Posts Tagged AWS

Modern Cloud Infrastructure in Go - The Road to 2.0

Modern Cloud Infrastructure in Go - The Road to 2.0

Here at Pulumi, everyone on our engineering team is a Gopher. Go has quickly become the “language of the cloud,” and so when we chose to build our open-source pulumi/pulumi engine and SaaS backend, we chose Go. As such, we are very excited to welcome Go to the family of supported infrastructure as code languages as part of Pulumi 2.0. What is Pulumi? Go has become the lingua franca of cloud-native infrastructure development.

Read more →

Manage Any Infrastructure with Policy as Code

Manage Any Infrastructure with Policy as Code

In an earlier article, we introduced examples of Policy as Code to prevent two of the most common causes of data breaches. Policies are the guardrails of infrastructure. They control access, set limits, and manage how infrastructure operates. In many systems, policies are created by clicking on a GUI, making it difficult to replicate or version. Pulumi implements policy by writing it in Typescript, which ensures that you can write policies using software development practices such as automated testing, deployment, and version control.

Read more →

Provisioned Concurrency: Avoiding Cold Starts in AWS Lambda

Provisioned Concurrency: Avoiding Cold Starts in AWS Lambda

AWS Lambda cold starts (the time it takes for AWS to assign a worker to a request) are a major frustration point of many serverless programmers. In this article, we will take a look at the problem of latency-critical serverless applications, and how Provisioned Concurrency impacts the status-quo. Concurrency Model of AWS Lambda Despite being serverless, AWS Lambda uses lightweight containers to process incoming requests. Every container, or worker, can process only a single request at any given time.

Read more →

AWS EKS - How to Scale Your Cluster

AWS EKS - How to Scale Your Cluster

AWS Elastic Kubernetes Service (EKS) provides a range of performance and control for dynamically scaling your Kubernetes clusters, including Managed Node Groups, Fargate, and Manually-Managed Node Groups in EC2. In this post, we’ll see how to use each of these compute options, and when to prefer one over the other in order to maximize productivity, flexibility, and control, based on your needs.

Read more →

Running AWS IAM Access Analyzer at Deployment Time

Running AWS IAM Access Analyzer at Deployment Time

Yesterday AWS announced an exciting new feature — the AWS Identity and Access Management (IAM) Access Analyzer — a service powered by automated reasoning that detects potentially-insecure access to your AWS resources, including S3 Buckets, SQS Queues, Lambdas, and more. At the same time, Pulumi announced a new policy as code solution, CrossGuard, that validates policies at deployment time. The question is: Can IAM Access Analyzer and Pulumi CrossGuard be combined to get the best of both solutions?

Read more →

Inside Crosswalk for Kubernetes

Inside Crosswalk for Kubernetes

Running Kubernetes in production can be challenging. This past year, Pulumi has collected common patterns of usage informed by best practices for provisioning Kubernetes infrastructure and running containerized applications. We call this Pulumi Crosswalk for Kubernetes: a collection of playbooks and libraries to help you to successfully configure, deploy, and manage Kubernetes in a way that works for teams in production. Kubernetes is Vast and Complex Kubernetes is the standard multi-cloud platform for modern containerized applications.

Read more →

Architect AWS Application Infrastructure

Architect AWS Application Infrastructure

In this post, we will talk about the best way to architect your Pulumi applications. We are going to build out the following infrastructure in AWS: AWS Fargate service that does not serve traffic directly AWS ALB as the entry point to the Fargate Service AWS RDS Instance that is stored in a separate network from the Application and does not service traffic directly from the internet To do this, we are going to split the infrastructure into two AWS VPCs.

Read more →

Run Your Own RSS Server on AWS with Pulumi

Run Your Own RSS Server on AWS with Pulumi

It’s been a few years since Google shut down Google Reader, and while a number of nice commercial alternatives have sprung in its wake, none of them has ever been quite the right fit for me personally.

So a while back, after far too much time spent wandering the blogsphere manually, typing URLs into address bars by hand, I decided to go looking to see whether the universe had produced an open-source solution to this problem — and to my surprise and delight, it had! Miniflux is an excellent little open-source RSS server and reader, written in Go and backed by PostgreSQL, that also happens to be packaged as a Docker container. So in this post, I’ll show how easy it is to deploy a Miniflux server of your own on AWS, using only Pulumi and a few lines of TypeScript.

Read more →

Persisting Kubernetes workloads with Amazon EFS CSI volumes

Persisting Kubernetes workloads with Amazon EFS CSI volumes

The Amazon Elastic File System Container Storage Interface (CSI) Driver implements the CSI specification for container orchestrators to manage the lifecycle of Amazon EFS filesystems. The CSI specification defines an interface along with the minimum operational and packaging recommendations for a storage provider to implement a CSI compatible plugin. The interface declares the RPCs that a plugin must expose. The CSI drivers are the right mechanism to work with, when using a cloud storage component with Kubernetes workloads.

Read more →