website-us-west-2.amazonaws.com + ``` + + ![Hello S3 example](https://user-images.githubusercontent.com/274700/116912066-9384e300-abfc-11eb-8130-dbcff512a9de.png) + +1. To clean up resources, run `pulumi destroy` and answer the confirmation question at the prompt. + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/ec2-webserver.md b/themes/default/content/registry/packages/aws/how-to-guides/ec2-webserver.md new file mode 100644 index 00000000000..b6abf5b0727 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/ec2-webserver.md @@ -0,0 +1,554 @@ +--- +title: Deploy a Webserver to AWS EC2 +meta_desc: This tutorial will teach you how to deploy a simple webserver to an + AWS EC2 instance. +aliases: ["/docs/reference/tutorials/aws/tutorial-ec2-webserver/"] +layout: package +--- + +{{< github-buttons "aws-ts-webserver" "aws-js-webserver" "aws-py-webserver" "aws-cs-webserver" >}} + +In this tutorial, we will show you how to deploy a simple webserver using an Amazon EC2 instance. + +{{< multilang-tutorial-prereqs >}} + +{{< chooser language "javascript,typescript,python,csharp" >}} + +{{% choosable language "javascript,typescript" %}} +{{< install-node >}} +{{% /choosable %}} + +{{% choosable language python %}} +{{< install-python >}} +{{% /choosable %}} + +{{% choosable language "csharp,fsharp,visualbasic" %}} +{{< install-dotnet >}} +{{% /choosable %}} + +{{< /chooser >}} + +## Deploy the App + +### Step 1: Create a new project from a template + +Create a project directory, `webserver`, and change into it. Run [`pulumi new aws- --name myproject`](/docs/cli/commands/pulumi_new/) to create a new project using the AWS template for your chosen language. Replace `myproject` with your desired project name. + +{{< chooser language "javascript,typescript,python,csharp" / >}} + +{{% choosable language javascript %}} + +```bash +$ mkdir webserver && cd webserver +$ pulumi new aws-javascript --name myproject +``` + +{{% /choosable %}} +{{% choosable language typescript %}} + +```bash +$ mkdir webserver && cd webserver +$ pulumi new aws-typescript --name myproject +``` + +{{% /choosable %}} +{{% choosable language python %}} + +```bash +$ mkdir webserver && cd webserver +$ pulumi new aws-python --name myproject +``` + +{{% /choosable %}} +{{% choosable language csharp %}} + +```bash +$ mkdir webserver && cd webserver +$ pulumi new aws-csharp --name myproject +``` + +{{% /choosable %}} + +### Step 2: Create an EC2 instance with HTTP access + +Open {{< langfile >}} and replace the contents with the following: + +{{< chooser language "javascript,typescript,python,csharp" / >}} + +{{% choosable language javascript %}} + +```javascript +const aws = require("@pulumi/aws"); +const pulumi = require("@pulumi/pulumi"); + +let size = "t2.micro"; // t2.micro is available in the AWS free tier +let ami = aws.getAmiOutput({ + filters: [{ + name: "name", + values: ["amzn-ami-hvm-*"], + }], + owners: ["137112412989"], // This owner ID is Amazon + mostRecent: true, +}); + +let group = new aws.ec2.SecurityGroup("webserver-secgrp", { + ingress: [ + { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] }, + ], +}); + +let server = new aws.ec2.Instance("webserver-www", { + instanceType: size, + vpcSecurityGroupIds: [ group.id ], // reference the security group resource above + ami: ami.id, +}); + +exports.publicIp = server.publicIp; +exports.publicHostName = server.publicDns; +``` + +{{% /choosable %}} +{{% choosable language typescript %}} + +```typescript +import * as aws from "@pulumi/aws"; +import * as pulumi from "@pulumi/pulumi"; + +const size = "t2.micro"; // t2.micro is available in the AWS free tier +const ami = aws.getAmiOutput({ + filters: [{ + name: "name", + values: ["amzn-ami-hvm-*"], + }], + owners: ["137112412989"], // This owner ID is Amazon + mostRecent: true, +}); + +const group = new aws.ec2.SecurityGroup("webserver-secgrp", { + ingress: [ + { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] }, + ], +}); + +const server = new aws.ec2.Instance("webserver-www", { + instanceType: size, + vpcSecurityGroupIds: [ group.id ], // reference the security group resource above + ami: ami.id, +}); + +export const publicIp = server.publicIp; +export const publicHostName = server.publicDns; +``` + +{{% /choosable %}} +{{% choosable language python %}} + +```python +import pulumi +import pulumi_aws as aws + +size = 't2.micro' +ami = aws.ec2.get_ami(most_recent="true", + owners=["137112412989"], + filters=[{"name":"name","values":["amzn-ami-hvm-*"]}]) + +group = aws.ec2.SecurityGroup('webserver-secgrp', + description='Enable HTTP access', + ingress=[ + { 'protocol': 'tcp', 'from_port': 22, 'to_port': 22, 'cidr_blocks': ['0.0.0.0/0'] } + ]) + +server = aws.ec2.Instance('webserver-www', + instance_type=size, + vpc_security_group_ids=[group.id], # reference security group from above + ami=ami.id) + +pulumi.export('publicIp', server.public_ip) +pulumi.export('publicHostName', server.public_dns) +``` + +{{% /choosable %}} +{{% choosable language csharp %}} + +```csharp +using Pulumi; +using Pulumi.Aws.Ec2; +using Pulumi.Aws.Ec2.Inputs; + +return await Deployment.RunAsync(() => +{ + var ami = GetAmi.Invoke(new GetAmiInvokeArgs + { + Owners = { "137112412989" }, // This owner ID is Amazon + MostRecent = true, + Filters = + { + new GetAmiFilterInputArgs + { + Name = "name", + Values = { "amzn-ami-hvm-*" }, + }, + }, + }); + + var group = new SecurityGroup("webserver-secgrp", new SecurityGroupArgs + { + Ingress = new SecurityGroupIngressArgs + { + Protocol = "tcp", + FromPort = 22, + ToPort = 22, + CidrBlocks = { "0.0.0.0/0" } + }, + }); + + var userData = @" + #!/bin/bash + echo ""Hello, World!"" > index.html + nohup python -m SimpleHTTPServer 80 & + "; + + var server = new Instance("webserver-www", new InstanceArgs + { + // t2.micro is available in the AWS free tier + InstanceType = "t2.micro", + VpcSecurityGroupIds = { group.Id }, // reference the security group resource above + UserData = userData, + Ami = ami.Apply(x => x.Id), + }); + + return new Dictionary + { + ["publicIp"] = server.PublicIp, + ["publicHostName"] = server.PublicDns + }; +}); +``` + +{{% /choosable %}} + +> **Note:** The example configuration is designed to work on most EC2 accounts, with access to a default VPC. For EC2 Classic users, please use t1.micro for `size`. + +This example uses the [`ec2` module of the `aws` package](/registry/packages/aws/api-docs/ec2) to create two resources: + +| AWS Resource | Description | Resource | +|--------------|-------------|----------| +| Security Group | Created for allowing incoming HTTP access | [aws.ec2.SecurityGroup][Security Group] | +| EC2 Instance | Created in that security group using the appropriate Amazon Machine Image (AMI) for the region where you deploy the program | [aws.ec2.Instance][EC2 Instance] | + +### Step 3: Preview and deploy your resources + +To preview your Pulumi program, run [`pulumi up`](/docs/cli/commands/pulumi_up/). The command shows a preview of the resources that will be created and prompts you to proceed with the deployment. Note that the stack itself is counted as a resource, though it does not correspond to a physical cloud resource. + +```bash +Previewing update (webserver-dev): + + Type Name Plan + + pulumi:pulumi:Stack myproject-webserver-dev create + + ├─ aws:ec2:SecurityGroup webserver-secgrp create + + └─ aws:ec2:Instance webserver-www create + +Resources: + + 3 to create + +Do you want to perform this update? + yes +> no + details +``` + +Next, proceed