Infrastructure Management for AWS

Modern IaC and secrets management

Pulumi empowers organizations to automate AWS cloud infrastructure through code, tame secrets sprawl through centralized secrets management, and manage cloud assets and compliance with the help of AI. Pulumi encourages infrastructure, platform, development, DevOps, and security teams to collaborate and accelerates time to market with greater control and minimized risk.

Get Started Request a Demo
import * as eks from "@pulumi/eks";

 // Create an EKS cluster.
 const cluster = new eks.Cluster("cluster", {
     instanceType: "t2.medium",
     desiredCapacity: 2,
     minSize: 1,
     maxSize: 2,
 });

 // Export the cluster's kubeconfig.
 export const kubeconfig = cluster.kubeconfig;

import pulumi
import pulumi_eks as eks

# Create an EKS cluster.
cluster = eks.Cluster(
    "cluster",
    instance_type="t2.medium",
    desired_capacity=2,
    min_size=1,
    max_size=2,
)

# Export the cluster's kubeconfig.
pulumi.export("kubeconfig", cluster.kubeconfig)

package main

import (
    "github.com/pulumi/pulumi-eks/sdk/go/eks/cluster"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    // Create an EKS cluster.
    cluster, err := cluster.NewCluster(ctx, "cluster",
        cluster.ClusterArgs{
            InstanceType:    pulumi.String("t2.medium"),
            DesiredCapacity: pulumi.Int(2),
            MinSize:         pulumi.Int(1),
            MaxSize:         pulumi.Int(2),
        },
    )
    if err != nil {
        return err
    }

    // Export the cluster's kubeconfig.
    ctx.Export("kubeconfig", cluster.Kubeconfig)

    return nil
    })
}

using System;
using System.Threading.Tasks;
using Pulumi;
using Pulumi.Eks.Cluster;

class EksStack : Stack
{
    public EksStack()
    {
        // Create an EKS cluster.
        var cluster = new Cluster("cluster", new ClusterArgs
        {
            InstanceType = "t2.medium",
            DesiredCapacity = 2,
            MinSize = 1,
            MaxSize = 2,
        });

        // Export the cluster's kubeconfig.
        this.Kubeconfig = cluster.Kubeconfig;
    }

    [Output("kubeconfig")]
    public Output<string> Kubeconfig { get; set; }
}

class Program
{
    static Task<int> Main(string[] args) => Deployment.RunAsync<EksStack>();
}

package com.pulumi.example.eks;

import com.pulumi.Context;
import com.pulumi.Exports;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.eks.Cluster;
import com.pulumi.eks.ClusterArgs;

import java.util.stream.Collectors;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    private static Exports stack(Context ctx) {
        var cluster = new Cluster("my-cluster", ClusterArgs.builder()
                .instanceType("t2.micro")
                .desiredCapacity(2)
                .minSize(1)
                .maxSize(2)
                .build());

        ctx.export("kubeconfig", cluster.kubeconfig());
        return ctx.exports();
    }
}

name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
    cluster:
        type: eks:Cluster
        properties:
            instanceType: "t2.medium"
            desiredCapacity: 2
            minSize: 1
            maxSize: 2
outputs:
    kubeconfig: ${cluster.kubeconfig}

Automate

Use familiar software practices and tools to build cloud infrastructure

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of familiar programming languages and tools.

index.ts
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.
AccountPublicAccessBlock
Bucket
BucketEventSubscription
BucketMetric
BucketNotification
BucketObject
Create a Bucket resource with the given name, arguments, and options.
@param name The name of the resource.
@param args The arguments for this resource's properties.
@param opts A bag of options for this resource's behavior.
pulumi up
Updating (dev):
    Type                 Name                Status
+   pulumi:pulumi:Stack  aws-typescript-dev  created
+   └─ aws:s3:Bucket     my-bucket           created
Outputs:
  bucketName: "my-bucket-9dfc488"
Resources:
  + 2 created
Duration:
  8s
Permalink:
  https://app.pulumi.com/my-org/aws-typescript/dev/updates/1
IDE Autocomplete

With Pulumi, you can use your preferred IDE and productivity features like autocompletion so that you author infrastructure code faster and with more accuracy.

