This message was deleted.

I would recommend you to create 2 different pulumi programs for this. one which has a single stack that only sets up the root zone and then another program with environment specific stacks which setup the environment specific zones / records.

I see, thanks 🙂 I've found a "smart" way to do this (cf. snippet)

started typing this before you responded, then the building lost power for two hours and I forgot about it… Anyway: chiming in a bit late: I agree with geekflyer that separate projects is a good idea here. For infra/platform resources shared between product environments (DNS zones, domainkey DNS records, crypto key rings, SSL policy, …), we have a Pulumi project named “infra”. In that project we have a stack named “infra-prod”, which is referenced by the product’s test and prod stacks. We also have an “infra-test” stack which uses a different GCP project, so we can play around with infra changes without affecting the product environments (test, prod) used by the devs. For environment-specific product resources we have a Pulumi project named <product>, with one stack per environment (“<product>-test” and “<product>-prod”). Both stacks reference “infra-prod”. The “infra-<env>” stacks export simplified versions of the actual resources they create, typically just the id and name. of course, you can solve it with “just” stacks as you show above, especially if you don’t care about having multiple environments for the core/infra stuff 🙂

@bright-orange-69401 The way we do that is we turtle nest them. production got nameserver records for staging. Staging got name server records for dev branches.

Smart ! This way the devs.example.com domain has it's own subdomain Route53/ACM !

Yes sir.