https://pulumi.com logo
#general
Title
# general
m

millions-pharmacist-626

11/21/2023, 2:22 PM
@stocky-restaurant-98004 as you asked during the seminar: In some projects I have resources that must be "common" among stacks, for instance, OIDC provider on AWS for github (one literally can't have more than one per account). Is there a recommended practice to handle this situation, especially in CI/CD? Nowadays I create a "common" stack and
up
it from local, but I'm not sure if it's the best practice. The OIDC is just an example, I can provide a different one, for instance: creating an S3 bucket that must be shared across stacks due to its contents
l

little-cartoon-10569

11/21/2023, 7:17 PM
This sounds like a case for projects, not stacks. Since you would deploy this once and once only, it is on a different deployment schedule to something like your networks (which might get redeployed whenever you add an AZ or change your WAF) or ECS service (which might get redeployed every time your build pipeline succeeds).
m

millions-pharmacist-626

11/21/2023, 9:45 PM
Thanks for the insights!
g

gentle-application-59272

11/22/2023, 8:18 AM
We have many projects, some are foundational, such as the stuff for our aws networks and this is all 1 stack that deploys to multiple accounts and regions. Other projects configure other platforms, and finally our app projects define resources for a given app with each stack being resources for swimlanes such as production, staging etc
And we use typescript’s Zod to define runtime type checkers and derived static types in a regular typescript ‘lib/‘ package to coordinate pulumi outputs between projects
It works well but there is always the issue of projects depending on projects creating a dependency graph
s

stocky-restaurant-98004

11/22/2023, 6:46 PM
I agree with @little-cartoon-10569 - use case for projects.
s

salmon-account-74572

11/28/2023, 10:42 PM
m

millions-pharmacist-626

11/29/2023, 8:01 AM
Thanks everyone for the great insights!