Hey all! Is there a good example/tutorial which shows the best-practice way to access outputs/config in application code? For example creating an sns topic with pulumi and then referencing the name of that in application code when making a call to

aws-sdk

. For extra context, I’m not using inline functions but referencing an externally packaged zip for lambda. This can reference any required pulumi runtime but not entirely sure where to start.

In your use case, use Pulumi to set the arn of the SNS Topic as an environment variable for the lambda function.

ok great, thank you. What would be idiomatic for secrets? I’m imagining ssm/secretsmanager would still be necessary unless pulumi provides a way to decrypt secrets at runtime?

Pulumi secrets would be encrypted in the pulumi state file, but not in the lambda environment variables.

Yeah that was my assumption. Is it possible to set the env variable to the encrypted value and then decrypt at runtime?

I tend to provision a SSM Parameter and set a lambda environment variable to the parameter name. The nice thing with pulumi is you can also setup IAM permissions for the function to read these parameters.

That makes sense.