No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

In your use case, use Pulumi to set the arn of the SNS Topic as an environment variable for the lambda function.

ok great, thank you. What would be idiomatic for secrets? I’m imagining ssm/secretsmanager would still be necessary unless pulumi provides a way to decrypt secrets at runtime?

Pulumi secrets would be encrypted in the pulumi state file, but not in the lambda environment variables.

Yeah that was my assumption. Is it possible to set the env variable to the encrypted value and then decrypt at runtime?

I tend to provision a SSM Parameter and set a lambda environment variable to the parameter name.

The nice thing with pulumi is you can also setup IAM permissions for the function to read these parameters.