Google Cloud
Build, deploy, and manage Google Cloud infrastructure with Pulumi. This page links to every Pulumi capability for Google Cloud: Infrastructure as Code, Environments, Secrets, and Configuration (ESC), Insights account scanning, and policy packs.
To start from scratch, follow the Google Cloud get-started guide.
Infrastructure as Code
Pulumi IaC lets you define cloud infrastructure using TypeScript, Python, Go, C#, Java, or YAML — with deterministic deployments, a state backend, and a rich ecosystem of packages.
- Google Cloud provider — the default Google Cloud provider. Manages a broad set of Google Cloud resources.
- Docker — build and push Docker images to Artifact Registry, Container Registry, or other registries.
- Kubernetes — deploy application workloads to GKE or any Kubernetes cluster.
Architecture templates
Pulumi templates are ready-to-deploy starting points for common architectures. Run pulumi new <template> to bootstrap a new project.
Start new Google Cloud projects from a pre-built template:
- Container service on Google Cloud — containerized service on Cloud Run.
- Serverless application on Google Cloud — Cloud Functions with supporting resources.
- Static website on Google Cloud — Cloud Storage static site.
- Virtual machine on Google Cloud — Compute Engine VM with configurable networking.
- Kubernetes cluster on Google Cloud — Google Kubernetes Engine (GKE) cluster ready for workloads.
Guides
Hands-on Infrastructure as Code guides for building on Google Cloud with Pulumi.
- Google Cloud Build CI/CD — drive Pulumi stack updates from Cloud Build pipelines.
Secrets & configuration (ESC)
Pulumi ESC (Environments, Secrets, and Configuration) is a centralized service for managing secrets, configuration, and short-lived credentials. It composes values from many sources — including Google Cloud — into environments that Pulumi programs, CLIs, and CI/CD workflows can consume.
ESC integrates directly with Google Cloud for short-lived credentials and secret retrieval:
- Google Cloud OIDC login — generate short-lived Google Cloud credentials for Pulumi programs and workflows.
- Google Cloud Secret Manager — pull secrets from Secret Manager into ESC environments.
Insights
Pulumi Insights continuously scans your clouds to build a searchable inventory of every resource — whether created by Pulumi or not — so you can find, audit, and govern cloud infrastructure across accounts, regions, and providers.
For Google Cloud, Insights connects projects to inventory existing resources, search across projects, and export data. See Add a Google Cloud account for a step-by-step setup guide and Insights discovery overview for background.
Policy packs
Pulumi Policies lets you enforce rules on infrastructure at preview and update time, rejecting stacks that violate security, cost, or compliance standards. Pre-built policy packs are maintained by Pulumi and cover common regulatory and best-practice frameworks.
For Google Cloud:
- Pulumi best practices for Google Cloud — Pulumi-authored policies for common Google Cloud misconfigurations.
- CIS Google Cloud Platform Foundations Benchmark
- HITRUST CSF for Google Cloud
- CIS Kubernetes Benchmark on Google Cloud — for GKE clusters.
Migration
Migrate existing Google Cloud infrastructure from another IaC tool to Pulumi.
- From Terraform — convert Terraform HCL and state to Pulumi.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.