Hi all. I plan to use pulumi at work if possible (replacing bespoke boto3 scripts..). We are heavy cloudformation an servicecatalog users, which seems like it will be easy to migrate over pulumi (cloudformation is essentially already there) and servicecatalog should be easy for us to wrap around our code into a ressource. Question: cloudformation exposes the concept of "drift" (if someone modifies the ressource manually, for instance). Does pulumi have plans to detect and make use of that feature? Currently it seems like it's not being used by the diff engine at all (maybe it should).

Yes, Pulumi can do this with "refresh", but

pulumi

does not refresh automatically. You can instruct pulumi to do a refresh with

pulumi refresh

or the

--refresh

flag on the

up

,

preview

, etc. commands. https://www.pulumi.com/docs/reference/cli/pulumi_refresh/

Ohhh why have I not discovered this on my own? thanks!

You can run

pulumi refresh --expect-no-changes

which will return an error if drift is detected, so you can build your own scripting around that.

What I meant is that pulumi won't consider a "drifted" cloudformation template as needing an update

Ah, I see. Well... it is just code, so you can call the cloudformation API to do the drift detection alongside your Automation SDK code if that makes sense for your workflow.

yeah, that's probably what we'll end up doing. Or gradually switch ressources to be created by pulumi directly instead of having a middle layer of cloudformation

Or gradually switch ressources to be created by pulumi directly instead of having a middle layer of cloudformation

Highly recommend this. 😂 (Disclaimer: I work at Pulumi. I'm biased obviously.)

My colleagues are ex-AWS so I have some legwork to do first. But since I'm a big fan of the "it's just code" aspect it should be relatively easy to show the benefits. Also, the automation API is going to be saving us a lot of time.