Docs
Packages
Inputs & outputs
Resource properties are treated specially in Pulumi, both for purposes of input and output.
All resource arguments accept inputs. Inputs are values of type InputInput<T>Input[T]InputInput<T>Promise or Task), or an output read from another resource’s properties.
All resource properties on the instance object itself are outputs. Outputs are values of type OutputOutput<T>Output[T]OutputOutput<T>
Outputs, therefore, represent two things:
- The eventual raw value of the output
- The dependency on the source(s) of the output value
Pulumi automatically captures dependencies when you pass an output from one resource as an input to another resource. Capturing these dependencies ensures that the physical infrastructure resources are not created or updated until all their dependencies are available and up-to-date.
Because outputs are asynchronous, their actual raw values are not immediately available. If you need to access an output’s raw value—for example, to compute a derived, new value, or because you want to log it—you have these options:
- Apply: a callback that receives the raw value, and computes a new output
- Lifting: directly read properties off an output value
- Interpolation: concatenate string outputs with other strings directly
Apply
To access the raw value of an output and transform that value into a new value, use applyapplyApplyApply
For example, the following code creates an HTTPS URL from the DNS name (the raw value) of a virtual machine:
let url = virtualmachine.dnsName.apply(dnsName => "https://" + dnsName);
let url = virtualmachine.dnsName.apply(dnsName => "https://" + dnsName);
url = virtual_machine.dns_name.apply(
lambda dns_name: "https://" + dns_name
)
url := vpc.DnsName.ApplyT(func(dnsName string) string {
return "https://" + dnsName
}).(pulumi.StringOutput)
var url = virtualmachine.DnsName.Apply(dnsName => "https://" + dnsName);
var url = virtualmachine.dnsName().applyValue(dnsName -> "https://" + dnsName);
variables:
url: https://${virtualmachine.DnsName}
The result of the call to applyapplyApplyApplyOutputOutput<T>Output[T]OutputOutput<T>
apply doesn’t run. For example, it won’t run during a preview, when resource output values may be unknown. Therefore, you should avoid side-effects within the callbacks. For this reason, you should not allocate new resources inside of your callbacks either, as it could lead to pulumi preview being wrong.All
If you have multiple outputs and need to join them, the all function acts like an apply over many resources. This function joins over an entire list of outputs. It waits for all of them to become available and then provides them to the supplied callback. This function can be used to compute an entirely new output value, such as by adding or concatenating outputs from two different resources together, or by creating a new data structure that uses them. Just like with apply, the result of Output.all is itself an Output
For example, let’s use a server and a database name to create a database connection string:
var pulumi = require("@pulumi/pulumi");
// ...
let connectionString = pulumi.all([sqlServer.name, database.name])
.apply(([server, db]) => `Server=tcp:${server}.database.windows.net;initial catalog=${db}...`);
import * as pulumi from "@pulumi/pulumi";
// ...
let connectionString = pulumi.all([sqlServer.name, database.name])
.apply(([server, db]) => `Server=tcp:${server}.database.windows.net;initial catalog=${db}...`);
In python, you can pass in unnamed arguments to Output.all to create an Output list, for example:
from pulumi import Output
# ...
connection_string = Output.all(sql_server.name, database.name) \
.apply(lambda args: f"Server=tcp:{args[0]}.database.windows.net;initial catalog={args[1]}...")
Or, you can pass in named (keyword) arguments to Output.all to create an Output dictionary, for example:
from pulumi import Output
# ...
connection_string = Output.all(server=sql_server.name, db=database.name) \
.apply(lambda args: f"Server=tcp:{args['server']}.database.windows.net;initial catalog={args['db']}...")
connectionString := pulumi.All(sqlServer.Name, database.Name).ApplyT(
func (args []interface{}) (string, error) {
server := args[0].(string)
db := args[1].(string)
return fmt.Sprintf("Server=tcp:%s.database.windows.net;initial catalog=%s...", server, db), nil
},
)
// When all the input values have the same type, Output.All can be used and produces an ImmutableArray.
var connectionString = Output.All(sqlServer.name, database.name)
.Apply(t => $"Server=tcp:{t[0]}.database.windows.net;initial catalog={t[1]}...");
// For more flexibility, 'Output.Tuple' is used so that each unwrapped value will preserve their distinct type.
var connectionString2 = Output.Tuple(sqlServer.name, database.name)
.Apply(t => $"Server=tcp:{t.Item1}.database.windows.net;initial catalog={t.Item2}...");
// Or using a more natural Tuple syntax and a statement lambda expression.
