I m trying to glue together Pulumi or any infra as code code

Question

I m trying to glue together Pulumi or any infra as code code and application code Traditionally if you have an app that needs an S3 bucket or any other cloud resource to store things you would create that S3 bucket in Pulumi and then pass the bucket s information to your app during the deployment at least that s how most Terraform project I ve worked on do things The issue I have with this is that your Pulumi project in a sense has business logic that should be in the app itself If my app now needs the S3 bucket to be public I have to edit seperate Pulumi code Any cleaner way to do this or am I trying to be too DRY

brave-planet-10645 · Answer

Sounds like automation api is going to be your friend here

brave-planet-10645 · Answer

There are a lot of good blog posts here and examples here

bumpy-summer-9075 · Answer

Seems like a huge shift I m very excited interested about it Cheers smile

green-musician-49057 · Answer

< brave planet 10645> If the automation API was used to reconfigure an S3 bucket to be public wouldn t the pulumi project code that originally defined the S3 bucket be out of date

brave-planet-10645 · Answer

< green musician 49057> so your automation api program is a replacement for your standard pulumi program You can tell it to run a standard pulumi program or you can just run your code as is

brave-planet-10645 · Answer

One thing to note is that you do need to have the Pulumi CLI on your machine CI container but you re not running it yourself

green-musician-49057 · Answer

Got it so in Pier Luc s example the entire definition of that S3 bucket would be in their application code using the automation API

brave-planet-10645 · Answer

correct

brave-planet-10645 · Answer

lt plug gt You can sign up to our Pulumi UP event free and there s going to be some demos with this <https www pulumi com pulumi up >

bumpy-summer-9075 · Answer

Wouldn t miss it smile

bumpy-summer-9075 · Answer

Also whoever came up with the aesthetics design of that page is awesome

brave-planet-10645 · Answer

I m really into lofi type music at the moment I find I can just have it on all day at work and it helps me concentrate so I really liked it

bumpy-summer-9075 · Answer

One part I don t quite see how I ll do using this is subscribe to an SNS topic If I do it using the automation API my application would have to know that it is deployed before subscribing to the topic because if it subscribes before being live either from blue green dpeloyments or even simple K8S rolling updates SNS might send messages before the application can receive them

bumpy-summer-9075 · Answer

Also Zelda amp Chill album ok hand

orange-tailor-85423 · Answer

we built an abstraction model to do this We have a pulumi program that builds about 15 20 different AWS API objects dynamo S3 SQS SNS etc etc We defined a config schema and our developers include a yaml file in their repo that defines all the AWS infra they want for their app It has its own pipeline so when they PR this yaml file a pipeline runs that checks for or creates a new stack of that centralized pulumi program that runs just for their app and creates infra in each environment

orange-tailor-85423 · Answer

at least in our use case we weren t can t going to have 400 developers writing pulumi code and due to security and other best practice type concerns we decided just presenting config was the best approach for us

bumpy-summer-9075 · Answer

Yeah I can definitely see that working Thanks for your input smile

orange-tailor-85423 · Answer

in some regards we re implemented what the automation API is doing but in bash