https://pulumi.com logo
#aws
Title
# aws
d

dazzling-sundown-39670

11/25/2020, 8:49 AM
Is there any way to use a bastion of sorts in Pulumi to use
mysql.User
on a MySQL cluster behind a VPC?
l

limited-rainbow-51650

11/25/2020, 8:54 AM
I usually run such code from a CI worker running within my VPC and has the same direct access as the application will have after that.
And for testing from the local dev workstation, I use the tunneling feature of AWS Session Manager (https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html) and reconfigure the DB server endpoint to the tunneled connection
d

dazzling-sundown-39670

11/25/2020, 9:05 AM
@limited-rainbow-51650 do you maybe use a Dynamic provider for that or are you not involving pulumi at all in the process?
l

limited-rainbow-51650

11/25/2020, 9:51 AM
No, I just have the db endpoint hard-configured in the environment config to
localhost:<port>
and have the tunnel running when I test my change. Once pushed, the CI uses runners within each env and uses the regular endpoint as the apps would use.
d

dazzling-sundown-39670

11/25/2020, 10:16 AM
Okay, I see
Hm, do you think running my Github Runners in my k8s cluster would solve this as well?
l

limited-rainbow-51650

11/25/2020, 4:50 PM
I don't know Github Actions that well, but if you can indicate that (certain parts of) your build pipeline are dedicated to your own runner, that should indeed work.
2 Views