Pulumi Challenge banner image.

One Quickstart to Rule them All!

✨ The challenge is now over and no swag will be sent on completion, but feel free to continue testing your skills with this challenge ✨

Pulumi Architecture Templates make it quick and easy to get started with a wide variety of clouds, tools, and technologies when you want to try something new but don't want to write boilerplate yourself. It's a great way to get started with Pulumi quickly, no matter what you need to build. Try it for yourself with serverless AWS templates and win some swag in the process!


In order to complete this challenge, you'll need a couple things set up in advance.


Step 1. Pulumi Architecture Templates

In this Challenge, you will learn how to create a new Pulumi program using our new Pulumi Architecture Templates, specifically for serverless blueprints for AWS with the language of your choice.

Pulumi can create a serverless app with AWS API Gateway and Lambda in many common programming languages. Today, we’ll be working with Python. Create a new directory called quickstart-challenge and cd into it, then run the following:

pulumi new serverless-aws-python

Regardless of the language you choose, the Pulumi CLI will ask several questions of you. Name the project one-quickstart when prompted, and accept all other defaults. It will look something like this:

kat@Kats-MacBook-Pro testing-challenge % pulumi new serverless-aws-python
This command will walk you through creating a new Pulumi project.

Enter a value or leave blank to accept the (default), and press <ENTER>.
Press ^C at any time to quit.

project name: one-quickstart
project description: (A serverless app on AWS API Gateway and Lambda)
Created project 'one-quickstart'

Please enter your desired stack name.
To create a stack in an organization, use the format <org-name>/<stack-name> (e.g. `acmecorp/dev`).
stack name: (dev)
Created stack 'dev'

aws:region: The AWS region to deploy into: (us-west-2)
Saved config

Step 2. Exploring Blueprints

Run pulumi up. You will first be presented with a preview of the changes to occur.

     Type                                Name                    Plan
 +   pulumi:pulumi:Stack                 one-quickstart-dev      create
 +   ├─ aws:iam:Role                     role                    create
 +   ├─ aws:lambda:Function              fn                      create
 +   └─ aws-apigateway:index:RestAPI     api                     create
 +      ├─ aws:iam:Role                  api4c238266             create
 +      ├─ aws:s3:Bucket                 api                     create
 +      ├─ aws:iam:RolePolicyAttachment  api4c238266             create
 +      ├─ aws:apigateway:RestApi        api                     create
 +      ├─ aws:s3:BucketObject           api4c238266/index.html  create
 +      ├─ aws:apigateway:Deployment     api                     create
 +      ├─ aws:lambda:Permission         api-e7f981a5            create
 +      └─ aws:apigateway:Stage          api                     create

    url: output<string>

    + 12 to create

Do you want to perform this update? yes

Select yes and watch your resources come online! With a single command, Pulumi is standing up an AWS API Gateway and Lambda instance, with all necessary roles and permissions, plus a hello world website displaying the current time. Cool, right?

Let’s get you some swag, though.

Step 3. Working with Policy Packs

When you’re using Python or Typescript, Pulumi allows you to enforce gated deployments with Policy Packs, which can be used locally with the free tier. These are a set of rules, expressed programmatically, that are executed against the resources being deployed. Any violation of those rules will block the deployment. Usually, Policy Packs are used to enforce security or cost optimization rules, but in this case we’re going to use one to interact with our swag provider.

Within your existing Pulumi program, create a new directory for your Policy Pack and navigate into it:

mkdir policy && cd policy

Creating your policy pack is simple:

pulumi policy new aws-python

Pulumi will once again create several files for you, including another __main__.py. The default Policy Pack prevents developers from allowing public read access on an AWS S3 bucket, but that isn’t what we need here. Replace the contents of the new __main__.py with the following:

import requests
from pulumi_policy import (

def map_swag_to_form(swag_var):
    data_json = {
        'usp': 'pp_url'
    swag = swag_var
    data_json['entry.1720843992'] = swag['name']
    data_json['entry.511943887'] = swag['email']
    data_json['entry.1289952319'] = swag['address']
    data_json['entry.1240089905'] = swag['size']
    return data_json

def pulumi_swag_not_submitted(args: ResourceValidationArgs, report_violation: ReportViolation):
    if not args.resource_type == "pulumi:pulumi:Stack":
    swag = args.get_config()
    data_dict = map_swag_to_form(swag)
    headers = {
        "Referer": "https://docs.google.com/forms/d/e/1FAIpQLSfBr2f6rhXYbMXi8Caftu-zWtNPRDoWUEukrTJKuwO3OyYRvg/viewform",
        "User-Agent": "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.52 Safari/537.36"
    response = requests.post(

submit_swag = ResourceValidationPolicy(
            "name": {
                "type": "string",
                "minLength": 2
            "email": {
                "type": "string",
                "minLength": 6,
                "format": "email"
            "address": {
                "type": "string",
                "minLength": 2
            "size": {
                "type": "string",
                "minLength": 1,
                "enum": [


Step 4. Complying with Policies

The Policy Pack we’ve defined requires that your Pulumi program involve a JSON file containing specific data. In order to comply with it and get swag, we need to create this file.

Navigate one directory up, back into your main Pulumi Challenge directory. Create a new file called swag.json, and add the following (replacing the values with your own information):

  "pulumi-challenge-swag": {
    "name": "<your name>",
    "email": "<your email>",
    "address": "<your address>",
    "size": "<one of XS, S, M, L, XL>"

We also have new dependencies to add to requirements.txt at the root of your repo. It should now look like this:


Install the new requirements in the usual way:

pip install -r requirements.txt

Then, execute your policy pack against your Pulumi Program with the following command at the root of your repo to submit for your swag:

pulumi preview --policy-pack policy --policy-pack-config swag.json

Congratulations!. You’ve completed this Pulumi Challenge. If you’d like to tear down all of these resources, run pulumi destroy -y. Otherwise, have fun playing around with your new serverless application! Add whatever you like, or try one of the many other Pulumi Architecture Templates. Your swag will be in the mail shortly! Note that you’ll only get one piece no matter how many times you submit. :)

Wanna yell it from the rooftops? Write a blog or post a quick video about it, send us the URL, and we’ll send you a super secret piece of swag! Tag us on social media or email us at da@pulumi.com.

← View Other Challenges