Native Testing Frameworks

Use your favorite programming languages and popular testing frameworks to validate your infrastructure and applications through their entire lifecycle. Pulumi can also mock cloud resources for you so that you can perform offline testing that’s faster and cheaper.

Sharing and Reuse

Sharing and reusing your infrastructure code is available right out of the box with Pulumi Packages. You can use your preferred programming language’s native package managers to share and distribute infrastructure code within your organization. Or, browse publicly available packages in Pulumi Registry.

Continuous delivery for infrastructure

Pulumi gives you the power to continuously test and deliver your cloud infrastructure by integrating with your favorite CI/CD platforms. By automating your testing and delivery you can focus more on delivering value to your customers.

Architect for self-service

Pulumi’s unique approach to Infrastructure as Code allows you to build self-service infrastructure platforms. You can abstract away complexity for your teammates, allowing folks to focus on what’s important.

Full Coverage of AWS

You can deploy the entire breadth of AWS services with Pulumi’s AWS Provider and AWS Cloud Control Provider SDKs.

Secure

Tame secrets sprawl and configuration complexity

Secrets sprawl can lead to security breaches. Pulumi ESC provides centralized environments, secrets, and configuration management and orchestration that helps streamline operations, improve traceability, and ensure consistent security practices.

Stop secrets sprawl

Pull and sync secrets and configuration with any secrets store – AWS Secrets Manager, HashiCorp Vault, and more – and consume in any application, tool, or CI/CD platform.

Trust (and prove) your secrets are secure

Adopt dynamic, short-lived secrets on demand as a best practice. Lock down every environment with role-based access controls, versioning, and a full audit log of all changes.

Ditch .env files

No more copying-and-pasting secrets or storing them in plaintext on dev computers. Easily access secrets via CLI, API, Kubernetes operator, the Pulumi Cloud UI, and SDKs.

Manage

Gain full auditability and visibility into all your environments to tame complexity and put security first

Manage cloud infrastructure with dashboards that provide visibility into your infrastructure and any changes, role-based access controls, and Policy as Code enforcement across your organization.

Converse about your infrastructure

Pulumi Copilot makes discovering cost savings, running compliance checks, and debugging deployments across your Kubernetes resources as easy as typing a question.

Enforce compliance

Enable Policy as Code within your organization so that you can define guardrails for your infrastructure, ensuring engineers are following best practices and putting security first. This helps you prevent mistakes before they occur and respond rapidly to any incidents.

Clear visibility across AWS resources

Ask any questions about your AWS infrastructure. Pulumi Insights helps you find that needle in the haystack – locating a single resource across regions and accounts. See every resource running in each stack with deep links to the AWS Console, actions performed by team members, Git-like diffs for infrastructure changes, and much more.

Trusted by top engineering teams

Snowflake Mercedes-Benz Research and Development MindBody National Institutes of Health BMW Unity Starburst

Read our customer use cases

AWS Devops Badge

Programmatic Infrastructure as Code

Pulumi Automation API exposes the full power of infrastructure as code through a programmatic interface, instead of through CLI commands. Automation API lets you use the Pulumi engine as an SDK, enabling you to create software that can create, update, configure, and destroy infrastructure dynamically. This enables you to build custom cloud interfaces that are tailored to your team, organization, or customers.

