Hello. I am running into a problem where I am having problems downloading a private pulumi component that I am using. This was working 3 weeks ago. I do a github release so that the artifacts are there and when i want to use it, pulumi goes and downloads it. For some reason the new releases that I am doing produces an error now. Any ideas why?

$ pulumi up
Previewing update (staging):
     Type                 Name                 Plan       Info
 +   pulumi:pulumi:Stack  vercel-oidc-staging  create     13 messages

Diagnostics:
  pulumi:pulumi:Stack (vercel-oidc-staging):
    warning: error downloading provider: tar: cannot add non-regular file
    Will retry in 80ms [1/5]
    warning: error downloading provider: tar: cannot add non-regular file
    Will retry in 160ms [2/5]
    warning: error downloading provider: tar: cannot add non-regular file
    Will retry in 320ms [3/5]
    warning: error downloading provider: tar: cannot add non-regular file
    Will retry in 640ms [4/5]
    warning: error downloading provider: tar: cannot add non-regular file
    Will retry in 1.28s [5/5]
    Error: error resolving type of resource verceloidc: internal error loading package "verceloidc": Could not automatically download and install resource plugin 'pulumi-resource-verceloidc' at version v1.0.18, install the plugin using `pulumi plugin install resource verceloidc v1.0.18 --server <git://github.com/malloryai/infrastructure.git/pulumi/components/aws/verceloidc>`: error downloading provider verceloidc to file: failed to download plugin: verceloidc-1.0.18: failed all 5 attempts
      on Pulumi.yaml line 15:
      15:     type: verceloidc:Verceloidc

sup

Hi, is there a document that details how to deploy using pulumi in an airgapped environment? I am trying to package the plugins needed for my iac script to run on an environment that does not have internet access. I couldn't find a documentation. I am using pulumi python, I am trying to achieve something similar to using a local provider on terraform.

It's there any movement on this issue? It is quite easy to accidentally bring an app down. Quite scary that this is possible e.g. by adding additional permissions to a service running on ECS. This seems like quite basic functionality? Has anyone here running on ECS and deploying using Pulumi experienced this? Any workarounds at all?

At our company our pulumi stack has been managed by a single dev since we started using pulumi. We have not hired on a new engineer to work in the pulumi stack. Unfortunatley this now has created a problem. Situation: Aws lambdas written in go, when we run pulumi up on engineer 1s computer (who originally deployed everything) there are no changes. But then when engineer 2 does pulumi up (no code changes) it says the last modified and code has changed (they had to seperartley build the bootstrap executable) Are there any solutions to this?

Hi, I have pulumi CLI issues. It does not list any of my stacks, even in the source code folder.

➜  pulumi git:(main) ls -l
total 40
-rw-r--r--   1 lin  staff  4157 Sep 15 00:01 pom.xml
-rw-r--r--   1 lin  staff   336 Oct 16 11:51 Pulumi.deploy-infra.yaml
-rw-r--r--   1 lin  staff    95 May 20 00:39 Pulumi.yaml
drwxr-xr-x   4 lin  staff   128 May 20 00:39 src
drwxr-xr-x  11 lin  staff   352 Aug 18 00:24 target
➜  pulumi git:(main) pulumi stack ls
NAME  LAST UPDATE  RESOURCE COUNT  URL
➜  pulumi git:(main)

intermittent error

20:08:49  + echo 'setup Pulumi'
20:08:49  setup Pulumi
20:08:49  + curl -fsSL <https://get.pulumi.com>
20:08:49  + sh
20:08:50  error: could not determine latest version of Pulumi, try passing --version X.Y.Z to
20:08:50         install an explicit version
20:08:50  
20:08:50  We're sorry, but it looks like something might have gone wrong during installation.
If you need help, please join us on "><https://slack.pulumi.com/>
script returned exit code 1

hey guys can some one explain to me how pulumi works because my work told me to use it but i dont know what is or what it does or what type of servers they use

I'm running into a weird issue with preview in a GitHub action (using the official action). The preview fails, but there are no errors, and the deploy works perfect. Running the preview locally works perfectly though. The step in the action also ends way before it does compared to the one on the Pulumi web UI. For context, this stack uses Azure and has around 2.5k resources

Hi, I'm an experienced IT instructor, and I'm quite interested in evaluating Pulumi training. Where can I find more info or who could I talk with? I'm interested in e.g.: evaluating current training offerings (official/non-official), writting Pulumi courses & workshops, participating in a future training partner program, or Pulumi certification, etc Thanks!

Hey I just claimed startup credits for our org. However, I do not see that anywhere to be applied? I still see “total cost after usage: $40” in the billing section. I did for sure entered promo code I got by email.

Hey, Is anyone able to get

pulumi

to work with a

bazel

-managed python environment? I think

pulumi up

is trying to install its own dependencies, which does not play well with bazel philosophy. Is there any way to combine the two? Or in general, how does pulumi deal with monorepo setups, where you tend to share all the libraries instead of creating many small python virtual environments?