with the deployment, which takes about 40 seconds to complete. + +```bash +Do you want to perform this update? yes +Updating (webserver-dev): + + Type Name Status + + pulumi:pulumi:Stack myproject-webserver-dev created + + ├─ aws:ec2:SecurityGroup webserver-secgrp created + + └─ aws:ec2:Instance webserver-www created + +Outputs: + publicHostName: "ec2-34-217-110-29.us-west-2.compute.amazonaws.com" + publicIp : "34.217.110.29" + +Resources: + + 3 created + +Duration: 40s + +Permalink: https://app.pulumi.com/bermudezmt/myproject/webserver-dev/updates/1 +``` + +### Step 4: View your stack resources + +#### **Pulumi Cloud** + +To see the full details of the deployment and the resources that are now part of the stack, open the update link in a browser. The **Resources** tab in the Pulumi Cloud has a link to the AWS console for the provisioned EC2 instance. + +#### **Pulumi CLI** + +To view the provisioned resources on the command line, run [`pulumi stack`](/docs/cli/commands/pulumi_stack/). You'll also see two [stack outputs](/docs/concepts/stack#outputs) corresponding to the IP and the fully qualified domain name (FQDN) of the EC2 instance we've created. + +``` +Current stack is webserver-dev: + Owner: + Last updated: 10 minutes ago (2019-09-20 11:57:55.90881794 -0700 PDT) + Pulumi version: v1.1.0 +Current stack resources (4): + TYPE NAME + pulumi:pulumi:Stack myproject-webserver-dev + pulumi:providers:aws default_1_2_1 + aws:ec2/securityGroup:SecurityGroup webserver-secgrp + aws:ec2/instance:Instance webserver-www + +More information at: https://app.pulumi.com//myproject/webserver-dev + +Use `pulumi stack select` to change stack; `pulumi stack ls` lists known ones +``` + +### Step 5: Update the Pulumi program + +Now that you have an instance of the Pulumi program deployed, you may want to make changes. You do so by updating the +Pulumi program to define the new state you want your infrastructure to be in, and then running `pulumi up` to commit the changes. + +Replace the creation of the two resources with the following code. This exposes an additional port, `80`, and adds a startup +script to run a simple HTTP server at startup. + +{{< chooser language "javascript,typescript,python,csharp" >}} + +{{% choosable language javascript %}} + +```javascript +... + +let group = new aws.ec2.SecurityGroup("webserver-secgrp", { + ingress: [ + { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] }, + { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, + // ^-- ADD THIS LINE + ], +}); + +let userData = // <-- ADD THIS DEFINITION +`#!/bin/bash +echo "Hello, World!" > index.html +nohup python -m SimpleHTTPServer 80 &`; + +let server = new aws.ec2.Instance("web-server-www", { + instanceType: size, + vpcSecurityGroupIds: [ group.id ], // reference the group object above + ami: ami.id, + userData: userData, // <-- ADD THIS LINE +}); + +... +``` + +{{% /choosable %}} +{{% choosable language typescript %}} + +```typescript +... + +const group = new aws.ec2.SecurityGroup("webserver-secgrp", { + ingress: [ + { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] }, + { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, + // ^-- ADD THIS LINE + ], +}); + +const userData = // <-- ADD THIS DEFINITION +`#!/bin/bash +echo "Hello, World!" > index.html +nohup python -m SimpleHTTPServer 80 &`; + +const server = new aws.ec2.Instance("webserver-www", { + instanceType: size, + vpcSecurityGroupIds: [ group.id ], // reference the security group resource above + ami: ami.id, + userData: userData, // <-- ADD THIS LINE +}); + +... +``` + +{{% /choosable %}} +{{% choosable language python %}} + +```python +... + +group = aws.ec2.SecurityGroup('webserver-secgrp', + description='Enable HTTP access', + ingress=[ + { 'protocol': 'tcp', 'from_port': 22, 'to_port': 22, 'cidr_blocks': ['0.0.0.0/0'] }, + { 'protocol': 'tcp', 'from_port': 80, 'to_port': 80, 'cidr_blocks': ['0.0.0.0/0'] } + # ^-- ADD THIS LINE + ]) + +user_data = """ +#!/bin/bash +echo "Hello, World!" > index.html +nohup python -m SimpleHTTPServer 80 & +""" +# ^-- ADD THIS DEFINITION + +server = aws.ec2.Instance('webserver-www', + instance_type=size, + vpc_security_group_ids=[group.id], # reference security group from above + user_data=user_data, # <-- ADD THIS LINE + ami=ami.id) + +... +``` + +{{% /choosable %}} +{{% choosable language csharp %}} + +```csharp +//... +var group = new Aws.Ec2.SecurityGroup("webserver-secgrp", new Aws.Ec2.SecurityGroupArgs +{ + Ingress = + { + new Aws.Ec2.SecurityGroupIngressArgs + { + Protocol = "tcp", + FromPort = 22, + ToPort = 22, + CidrBlocks = { "0.0.0.0/0" }, + }, + new Aws.Ec2.SecurityGroupIngressArgs + { + Protocol = "tcp", + FromPort = 80, + ToPort = 80, + CidrBlocks = { "0.0.0.0/0" }, + }, + // ^-- ADD THIS item + }, +}); + +var userData = // <-- ADD THIS DEFINITION +@"#!/bin/bash +echo ""Hello, World!"" > index.html +nohup python -m SimpleHTTPServer 80 &"; + +var server = new Aws.Ec2.Instance("webserver-www", new Aws.Ec2.InstanceArgs +{ + // t2.micro is available in the AWS free tier + InstanceType = "t2.micro", + VpcSecurityGroupIds = { group.Id }, // reference the security group resource above + Ami = ami.Apply(x => x.Id), + UserData = userData, // <-- ADD THIS LINE +}); +``` + +{{% /choosable %}} + +{{< /chooser >}} + +> Note that the `userData` script is defined inline in a string. In this example, `index.html` will be created in the root directory `/`. Because you are using a programming language to write your Pulumi program, you could also read this from a file, construct this string programmatically, or even build up a string that depends on other resources +defined in your program. You'll see in later sections how to deploy and version the application code of your +program in a variety of different ways using Pulumi. + +Run `pulumi up` to preview and deploy the changes. You'll see two changes: the `ingress` property of the `SecurityGroup` will be _updated_ in-place. Secondly, the `Instance` will be _replaced_ with a new EC2 instance which will run the new script on startup. Pulumi understands which changes to a given cloud resource can be made in place, which require replacement, and computes the minimally disruptive change to achieve the desired state. + +```bash +Previewing update (webserver-dev): + + Type Name Plan Info + pulumi:pulumi:Stack myproject-webserver-dev + ~ ├─ aws:ec2:SecurityGroup webserver-secgrp update [diff: ~ingress] + +- └─ aws:ec2:Instance webserver-www replace [diff: +userData~securityGroups] + +Resources: + ~ 1 to update + +-1 to replace + 2 changes. 1 unchanged +``` + +When prompted to confirm your update, you may review the planned changes to your stack resources by selecting `details`. + +```bash +Do you want to perform this update? details + pulumi:pulumi:Stack: (same) + [urn=urn:pulumi:webserver-dev::myproject::pulumi:pulumi:Stack::myproject-webserver-dev] + ~ aws:ec2/securityGroup:SecurityGroup: (update) + [id=sg-0317c16c7015d7fd0] + [urn=urn:pulumi:webserver-dev::myproject::aws:ec2/securityGroup:SecurityGroup::webserver-secgrp] + [provider=urn:pulumi:webserver-dev::myproject::pulumi:providers:aws::default_1_2_1::eec9bbfb-0881-4f75-a0cb-35395a0240e2] + ~ ingress: [ + ~ [0]: { + ~ cidrBlocks : [ + ~ [0]: "0.0.0.0/0" => "0.0.0.0/0" + ] + - description: "" + ~ fromPort : 22 => 22 + ~ protocol : "tcp" => "tcp" + ~ self : false => false + ~ toPort : 22 => 22 + } + + [1]: { + + cidrBlocks: [ + + [0]: "0.0.0.0/0" + ] + + fromPort : 80 + + protocol : "tcp" + + self : false + + toPort : 80 + } + ] + ++aws:ec2/instance:Instance: (create-replacement) + [id=i-0a639b62c37bf712c] + [urn=urn:pulumi:webserver-dev::myproject::aws:ec2/instance:Instance::webserver-www] + [provider=urn:pulumi:webserver-dev::myproject::pulumi:providers:aws::default_1_2_1::eec9bbfb-0881-4f75-a0cb-35395a0240e2] + ~ securityGroups: [ + ~ [0]: "webserver-secgrp-2398ba7" => output + ] + + userData : "#!