Hello, pulumi noobie here 🙂 Let's say I wanted to set up an aws ec2 with a postgresql database up and running. I've tried using the (golang)

ec2.NewInstance

, and then configuring the database with a bunch of

remote.NewCommand

. This approach doesn't feel super robust though; setting up db users, changing their passwords etc is a little tricky this way. Other approaches I've considered are 1. making a custom AMI and just spinning that up, or 2. installing a docker runtime on the ec2 host, pulling some docker compose file and starting that up. Or should I just bite the bullet and start using ECS or similar? I would love to hear your feedback!

I'm in a bit of a similar position, where I'm trying to venture across the line of provisioning and maintaining infrastructure, to the configuration of that infrastructure. The solution I ended up using was finding 1st-class resources in my cloud provider that are designed for this purpose. In my case, on Azure, that was setting up a VM Scale Set, then using an App Gallery application and App Gallery Versions to define my program and how it should be installed and configured. Then I just associated the App Gallery application with my Scale Set, and trusted Azure to handle the deploying and updating. It's been a good while since I've worked with AWS, but I suspect AWS AppConfig might offer this for you. Just think of it as a way to configure VMs, not necessarily that you must provide binaries for it to run and all that. Good luck! https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html https://www.pulumi.com/registry/packages/aws/api-docs/appconfig/

Typically, I would use Postgres in RDS connected via an EC2 by role for better security.

That's also a valid solution, but it's hard for me to blame anyone trying to save money by avoiding fully-managed services like RDS

Typically startup companies go from EC2 to ECS to Kubernetes and squire technical debt along the way. There are a log security issues that come up along the way and the final goal dictates the technical approach. You can build an app in ECS with a SideCar database. EC2 has a much higher cost.

Those are all true, and indeed, using RDS would be best practice if you're in a business and seeking to build a production service. @thankful-activity-51613 should take heed of your advice if that's their goal. If this is for personal/small-scale/testing purposes, though, then their current path should do just fine

If it's exploration; I'd use a free tier EC2 with a CIS hardening (Ubuntu) and Harden the database. Using ECS is harder for new people because you just can't login and fix something.