Question: do people import resources from pulumi stacks in scripts/code? I.e.

# mypulumi/__main__.py
bucket = aws.s3.Bucket("bucket")

# myscript.py
from mypulumi import bucket
import boto3

bucket = boto3.client('s3').Bucket(bucket.id)  # use the value from the pulumi stack script

Trying to understand if this is a support/common use case and what the best practices around this are. It feels like one benefit of having the definitions in python would be accessing them in various places and knowing that the IDs/ARNs/etc. will always match correctly.

I think typically what you want to do to promote decoupling, is generate Outputs, and pass the outputs to your application or script. You can use the Pulumi automation API to retrieve the Outputs, or if it's across stacks, you can use Stack References.

I see, so in this case I would have some

pulumi/buckets/pulumi.yaml

that defines the bucket & outputs the bucket ID using

pulumi.export

and then in

myscript.py

I would do

stack = auto.create_or_select_stack(stack_name="dev", work_dir="pulumi/buckets/")
up_res = stack.up(on_output=print)
up_res.outputs[xxx].value  # bucket ID

and the assumption here is that if the buckets all exist already & are configured in the environment the same as they are in

pulumi.yaml

then the call to

stack.up

will essentially no-op & just return the relevant data?

Yes, if you go the automation-api route. Another option I forgot to mention, is passing the values to other declarations that take environment variables, such as ECS or Lambda. You can pass the bucket to the application through the environment variable of that resource.

In this case would the bucket id be coded into the software? I was thinking the most ideal case would be that I never have

<s3://bucket>-{uuid}/

anywhere in my code, but instead always have

pulumi.mybucket.id

which will always remain correct regardless of infra changes

Right, you would pass the output as a variable and apply it

Awesome, thanks for the thoughts + ideas 🙏

Example in typescript:

const myBucket = new aws.s3.Bucket(`${appName}-bucket`, ...);

const lambdaFunctionApi = new aws.lambda.Function(
  `${appName}-api`,
  {
    code: new pulumi.asset.FileArchive("./dist/app"),
    memorySize: 128,
    environment: {
      variables: {
        API_BASE_PATH: apiBasePath,
        S3_BUCKET_NAME: myBucket.name.apply(v => v),
      },
    },
    handler: "lambdaApiHandler.handler",
    layers: [lambdaLayer.arn],
    role: applicationRole.arn,
    runtime: aws.lambda.NodeJS12dXRuntime,
    timeout: 30,
    vpcConfig: {
      securityGroupIds: [appSecurityGroup.id, vpc.defaultSecurityGroupId],
      subnetIds: privateSubnetIds,
    },
  },
  { dependsOn: [applicationRole, lambdaLayer] },
);