/bin/bash\necho \"Hello, World!\" > index.html\nnohup python -m SimpleHTTPServer 80 &" + +-aws:ec2/instance:Instance: (replace) + [id=i-0a639b62c37bf712c] + [urn=urn:pulumi:webserver-dev::myproject::aws:ec2/instance:Instance::webserver-www] + [provider=urn:pulumi:webserver-dev::myproject::pulumi:providers:aws::default_1_2_1::eec9bbfb-0881-4f75-a0cb-35395a0240e2] + ~ securityGroups: [ + ~ [0]: "webserver-secgrp-2398ba7" => output + ] + + userData : "#!/bin/bash\necho \"Hello, World!\" > index.html\nnohup python -m SimpleHTTPServer 80 &" + --aws:ec2/instance:Instance: (delete-replaced) + [id=i-0a639b62c37bf712c] + [urn=urn:pulumi:webserver-dev::myproject::aws:ec2/instance:Instance::webserver-www] + [provider=urn:pulumi:webserver-dev::myproject::pulumi:providers:aws::default_1_2_1::eec9bbfb-0881-4f75-a0cb-35395a0240e2] +``` + +Select `yes` to confirm the update. + +You can use `pulumi stack output` to get the value of stack outputs from the CLI. To do so, `curl` the EC2 instance to confirm that the HTTP server is running. Stack outputs can also be viewed in the Pulumi Cloud. + +```bash +$ curl $(pulumi stack output publicHostName) +Hello, World! +``` + +## Clean Up + +{{< cleanup >}} + +## Summary + +{{< summary >}} +In this tutorial, we showed you how to use Pulumi programs to create and manage cloud resources in AWS, using TypeScript, JavaScript, Python, or C#. +{{< /summary >}} + + +[EC2 Instance]: /registry/packages/aws/api-docs/ec2/instance/ +[Security Group]: /registry/packages/aws/api-docs/ec2/securitygroup/ + + +## Next Steps + +- [Containers on ECS Fargate](/registry/packages/aws/how-to-guides/ecs-fargate/) +- [API Gateways and Lambda](/registry/packages/aws/how-to-guides/rest-api/) +- [Serve a Static Website from S3](/registry/packages/aws/how-to-guides/s3-website/) diff --git a/themes/default/content/registry/packages/aws/how-to-guides/ecs-fargate.md b/themes/default/content/registry/packages/aws/how-to-guides/ecs-fargate.md new file mode 100644 index 00000000000..0c254d78b5b --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/ecs-fargate.md @@ -0,0 +1,229 @@ +--- +title: "Running Containers on ECS Fargate" +meta_desc: This tutorial will teach you to publish a Docker container to Elastic Container Registry (ECR) + and deploy it to a load-balanced ECS Fargate Service. +aliases: ["/docs/reference/tutorials/aws/tutorial-service/"] +layout: package +--- + +{{< github-buttons "aws-ts-containers" >}} + +In this tutorial, we'll build and publish a Docker container to a private Elastic Container Registry (ECR), and spin up a load-balanced Amazon Elastic Container Service (Amazon ECS) Fargate service, all in a handful of lines of code, using [Pulumi Crosswalk for AWS](/docs/guides/crosswalk/aws/). + +## Prerequisites + +1. [Install Docker Engine - Community](https://docs.docker.com/install/) +1. [Install Pulumi](/docs/install/) +1. [Configure Pulumi to use your AWS account](/registry/packages/aws/installation-configuration/) + +## Deploy the App + +### Step 1: Create a new project from a template + +Create a project directory, `hello-fargate`, and change into it. Run [`pulumi new aws-typescript --name myproject`](/docs/cli/commands/pulumi_new/) to create a new project using the AWS template for TypeScript. Replace `myproject` with your desired project name. + +Run `pulumi new` to create a new project: + +```bash +$ mkdir hello-fargate && cd hello-fargate +$ pulumi new aws-typescript --name myproject +``` + +### Step 2: Build the Dockerized app + +Create a subdirectory, `app`, which will contain your sample Dockerized application. From the `app` subdirectory, add the following files: + +#### **Dockerfile** + +```docker +FROM nginx +COPY index.html /usr/share/nginx/html +``` + +#### **index.html** + +```html + + + Hello Fargate + + +

Hello AWS Fargate!

+

Made with ❤️ with Pulumi

+ + +``` + +### Step 3: Create the ECS cluster + +Replace the contents of `index.ts` with the following: + +```typescript +import * as aws from "@pulumi/aws"; +import * as awsx from "@pulumi/awsx"; +import * as pulumi from "@pulumi/pulumi"; + +// An ECS cluster to deploy into. +const cluster = new aws.ecs.Cluster("cluster", {}); +``` + +### Step 4: Create the load balancer + +Add the following lines to `index.ts`: + +```typescript +// Create a load balancer to listen for requests and route them to the container. +const loadbalancer = new awsx.lb.ApplicationLoadBalancer("loadbalancer", {}); +``` + +### Step 5: Define the service and publish the Docker image + +Add the following lines to `index.ts`: + +```typescript + +// Create the ECR repository to store our container image +const repo = new awsx.ecr.Repository("repo", { + forceDelete: true, +}); + +// Build and publish our application's container image from ./app to the ECR repository. +const image = new awsx.ecr.Image("image", { + repositoryUrl: repo.url, + path: "./app", +}); + +// Define the service and configure it to use our image and load balancer. +const service = new awsx.ecs.FargateService("service", { + cluster: cluster.arn, + assignPublicIp: true, + taskDefinitionArgs: { + container: { + name: "awsx-ecs", + image: image.imageUri, + cpu: 128, + memory: 512, + essential: true, + portMappings: [{ + containerPort: 80, + targetGroup: loadbalancer.defaultTargetGroup, + }], + }, + }, +}); + +// Export the URL so we can easily access it. +export const frontendURL = pulumi.interpolate `http://${loadbalancer.loadBalancer.dnsName}`; +``` + +You just created an automatic cluster in the default AWS VPC to run a Fargate service. + +### Step 6: Verify your app structure + +In addition to the `node_modules` directory and related npm package files, ensure you have the following directory structure: + +``` +Pulumi.yaml +index.ts +app/ + Dockerfile + index.html +``` + +### Step 7: Set your AWS region + +Configure the AWS region you would like to use: + +```bash +$ pulumi config set aws:region us-east-1 +``` + +### Step 8: Preview and deploy your resources + +To preview your Pulumi program, run [`pulumi up`](/docs/cli/commands/pulumi_up/). The command shows a preview of the resources that will be created and prompts you to proceed with the deployment. Note that the stack itself is counted as a resource, though it does not correspond to a physical cloud resource. + +```bash +$ pulumi up +Previewing update (dev) +... +Do you want to perform this update? yes +Updating (dev) +... +Diagnostics: + awsx:x:ecs:FargateTaskDefinition (nginx): + ... + +Outputs: + frontendURL: "http://nginx-4c517b3-c98ba6a1e62b644e.elb.us-east-1.amazonaws.com/" + +Resources: + + 32 created + +Duration: 3m39s +``` + +The deployment takes a few minutes. With your `pulumi up` invocation, Pulumi automatically does the following for you: + +- Build and provision a container registry using ECR +- Build the Docker image +- Push the resulting image to the repository + +### Step 9: Test the resulting load balancer URL + +Now that you've deployed your app, confirm that the service is working via `curl`. + +```bash +$ curl $(pulumi stack output frontendURL) + + + Hello Fargate + + +

Hello, containers!

