Pulumi
Overview
Pulumi is an open-source IaC platform that lets you define cloud infrastructure using general-purpose programming languages (TypeScript, Python, Go, C#, Java). Unlike HCL-based tools, you get full IDE support, loops, conditionals, type checking, and package management.
TypeScript Example
import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";
const config = new pulumi.Config();
const environment = config.require("environment");
const bucket = new aws.s3.Bucket("assets", {
bucket: `my-app-${environment}-assets`,
tags: { Environment: environment },
});
const bucketVersioning = new aws.s3.BucketVersioningV2("assets-versioning", {
bucket: bucket.id,
versioningConfiguration: { status: "Enabled" },
});
export const bucketArn = bucket.arn;
Python Example
import pulumi
import pulumi_aws as aws
config = pulumi.Config()
environment = config.require("environment")
bucket = aws.s3.Bucket("assets",
bucket=f"my-app-{environment}-assets",
tags={"Environment": environment},
)
pulumi.export("bucket_arn", bucket.arn)
Workflow
# Create a new project
pulumi new aws-typescript
# Preview changes
pulumi preview
# Deploy changes
pulumi up
# Destroy resources
pulumi destroy
# Switch stacks (environments)
pulumi stack select prod
Outputs and Apply
Pulumi resources return Output<T> values (resolved asynchronously):
// Outputs are lazy — use .apply() to transform
const url = bucket.websiteEndpoint.apply(ep => `https://${ep}`);
// Use pulumi.interpolate for string interpolation
const name = pulumi.interpolate`app-${bucket.id}`;
// Use pulumi.all to combine multiple outputs
const combined = pulumi.all([bucket.arn, bucket.id]).apply(
([arn, id]) => `${arn} (${id})`
);
Component Resources
Create reusable infrastructure abstractions:
class StaticSite extends pulumi.ComponentResource {
public readonly url: pulumi.Output<string>;
constructor(name: string, args: { domain: string }, opts?: pulumi.ComponentResourceOptions) {
super("custom:StaticSite", name, {}, opts);
const bucket = new aws.s3.Bucket(`${name}-bucket`, {
website: { indexDocument: "index.html" },
}, { parent: this });
this.url = bucket.websiteEndpoint;
this.registerOutputs({ url: this.url });
}
}
Stack Configuration
# Set config values
pulumi config set environment prod
pulumi config set --secret dbPassword s3cret
# Access in code
const config = new pulumi.Config();
const env = config.require("environment");
const dbPass = config.requireSecret("dbPassword");
State Backends
| Backend | Description |
|---|---|
| Pulumi Cloud | Default managed backend with collaboration features |
| S3 | pulumi login s3://my-bucket |
| Azure Blob | pulumi login azblob://container |
| Local | pulumi login --local |
Best Practices
- Always run
pulumi previewbeforepulumi upto review changes. - Use
ComponentResourceclasses for reusable infrastructure patterns. - Never call
.apply()on Outputs whenpulumi.interpolatesuffices. - Use
pulumi.Configfor environment-specific values and secrets. - Use stack references for cross-stack dependencies instead of hardcoded values.
- Pin provider package versions in
package.json/requirements.txt. - Use
aliaseswhen renaming resources to avoid delete-and-recreate.