No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Is there any way to use a bastion of sorts in Pulumi to use `mysql.User` on a MySQL cluster behind a VPC?

I usually run such code from a CI worker running within my VPC and has the same direct access as the application will have after that.

And for testing from the local dev workstation, I use the tunneling feature of AWS Session Manager (<https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html>) and reconfigure the DB server endpoint to the tunneled connection

<@UK4HNFLCB> do you maybe use a Dynamic provider for that or are you not involving pulumi at all in the process?

No, I just have the db endpoint hard-configured in the environment config to `localhost:&lt;port&gt;` and have the tunnel running when I test my change. Once pushed, the CI uses runners within each env and uses the regular endpoint as the apps would use.

Hm, do you think running my Github Runners in my k8s cluster would solve this as well?

I don't know Github Actions that well, but if you can indicate that (certain parts of) your build pipeline are dedicated to your own runner, that should indeed work.