https://pulumi.com logo
#general
Title
# general
f

flat-insurance-25294

12/21/2019, 2:05 PM
How strongly is tagging enforced in Pulumi? I’m concerned over the amount of resources created and no way to track them in the AWS console. We don’t issue deletion/destroying via Pulumi but manually via the AWS console and want to keep it that way.
w

white-balloon-205

12/21/2019, 3:07 PM
Pulumi itself is not opinionated about tagging - but you can provide tags yourself - and there are several features to help you enforce this yourself: 1. Components that you create which include tags which can be reused 2. Stack transformations to auto-inject tags into supported resource types 3. Policy as code to enforce that resources cannot be created without tags
f

flat-insurance-25294

12/21/2019, 3:07 PM
Hmm so if I set tags on a stack, it will seed it to all the resources created? Including Subnets in a VPC?
@white-balloon-205 The policy thing is nice, but I saw a tutorial that extended the TS runtime to enforce it at compile time might combine both but actually seeding tags via stack sounds like a even better solution, if anything it’s a big catch all in case policy and ts compile time fails 🙂
Now I gotta figure out IAM stuff. I am a bit confused over those portions. I want to dynamically create my stacks per pr and setup resources on AWS. I don’t want to allow destroying any resource, just mutate or create. But I guess pulimi sometimes need destroyable roles/auth because create might need it, am I correct?