No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@UEDJHEH71> what are you trying to accomplish?

Patching software (updating software versions). That would involve getting list of the hosts and what versions are running on them (for the least)

ok, is this software running on ec2 or containers?

There are bunch of software that are running on ec2 instances, across multiple regions and accounts. So, I would wanna first get the list of all those hosts and list of all the software (application, kernel etc), running on them and do software patching (security updates). Similar to dynamic inventory with Ansible. 

Most of them aren’t ephemeral, a few of them are, though. 

pulumi is more geared for ephemeral workloads, thats how it lets you manage everything via code (everything can be destroyed at anytime and recreated)

a tool like `ansible` would be more suited to this usecase

you could write code that scans aws for ec2 instances and generates an inventory file

then have ansible consume that inventory file and perform update logic if necessary

edit: I guess you could use pulumi to get the list of ec2 instances. But then you still couldn’t use it to check kernels and system resources.

Unless that stuff is tagged in AWS

That’s what we have currently in our system. But as I was reading about Pulumi serving as Infrastructure as Code, I was wondering if it also manages software upgrades or not. We have a quite a number of ec2 instances that are ephemeral but about 50% aren’t. 

Once you move to an architecture where you can just destroy the instance and replace it with a new AMI then pulumi would come in

or switch userdata to get ansible to pull a different git commit

In that case, how would it get me software version?  

if the ec2 instance is tagged with the application name or version it could do that

but that would imply those tags already exist, which I assume they aren’t

Thank you so much <@UD2HJDBCL> ! :slightly_smiling_face: