What is the best way to handle when normal operation hits IAC'y code ? With IAC'y code I mean when under normal operation the code needs to create or destroy resources or make configuations of those resources. Examples from Azure Example 1: a user is added to a customer. In application that adds a subscription for a topic in the Azure Event Grid. Is this IAC that Pulumi should handle or just in code as it is not IAC'y enough ? Example 2: a new customer is added. In application that adds a container on the blob storages for documents for that customer so it is easier to adhere to GDPR. IAC'y ? Example 3: a new customer is added. The creation of a new database is made for the customers data. IAC'y? Example 4: a new customer is added. The autorization system creates the default setup for the customer. IAC'y? #general

There is no right answer. But the more you can do through code, the more reproducability you have; the more you can do through git-versioned code, the more auditability you have; and the more you automate, the less repetitive work you have. So generally, try to do it all through IaC.

Thank you for your answer. Normal operation and IAC is both in code. I have gotten Pulumi to load my state that is set in normal operation by external parties and I just need to trigger the pipeline to create or remove the resources/configurations