I'm trying

local.File

and it can create the file, but when there is a change in

content

it will delete the file and not create it again, every time I run

pulumi up

it says it will replace it and it "succeeds" but the file it's not created, and running

pulumi up

again will trigger the replace again. Any idea on how to fix this?

import pulumi_local as local 
manifest = local.File(
    "store-demo-cert-manager",
    content=store_demo_cert_manager.yaml,
    filename=os.path.join(
        os.path.dirname(__file__),
        "compiled_manifest",
        "store_demo_gateway_cert_manager.yaml",
    ),
)

hi team, does this mean we no longer need to create a equivalent Pulumi provider for a existing Terraform provider? if so, that'd great! we still use Terraform to manage resources due to missing Pulumi providers but this will be a game changer.

Hi, While migration from Pulumi-cloud to S3+dynamoDB for state backend, while importing I am getting this error:

Can somebody tell me how to get through this?? Like I've tried "sed" as well as "jq" to modify the exported file to change the format from org/project/stack-name to Stack only but it didn't worked.

Hi pulumi expert, sorry for asking this question, I noticed a change when updating from pulumi 3.181.0 to 3.182.0, when I run

pulumi up

on my existing stack, I got all resource deletion instead of update. The pulumi update plan originally looks like this

@ Previewing update.........
    pulumi:pulumi:Stack lighthouse-dev  [INFO][2025-10-27 14:58:23,201][__init__] cluster_config_dir: /home/syscl/deductive/code/config/iac_export/lighthouse
    pulumi:pulumi:Stack lighthouse-dev running [INFO][2025-10-27 14:58:23,201][__init__] cluster_config_dir: /home/syscl/deductive/code/config/iac_export/lighthouse
@ Previewing update.....
 ~  pulumi:providers:aws deductive-controller update [diff: ~version]
@ Previewing update.....
 ~  pulumi:providers:aws aws update [diff: +profile~version]
@ Previewing update....
 +  aws:s3:Bucket deductiveai-alb-access-logs-lighthouse create
 +  aws:iam:Role DeductiveAIEKSClusterRole-lighthouse create
@ Previewing update....
 +  aws:secretsmanager:Secret deductive-secrets create
 +  aws:iam:Role DeductiveAIEC2Role-lighthouse create
 +  aws:s3:BucketLifecycleConfigurationV2 deductiveai-alb-access-logs-lighthouse-lifecycle create
 +  aws:s3:BucketPolicy deductive-alb-access-logs-policy create
 +  aws:secretsmanager:SecretVersion deductiveai-secret-init-awscurrent-empty-lighthouse create
 ~  aws:route53:Record <http://ssl-cert-validation-dns-record-for-lighthouse.deductive.ai|ssl-cert-validation-dns-record-for-lighthouse.deductive.ai> update [diff: +allowOverwrite]
 ~  aws:ec2:Vpc lighthouse-vpc update [diff: ~enableDnsHostnames]
@ Previewing update....
 ++ aws:ec2:Subnet lighthouse-vpc-public-1 create replacement [diff: ~cidrBlock]

But updating to 3.182.0 and later version it became completely deletion:

Previewing update.....
 -  pulumi:providers:kubernetes eks-provider delete
 -  aws:eks:NodeGroup standard_node_group delete
 -  aws:ec2:SecurityGroup lighthouse-ELB-SecurityGroup delete
 -  aws:eks:Cluster lighthouse delete
 -  aws:ec2:Route lighthouse-vpc-private-2 delete
 -  aws:ec2:Route lighthouse-vpc-private-1 delete
 -  aws:ec2:Route lighthouse-vpc-public-2 delete
 -  aws:ec2:Route lighthouse-vpc-public-1 delete
 -  aws:ec2:RouteTableAssociation lighthouse-vpc-private-1 delete
 -  aws:ec2:RouteTableAssociation lighthouse-vpc-private-2 delete
 -  aws:ec2:NatGateway lighthouse-vpc-2 delete
 -  aws:ec2:RouteTableAssociation lighthouse-vpc-public-2 delete
 -  aws:ec2:NatGateway lighthouse-vpc-1 delete

And I also noticed a lot of warnings like this:

@ Previewing update.....
    pulumi:pulumi:Stack lighthouse-dev  [INFO][2025-10-27 14:59:49,357][__init__] cluster_config_dir: /home/syscl/deductive/code/config/iac_export/lighthouse
    pulumi:pulumi:Stack lighthouse-dev  /home/syscl/.local/share/uv/python/cpython-3.13.3-linux-x86_64-gnu/lib/python3.13/asyncio/base_events.py:744: RuntimeWarning: coroutine 'RPCManager.do_rpc.<locals>.rpc_wrapper' was never awaited
    pulumi:pulumi:Stack lighthouse-dev    self._ready.clear()
    pulumi:pulumi:Stack lighthouse-dev  RuntimeWarning: Enable tracemalloc to get the object allocation traceback
    pulumi:pulumi:Stack lighthouse-dev  /home/syscl/.local/share/uv/python/cpython-3.13.3-linux-x86_64-gnu/lib/python3.13/asyncio/base_events.py:744: RuntimeWarning: coroutine 'Output.__init__.<locals>.is_value_known' was never awaited
    pulumi:pulumi:Stack lighthouse-dev    self._ready.clear()
    pulumi:pulumi:Stack lighthouse-dev  RuntimeWarning: Enable tracemalloc to get the object allocation traceback
    pulumi:pulumi:Stack lighthouse-dev  <sys>:0: RuntimeWarning: coroutine 'Output.__init__.<locals>.is_value_known' was never awaited
    pulumi:pulumi:Stack lighthouse-dev  RuntimeWarning: Enable tracemalloc to get the object allocation traceback

I am using python 3.13.3, any reason why this happens? Thanks!

