https://pulumi.com logo
#getting-started
Title
# getting-started
m

magnificent-lifeguard-15082

11/11/2021, 10:34 AM
Hey all! Is there a good example/tutorial which shows the best-practice way to access outputs/config in application code? For example creating an sns topic with pulumi and then referencing the name of that in application code when making a call to
aws-sdk
. For extra context, I’m not using inline functions but referencing an externally packaged zip for lambda. This can reference any required pulumi runtime but not entirely sure where to start.
m

miniature-king-36473

11/11/2021, 10:39 AM
In your use case, use Pulumi to set the arn of the SNS Topic as an environment variable for the lambda function.
m

magnificent-lifeguard-15082

11/11/2021, 10:43 AM
ok great, thank you. What would be idiomatic for secrets? I’m imagining ssm/secretsmanager would still be necessary unless pulumi provides a way to decrypt secrets at runtime?
m

miniature-king-36473

11/11/2021, 10:44 AM
Pulumi secrets would be encrypted in the pulumi state file, but not in the lambda environment variables.
m

magnificent-lifeguard-15082

11/11/2021, 10:45 AM
Yeah that was my assumption. Is it possible to set the env variable to the encrypted value and then decrypt at runtime?
m

miniature-king-36473

11/11/2021, 10:45 AM
I tend to provision a SSM Parameter and set a lambda environment variable to the parameter name. The nice thing with pulumi is you can also setup IAM permissions for the function to read these parameters.
m

magnificent-lifeguard-15082

11/11/2021, 10:46 AM
That makes sense.
Thank you
3 Views