var connectionString2 = Output.Tuple(sqlServer.name, database.name).Apply(t =>
{
var (serverName, databaseName) = t;
return $"Server=tcp:{serverName}.database.windows.net;initial catalog={databaseName}...";
});
// When all the input values have the same type, Output.all can be used
var connectionString = Output.all(sqlServer.name(), database.name())
.applyValue(t -> String.format("Server=tcp:%s.database.windows.net;initial catalog=%s...", t.get(0), t.get(1));
// For more flexibility, 'Output.tuple' is used so that each unwrapped value will preserve their distinct type.
var connectionString2 = Output.tuple(sqlServer.name, database.name)
.applyValue(t -> String.format("Server=tcp:%s.database.windows.net;initial catalog=%s...", t.t1, t.t2));
variables:
connectionString: Server=tcp:${sqlServer.name}.database.windows.net;initial catalog=${database.name}...
Notice that Output.all works by returning an output that represents the combination of multiple outputs so that, within the callback, the raw values are available inside of a tuple.
Accessing Properties of an Output by Lifting
If you just need to access a property of an OutputOutput<T>Output[T]OutputOutput<T>
For example, to read a domain record from an ACM certificate, you need to access a resource’s property value. Because that value is an output, we would normally need to use applyapplyApplyApply
let certCertificate = new aws.acm.Certificate("cert", {
domainName: "example.com",
validationMethod: "DNS",
});
let certValidation = new aws.route53.Record("cert_validation", {
records: [
// Need to pass along a deep subproperty of this Output
certCertificate.domainValidationOptions.apply(
domainValidationOptions => domainValidationOptions[0].resourceRecordValue),
],
...
});
let certCertificate = new aws.acm.Certificate("cert", {
domainName: "example.com",
validationMethod: "DNS",
});
let certValidation = new aws.route53.Record("cert_validation", {
records: [
// Need to pass along a deep subproperty of this Output
certCertificate.domainValidationOptions.apply(
domainValidationOptions => domainValidationOptions[0].resourceRecordValue),
],
...
});
certificate = aws.acm.Certificate('cert',
domain_name='example.com',
validation_method='DNS'
)
record = aws.route53.Record('validation',
records=[
# Need to pass along a deep subproperty of this Output
certificate.domain_validation_options.apply(
lambda domain_validation_options: domain_validation_options[0]['resourceRecordValue']
)
],
...
)
cert, err := acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
DomainName: pulumi.String("example"),
ValidationMethod: pulumi.String("DNS"),
})
if err != nil {
return err
}
record, err := route53.NewRecord(ctx, "validation", &route53.RecordArgs{
Records: pulumi.StringArray{
cert.DomainValidationOptions.ApplyT(func(opts []acm.CertificateDomainValidationOption) string {
return *opts[0].ResourceRecordValue
}).(pulumi.StringOutput),
},
...
})
if err != nil {
return err
}
var cert = new Certificate("cert", new CertificateArgs
{
DomainName = "example",
ValidationMethod = "DNS",
});
var record = new Record("validation", new RecordArgs
{
Records = {
cert.DomainValidationOptions.Apply(opts => opts[0].ResourceRecordValue!)
},
...
});
var cert = new Certificate("cert",
CertificateArgs.builder()
.domainName("example")
.validationMethod("DNS")
.build());
var record = new Record("validation",
RecordArgs.builder()
.records(
cert.domainValidationOptions()
.applyValue(opts -> opts.get(0).resourceRecordValue().get())
.applyValue(String::valueOf)
.applyValue(List::of))
.build());
Instead, to make it easier to access simple property and array elements, an OutputOutput<T>Output[T]OutputOutput<T>OutputOutput<T>Output[T]OutputOutput<T>applyapplyApplyApply
let certCertificate = new aws.acm.Certificate("cert", {
domainName: "example.com",
validationMethod: "DNS",
});
let certValidation = new aws.route53.Record("cert_validation", {
records: [
certCertificate.domainValidationOptions[0].resourceRecordValue
],
...
let certCertificate = new aws.acm.Certificate("cert", {
domainName: "example.com",
validationMethod: "DNS",
});
let certValidation = new aws.route53.Record("cert_validation", {
records: [
certCertificate.domainValidationOptions[0].resourceRecordValue
],
...
certificate = aws.acm.Certificate('cert',
domain_name='example.com',
validation_method='DNS'
)
record = aws.route53.Record('validation',
records=[
certificate.domain_validation_options[0].resource_record_value
],
...
cert, err := acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
DomainName: pulumi.String("example"),
ValidationMethod: pulumi.String("DNS"),
})
if err != nil {
return err
}
record, err := route53.NewRecord(ctx, "validation", &route53.RecordArgs{
Records: pulumi.StringArray{
// Notes:
// * `Index` looks up an index in an `ArrayOutput` and returns a new `Output`.