👋 Hi everyone!

Hey folks! We are pursuing a micro-stack architecture but we're bit unclear about how to manage Pulumi stacks in a more dynamic fashion, i.e. how to create/rename/delete them dynamically, including their encryption keys(!), without performing a bunch of manual steps each time. Is there a recommended way to do this? Ideally, I'd just have a piece of Python code that defines a list of stack names, and then Pulumi creates/cleans up stacks automatically.

👋 Hallo everyone, we are using pulumi/gcp for our projects. We are using the API Gateway and we are currently trying to make use of specific flags

--disable_jwt_audience_service_name_check

to disable the audience check for one of our oAuth providers. Is there a way to use flags directly in pulumi or to use the cli out of our pulumi project (typescript). Any help is welcome, thanks!

Hi everyone, Working in aws environment since a year and still a noob on IaC but would like to change that. Does anyone have some guidance/references regarding layout /workflow/design-pattern for multi-account AWS deployment ? Layout on code (on gitlab), layout on state/stack (pulumi cloud) Goal : organize all the chain to be simple and clean

Can't seem to join the live video for the hackathon It's the same email I used while registering

Hi, Is there a way to make stack references type-safe? Say I have variable

key

defined in stack A, and I want to use it in stack B. I can use pulumi.StackReference(“B”) and then key = stack.get_output(‘…’), but none of this is type safe (i.e. what happens if the output name changes, etc.). Is there a way to have stronger guarantees?

Okay, update seems like I can ignore the pulumi.stack.yaml files if I refresh before any operations (.refreshConfig(stackName))

Just realised it also will add the defaults set in the Pulumi.yaml, as it takes the current value regardless if it was explicitly set in the pulumi.stack.yaml

Hi folks! We use Pulumi to deploy resources in Azure and are surprised by how slow

pulumi preview

often is: Shouldn't it just compare the resources in my code with those in the state (which should be nearly instantaneous)? However, it seems

pulumi preview

(even with

--refresh false

) still connects to Azure in the background. Why is that? Is there a way to prevent that?

Hello. I am trying to figure out how Pulumi is different from Terraform. Can anyone tell me?

Hello, one of the recent releases broke 3000 of our stacks https://github.com/pulumi/pulumi/releases/tag/v3.202.0

[components/{go,nodejs}] Send component inputs to be saved in state. This brings NodeJS and Go inline with Python behaviour

caused by

error: pre-step event returned an error: failed to save snapshot: serializaing checkpoint: marshalling checkpoint: json: unsupported value: +Inf
error: update failed

+ snapshotRetentionDays: {
                                  + def      : {
                                      + checks: [
                                      +     [0]: {}
                                        ]
                                      + type  : "number"
                                    }
                                  + format   : <null>
                                  + isFinite : true
                                  + isInt    : false
                                  + maxValue : +Inf
                                  + minValue : 0
                                  + type     : "number"
                                  + ~standard: {
                                      + vendor : "zod"
                                      + version: 1
                                    }
                                }

export abstract class LambdaFunction<Def extends config.ServiceDef> extends pulumi.ComponentResource {
  protected readonly rcName: lib.pulumi.ResourceNameFn;

  fn: aws.lambda.Function;
  role: aws.iam.Role;
  rolePolicy: aws.iam.RolePolicy;

  public readonly region: string;
  public readonly observabilityEnvironment: string;
  protected readonly eventInvokeConfig: aws.lambda.FunctionEventInvokeConfig | undefined;
  protected serviceDef: Def;
  protected args: FunctionArgs<Def>;

  protected constructor(
    name: string,
    args: FunctionArgs<Def>,
    opts?: pulumi.ComponentResourceOptions,
    type?: string,
    extras?: BaseExtras
  ) {
    super(type ?? "org:aws:lambda:Function", name, args, opts);
    // ....
  }}

Hi all, is it possible somehow to create temporary resources in another resource's lifecycle hooks? Background: https://github.com/pulumi/pulumi/discussions/20702

How to provision a pulumi access token for user X? Say I am owner of an org, and I want to create a pulumi personal access token for user X so that I can add this token to their pulumi-managed dev machine automatically, without requiring users to create an access token manually and then manually adding it to their environmental variables. Is this possible? The

AccessToken

provider (https://www.pulumi.com/registry/packages/pulumiservice/api-docs/accesstoken/) does not seem to allow to specify for a user. What would you suggest?