+

Made with ❤️ with Pulumi

+ + +``` + +### Step 10: View container logs (Optional) + +To view the runtime logs from the container, use the [`pulumi logs`](/docs/cli/commands/pulumi_logs/) command. To get a log stream, use `pulumi logs --follow`. + +```bash +$ pulumi logs --follow +Collecting logs for stack dev since 2021-03-26T10:49:57.000-07:00. + + 2021-03-26T11:45:02.624-07:00[nginx-185c47c] 172.31.38.69 - - [26/Mar/2021:18:45:02 +0000] "GET / HTTP/1.1" 200 205 "-" "curl/7.64.1" "-" + 2021-03-26T11:48:44.585-07:00[nginx-185c47c] 172.31.38.69 - - [26/Mar/2021:18:48:44 +0000] "GET / HTTP/1.1" 200 205 "-" "Mozilla/5.0 (compatible; Nimbostratus-Bot/v1.3.2; http://cloudsystemnetworks.com)" "-" +``` + +## Clean Up + +{{< cleanup >}} + +## Summary + +{{< summary >}} +

+ In this tutorial, we showed you how to write a Pulumi program in Typescript, and leverage +Pulumi Crosswalk for AWS (via the }}">@pulumi/awsx package) in order to build and publish a Dockerized application to a private +Elastic Container Registry (ECR), spin up an ECS Fargate cluster, and run a scalable, load balanced +service. +

+{{< /summary >}} + +## Next Steps + +For more information about containerized applications on AWS, please read these User Guides: + +- [Pulumi Crosswalk for AWS Elastic Container Service (ECS)](/docs/guides/crosswalk/aws/ecs) +- [Pulumi Crosswalk for AWS Elastic Kubernetes Service (EKS)](/docs/guides/crosswalk/aws/eks) + +For an end-to-end application also includes serverless functions, see the +[Serverless plus Containers Thumbnailer tutorial](/registry/packages/aws/how-to-guides/video-thumbnailer/). + +For an example application that connects two containers, see the +[Voting App](https://github.com/pulumi/examples/tree/master/aws-ts-voting-app) sample. + +The [code for this tutorial](https://github.com/pulumi/examples/tree/master/aws-ts-containers) is available on GitHub. diff --git a/themes/default/content/registry/packages/aws/how-to-guides/rest-api.md b/themes/default/content/registry/packages/aws/how-to-guides/rest-api.md new file mode 100644 index 00000000000..c8f78ee2e94 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/rest-api.md @@ -0,0 +1,129 @@ +--- +title: "Serverless App Using API Gateways and Lambda" +meta_desc: This tutorial will teach you how to create a Serverless App using + AWS Api Gateway and AWS Lambda. +aliases: ["/docs/reference/tutorials/aws/tutorial-rest-api/"] +layout: package +--- + +In this tutorial, we'll show you how to write a Pulumi program that creates a serverless app serving static content, in addition to dynamic routes in AWS Lambda. We'll accomplish this using 5 lines of JavaScript, a few lines of configuration, and whatever static content we wish to serve. For this tutorial, we'll go with a simple HTML page and a favicon. After seeing this in action, we'll build on these basic concepts to explore additional containers, serverless, and infrastructure tutorials. + +{{< aws-js-prereqs >}} + +## Deploy the App + +### Step 1: Create a new project from a template + +Create a project directory, `ahoy-pulumi`, and change into it. Run [`pulumi new hello-aws-javascript --name myproject`](/docs/cli/commands/pulumi_new/) to create a new project using the AWS template for JavaScript. Replace `myproject` with your desired project name. + +```bash +$ mkdir ahoy-pulumi && cd ahoy-pulumi +$ pulumi new hello-aws-javascript --name myproject +``` + +Follow the project initialization prompts. You can accept the defaults, or change the values according to your setup. For instance, you can change the AWS region to `us-west-2`. + +Run Pulumi new + +### Step 2: Review your project files + +After some dependency installations from npm, you'll see the few files that have been generated from the initialization process. + +View files + +Let's review those files: + +- `Pulumi.yaml` defines the [project](/docs/concepts/projects/). +- `Pulumi.ahoy-pulumi-dev.yaml` is the [configuration file](/docs/concepts/config/) for the stack you initialized in the previous step. +- `www` contains the sample static content for this tutorial. +- `index.js` is the key file for defining your stack resources (which we will look at in the next step). + +### Step 3: Review your stack resources + +Normally, you would write some code to define the resources for your cloud stack, but the quickstart took care of that for you. Open up `index.js` using your preferred text editor. + +```javascript +const pulumi = require("@pulumi/pulumi"); +const aws = require("@pulumi/aws"); +const awsx = require("@pulumi/awsx"); + +// Create a public HTTP endpoint (using AWS APIGateway) +const endpoint = new awsx.apigateway.API("hello", { + routes: [ + // Serve static files from the `www` folder (using AWS S3) + { + path: "/", + localPath: "www", + }, + + // Serve a simple REST API on `GET /name` (using AWS Lambda) + { + path: "/source", + method: "GET", + eventHandler: (req, ctx, cb) => { + cb(undefined, { + statusCode: 200, + body: Buffer.from(JSON.stringify({ name: "AWS" }), "utf8").toString("base64"), + isBase64Encoded: true, + headers: { "content-type": "application/json" }, + }) + } + } + ] +}); + +// Export the public URL for the HTTP service +exports.url = endpoint.url; +``` + +This example uses the [`@pulumi/awsx`](/docs/reference/pkg/nodejs/pulumi/awsx) package in JavaScript and TypeScript to create a public HTTP endpoint, and define the static and event handler routes. See [Module apigateway](/docs/reference/pkg/nodejs/pulumi/awsx/apigateway/) to learn more about Pulumi's API Gateway module and components. + +### Step 4: Preview and deploy your resources + +To preview your Pulumi program, run [`pulumi up`](/docs/cli/commands/pulumi_up/). The command shows a preview of the resources that will be created and prompts you to proceed with the deployment. + +```bash +$ pulumi up +``` + +Stack preview + +Choose `yes` to create the resources in AWS. This may take a minute or two. + +Stack update + +Since there was a stack export (via `exports.url`) in the code, `pulumi up` prints this in the output. You can easily `curl` this URL via `pulumi stack output`: + +```bash +$ curl $(pulumi stack output url) +``` + +For a more interesting view that shows the result of calling a Lambda function, open the page in a browser: + +Stack page in browser + +### Step 5: Manage the stack + +The output also contained a permalink to the Pulumi Cloud. Select that link to review the stack in the web UI, examine logs and resource usage, and learn how you can invite friends and coworkers to collaborate on stacks. + + + +## Clean Up + +{{< cleanup >}} + +## Summary + +{{< summary >}} +In this tutorial, we showed you the following: + +- How Pulumi makes the definition of cloud resources and stacks a highly productive, code-driven activity. +- How the Pulumi CLI can initialize, configure, deploy, and manage cloud stacks. +- How the Pulumi dashboard can log, monitor, and manage information about a cloud stack. +{{< /summary >}} + +## Next Steps + +- [EC2 Linux WebServer](/registry/packages/aws/how-to-guides/ec2-webserver/) +- [Containers on ECS Fargate](/registry/packages/aws/how-to-guides/ecs-fargate/) +- [Serve a Static Website from S3](/registry/packages/aws/how-to-guides/s3-website/) diff --git a/themes/default/content/registry/packages/aws/how-to-guides/s3-folder-component.md b/themes/default/content/registry/packages/aws/how-to-guides/s3-folder-component.md new file mode 100644 index 00000000000..5a808432204 --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/s3-folder-component.md @@ -0,0 +1,79 @@ +--- +title: S3 Folder Pulumi Component +meta_desc: This tutorial will teach you how to create a simple, reusable AWS S3 Folder component. +aliases: ["/docs/reference/component-tutorial/"] +layout: package +--- + +It's easy to turn the [S3 website example] into a reusable [Component] that you share with your team or the community. A component is a logical container for physical cloud resources and controls how resources are grouped in the CLI and pulumi.com Console. To create a component in JavaScript, simply subclass [pulumi.ComponentResource]. + +In this tutorial, we'll create a simplified version of the example above, that just creates an S3 bucket. For a working end-to-end version that serves a stack website, see the [full source in the Pulumi examples repo][s3-folder-component]. + +## Create an S3 folder component + +1. In your project directory, create a new file `s3folder.js` with the following contents: + + ```javascript + const aws = require("@pulumi/aws"); + const pulumi = require("@pulumi/pulumi"); + + // Define a component for serving a static website on S3 + class S3Folder extends pulumi.ComponentResource { + + constructor(bucketName, path, opts) { + // Register this component with name examples:S3Folder + super("examples:S3Folder", bucketName, {}, opts); + console.log(`Path where files would be uploaded: ${path}`); + + // Create a bucket and expose a website index document + let siteBucket = new aws.s3.Bucket(bucketName, {}, + { parent: this } ); // specify resource parent + + // Create a property for the bucket name that was created + this.bucketName = siteBucket.bucket, + + // Register that we are done constructing the component + this.registerOutputs(); + } + } + + module.exports.S3Folder = S3Folder; + ``` + + The call to `super` specifies the string name for the component, which is typically in the form `namespace:className`. This name is shown in `pulumi up` command as well as at pulumi.com. The second parameter to the `super` call is the name of the resource. In this case, we use the `bucketName` constructor parameter. + + Since the `path` parameter is not used, we just log its value via `console.log`. During `pulumi up`, this log message is shown. + + When creating a resource within a component, add a parent property as the last argument to the constructor, as in the definition of `siteBucket`. When resources are created at the top level, they do not need an explicit parent; the Pulumi stack resource is the parent of all top-level resources and components. + + A component should create output properties to expose any useful properties of the resources it created. In this example, we define a `bucketName` property. Then, this property is registered a component output so that consumers of `S3Folder` can correctly chain dependencies. + +1. Use a component as you would any Node module. Replace `index.js` with the following: + + ```javascript + const s3folder = require("./s3folder.js"); + + // Create an instance of the S3Folder component + let folder = new s3folder.S3Folder("s3-website-bucket", "./www"); + + // Export output property of `folder` as a stack output + exports.bucketName = folder.bucketName; + ``` + + Since we want a stack output for `bucketName`, we create a stack output of the component output property `folder.bucketName`. + +1. Run `pulumi up`. The output of `console.log` is printed in the "Diagnostics" section. Note the parent-child relationship between the resources that have been created. + +1. Verify the bucket exists by using the AWS Console or CLI: + + ```bash + $ aws s3 ls | grep $(pulumi stack output bucketName) + 2018-04-19 18:40:04 s3-website-bucket-82616a0 + ``` + + +[pulumi.ComponentResource]: /docs/reference/pkg/nodejs/pulumi/pulumi/#ComponentResource +[Component]: /docs/concepts/resources/components/ +[s3-folder-component]: https://github.com/pulumi/examples/tree/master/aws-js-s3-folder-component +[S3 website example]: /registry/packages/aws/how-to-guides/s3-website/ + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/s3-website.md b/themes/default/content/registry/packages/aws/how-to-guides/s3-website.md new file mode 100644 index 00000000000..33dfd40c0eb --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/s3-website.md @@ -0,0 +1,257 @@ +--- +title: "S3 Static Website" +h1: Host a Static Website on Amazon S3 +meta_desc: This tutorial will teach you to serve a static website hosted in a Amazon S3 bucket. +aliases: ["/docs/reference/tutorials/aws/tutorial-s3-website/"] +layout: package +--- + +{{< github-buttons "aws-js-s3-folder" "aws-py-s3-folder" >}} + +In this tutorial, we'll show you how to provision raw resources in AWS using the [@pulumi/aws] package. First, we'll create a Pulumi program that uploads files from the `www` directory to S3. Then, we'll configure the bucket to serve a website. We'll be using JavaScript in this tutorial, but you can also run through this example [in Python]. + +{{< aws-js-prereqs >}} + +## Deploy the App + +### Step 1: Create a new project from a template + +Create a project directory, `s3website`, and change into it. Run [`pulumi new javascript --name myproject`](/docs/cli/commands/pulumi_new/) to create a new project using the JavaScript template. Replace `myproject` with your desired project name. + +```bash +$ mkdir s3website && cd s3website +$ pulumi new javascript --name myproject +``` + +### Step 2: Create a bucket and upload files + +Open up `index.js` using your preferred text editor and add the following code. This creates a new S3 bucket, then iterates over the files in the `www` folder to create an S3 Object for each file. + +```javascript +const aws = require("@pulumi/aws"); +const pulumi = require("@pulumi/pulumi"); +const mime = require("mime"); +const fs = require("fs"); +const path = require("path"); + +// Create an S3 bucket +let siteBucket = new aws.s3.Bucket("s3-website-bucket"); + +const addFolderContents = (siteDir, prefix) => { + for (let item of fs.readdirSync(siteDir)) { + let filePath = path.join(siteDir, item); + let isDir = fs.lstatSync(filePath).isDirectory(); + + // This handles adding subfolders and their content + if (isDir) { + const newPrefix = prefix ? path.join(prefix, item) : item; + addFolderContents(filePath, newPrefix); + continue; + } + + let itemPath = prefix ? path.join(prefix, item) : item; + itemPath = itemPath.replace(/\\/g,'/'); // convert Windows paths to something S3 will recognize + + let object = new aws.s3.BucketObject(itemPath, { + bucket: bucket, + source: new pulumi.asset.FileAsset(filePath), // use FileAsset to point to a file + contentType: mime.getType(filePath) || undefined, // set the MIME type of the file + }); + } +} + +addFolderContents("www"); // base directory for content files + +exports.bucketName = siteBucket.bucket; // create a stack export for bucket name +``` + +Notice how we are using the [@pulumi/aws] npm package to create an Amazon S3 bucket with [aws.s3.Bucket]. This uses the s3 module and the Bucket resource for the package. For each file in `www`, an [aws.s3.BucketObject] gets created, using the helper [pulumi.asset.FileAsset] to reference a local file. + +In order to serve the files to a browser, the content type for each S3 object must be set. For this, the [NPM `mime` package](https://www.npmjs.com/package/mime) is used. Just like a regular Node program, Pulumi programs can use any Node.js package. + +### Step 3: Create your website files + +Create a subfolder of `s3website` called `www`. Download [favicon.png](/images/docs/examples/favicon.png) and save it to `www`. + +Also save the following as `index.html`: + +```html + + + Hello S3 + + + +

Hello, world!

