No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

i have a postgres hosted in an ec2 instance on a private subnet. I need to copy over and run some intialization scripts to open connections, create a database and user, etc. How would i go about copying over files and running commands for an instance in a private subnet?
i know of the `command.remote.ConnectionArgs`, `command.remote.CopyFile`, and `command.remote.Command` but this wouldn’t work if the instance is in a private subnet.

this is a networking problem, you either need to use a bastion/jumpbox or a vpn

Commands for initialization can also be handled through SSM (aws.ssm has the Document and Association resources that you'd need for this approach), or you can use userdata (cloud-init package's GetConfig function is the way to go here).

You also pair pulumi's `command.local.Command` to use the aws CLI to invoke handy built-in AWS SSM / Systems Manager features, like <https://docs.aws.amazon.com/systems-manager/latest/userguide/walkthrough-cli.html|running remote commands/scripts>, or <https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html#sessions-start-port-forwarding|starting a port forwarding session>.

One of the nice parts of this approach is that your automations never touch your SSH keys...but there are some pre-reqs for using Systems Manager.

And you still need access, since the command does run on the machine. cloud-init and SSM documents run on the machine itself, which makes it handy if the machine is on an isolated subnet, for example.