How strongly is tagging enforced in Pulumi?
I’m co...
# generalf
flat-insurance-25294
12/21/2019, 2:05 PMHow strongly is tagging enforced in Pulumi?
I’m concerned over the amount of resources created and no way to track them in the AWS console.
We don’t issue deletion/destroying via Pulumi but manually via the AWS console and want to keep it that way.
w
white-balloon-205
12/21/2019, 3:07 PM
Pulumi itself is not opinionated about tagging - but you can provide tags yourself - and there are several features to help you enforce this yourself:
1. Components that you create which include tags which can be reused
2. Stack transformations to auto-inject tags into supported resource types
3. Policy as code to enforce that resources cannot be created without tags
f
flat-insurance-25294
12/21/2019, 3:07 PMHmm so if I set tags on a stack, it will seed it to all the resources created? Including Subnets in a VPC?
flat-insurance-25294
12/21/2019, 3:08 PM@white-balloon-205 The policy thing is nice, but I saw a tutorial that extended the TS runtime to enforce it at compile time might combine both but actually seeding tags via stack sounds like a even better solution, if anything it’s a big catch all in case policy and ts compile time fails 🙂
flat-insurance-25294
12/21/2019, 3:09 PMNow I gotta figure out IAM stuff.
I am a bit confused over those portions.
I want to dynamically create my stacks per pr and setup resources on AWS.
I don’t want to allow destroying any resource, just mutate or create.
But I guess pulimi sometimes need destroyable roles/auth because create might need it, am I correct?