Learn More About Automation API

Pulumi over HTTP

Use Well-Architected Practices

Pulumi Crosswalk for AWS is a collection of libraries that use automatic well-architected best practices to make common infrastructure-as-code tasks in AWS easier and more secure. Secure and cost-conscious defaults are chosen so that simple programs automatically use best practices for the underlying infrastructure, enabling better productivity with confidence.

import * as eks from "@pulumi/eks";

 // Create an EKS cluster.
 const cluster = new eks.Cluster("cluster", {
     instanceType: "t2.medium",
     desiredCapacity: 2,
     minSize: 1,
     maxSize: 2,
 });

 // Export the cluster's kubeconfig.
 export const kubeconfig = cluster.kubeconfig;

import pulumi
import pulumi_eks as eks

# Create an EKS cluster.
cluster = eks.Cluster(
    "cluster",
    instance_type="t2.medium",
    desired_capacity=2,
    min_size=1,
    max_size=2,
)

# Export the cluster's kubeconfig.
pulumi.export("kubeconfig", cluster.kubeconfig)

package main

import (
    "github.com/pulumi/pulumi-eks/sdk/go/eks/cluster"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    // Create an EKS cluster.
    cluster, err := cluster.NewCluster(ctx, "cluster",
        cluster.ClusterArgs{
            InstanceType:    pulumi.String("t2.medium"),
            DesiredCapacity: pulumi.Int(2),
            MinSize:         pulumi.Int(1),
            MaxSize:         pulumi.Int(2),
        },
    )
    if err != nil {
        return err
    }

    // Export the cluster's kubeconfig.
    ctx.Export("kubeconfig", cluster.Kubeconfig)

    return nil
    })
}

using System;
using System.Threading.Tasks;
using Pulumi;
using Pulumi.Eks.Cluster;

class EksStack : Stack
{
    public EksStack()
    {
        // Create an EKS cluster.
        var cluster = new Cluster("cluster", new ClusterArgs
        {
            InstanceType = "t2.medium",
            DesiredCapacity = 2,
            MinSize = 1,
            MaxSize = 2,
        });

        // Export the cluster's kubeconfig.
        this.Kubeconfig = cluster.Kubeconfig;
    }

    [Output("kubeconfig")]
    public Output<string> Kubeconfig { get; set; }
}

class Program
{
    static Task<int> Main(string[] args) => Deployment.RunAsync<EksStack>();
}

package com.pulumi.example.eks;

import com.pulumi.Context;
import com.pulumi.Exports;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.eks.Cluster;
import com.pulumi.eks.ClusterArgs;

import java.util.stream.Collectors;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    private static Exports stack(Context ctx) {
        var cluster = new Cluster("my-cluster", ClusterArgs.builder()
                .instanceType("t2.micro")
                .desiredCapacity(2)
                .minSize(1)
                .maxSize(2)
                .build());

        ctx.export("kubeconfig", cluster.kubeconfig());
        return ctx.exports();
    }
}

name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
    cluster:
        type: eks:Cluster
        properties:
            instanceType: "t2.medium"
            desiredCapacity: 2
            minSize: 1
            maxSize: 2
outputs:
    kubeconfig: ${cluster.kubeconfig}
Deploy CDK Constructs with Pulumi

You can deploy any AWS CDK construct from within a Pulumi deployment. If you’re already using AWS CDK, you can now use Pulumi to orchestrate deployments instead of CloudFormation. This gives you improved deployment speed and integration with all features of Pulumi (like Policy as Code, Audit Logs, Secrets, and much more).

Application and Infrastructure Together

Crosswalk enables you to blur the lines between application and infrastructure code enabling you to author an entire full-stack application in one program. With support for inline Lambda functions and ease-of-use helper functions, building robust applications on AWS has never been easier.

Learn More About Crosswalk

Getting started

Get started now

Deploy your first app in just five minutes. Follow our tutorials for AWS, Azure, Google Cloud, Kubernetes, and more.

Get Started

Migrating from other tools

Transition from existing infrastructure tools or continue using both. Pulumi has converter tools for Terraform, AWS CloudFormation, Azure Resource Manager, and Kubernetes.

Explore Converter Tools

Need Help?

Need technical help?

Use our Support Portal to get in touch.

Submit support ticket
Need help getting started?

Send us a note, and someone will reach out to help you.

Get help
Want a demo?

Talk with an expert to see how Pulumi fits your use case.

Request a demo
Something else on your mind?

Send us a note.

Ask a question