FWIW found that we could not enable encryption at rest for Elasticache clusters in the pulumi package due to the underlying terraform lib not supporting it yet. We will fall back to using aws javascript sdk directly for this. It made me wonder if some examples of how to take this approach would be useful as a fallback generally. Am sure the way we are doing it while it works is not quite ideal.

Have you checked if the AWS Cloud Control (aws-native) provider supports it?

Yeah we need encryption at rest which is not supported as best I can tell. It’s not urgent or an issue for us moving forward really just a thought about possible improvement. Am sure there are many, probably some higher value ones on the list already 🙂 I updated my original post to be clearer thanks for the prompt.

If you're looking for examples, I'd clone the examples repository (https://github.com/pulumi/examples) and look for any code that uses

local.Command

. Possibly

remote.Command

too, that might find examples of SDK calls that need to be run inside a VPC, or similar.

I often use

local.Command

to call the AWS CLI when something is not supported by the underlying provider.