Is there any way to use a bastion of sorts in Pulu...
# aws
Is there any way to use a bastion of sorts in Pulumi to use
on a MySQL cluster behind a VPC?
I usually run such code from a CI worker running within my VPC and has the same direct access as the application will have after that.
And for testing from the local dev workstation, I use the tunneling feature of AWS Session Manager ( and reconfigure the DB server endpoint to the tunneled connection
@limited-rainbow-51650 do you maybe use a Dynamic provider for that or are you not involving pulumi at all in the process?
No, I just have the db endpoint hard-configured in the environment config to
and have the tunnel running when I test my change. Once pushed, the CI uses runners within each env and uses the regular endpoint as the apps would use.
Okay, I see
Hm, do you think running my Github Runners in my k8s cluster would solve this as well?
I don't know Github Actions that well, but if you can indicate that (certain parts of) your build pipeline are dedicated to your own runner, that should indeed work.