Made with ❤️ with Pulumi

+ + +``` + +### Step 4: Install npm dependencies + +Add and install the NPM dependencies: + +```bash +$ npm install --save @pulumi/aws mime +``` + +### Step 5: Set your AWS region + +Configure the AWS region to deploy to, such as `us-west-2`. + +```bash +$ pulumi config set aws:region us-west-2 +``` + +Notice how a new file, `Pulumi.website-testing.yaml`, got created in the root directory for your project next to your [Pulumi.yaml project file](/docs/concepts/projects/). See [Defining and setting stack settings](/docs/concepts/config#config-stack) for more information about this file. + +### Step 6: Preview and deploy your resources + +To preview your Pulumi program, run [`pulumi up`](/docs/cli/commands/pulumi_up/). The command shows a preview of the resources that will be created and prompts you to proceed with the deployment. Select `yes` to create a stack component, a Bucket and two S3 Objects (one for each file in the `www` folder). + +### Step 7: View your stack resources + +#### **Pulumi Cloud** + +To see the full details of the deployment and the resources that are now part of the stack, open the update link in a browser. You can see the bucket that was creAted in the **Resources** tab. + +#### **Pulumi CLI** + +To see the name of the bucket that was created, run `pulumi stack output`. Note that an extra 7-digit identifier is appended to the name. All Pulumi resources add this identifier automatically, so that you don't have to manually create unique names. + +```bash +$ pulumi stack output +Current stack outputs (1): + OUTPUT VALUE + bucketName s3-website-bucket-8533d8b +``` + +To see that the S3 bucket objects exist, you can either use the AWS Console (which is accessible from the Pulumi Cloud) or the AWS CLI: + +```bash +$ aws s3 ls $(pulumi stack output bucketName) +2019-09-26 17:12:22 13731 favicon.png +2019-09-26 17:12:22 264 index.html +``` + +### Step 8: Add S3 website support + +Next, configure the S3 bucket to serve the files on a browser. To do this, you use the [aws.s3.Bucket.website] property and attach an [aws.s3.BucketPolicy] object. + +Change the declaration of `siteBucket` to specify an `indexDocument`: + +```javascript +... +// Update your siteBucket declaration to this +let siteBucket = new aws.s3.Bucket("s3-website-bucket", { + website: { + indexDocument: "index.html", + }, +}); +... +``` + +Add the following code, which defines the S3 public read policy, applies it to the bucket, and defines a new stack output: + +```javascript +// Create an S3 Bucket Policy to allow public read of all objects in bucket +// This reusable function can be pulled out into its own module +function publicReadPolicyForBucket(bucketName) { + return JSON.stringify({ + Version: "2012-10-17", + Statement: [{ + Effect: "Allow", + Principal: "*", + Action: [ + "s3:GetObject" + ], + Resource: [ + `arn:aws:s3:::${bucketName}/*` // policy refers to bucket name explicitly + ] + }] + }) +} + +// Set the access policy for the bucket so all objects are readable +let bucketPolicy = new aws.s3.BucketPolicy("bucketPolicy", { + bucket: siteBucket.bucket, // depends on siteBucket -- see explanation below + policy: siteBucket.bucket.apply(publicReadPolicyForBucket) + // transform the siteBucket.bucket output property -- see explanation below +}); + +exports.websiteUrl = siteBucket.websiteEndpoint; // output the endpoint as a stack output +``` + +To make [all objects in the bucket publicly readable](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteAccessPermissionsReqd.html), you'll need to create a [BucketPolicy][aws.s3.BucketPolicy] object. The definition of `bucketPolicy` illustrates how Pulumi tracks dependencies between resources. The property [aws.s3.Bucket.bucket] is an output property of type [pulumi.Output]---a marker class that encodes the relationship between resources in a Pulumi program. An object of type `Output` can be passed directly to the inputs of a resource constructor, such as the `bucket` property. + +For the `policy` property, the IAM policy must include the target bucket name. Since the value of output properties are not known until the underlying resource is created (such as the generated name for the S3 bucket), you need to use the `apply` method of [pulumi.Output] rather than directly calling `publicReadPolicyForBucket`. + +Whenever you need to create a dependency between resources, use the output property of one resource as the input to another one. Pulumi uses this information to create physical resources in the correct order. + +### Step 9: Run your update + +Run `pulumi up`, which shows the change to **update** the `Bucket` resource and **create** a new `BucketPolicy` resource. Select `yes` to confirm the changes. You should see an output similar to the following: + +```bash +$ pulumi up +... + + Type Name Status Info + pulumi:pulumi:Stack s3-website-dev +~ ├─ aws:s3:Bucket s3-website-bucket updated [diff: +website] ++ └─ aws:s3:BucketPolicy bucketPolicy created + +Outputs: + bucketName: "s3-website-bucket-8533d8b" + + websiteUrl: "s3-website-bucket-8533d8b.s3-website-us-west-2.amazonaws.com" + +Resources: + + 1 created + ~ 1 updated + 2 changes. 3 unchanged +``` + +### Step 10: View your static website + +Open the site URL in a browser to see both the rendered HTML and the favicon: + +```bash +$ pulumi stack output websiteUrl +s3-website-bucket-8533d8b.s3-website-us-west-2.amazonaws.com +``` + +Hello S3 example + +## Clean Up + +{{< cleanup >}} + +## Summary + +In this tutorial, we showed you how to use the `@pulumi/aws` package for fine-grain control over AWS resources. + +You also learned how to work with the Pulumi CLI. To recap: + +- Run `pulumi new javascript --name myproject` to create a new project using a JavaScript template. +- Run `pulumi up` to preview and update your infrastructure. +- Run `pulumi destroy` to clean up your resources. +- Run `pulumi stack rm` to delete your stack. + +## Next steps + +- [S3 Folder Pulumi Component](https://www.pulumi.com/docs/tutorials/aws/s3-folder-component/) +- [EC2 Linux WebServer Instance](/registry/packages/aws/how-to-guides/ec2-webserver/) +- [Containers on ECS Fargate](/registry/packages/aws/how-to-guides/ecs-fargate/) +- [API Gateways and Lambda](/registry/packages/aws/how-to-guides/rest-api/) + + +[@pulumi/aws]: /registry/packages/aws/api-docs/ +[aws.s3.Bucket]: /registry/packages/aws/api-docs/s3/bucket/ +[aws.s3.Bucket.bucket]: /registry/packages/aws/api-docs/s3/bucket/#bucket_nodejs +[aws.s3.BucketObject]: /registry/packages/aws/api-docs/s3/bucketobject/ +[pulumi.asset.FileAsset]: /docs/reference/pkg/nodejs/pulumi/pulumi/asset/#FileAsset +[aws.s3.BucketPolicy]: /registry/packages/aws/api-docs/s3/bucketpolicy/ +[aws.s3.Bucket.website]: /registry/packages/aws/api-docs/s3/bucket/#state_website_nodejs +[pulumi.Output]: /docs/reference/pkg/nodejs/pulumi/pulumi/#Output +[in Python]: https://github.com/pulumi/examples/tree/master/aws-py-s3-folder + diff --git a/themes/default/content/registry/packages/aws/how-to-guides/video-thumbnailer.md b/themes/default/content/registry/packages/aws/how-to-guides/video-thumbnailer.md new file mode 100644 index 00000000000..cf11a494b5c --- /dev/null +++ b/themes/default/content/registry/packages/aws/how-to-guides/video-thumbnailer.md @@ -0,0 +1,225 @@ +--- +title: Video Thumbnailer with AWS Lambda and Fargate +meta_desc: This tutorial will teach you how to build a video thumbnailer using AWS Lambda and Fargate. +aliases: ["/docs/reference/tutorials/aws/tutorial-thumbnailer/"] +layout: package +--- + +In this tutorial, we'll use combine serverless, containers and cloud infrastructure together into a fully functioning +distributed application. We use serverless functions as event triggers and containers for longer-running tasks. + +We'll build an application that extracts a thumbnail from a video using AWS Lambda and +[Fargate](https://aws.amazon.com/fargate/). Below is the architecture of the Pulumi application. The +code for this tutorial is [available on GitHub](https://github.com/pulumi/examples/tree/master/aws-ts-thumbnailer), +and a video walkthrough of this example is [available on YouTube](https://www.youtube.com/watch?v=Bofmh1qnNSE). + +Video thumbnail diagram + +{{< aws-js-prereqs >}} + +## Create and deploy the project + +1. Make sure [Docker](https://docs.docker.com/install/) is installed and running. + +1. Run `pulumi new`: + + ```bash + $ mkdir video-thumbnail && cd video-thumbnail + $ pulumi new aws-typescript + ``` + +1. Replace the contents of `index.ts` with the following: + + ```typescript + import * as aws from "@pulumi/aws"; + import * as awsx from "@pulumi/awsx"; + + // A simple cluster to run our tasks in. + const cluster = awsx.ecs.Cluster.getDefault(); + + // A bucket to store videos and thumbnails. + const bucket = new aws.s3.Bucket("bucket"); + + // Export the bucket name. + export const bucketName = bucket.id; + + // A task which runs a containerized FFMPEG job to extract a thumbnail image. + const ffmpegThumbnailTask = new awsx.ecs.FargateTaskDefinition("ffmpegThumbTask", { + container: { + image: awsx.ecs.Image.fromPath("ffmpegThumbTask", "./docker-ffmpeg-thumb"), + memoryReservation: 512, + }, + }); + + // When a new video is uploaded, run the FFMPEG task on the video file. + // Use the time index specified in the filename (e.g. cat_00-01.mp4 uses timestamp 00:01) + bucket.onObjectCreated("onNewVideo", new aws.lambda.CallbackFunction("onNewVideo", { + // Specify appropriate policies so that this AWS lambda can run EC2 tasks. + policies: [ + aws.iam.ManagedPolicy.AWSLambdaExecute, // Provides access to logging and S3 + aws.iam.ManagedPolicy.AmazonECSFullAccess, // Required for lambda compute to be able to run Tasks + ], + callback: async bucketArgs => { + console.log("onNewVideo called"); + if (!bucketArgs.Records) { + return; + } + + for (const record of bucketArgs.Records) { + console.log(`*** New video: file ${record.s3.object.key} was uploaded at ${record.eventTime}.`); + const file = record.s3.object.key; + + const thumbnailFile = file.substring(0, file.indexOf('_')) + '.jpg'; + const framePos = file.substring(file.indexOf('_')+1, file.indexOf('.')).replace('-',':'); + + await ffmpegThumbnailTask.run({ + cluster, + overrides: { + containerOverrides: [{ + name: "container", + environment: [ + { name: "S3_BUCKET", value: bucketName.get() }, + { name: "INPUT_VIDEO", value: file }, + { name: "TIME_OFFSET", value: framePos }, + { name: "OUTPUT_FILE", value: thumbnailFile }, + ], + }], + }, + }); + + console.log(`Running thumbnailer task.`); + } + }, + }), { filterSuffix: ".mp4" }); + + // When a new thumbnail is created, log a message. + bucket.onObjectCreated("onNewThumbnail", async bucketArgs => { + console.log("onNewThumbnail called"); + if (!bucketArgs.Records) { + return; + } + + for (const record of bucketArgs.Records) { + console.log(`*** New thumbnail: file ${record.s3.object.key} was saved at ${record.eventTime}.`); + } + }, { filterSuffix: ".jpg" }); + ``` + + This code declares the following resources: + + - **Cloud infrastructure**. S3 bucket for videos and still frames. We define a [stack output property](/docs/concepts/stack#outputs) `bucketName`, to easily retrieve this value after the project has been deployed. + - **Containers**. Uses awsx.ecs.FargateTaskDefinition, which is a high-level, convenient component for working with containers. The component automatically provisions a container registry instance in ECR, runs a Docker build, and saves the Docker image to the provisioned ECR instance. It also defines an ECS task and configures it to use the built image. + - **Serverless functions** + - The Lambda function `onNewVideo` is triggered whenever a new `.mp4` video file is uploaded to the S3 bucket. The Lambda extracts the time index that is encoded in the video filename (in the form `file_mm-ss`) and launches the container task. + - The Lambda function `onNewThumbnail` is triggered when a new `.jpg` thumbnail file is uploaded to the S3 bucket, and prints a message to the log file. + +1. Create a directory named `docker-ffmpeg-thumb`. + + ```bash + $ mkdir docker-ffmpeg-thumb + ``` + +1. Create a file named `Dockerfile` in the `docker-ffmpeg-thumb` folder with the following contents. For the container setup, it uses an existing container for FFmpeg and installs Python and the AWS CLI. When the container is started, it copies the video file from S3, runs `ffmpeg`, and copies the output back to S3. + + ```docker + FROM jrottenberg/ffmpeg + + RUN apt-get update && \ + apt-get install python-dev python-pip -y && \ + apt-get clean && pip install --upgrade pip + + RUN pip install awscli + + WORKDIR /tmp/workdir + + ENTRYPOINT \ + echo "Starting ffmpeg task..." && \ + echo "Copying video from s3://${S3_BUCKET}/${INPUT_VIDEO} to ${INPUT_VIDEO}..." && \ + aws s3 cp s3://${S3_BUCKET}/${INPUT_VIDEO} ./${INPUT_VIDEO} && \ + ffmpeg -v error -i ./${INPUT_VIDEO} -ss ${TIME_OFFSET} -vframes 1 -f image2 -an -y ${OUTPUT_FILE} && \ + echo "Copying thumbnail to S3://${S3_BUCKET}/${OUTPUT_FILE} ..." && \ + aws s3 cp ./${OUTPUT_FILE} s3://${S3_BUCKET}/${OUTPUT_FILE} + ``` + +1. Configure Pulumi to use an AWS region that supports Fargate. (Note: Fargate is currently available only in `us-east-1`, `us-east-2`, `us-west-2`, and `eu-west-1`). + + ```bash + $ pulumi config set aws:region us-east-2 + ``` + +1. Preview and deploy changes via `pulumi up`, which will take a few minutes. During the preview phase, Pulumi runs the Docker build. + + ```bash + $ pulumi up + Previewing update of stack 'thumbnailer-testing' + ... + + Diagnostics: + ... + global: global + info: Building container image 'pulum-dc8d99de-container': context=./docker-ffmpeg-thumb + + Do you want to perform this update? yes + Updating stack 'thumbnailer-testing' + Performing changes: + ... + + ---outputs:--- + bucketName: "bucket-0c91106" + + info: 32 changes performed: + + 32 resources created + Update duration: 1m48.486679173s + ``` + +## Test the application + +To test the application, we'll upload a video to S3, view the running application logs, then download the thumbnail from S3. + +### 1. Upload a video to S3 + +- Download [a short sample video](https://github.com/pulumi/examples/blob/master/aws-ts-thumbnailer/sample/cat.mp4?raw=true) to your project folder. + +- Copy the video to S3, encoding the time index in the filename (00:01 becomes `00-01`): + + ```bash + $ aws s3 cp cat.mp4 s3://$(pulumi stack output bucketName)/cat_00-01.mp4 + upload: cat.mp4 to s3://bucket-0c91106/cat_00-01.mp4 + ``` + +### 2. View logs + +Run `pulumi logs -f` for the streaming logs of the Lambda functions as well as the Fargate task. Note that the log contains a prefix that matches the functions and tasks in your code, such as `onNewVideo` and `ffmpegThumbTask`: + +```bash +$ pulumi logs -f +Collecting logs for stack thumbnail-quickstart-dev since 2018-05-25T13:32:27.000-07:00. + + 2018-05-25T14:29:17.935-07:00[ onNewVideo] *** New video: file cat_00-01.mp4 was uploaded at 2018-05-25T21:29:17.230Z. + 2018-05-25T14:29:22.319-07:00[ onNewVideo] Running thumbnailer task. + 2018-05-25T14:30:25.995-07:00[ ffmpegThumbTask] Starting ffmpeg task... + 2018-05-25T14:30:25.995-07:00[ ffmpegThumbTask] Copying video FROM S3 +download: s3://bucket-756b44a/cat_00-01.mp4 to ./cat_00-01.mp4 pleted 256.0 KiB/666.5 KiB (1.9 MiB/s) with 1 file(s) remaining + 2018-05-25T14:30:31.037-07:00[ ffmpegThumbTask] Copying thumbnail TO S3 +upload: ./cat.jpg to s3://bucket-756b44a/cat.jpg pleted 86.6 KiB/86.6 KiB (303.9 KiB/s) with 1 file(s) remaining + 2018-05-25T14:30:34.298-07:00[ onNewThumbnail] *** New thumbnail: file cat.jpg was saved at 2018-05-25T21:30:33.724Z. +``` + +### 3. Download the thumbnail file + +After you see the `*** New thumbnail` message, copy the jpg from S3. + +```bash +$ aws s3 cp s3://$(pulumi stack output bucketName)/cat.jpg . +download: s3://bucket-0c91106/cat.jpg to ./cat.jpg +``` + +## Clean up + +{{< cleanup >}} + +## Next steps + +For a version of this sample that includes AWS Rekognition, see the [Video Thumbnailer with Machine Learning](https://github.com/pulumi/examples/tree/master/cloud-js-thumbnailer-machine-learning) JavaScript example. + +For an example application that connects two containers, see the [Voting App](https://github.com/pulumi/examples/tree/master/aws-ts-voting-app) TypeScript sample. diff --git a/themes/default/content/registry/packages/aws/installation-configuration.md b/themes/default/content/registry/packages/aws/installation-configuration.md new file mode 100644 index 00000000000..e1c6083de10 --- /dev/null +++ b/themes/default/content/registry/packages/aws/installation-configuration.md @@ -0,0 +1,210 @@ +--- +title: AWS Classic Installation & Configuration +meta_desc: How to set up credentials to use the Pulumi AWS Classic Provider and choose configuration options to tailor the provider to suit your use case. +layout: package +--- + +{{< aws-resource-note >}} + +## Installation + +The AWS Classic provider is available as a package in all Pulumi languages: + +* JavaScript/TypeScript: [`@pulumi/aws`](https://www.npmjs.com/package/@pulumi/aws) +* Python: [`pulumi-aws`](https://pypi.org/project/pulumi-aws/) +* Go: [`github.com/pulumi/pulumi-aws/sdk/v5`](https://github.com/pulumi/pulumi-aws#go) +* .NET: [`Pulumi.Aws`](https://www.nuget.org/packages/Pulumi.Aws) +* Java: [`com.pulumi.aws`](https://search.maven.org/search?q=com.pulumi.aws) + +## Credentials + +1. [Create an IAM user in the AWS console](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console) with programmatic access and ensure it has sufficient permissions to deploy and manage your Pulumi program’s resources. +2. [Set up AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys) for your user. + +{{% notes "info" %}} +If you are using [temporary security credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html), you will also have to supply an `AWS_SESSION_TOKEN` value before you can use Pulumi to create resources on your behalf. +{{% /notes %}} + +Your AWS credentials are never sent to pulumi.com. Pulumi uses the AWS SDK and the credentials in your environment to authenticate requests from your computer to AWS. + +## Configuration + +There are a few different ways you can configure your AWS credentials to work with Pulumi. + +### Set credentials as environment variables + +You can authenticate using environment variables. +Doing so will [temporarily override the settings in your credentials file](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence). + +{{< chooser os "linux,macos,windows" >}} +{{% choosable os linux %}} + +```bash +$ export AWS_ACCESS_KEY_ID= +$ export AWS_SECRET_ACCESS_KEY= +$ export AWS_REGION= # e.g.`ap-south-1` +``` + +{{% /choosable %}} + +{{% choosable os macos %}} + +```bash +$ export AWS_ACCESS_KEY_ID= +$ export AWS_SECRET_ACCESS_KEY= +$ export AWS_REGION= # e.g.`ap-south-1` +``` + +{{% /choosable %}} + +{{% choosable os windows %}} + +```powershell +> $env:AWS_ACCESS_KEY_ID = "" +> $env:AWS_SECRET_ACCESS_KEY = "" +> $env:AWS_REGION = "" +``` + +{{% /choosable %}} +{{< /chooser >}} + +You may alternatively set the AWS region in your Pulumi.yaml: + +```bash +$ pulumi config set aws:region # e.g.`ap-south-1` +``` + +### Create a shared credentials file using the AWS CLI + +1. [Install the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/installing.html) + +2. Configure your [AWS credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config). + + ```bash + $ aws configure + AWS Access Key ID [None]: + AWS Secret Access Key [None]: + Default region name [None]: + Default output format [None]: + ``` + +Your AWS credentials file is now located in your home directory at `.aws/credentials`. + +You can also create the shared credentials file by hand. For example: + +```ini +[default] +aws_access_key_id = +aws_secret_access_key = +``` + +### Set up multiple profiles + +As an optional step, you can [set up multiple profiles](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-profiles) +Here’s what that looks like in your ~/.aws/credentials file: + +```ini +[default] +aws_access_key_id = +aws_secret_access_key = + +[test-account] +aws_access_key_id = +aws_secret_access_key = + +[prod-account] +aws_access_key_id = +aws_secret_access_key = +``` + +You can specify which profile to use with Pulumi through one of the following methods: + +* Set AWS_PROFILE as an environment variable + + ```bash + $ export AWS_PROFILE= + ``` + +* Set `aws:profile` in your Pulumi.yaml + + ```bash + pulumi config set aws:profile + ``` + +### Authenticating via EC2 Instance Metadata? + +As of pulumi-aws v3.28.1, the default behaviour for the provider [was changed](https://github.com/pulumi/pulumi-aws/blob/master/CHANGELOG_OLD.md#3281-2021-02-10) to disable MetadataApiCheck by default. This means, +you need to do either of the following + +1. When using the default provider: + + ``` + pulumi config set aws:skipMetadataApiCheck false + ``` + +1. When using a named provider + + ```typescript + const myProvider = new aws.Provider("named-provider", { + // other config + skipMetadataApiCheck: false, + }); + ``` + + ```csharp + var provider = new Aws.Provider("named-provider", new Aws.ProviderArgs + { + // other config + SkipMetadataApiCheck = false, + }); + ``` + + ```go + provider, err := aws.NewProvider(ctx, "named-provider", &aws.ProviderArgs{ + // other config + SkipMetadataApiCheck: pulumi.Bool(false), + }) + ``` + + ```python + provider = pulumi_aws.Provider('named-provider', skip_metadata_api_check=False) + ``` + +## Configuration options + +Use `pulumi config set aws: