Question do people import resources from pulumi stacks in sc Pulumi Community #python

Question: do people import resources from pulumi s...

bitter-horse-93353

05/02/2022, 6:02 PM

Question: do people import resources from pulumi stacks in scripts/code? I.e.

Copy code

# mypulumi/__main__.py
bucket = aws.s3.Bucket("bucket")

# myscript.py
from mypulumi import bucket
import boto3

bucket = boto3.client('s3').Bucket(bucket.id)  # use the value from the pulumi stack script

Trying to understand if this is a support/common use case and what the best practices around this are. It feels like one benefit of having the definitions in python would be accessing them in various places and knowing that the IDs/ARNs/etc. will always match correctly.

millions-furniture-75402

05/02/2022, 6:06 PM

I think typically what you want to do to promote decoupling, is generate Outputs, and pass the outputs to your application or script. You can use the Pulumi automation API to retrieve the Outputs, or if it's across stacks, you can use Stack References.

bitter-horse-93353

05/02/2022, 7:33 PM

I see, so in this case I would have some

pulumi/buckets/pulumi.yaml

that defines the bucket & outputs the bucket ID using

pulumi.export

and then in

myscript.py

I would do

Copy code

stack = auto.create_or_select_stack(stack_name="dev", work_dir="pulumi/buckets/")
up_res = stack.up(on_output=print)
up_res.outputs[xxx].value  # bucket ID

and the assumption here is that if the buckets all exist already & are configured in the environment the same as they are in

pulumi.yaml

then the call to

stack.up

will essentially no-op & just return the relevant data?

bitter-horse-93353

05/02/2022, 7:33 PM

Was checking out this example as a reference: https://github.com/pulumi/automation-api-examples/tree/main/python/local_program

millions-furniture-75402

05/02/2022, 8:18 PM

Yes, if you go the automation-api route. Another option I forgot to mention, is passing the values to other declarations that take environment variables, such as ECS or Lambda. You can pass the bucket to the application through the environment variable of that resource.

bitter-horse-93353

05/02/2022, 8:20 PM

In this case would the bucket id be coded into the software? I was thinking the most ideal case would be that I never have

<s3://bucket>-{uuid}/

anywhere in my code, but instead always have

pulumi.mybucket.id

which will always remain correct regardless of infra changes

millions-furniture-75402

05/02/2022, 8:21 PM

Right, you would pass the output as a variable and apply it

💯 1

bitter-horse-93353

05/02/2022, 8:22 PM

Awesome, thanks for the thoughts + ideas 🙏

millions-furniture-75402

05/02/2022, 8:23 PM

Example in typescript:

Copy code

const myBucket = new aws.s3.Bucket(`${appName}-bucket`, ...);

const lambdaFunctionApi = new aws.lambda.Function(
  `${appName}-api`,
  {
    code: new pulumi.asset.FileArchive("./dist/app"),
    memorySize: 128,
    environment: {
      variables: {
        API_BASE_PATH: apiBasePath,
        S3_BUCKET_NAME: myBucket.name.apply(v => v),
      },
    },
    handler: "lambdaApiHandler.handler",
    layers: [lambdaLayer.arn],
    role: applicationRole.arn,
    runtime: aws.lambda.NodeJS12dXRuntime,
    timeout: 30,
    vpcConfig: {
      securityGroupIds: [appSecurityGroup.id, vpc.defaultSecurityGroupId],
      subnetIds: privateSubnetIds,
    },
  },
  { dependsOn: [applicationRole, lambdaLayer] },
);

2 Views

Open in Slack

Previous Next