AWS Enterprise Container Management with Pulumi

Posted on

Managing containers and Kubernetes clusters are consistently popular topic areas on the Pulumi blog and in our docs. Our customers regularly cite that Pulumi simplifies container management scenarios, making it the primary reason for choosing Pulumi to define, deploy and manage all of their cloud resources. This includes teams that are just starting their cloud journey and spinning up their first project, as well as teams that want to modernize their apps and services with cloud-native architectures or even scale from one to many clouds.

We’re excited to be launch partners for the new Enterprise Container Management category of the AWS Container Competency program because it perfectly encapsulates Pulumi’s capabilities across the entire lifecycle of container-based architectures and applications. These scenarios are critical to the success of every cloud engineering and DevOps team and include provisioning, governance, security, and observability across Amazon Elastic Kubernetes Service (EKS) and Amazon Elastic Container Service (ECS). Here is a handy guide to some of the features that make Pulumi a great Enterprise Container Management Solution and how Pulumi makes each container scenario easier for your team.

Provisioning Container Infrastructure

Pulumi manages multi-region, multi-account, multi-cluster Kubernetes deployments with ease on any cloud. With Pulumi Crosswalk for Kubernetes we’ve provided a set of Day 0 and Day 1 playbooks that take the guesswork out of the provisioning process from creating a control plane to deploying your apps and updating workers.

Managing AWS Container Services

Pulumi gives you the flexibility to pick the container services that meet the needs of your workloads and the requirements of your organization. Choosing the right services can be a challenge, so we’ve assembled a short overview to help you get started managing AWS containers. Once you’ve chosen your scheduler, Pulumi has a host of examples to guide you through deploying Amazon ECS and Amazon EKS. There is also a Pulumi EKS component that provides multi-language convenience functions and boilerplate to simplify EKS deployments.

Support for the Entire Kubernetes API

Once you’ve provisioned a cluster, the Pulumi Kubernetes Provider enables you to provision any resource available in the Kubernetes API. This provides native support for features like Helm as well as the ability to configure Namespacing providing powerful multi-tenancy capabilities for your clusters.

Cluster Observability

Logging and monitoring are critical capabilities for keeping tabs on the health and security of your clusters. Fortunately, Pulumi has a host of integrations that simplify these scenarios including open-source tools like metrics-server and Prometheus as well as support for industry-leading platforms like Amazon CloudWatch and Datadog.

Authentication and Authorization

Adhering to the principle of least privilege for users and roles is an important step in securing your clusters and Pulumi has many capabilities to help you manage the complexities of authentication and authorization. For example, with Pulumi you can create and manage AWS IAM roles and you can integrate Pulumi Enterprise with your centralized identity and access management platform of choice via SAML 2.0 and OIDC.

Centralized Governance and Compliance Controls

Many customers are using Pulumi and Kubernetes to stand up shared services platforms (SSP) to empower their developers to self-service new infrastructure environments. To keep these environments compliant with internal policies, Pulumi Business Critical Edition includes CrossGuard policy-as-code capabilities built-in. This helps operators to ensure that configuration mistakes won’t reach production with policies that are enforced organization-wide.

Support for Hybrid Deployments

Many users need to manage container-based workloads on AWS as well as on-prem and on other clouds. Fortunately, Pulumi has built-in support for Amazon ECS Anywhere, so teams can use the familiar ECS control plane regardless of where their workloads need to run. Pulumi also supports the EKS Distro which brings the familiar managed Kubernetes capabilities of EKS to on-prem clusters.

Automated Deployment of Infrastructure and Applications

One of the benefits of Pulumi is that it enables infrastructure and application development to leverage the same tooling and processes familiar to software engineers. Adding infrastructure to your CI/CD workflow is easy with Pulumi because it supports a wide variety of test frameworks, simplifies the process of integration testing using ephemeral environments, and includes a CI/CD Integration Assistant to guide you through the process of connecting Pulumi to popular platforms such as GitHub Actions, AWS Code Services and many more.

Once you have your cluster provisioned, you can also deploy workloads into your cluster with GitOps style workflows using the Pulumi Kubernetes Operator.


This is just a sample of the many ways that Pulumi makes it easier than ever to manage containers and Kubernetes clusters in enterprise scenarios. Give it a try for yourself and let us know what you think in our Community Slack.