This article is the second part of a series on best practices for securely managing AWS credentials on CI/CD. In this article, we go in-depth on providing AWS credentials securely to a 3rd party and introduce a Pulumi program to automate rotating access keys.
Continuous delivery requires providing highly sensitive credentials to your deployment pipeline. Understanding the risks, mitigations, and best practices for handling those credentials can be difficult. In this guide, we describe the best practices for providing AWS credentials to a CI/CD system and to securely automate updating your cloud infrastructure using Pulumi.
In this blog, we will work through an example that shows how to use Pulumi to enable GitLab-based continuous delivery with your Kubernetes workloads on Amazon EKS. This integration will work just as seamlessly for any Kubernetes cluster, including Azure AKS or Google GKE, using the relevant Pulumi libraries for Azure and GCP.
Azure DevOps is very popular among teams that want a single place to manage their development pipelines, Git repositories, builds, releases, and test plans. Pulumi’s open-source tools are a great choice for developers and operators deploying infrastructure as code on Azure. With these two tools at hand, adopting CI and CD for your Azure infrastructure is just a few steps away for you and your teams. To make it easy to use Pulumi with Azure, we are announcing an open-source task extension for Azure Pipelines!
Using Pulumi and general purpose languages for infrastructure as code comes with many benefits: leveraging existing skills and knowledge, eliminating boilerplate through abstraction, and using the same ecosystem of tools like IDEs and linters that your team already knows and loves. In general, these are all attributes of software engineering, which not only make us more productive, but also improve the quality of our code. It’s only natural, therefore, that using general purpose languages unlocks another important software engineering practice: testing.
In this article, we will see the many ways in which Pulumi lets us test our infrastructure as code.
Google Cloud is one of the most exciting cloud platforms available today, with a breadth of powerful infrastructure services from Google Container Engine (GKE) and Google Cloud Functions to Cloud Firestore and Cloud Spanner.
Pulumi is the most productive tooling available today for teams building cloud applications and infrastructure, in your favorite languages. Add them together, and teams can easily take maximum advantage of Google Cloud Platform’s rich features, productively, with a combined platform that makes it easy to collaborate, share, and reuse.
Today we added support for yet another developer favorite product, Atlassian Bitbucket. You can now sign-up for a Pulumi account with an Atlassian identity. This also means you can connect your Atlassian identity with an existing Pulumi account.
This helps users with repos across the major version control systems to seamlessly import their GitHub Organizations and GitLab Groups - and now Atlassian Bitbucket Teams - into a single Pulumi account. Of course, you don’t need to connect identities. You can always create separate account for each of your identities, if that’s what you want to do.
Today we are delighted to announce the availability of Webhooks on Pulumi. Webhooks are a very common mechanism to enable teams to be notified or react to events. In Pulumi’s case, this means: notifications of infrastructure changes (be it on Kubernetes, AWS, or any other cloud); responding to those changes as part of ‘ChatOps’; or other build pipelines, to improve the delivery of cloud native infrastructure.
Pulumi Webhooks are available for the Team and Enterprise editions of Pulumi. If you’re keen to try them out, start a trial of Team Edition here.
Pulumi is hosting a webinar with AWS Fargate on February 5th, 10AM PST (register here). We’ll be chatting about how to implement cloud native infrastructure across your organization using AWS and Pulumi: general purpose programming languages to deliver everything from VMs to Kubernetes to Serverless.
Hot on the heels of our GitLab sign-in support, we’ve just released support for multiple identities for a single Pulumi account in the Pulumi Console. Previously, you could only sign-up for a new Pulumi account using a GitHub or GitLab identity. Starting today, you can connect your Pulumi account with additional identities, beyond what you first signed-up with.