Design question I have some infrastructure that is going to Pulumi Community #general

Design question; I have some infrastructure that i...

bumpy-summer-9075

04/07/2021, 3:57 PM

Design question; I have some infrastructure that is going to be quite re-used, for instance I'll have a single VPC for many "stacks". In Terraform I would probably have things like VPC, route53 zones, etc. defined in the root, and "sub-projects" defined as modules with ids as input. In pulumi I'm not sure what the best approach would be. • I could have a stack that creates the common infrastructure and other stacks that refer to its resources using stack reference • I could a single stack with everything combined (and using typescript features to split into logical folders/files) • I could create a component resource that encapsulates "child projects" Any thoughts?

green-musician-49057

04/07/2021, 4:01 PM

I asked a similar question last week and the recommendations were to have multiple Pulumi projects for these different modules

green-musician-49057

04/07/2021, 4:02 PM

And from there, we're looking at using Pulumi's Automation API to loosely couple the infra projects together

billowy-army-68599

04/07/2021, 4:17 PM

In this particular case, I'd do the following: - define the VPC as its own project, output the VPC id as a stack output - encapsulate the rest of your logic into component resources with an input arg of VPC id - you can then either 1) grab the vpc id as a stack output or 2) use

vpc.get()

✨ 1

billowy-army-68599

04/07/2021, 4:17 PM

it gives you a lot of flexibility

billowy-army-68599

04/07/2021, 4:19 PM

my usual advice is to group projects together logically using considerations of "rate of change" or "blast radius" as a consideration. What I mean by that is, if you have a shared VPC for a lot of different stuff, that is likely to change a lot less than the things that live inside it, so it's useful to decouple them into different proijects

bumpy-summer-9075

04/07/2021, 5:05 PM

Makes sense, thanks a lot @green-musician-49057 & @billowy-army-68599! The only downside of this is that the subproject is not independant; if I were to start from scratch, but it's a very minor problem compared to the upsides

billowy-army-68599

04/07/2021, 5:06 PM

can you elaborate on that a little? not quite followingh

bumpy-summer-9075

04/07/2021, 5:31 PM

Let's say I have two stacks:

common

(which has the VPC resource), and another stack

s3-website

which consumes that VPC id. If I were to checkout the stack

s3-website

and try to apply it on a brand new AWS account, it wouldn't work because the VPC would not exist. If they were both in the same stack, this would not happen

billowy-army-68599

04/07/2021, 5:33 PM

ahhh got it, yeah I'm following now

billowy-army-68599

04/07/2021, 5:34 PM

yeah that is a trade off, but I think you'll find the pros outweigh the cons 🙂

bumpy-summer-9075

04/07/2021, 5:34 PM

For sure! And the fact that it will break if the

common

stack is not deployed is perfect, fail fast!

billowy-army-68599

04/07/2021, 5:37 PM

you can even

throw

is the stack output is not resolved 🙂

❤️ 1

bumpy-summer-9075

04/07/2021, 5:39 PM

damn that's true! It's cleaner than the way I used to "throw" in TF haha:

Copy code

locals {
  # Abusing the 'file' function to fail if the specified environment does not match the workspace
  assert_environment_matches_workspace = terraform.workspace != var.environment ? file("ERROR: Environment needs to match the workspace") : null
}

Open in Slack

Previous Next