MCP HubMCP Hub
Back to Skills

pulumi-troubleshooting

pr-pm
Updated Today
17 views
62
9
62
View on GitHub
Designdesign

About

This skill helps developers troubleshoot Pulumi infrastructure-as-code projects, specifically for TypeScript. It provides solutions for common errors like Outputs handling, deployment issues with AWS Beanstalk, and cost optimization. Use it when you encounter Pulumi runtime errors or need guidance on infrastructure best practices.

Quick Install

Claude Code

Recommended
Plugin CommandRecommended
/plugin add https://github.com/pr-pm/prpm
Git CloneAlternative
git clone https://github.com/pr-pm/prpm.git ~/.claude/skills/pulumi-troubleshooting

Copy and paste this command in Claude Code to install this skill

Documentation

Pulumi Infrastructure Troubleshooting Skill

Common Pulumi TypeScript Errors and Solutions

1. "This expression is not callable. Type 'never' has no call signatures"

Cause: TypeScript infers a type as never when working with Pulumi Outputs, especially with arrays.

Solution: Wrap the value in pulumi.output() and properly type the callback:

// ❌ Bad - TypeScript can't infer the type
value: pulumi.all(config.vpc.publicSubnets.map((s: any) => s.id))

// ✅ Good - Explicitly wrap and type
value: pulumi.output(config.vpc.publicSubnets).apply((subnets: any[]) =>
  pulumi.all(subnets.map((s: any) => s.id)).apply(ids => ids.join(","))
)

2. "Modifiers cannot appear here" (export in conditional blocks)

Cause: TypeScript doesn't allow export statements inside if blocks.

Solution: Use optional chaining for conditional exports:

// ❌ Bad
if (opensearch) {
  export const opensearchEndpoint = opensearch.endpoint;
}

// ✅ Good
export const opensearchEndpoint = opensearch?.endpoint;

3. "Configuration key 'aws:region' is not namespaced by the project"

Cause: Pulumi.yaml config with namespaced keys (e.g., aws:region) cannot use default attribute.

Solution: Remove the config section or don't set defaults for provider configs:

# ❌ Bad
config:
  aws:region:
    description: AWS region
    default: us-east-1

# ✅ Good - set via workflow/CLI instead
config:
  app:domainName:
    description: Domain name

4. Stack Not Found Errors

Cause: Pulumi stack doesn't exist yet in new environments.

Solution: Use || operator to create if not exists:

pulumi stack select $STACK || pulumi stack init $STACK

5. Working with Pulumi Outputs

Key Concepts:

  • pulumi.Output<T> is a promise-like wrapper for async values
  • Use .apply() to transform Output values
  • Use pulumi.all([...]) to combine multiple Outputs
  • Use pulumi.output(value) to wrap plain values as Outputs

Common Patterns:

// Transforming a single Output
const url = endpoint.apply(e => `https://${e}`);

// Combining multiple Outputs
const connectionString = pulumi.all([host, port, db]).apply(
  ([h, p, d]) => `postgres://${h}:${p}/${d}`
);

// Interpolating Outputs
const message = pulumi.interpolate`Server at ${endpoint}:${port}`;

Nested Outputs (Properties that are themselves Outputs):

// ❌ Bad - resource.property might be an Output<string>
const endpoint = instance.apply(i => i.endpoint.split(":")[0]); // ERROR: Property 'split' does not exist

// ✅ Good - unwrap nested Output with pulumi.output()
const endpoint = instance.apply(i =>
  pulumi.output(i.endpoint).apply(e => e.split(":")[0])
);

// ✅ Alternative - use pulumi.all to flatten
const endpoint = pulumi.all([instance]).apply(([inst]) =>
  pulumi.output(inst.endpoint).apply(e => e.split(":")[0])
);

6. Beanstalk Environment Variables

Issue: Complex objects or arrays need to be serialized.

Solution: Use JSON.stringify for complex values:

{
  namespace: "aws:elasticbeanstalk:application:environment",
  name: "ALLOWED_ORIGINS",
  value: allowedOrigins.apply(origins => JSON.stringify(origins)),
}

7. ACM Certificate Validation

Issue: Certificate validation hangs or times out.

