No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Pulumi itself is not opinionated about tagging - but you can provide tags yourself - and there are several features to help you enforce this yourself:
1. Components that you create which include tags which can be reused
2. Stack transformations to auto-inject tags into supported resource types 
3. Policy as code to enforce that resources cannot be created without tags

Hmm so if I set tags on a stack, it will seed it to all the resources created? Including Subnets in a VPC?

<@UB3BGTV63> The policy thing is nice, but I saw a tutorial that extended the TS runtime to enforce it at compile time might combine both but actually seeding tags via stack sounds like a  even better solution, if anything it’s a big catch all in case policy and ts compile time fails :slightly_smiling_face:

Now I gotta figure out IAM stuff.
I am a bit confused over those portions.
I want to dynamically create my stacks per pr and setup resources on AWS.
I don’t want to allow destroying any resource, just mutate or create.
But I guess pulimi sometimes need destroyable roles/auth because create might need it, am I correct?