https://pulumi.com logo
Join Slack
Powered by
hey everyone! I just recently started as CTO of a ...
# general
l
hey everyone! I just recently started as CTO of a small startup and due to the fact that we aim to be a data provider there’s a lot of compliance that has to be met, due to that we decided to move into a cloud native env so that we can more easily adjust and learn from market standards. I’ve used aws-cdk in the past and now I’m taking my first steps with this tool. If anyone here is in a similar situation that we can maybe share our thoughts and potentially collaborate to accelerate learning let me know! Happy to be here!
❤️ 2
1
t
What does your stack look like and what did you have in mind?
l
So we have a data pipeline which is currently hosted in a serverless platform called modal and some small web apps - node based app servers (sveltekit). Now what I’m validating is decoupling the data pipeline output from the normalized db that’s used by one of the apps to enable that data to be normalized on demand and by the consumer. still figuring out auth with cognito and moving the sveltekit app out of Vercel as a start.
the end goal would be fully aws native and proper role based access control that we can monitor and build rules around to both the apps and the data itself - to be queried by registered sdk’s
so pretty much borrowing experience in setting up these components and sharing experiences would be great. something like integrating cognito IAM and API gateways for different data and app access scenarios
t
I havent done that exactly but I can share my experience. I made a load testing platform with pulumi where I built a "matchmaking" game server (really it was a load balancer system) which would group players (just fifo but it was generic to other load taking algorithms) and then spawn another process to handle the actual "match" and pipe that back connection info back to the user. The pulumi part spun up this server in GCE, and N load testers in cloud run as well (all using my google cloud IAM auth stuff). Was like 20 or so lines of TS and worked like a charm (easier and better than doing it from any GCP native system). I even wrote some "integration tests" that just ran with cargo test and it would spin this up and output results...never got two cargo bench though
in my opinion Pulumi makes it so easy and if you're already writing mostly JS then you can just do it in JS, share libraries, leverage your strenghts etc
with great power comes great responsibility though so make sure you exersize the same discipline on pulumi code as normal code (in my opinion). If you do that you can basically do whatever you like
maybe you have a specific question about my xp that I can try to speak to?
l
many thanks for the thourough insight and also super cool project! did you have to deal with permissions and cognito? I’m trying to express my access control rules in cognito but tbh I’m a bit overwhelmed by its docs so decided to look into pulumi as a way to abstract low level details.
t
so google calls cognito "IAM" i think and yeah, the pulumi docs are better than google's or amazon's in my opinion. Cognito seems to be focusing on user identity whereas IAM is engineer/admin/server side identity. Their template set it all up for me, lemme see if I can read a bit on it and give my take
Ok so I have used pulumi ai before to great effect and I plugged this in. Not sure how accurate it is but ill put it here first and ill take a look at the docs to see if it makes sense to me: https://www.pulumi.com/ai/conversations/e97a657d-b4b4-4713-8dcf-925c252d8413
❤️ 1
l
Amazing, tbh I haven’t explored that yet, many thanks!
10 Views
Open in Slack
PreviousNext
Powered by