Does anyone here mix-and-match different resource provider resources? e.g. k8s stuff intermingled with AWS stuff? If yes/no, why, why not and what kind of issues does it cause? The first thought I had is with k8s, makes it impossible to separate concerns with automation and the executor that runs the pulumi code (operator, automation, cli etc) will need a lot of permission all at once to do what it needs to do...

Yes, lots of us do, and it's not a problem. Resources created with one provider never use other providers. You will undoubtedly need ids and other strings, but not entire resources. So it's never a problem (afaik).

Oh, I should have been more clear sorry: I mean't in the same project.

I meant in the same project, too.

Generally, providers aren't one of the deciding factors when trying to figure out how to organize resources within and among your Pulumi projects. This article provides some guidance on how to think about this: https://www.pulumi.com/blog/iac-recommended-practices-structuring-pulumi-projects/ Based on what you've shared, I might separate AWS and Kubernetes resources into separate projects solely because of resource lifecycle---generally you're more likely to up/refresh/destroy K8s resources more frequently than the underlying AWS resources.

Thank you for the feedback all. I think what I've done some thinking about: I do like the notion that resources that are more likely to be updated being separated logically into projects from less likely and possibly using inputs via config and relying on exported outputs being a way to tie things together using the Automation API.