https://pulumi.com logo
Title
b

billowy-laptop-45963

04/20/2021, 7:19 PM
Is it possible to have per stack backends? I tried adding this to my Pulumi.stack.yaml
backend:
  url: <s3://bucket/>
without success
Specifically, there’s an issue tracking this for stack-level settings: https://github.com/pulumi/pulumi/issues/2996
b

billowy-laptop-45963

04/20/2021, 7:24 PM
ok thanks I'll continue using PULUMI_BACKEND_URL
p

purple-nail-36818

04/20/2021, 7:32 PM
From reading that thread and issue #2996, it seems to me that it would be wise to start with a monolithic state backend (one to manage all projects and stacks) until you really need distinction. Would you agree, @red-match-15116? I'm just learning about Pulumi and trying to map its constructs onto my current pattern, which is using "Pure Ansible" for both Iac and CM.
b

billowy-laptop-45963

04/20/2021, 7:38 PM
We always separate out prod from non prod...
p

purple-nail-36818

04/20/2021, 7:43 PM
Separating stacks (by creating them, and using them) is different from maintaining separate state backends for each. Which did you mean @billowy-laptop-45963?
b

billowy-laptop-45963

04/20/2021, 7:46 PM
Both prod bucket only has production stacks, non prod has stage/uat/qa/etc stacks.
You can add additional protections to prod bucket and limit who can do updates...
b

billowy-army-68599

04/20/2021, 8:20 PM
following on from what jonjitsu says, it depends on your security model. Stacks are independently executed, so it's perfectly reasonable to store all your stacks in out bucket, as long as everyone can access the bucket with the stack state
what I've done before is have an "infra" AWS account that has the state storage (outside of dev or prod) which allows you to have a single bucket and then use stacks to manage your deployments (for example dev & prod)