Integrating DevOps and Security in Platform Engineering

Sara Huddleston Sara Huddleston โˆ™
Integrating DevOps and Security in Platform Engineering

Platform engineering has become essential for mid-to-large organizations, moving beyond a DevOps trend. Gartner predicts that by 2026, 80% of software companies will have internal platform services to streamline development. The goal is to empower developers with self-service tools while maintaining security, compliance, and reliability through DevSecOps practices.

At PulumiUP Europe 2024, experts shared insights on aligning DevOps with security to build scalable, secure platforms:

  • Jess Mink, Sr. Director of Platform Engineering at Honeycomb
  • Kief Morris, Global Head of Infrastructure Engineering at ThoughtWorks
  • Lindsay Jack, VP of Engineering & Security at Snyk
  • Nariman Aga-Tagiyev, Application Security Architect at WiseFrog Security
  • Komal Ali, Engineering Manager at Pulumi

The panel discussed key strategies, challenges, and pillars of successful platform engineering.

Read more →

Secret Rotation with Pulumi ESC

Claire Gaestel Claire Gaestel โˆ™
Secret Rotation with Pulumi ESC

Pulumi ESC now natively supports secrets rotation that makes secrets lifecycle management much easier. Check out the launch blogpost and docs.

Managing secrets in modern cloud applications can be challenging, particularly when it comes to rotation policies. While dynamic secrets (like AWS IAM temporary credentials) handle this automatically, many systems still rely on static secrets that require periodic rotation.

Static secrets, like database passwords or API keys, should be rotated regularly to maintain security, and services depending on these secrets need time to transition to new credentials to avoid downtime. This makes rotating credentials error-prone, and often forgotten.

In this post, we’ll explore an approach for automating static secret rotation using Pulumi ESC combined with Pulumi IaC.

Read more →

Infrastructure as Code: The Hidden Cost of Doing It Yourself

Aaron Kao Aaron Kao โˆ™
Infrastructure as Code: The Hidden Cost of Doing It Yourself

Infrastructure as Code (IaC) has revolutionized how cloud resources are managed, allowing for more efficient, scalable, and repeatable deployments. We designed Pulumi IaC to let you program cloud infrastructure using familiar programming languages like TypeScript, JavaScript, Python, Go, .NET, Java, and YAML. This approach not only simplifies the process but also integrates seamlessly with existing development tools and ecosystems (e.g., IDEs, standard unit test frameworks, integration test). You can define infrastructure with code, often in just one line, for serverless, Kubernetes, AI/ML, databases, and more. You can also preview changes before deploying unlike many other IaC solutions. Pulumi IaC is fully open source with a public roadmap. We value working with the community to shape the product through feedback and contributions.

Read more →

105 Ways to Run Containers: The Cloud Container Iceberg

Adam Gordon Bell Adam Gordon Bell โˆ™
105 Ways to Run Containers: The Cloud Container Iceberg

If a computer can be connected to the internet, someone has tried to run a container on it. From quantum computers to smart toasters, from phones in AWS racks to CI pipelines, there’s many ways to deploy containers. While most people only know about the mainstream cloud providers at the surface, there’s actually a vast world of increasingly unusual and specialized options beneath.

This guide serves two purposes: to showcase the surprising breadth of container options available today, and to help you understand the full spectrum of choices โ€“ from practical to very experimental. Whether you’re looking for production-ready solutions or just curious about what’s out there in the dark depths, you’ll find something interesting here.

Read more →

Announcing the 1.0 release of AWS CDK on Pulumi

Announcing the 1.0 release of AWS CDK on Pulumi

At Pulumi, we’re committed to delivering the widest range of cloud infrastructure building blocks for use in your cloud engineering projects. In 2022, we introduced preview support for integrating AWS CDK constructs into Pulumi programs and today we’re happy to announce the 1.0 release of our pulumi-cdk library for typescript. This first stable version completes support for common CDK features enabling you to deploy almost any CDK construct with Pulumi.

Read more →

Announcing Public Preview of Insights Account Discovery

Craig Symonds Craig Symonds โˆ™
Announcing Public Preview of Insights Account Discovery

Enterprise cloud infrastructures are complex environments that are evolved over time and made up of thousands of different kinds of resources. Enabling customers to wrap their arms around this complexity and get a complete understanding of the scope and structure is the goal of the Pulumi Insights 2.0 product.

Read more →

Pulumi for AWS: Automate, Secure, and Manage Your Cloud

Aaron Kao Aaron Kao Gavin Johnson Gavin Johnson โˆ™
Pulumi for AWS: Automate, Secure, and Manage Your Cloud

Pulumi is excited to be at AWS re:Invent this week, where weโ€™re showcasing our broad and deep support for AWS across all our products. From automating infrastructure with Pulumi IaC to securing secrets with Pulumi ESC to managing cloud assets with Pulumi Insights, Pulumi makes AWS a competitive advantage. Whether youโ€™re a developer, DevOps pro, or platform engineer, Pulumi delivers the tools you need to build and manage modern cloud applications with ease.

Stop by the Pulumi re:Invent booth #370 this week to chat with experts on the Pulumi team. If you canโ€™t make it to re:Invent, join our workshop, Accelerating Platform Engineering with Pulumi on AWS, on December 11, 2024, to see how Pulumi can enhance your cloud operations on AWS.

Read more →

Amazon EKS Hybrid Nodes: Bridging Cloud and On-Premises

Josh Kodroff Josh Kodroff โˆ™
Amazon EKS Hybrid Nodes: Bridging Cloud and On-Premises

AWS has introduced a new feature for Amazon Elastic Kubernetes Service (EKS): Amazon EKS Hybrid Nodes. This addition to the Amazon EKS Hybrid/Edge portfolio allows organizations to maintain their Kubernetes control plane in AWS while running workloads on-premises or at the edge. This hybrid approach offers the best of both worlds - AWS’s reliable and scalable control plane management combined with the flexibility to run workloads wherever they make the most sense for your business.

Read more →