https://pulumi.com logo
Powered by
b

bright-orange-69401

01/06/2020, 12:35 AM
How do you manage DNS-related resources in Pulumi ? I have a Route53 
Zone
which is global (ex: example.com) then I have 
Record
for each environment (ex: dev.example.com, etc.) Should I create a 
core
stack for the 
Zone
and a 
dev
stack for my dev 
Record
? If so, how do I indicate in my 
__main__.py
which resources should be deployed according to the stack that's currently selected ? Is there a native mechanism or should I just hack about ?
g

glamorous-printer-66548

01/06/2020, 5:30 AM
I would recommend you to create 2 different pulumi programs for this. one which has a single stack that only sets up the root zone and then another program with environment specific stacks which setup the environment specific zones / records.
b

bright-orange-69401

01/07/2020, 10:40 AM
I see, thanks 🙂 I've found a "smart" way to do this (cf. snippet)
__main___py.py
b

broad-helmet-79436

01/07/2020, 1:35 PM
started typing this before you responded, then the building lost power for two hours and I forgot about it… Anyway: chiming in a bit late: I agree with geekflyer that separate projects is a good idea here. For infra/platform resources shared between product environments (DNS zones, domainkey DNS records, crypto key rings, SSL policy, …), we have a Pulumi project named “infra”. In that project we have a stack named “infra-prod”, which is referenced by the product’s test and prod stacks. We also have an “infra-test” stack which uses a different GCP project, so we can play around with infra changes without affecting the product environments (test, prod) used by the devs. For environment-specific product resources we have a Pulumi project named <product>, with one stack per environment (“<product>-test” and “<product>-prod”). Both stacks reference “infra-prod”. The “infra-<env>” stacks export simplified versions of the actual resources they create, typically just the id and name. of course, you can solve it with “just” stacks as you show above, especially if you don’t care about having multiple environments for the core/infra stuff 🙂
🙏 1
f

flat-insurance-25294

01/09/2020, 12:13 PM
@bright-orange-69401 The way we do that is we turtle nest them. production got nameserver records for staging. Staging got name server records for dev branches.
In your case create a sub hosted zone called devs.example.com and attach its nameserver to example.com. You thought about it so you were almost there.
🙏 1
b

bright-orange-69401

01/09/2020, 1:14 PM
Smart ! This way the devs.example.com domain has it's own subdomain Route53/ACM !
f

flat-insurance-25294

01/09/2020, 1:32 PM
Yes sir.
Powered by