// * Accessor methods like `ResourceRecordValue` lookup properties of a custom struct `Output` and return a new `Output`.
// * `Elem` dereferences a `PtrOutput` to an `Output`, equivalent to `*`.
cert.DomainValidationOptions.Index(pulumi.Int(0)).ResourceRecordValue().Elem(),
},
...
})
if err != nil {
return err
}
var cert = new Certificate("cert", new CertificateArgs
{
DomainName = "example",
ValidationMethod = "DNS",
});
var record = new Record("validation", new RecordArgs
{
// Notes:
// * `GetAt` looks up an index in an `Output<ImmutableArray<T>>` and returns a new `Output<T>`
// * There are not yet accessor methods for referencing properties like `ResourceRecordValue` on an `Output<T>` directly,
// so the `Apply` is still needed for the property access.
Records = cert.DomainValidationOptions.GetAt(0).Apply(opt => opt.ResourceRecordValue!),
});
// Lifting is currently not supported in Java.
resources:
cert:
type: aws:acm:Certificate
properties:
domainName: example
validationMethod: DNS
record:
type: aws:route53:Record
properties:
records:
# YAML handles inputs and outputs transparently.
- ${cert.domainValidationOptions[0].resourceRecordValue}
This approach is easier to read and write and does not lose any important dependency information that is needed to properly create and maintain the stack. This approach doesn’t work in all cases, but when it does, it can be a great help.
In JavaScript and TypeScript, a ‘lifted’ property access on an Output<T> that wraps undefined produces another Output<T> with the undefined value instead of throwing or producing a ‘faulted’ Output<T>. In other words, lifted property accesses behave like the ?. (optional chaining operator) in JavaScript and TypeScript. This behavior makes it much easier to form a chain of property accesses on an Output<T>.
let certValidation = new aws.route53.Record("cert_validation", {
records: [certCertificate.domainValidationOptions[0].resourceRecordValue],
// instead of
let certValidation = new aws.route53.Record("cert_validation", {
records: [certCertificate.apply(cc => cc ? cc.domainValidationOptions : undefined)
.apply(dvo => dvo ? dvo[0] : undefined)
.apply(o => o ? o.resourceRecordValue : undefined)],
let certValidation = new aws.route53.Record("cert_validation", {
records: [certCertificate.domainValidationOptions[0].resourceRecordValue],
// instead of
let certValidation = new aws.route53.Record("cert_validation", {
records: [certCertificate.apply(cc => cc ? cc.domainValidationOptions : undefined)
.apply(dvo => dvo ? dvo[0] : undefined)
.apply(o => o ? o.resourceRecordValue : undefined)],
Working with Outputs and Strings
Outputs that contain strings cannot be used directly in operations such as string concatenation. String interpolation lets you more easily build a string out of various output values, without needing applyapplyApplyApply
For example, say you want to create a URL from hostname and port output values. You can do this using apply and all.
let hostname = res.hostname;
let port = res.port;
// Would like to produce a string equivalent to: http://${hostname}:${port}/
let url = pulumi.all([hostname, port]).
apply(([hostname, port]) => `http://${hostname}:${port}/`);
let hostname: Output<string>;
let port: Output<number>;
// Would like to produce a string equivalent to: http://${hostname}:${port}/
let url = pulumi.all([hostname, port]).
apply(([hostname, port]) => `http://${hostname}:${port}/`);
hostname: Output[str]
port: Output[int]
# Would like to produce a string equivalent to: http://${hostname}:${port}/
url = Output.all(hostname, port).apply(lambda l: f"http://{l[0]}:{l[1]}/")
var hostname pulumi.StringOutput
var port pulumi.NumberOutput
// Would like to produce a string equivalent to: http://${hostname}:${port}/
url := pulumi.All(hostname, port).ApplyT(func (args []interface{}) string {
return fmt.Sprintf("http://%s:%d/", args[0], args[1])
})
Output<string> hostname = // get some Output
Output<int> port = // get some Output
// Would like to produce a string equivalent to: http://{hostname}:{port}/
var url = Output.Tuple(hostname, port).Apply(t => $"http://{t.Item1}:{t.Item2}/");
Output<String> hostname = Output.of("localhost"); // get some Output
Output<Integer> port = Output.of(8080); // get some Output
// Would like to produce a string equivalent to: http://{hostname}:{port}/
var url = Output.tuple(hostname, port)
.applyValue(t -> String.format("http://%s:%s/", t.t1, t.t2));
However, this approach is verbose and unwieldy. To make this common task easier, Pulumi exposes helpers that allow you to create strings that contain outputs—internally hiding all of the messiness required to join them together:
// concat takes a list of args and concatenates all of them into a single output:
const url1 = pulumi.concat("http://", hostname, ":", port, "/");
// interpolate takes a JavaScript "template literal" and expands outputs correctly:
const url2 = pulumi.interpolate `http://${hostname}:${port}/`;
// concat takes a list of args and concatenates all of them into a single output:
const url1: Output<string> = pulumi.concat("http://", hostname, ":", port, "/");
// interpolate takes a JavaScript "template literal" and expands outputs correctly:
const url2: Output<string> = pulumi.interpolate `http://${hostname}:${port}/`;
# concat takes a list of args and concatenates all of them into a single output:
url = Output.concat("http://", hostname, ":", port, "/")
# format takes a template string and a list of args or keyword args and formats the string, expanding outputs correctly:
url2 = Output.format("http://{0}:{1}/", hostname, port);
url := pulumi.Sprintf("http://%s:%d/", hostname, port)
// Format takes a FormattableString and expands outputs correctly:
var url = Output.Format($"http://{hostname}:{port}/");
// Format takes a FormattableString and expands outputs correctly:
var url = Output.format("http://%s:%s/", hostname, port);
variables:
url: https://${hostname}:${port}
Working with Outputs and JSON
Often in the course of working with web technologies, you encounter JavaScript Object Notation (JSON) which is a popular specification for representing data. Pulumi provides first-class helper functions for deserializing JSON string outputs into your language’s native objects and serializing your language’s native objects to JSON string outputs.
Converting Outputs to JSON
You can natively represent the definition of an AWS Step Function State Machine and embed outputs from other resources then convert it to a JSON string.
const stateMachine = new awsnative.stepfunctions.StateMachine("stateMachine", {
roleArn: sfnRole.arn,
stateMachineType: "EXPRESS",
definitionString: pulumi.jsonStringify({
"Comment": "A Hello World example of the Amazon States Language using two AWS Lambda Functions",
"StartAt": "Hello",
"States": {
"Hello": {
"Type": "Task",
"Resource": helloFunction.arn, // Pulumi Resource Output
"Next": "World",
},
"World": {
"Type": "Task",
"Resource": worldFunction.arn, // Pulumi Resource Output
"End": true,
},
},
})
});
const stateMachine = new awsnative.stepfunctions.StateMachine("stateMachine", {
roleArn: sfnRole.arn,
stateMachineType: "EXPRESS",
definitionString: pulumi.jsonStringify({
"Comment": "A Hello World example of the Amazon States Language using two AWS Lambda Functions",
"StartAt": "Hello",
"States": {
"Hello": {
"Type": "Task",
"Resource": helloFunction.arn, // Pulumi Resource Output
"Next": "World",
},
"World": {
"Type": "Task",
"Resource": worldFunction.arn, // Pulumi Resource Output
"End": true,
},
},
})
});
state_machine = aws_native.stepfunctions.StateMachine("stateMachine",
role_arn=sfn_role.arn,
state_machine_type="EXPRESS",
definition_string=pulumi.Output.json_dumps({
"Comment": "A Hello World example of the Amazon States Language using two AWS Lambda Functions",
"StartAt": "Hello",
"States": {
"Hello": {
"Type": "Task",
"Resource": hello_function.arn, # Pulumi Resource Output
"Next": "World",
},
"World": {
"Type": "Task",
"Resource": world_function.arn, # Pulumi Resource Output
"End": True,
},
},
})
)
The Pulumi Go SDK does not currently support serializing or deserializing maps with unknown values. It is tracked here.
The following is a simplified example of using pulumi.JSONMarshal in Go.
pulumi.JSONMarshal(pulumi.ToMapOutput(map[string]pulumi.Output{
"bool": pulumi.ToOutput(true),
"int": pulumi.ToOutput(1),
"str": pulumi.ToOutput("hello"),
"arr": pulumi.ToArrayOutput([]pulumi.Output{
pulumi.ToOutput(false),
pulumi.ToOutput(1.0),
pulumi.ToOutput(""),
pulumi.ToMapOutput(map[string]pulumi.Output{
"key": pulumi.ToOutput("value"),
}),
}),
"map": pulumi.ToMapOutput(map[string]pulumi.Output{
"key": pulumi.ToOutput("value"),
}),
// The following functionality is currently unsupported as myResource
// is an unknown value.
