This message was deleted.
# generals
sparse-intern-71089
04/20/2021, 7:19 PMThis message was deleted.
r
red-match-15116
04/20/2021, 7:23 PMNot quite. See this thread for more info: https://pulumi-community.slack.com/archives/C84L4E3N1/p1618279929491800?thread_ts=1618279689.491500&cid=C84L4E3N1
red-match-15116
04/20/2021, 7:24 PMSpecifically, there’s an issue tracking this for stack-level settings: https://github.com/pulumi/pulumi/issues/2996
b
billowy-laptop-45963
04/20/2021, 7:24 PMok thanks I'll continue using PULUMI_BACKEND_URL
p
purple-nail-36818
04/20/2021, 7:32 PMFrom reading that thread and issue #2996, it seems to me that it would be wise to start with a monolithic state backend (one to manage all projects and stacks) until you really need distinction. Would you agree, @red-match-15116? I'm just learning about Pulumi and trying to map its constructs onto my current pattern, which is using "Pure Ansible" for both Iac and CM.
b
billowy-laptop-45963
04/20/2021, 7:38 PMWe always separate out prod from non prod...
p
purple-nail-36818
04/20/2021, 7:43 PMSeparating stacks (by creating them, and using them) is different from maintaining separate state backends for each. Which did you mean @billowy-laptop-45963?
b
billowy-laptop-45963
04/20/2021, 7:46 PMBoth prod bucket only has production stacks, non prod has stage/uat/qa/etc stacks.
billowy-laptop-45963
04/20/2021, 7:46 PMYou can add additional protections to prod bucket and limit who can do updates...
b
billowy-army-68599
04/20/2021, 8:20 PM
following on from what jonjitsu says, it depends on your security model. Stacks are independently executed, so it's perfectly reasonable to store all your stacks in out bucket, as long as everyone can access the bucket with the stack state
billowy-army-68599
04/20/2021, 8:20 PM
what I've done before is have an "infra" AWS account that has the state storage (outside of dev or prod) which allows you to have a single bucket and then use stacks to manage your deployments (for example dev & prod)
4 Views