Access Control for Pods on Amazon EKS

Mike Metral Mike Metral
Access Control for Pods on Amazon EKS

Amazon EKS clusters can use IAM roles and policies for Pods to assign fine-grained access control of AWS services. The AWS IAM entities map into Kubernetes RBAC to configure the permissions of Pods that work with AWS services.

Together, AWS IAM and Kubernetes RBAC enable least-privileged access for your apps, scoped to the appropriate policies and user requirements.

Read more →

At Scale Infrastructure Testing With Pulumi

Dustin Farris Dustin Farris
At Scale Infrastructure Testing With Pulumi

Guest Article: Dustin Farris is an experienced cloud engineering consultant. He’s currently building a new data lake for a large public university using Pulumi. The project handles sensitive student and research data and as a result, his team must meet stringent QA and security requirements. Dustin shows how resource mocking in Pulumi makes testing and verification faster than ever before.

Read more →

Pulumi Wins 2020 Gartner Cool Vendor Award

Sophia Parafina Sophia Parafina
Pulumi Wins 2020 Gartner Cool Vendor Award

Pulumi is honored to be named as one of only three vendors in the 2020 Gartner Cool Vendor for Agile and DevOps report, published on May 28th, 2020. Being recognized in this way is a strong validation of Pulumi’s impact thanks to our more modern approach to Infrastructure as Code and approaches to building cloud software. Vendors can only be selected once and in only one category making this an exclusive award.

Read more →

Benefits of Policy as Code

Sophia Parafina Sophia Parafina
Benefits of Policy as Code

Writing infrastructure policy in a high-level programming language helps automate and enforce best practices. When policies are written with code, you can apply software development practices such as testing, automated deployment, and version control. Cloud providers typically offer a GUI to create policies, but creating policies is not easily repeatable, nor can you version policies. Moreover, policies must be tested against a live system, which means using an existing system or configuring and deploying an ephemeral version.

While the benefits of writing policies as code are evident for developers and operators, the organizational benefits are even more significant. Organizations can realize cost savings, improved compliance, efficient deployments, fine-grained control over infrastructure, and better use of cloud provider native resources. Let’s take a look at these benefits in-depth.

Read more →

Unit Testing Cloud Deployments with .NET

Mikhail Shilkov Mikhail Shilkov
Unit Testing Cloud Deployments with .NET

Because Pulumi uses general-purpose programming languages to provision cloud resources, you can take advantage of native tools and perform automated tests of your infrastructure. The full power of each language is available, including access to libraries and frameworks for testing.

This blog post takes a deeper dive into mock-based unit testing of Pulumi programs written in C# and F#.

Read more →

Welcoming Go to the Pulumi Family

Evan Boyle Evan Boyle
Welcoming Go to the Pulumi Family

Over the last 10 years, Go has quickly become the “language of the cloud” for building application servers and services that run in and on today’s cloud platforms. With Pulumi 2.0, Go can also be used to manage and provision modern infrastructure as well. Across any cloud (AWS, Azure, GCP, Kubernetes and more than 50 others!) and across a variety of workloads (containers, serverless, kubernetes, core infrastructure and more), you can now use the rich software engineering strengths of the Go language and ecosystem to manage your cloud infrastructure. The Pulumi open source project itself has been built on Go from day 1, and so we’re really excited to bring full Go support for cloud infrastructure as code to the same language ecosystem that Pulumi itself has been part of.

Read more →

Architecture as Code: Kubernetes

Sophia Parafina Sophia Parafina
Architecture as Code: Kubernetes

This is the fifth and last installment of the Architecture as Code series. In previous articles, we examined how to create reusable components for the primary architectural patterns for cloud infrastructure. Starting with virtual machines, we examined how to create and configure VMs. In the follow-up article, we demonstrated how to create reusable components from resources that comprise a microservices architecture. After microservices, we looked at serverless architecture, which despite its name, also requires additional resources to deploy a function or application. In this article, we’ll look at deployment patterns for Kubernetes with a focus on multi-tenancy issues.

Read more →

Peace of Mind with Cloud Secret Providers

Lee Briggs Lee Briggs
Peace of Mind with Cloud Secret Providers

The secrets in your infrastructure are a vital part of your security model, and provisioning infrastructure is an inherently privileged process. Previously we introduced secret encryption and started encrypting secret configuration values inside the Pulumi state so that users could be confident their passwords, tokens, and other secret values were viewable only by them while managing their infrastructure. Our first iteration of the encryption used either a passphrase for encrypting the secret or encryption via the Pulumi service backend. However, these options didn’t meet the needs of our users who needed more control over their data. That’s why we also added support for “Cloud Secret Providers,” giving users full confidence that their sensitive values are for their eyes only.

Read more →