"unknown": myResource.ApplyT(func(res interface{}) (interface{}, error) {
return "Hello World!", nil
}),
}))
var stateMachine = Pulumi.Output.JsonSerialize(Output.Create(new {
Comment = "A Hello World example of the Amazon States Language using two AWS Lambda Functions",
StartAt = "Hello",
States = new Dictionary<string, object?>{
["Hello"] = new {
Type = "Task",
Resource = helloFunction.Arn, // Pulumi Resource Output
Next = "World",
},
["World"] = new {
Type = "Task",
Resource = worldFunction.Arn, // Pulumi Resource Output
End = true,
},
},
}));
Parsing JSON Outputs to Objects
You can parse a JSON string into an object and then, inside of an Apply, manipulate the object to remove all of the policy statements.
const jsonIAMPolicy = pulumi.output(`{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-bucket"
}
]
}`);
const policyWithNoStatements = pulumi.jsonParse(jsonIAMPolicy).apply(policy => {
// delete the policy statements
policy.Statement = [];
return policy;
});
For more details view the NodeJS documentation.
const jsonIAMPolicy = pulumi.output(`{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-bucket"
}
]
}`);
const policyWithNoStatements: Output<object> = pulumi.jsonParse(jsonIAMPolicy).apply(policy => {
// delete the policy statements
policy.Statement = [];
return policy;
});
For more details view the NodeJS documentation.
json_iam_policy = pulumi.Output.from_input('''
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-bucket"
}
]
}
''')
def update_policy(policy):
# delete the policy statements
policy.update({'Statement': []})
return policy
policy_with_no_statements = \
pulumi.Output.json_loads(json_IAM_policy).apply(update_policy)
For more details view the Python documentation.
jsonIAMPolicy := pulumi.ToOutput(`{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-bucket"
}
]
}`).(pulumi.StringInput)
policyWithNoStatements := pulumi.JSONUnmarshal(jsonIAMPolicy).ApplyT(
func(v interface{}) (interface{}, error) {
// delete the policy statements
v.(map[string]interface{})["Statement"] = []pulumi.ArrayOutput{}
return v, nil
})
For more details view the Go documentation.
var jsonIAMPolicy = Output.Create(@"
{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": ""VisualEditor0"",
""Effect"": ""Allow"",
""Action"": [
""s3:ListAllMyBuckets"",
""s3:GetBucketLocation""
],
""Resource"": ""*""
},
{
""Sid"": ""VisualEditor1"",
""Effect"": ""Allow"",
""Action"": [
""s3:*""
],
""Resource"": ""arn:aws:s3:::my-bucket""
}
]
}
");
var policyWithNoStatements = Pulumi.Output.JsonDeserialize<IAMPolicy>(jsonIAMPolicy).Apply(policy =>
{
// delete the policy statements.
policy.Statement = Pulumi.Output.Create(new List<StatementEntry> { });
return policy;
})
For more details view the .NET documentation
Convert Input to Output through Interpolation
It is possible to turn an InputInput<T>Input[T]InputInput<T>OutputOutput<T>Output[T]OutputOutput<T>OutputOutput<T>Output[T]OutputOutput<T>InputInput<T>Input[T]InputInput<T>OutputOutput<T>Output[T]OutputOutput<T>
For example, this code transforms an InputInput<T>Input[T]InputInput<T>OutputOutput<T>Output[T]OutputOutput<T>apply function:
function split(input) {
let output = pulumi.output(input);
return output.apply(v => v.split());
}
function split(input: pulumi.Input<string>): pulumi.Output<string[]> {
let output = pulumi.output(input);
return output.apply(v => v.split());
}
def split(input):
output = Output.from_input(input)
return output.apply(lambda v: v.split())
func split(input pulumi.StringInput) pulumi.StringArrayOutput {
return input.ToStringOutput().ApplyT(func(s string) []string {
return strings.Split(s, ",")
}).(pulumi.StringArrayOutput)
}
Output<string[]> Split(Input<string> input)
{
var output = input.ToOutput();
return output.Apply(v => v.Split(","));
}
public static Output<List<String>> split(Output<String> str) {
return str.applyValue(v -> List.of(v.split(",")));
}