Solution: Ensure DNS records are created and wait for validation:

// 1. Create certificate
const cert = new aws.acm.Certificate(...);

// 2. Create DNS validation record
const validationRecord = new aws.route53.Record(..., {
  name: cert.domainValidationOptions[0].resourceRecordName,
  type: cert.domainValidationOptions[0].resourceRecordType,
  records: [cert.domainValidationOptions[0].resourceRecordValue],
});

// 3. Wait for validation to complete
const validation = new aws.acm.CertificateValidation(..., {
  certificateArn: cert.arn,
  validationRecordFqdns: [validationRecord.fqdn],
});

8. GitHub Actions Pulumi Setup

Best Practices:

- name: Setup Pulumi
  uses: pulumi/actions@v5

- name: Configure Stack
  run: |
    STACK="${{ inputs.stack || 'prod' }}"
    pulumi stack select $STACK || pulumi stack init $STACK
    pulumi config set aws:region ${{ env.AWS_REGION }}
    # Set other non-secret configs here

- name: Pulumi Up
  run: pulumi up --yes --non-interactive
  env:
    PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
    PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}

9. Debugging TypeScript Compilation

Quick checks:

  1. Run npm run build in the infra package locally
  2. Check for conditional exports inside blocks
  3. Verify all Pulumi Outputs are properly typed
  4. Look for .map() calls on potentially undefined arrays
  5. Ensure all imports are correct

10. Cost Optimization Tips

Beanstalk vs ECS Fargate:

  • Beanstalk with t3.micro: ~$32/month
  • ECS Fargate: ~$126/month
  • Key difference: Beanstalk runs on EC2 instances you control
  • Use public subnets to avoid NAT Gateway costs ($32/month)

Checklist Before Deploying

  • Run npm run build locally to catch TypeScript errors
  • Test with pulumi preview before pulumi up
  • Verify all secrets are in GitHub Secrets (not hardcoded)
  • Check stack name matches environment (dev/staging/prod)
  • Ensure domain/DNS is configured if using custom domains
  • Verify VPC/subnets exist if using existing infrastructure
  • Check that all required extensions/providers are installed

Common Environment Variables to Set

// Database
DATABASE_URL: pulumi.interpolate`postgres://${user}:${pass}@${host}:5432/${db}`

// Redis
REDIS_URL: redisEndpoint.apply(e => `redis://${e}:6379`)

// S3
S3_BUCKET: bucketName
S3_REGION: region

// Auth
GITHUB_CLIENT_ID: clientId
GITHUB_CLIENT_SECRET: clientSecret

// App Config
NODE_ENV: "production"
PORT: "8080"
LOG_LEVEL: "info"

Resources

GitHub Repository

pr-pm/prpm
Path: .claude/skills/pulumi-troubleshooting
claudeclaude-codecursorcursor-ai-editcursorrulespackage-manager

Related Skills

langchain

Meta

LangChain is a framework for building LLM applications using agents, chains, and RAG pipelines. It supports multiple LLM providers, offers 500+ integrations, and includes features like tool calling and memory management. Use it for rapid prototyping and deploying production systems like chatbots, autonomous agents, and question-answering services.

View skill

Algorithmic Art Generation

Meta

This skill helps developers create algorithmic art using p5.js, focusing on generative art, computational aesthetics, and interactive visualizations. It automatically activates for topics like "generative art" or "p5.js visualization" and guides you through creating unique algorithms with features like seeded randomness, flow fields, and particle systems. Use it when you need to build reproducible, code-driven artistic patterns.

View skill

webapp-testing

Testing

This Claude Skill provides a Playwright-based toolkit for testing local web applications through Python scripts. It enables frontend verification, UI debugging, screenshot capture, and log viewing while managing server lifecycles. Use it for browser automation tasks but run scripts directly rather than reading their source code to avoid context pollution.

View skill

requesting-code-review

Design

This skill dispatches a code-reviewer subagent to analyze code changes against requirements before proceeding. It should be used after completing tasks, implementing major features, or before merging to main. The review helps catch issues early by comparing the current implementation with the original plan.

View skill