Resource providers
A resource provider handles communications with a cloud service to create, read, update, and delete the resources you define in your Pulumi programs. Pulumi passes your code to a language host such as Node.js, waits to be notified of resource registrations, assembles a model of your desired state, and calls on the resource provider to produce that state. The resource provider translates those requests into API calls to the cloud service.
A resource provider is tied to the language that you use to write your programs. For example, if your cloud provider is AWS, the following providers are available:
- JavaScript/TypeScript:
@pulumi/aws
- Python:
pulumi-aws
- Go:
github.com/pulumi/pulumi-aws/sdk/go/aws
- .NET:
Pulumi.Aws
Normally, since you declare the language and cloud provider you intend to use when you write a program, Pulumi installs the provider for you as a plugin, using the appropriate package manager, such as NPM for Typescript.
The resource provider for custom resources is determined based on its package name. For example, the aws
package loads a plugin named pulumi-resource-aws
, and the kubernetes
package loads a plugin named pulumi-resource-kubernetes
.
Default Provider Configuration
By default, each provider uses its package’s global configuration settings, which are controlled by your stack’s configuration. You can set information such as your cloud provider credentials with environment variables and configuration files. If you store this data in standard locations, Pulumi knows how to retrieve them.
For example, suppose you run this CLI command:
$ pulumi config set aws:region us-west-2
Then, suppose you deploy the following Pulumi program:
let aws = require("@pulumi/aws");
let instance = new aws.ec2.Instance("myInstance", {
instanceType: "t2.micro",
ami: "myAMI",
});
let aws = require("@pulumi/aws");
let instance = new aws.ec2.Instance("myInstance", {
instanceType: "t2.micro",
ami: "myAMI",
});
from pulumi_aws import ec2
instance = ec2.Instance("myInstance", instance_type="t2.micro", ami="myAMI")
vpc, err := ec2.NewInstance(ctx, "myInstance", &ec2.InstanceArgs{
InstanceType: pulumi.String("t2.micro"),
Ami: pulumi.String("myAMI"),
})
var instance = new Aws.Ec2.Instance("myInstance", new Aws.Ec2.InstanceArgs
{
InstanceType = "t2.micro",
Ami = "myAMI",
});
var instance = new Instance("myInstance",
InstanceArgs.builder()
.instanceType("t2.micro")
.ami("myAMI")
.build());
It creates a single EC2 instance in the us-west-2 region.
Explicit Provider Configuration
While the default provider configuration may be appropriate for the majority of Pulumi programs, some programs may have special requirements. One example is a program that needs to deploy to multiple AWS regions simultaneously. Another example is a program that needs to deploy to a Kubernetes cluster, created earlier in the program, which requires explicitly creating, configuring, and referencing providers. This is typically done by instantiating the relevant package’s Provider
type and passing in the options for each Resource
that needs to use it. For example, the following configuration and program creates an ACM certificate in the us-east-1
region and a load balancer listener in the us-west-2
region.
let pulumi = require("@pulumi/pulumi");
let aws = require("@pulumi/aws");
// Create an AWS provider for the us-east-1 region.
let useast1 = new aws.Provider("useast1", { region: "us-east-1" });
// Create an ACM certificate in us-east-1.
let cert = new aws.acm.Certificate("cert", {
domainName: "foo.com",
validationMethod: "EMAIL",
}, { provider: useast1 });
// Create an ALB listener in the default region that references the ACM certificate created above.
let listener = new aws.lb.Listener("listener", {
loadBalancerArn: loadBalancerArn,
port: 443,
protocol: "HTTPS",
sslPolicy: "ELBSecurityPolicy-2016-08",
certificateArn: cert.arn,
defaultAction: {
targetGroupArn: targetGroupArn,
type: "forward",
},
})
let pulumi = require("@pulumi/pulumi");
let aws = require("@pulumi/aws");
// Create an AWS provider for the us-east-1 region.
let useast1 = new aws.Provider("useast1", { region: "us-east-1" });
// Create an ACM certificate in us-east-1.
let cert = new aws.acm.Certificate("cert", {
domainName: "foo.com",
validationMethod: "EMAIL",
}, { provider: useast1 });
// Create an ALB listener in the default region that references the ACM certificate created above.
let listener = new aws.lb.Listener("listener", {
loadBalancerArn: loadBalancerArn,
port: 443,
protocol: "HTTPS",
sslPolicy: "ELBSecurityPolicy-2016-08",
certificateArn: cert.arn,
defaultAction: {
targetGroupArn: targetGroupArn,
type: "forward",
},
});
import pulumi
import pulumi_aws as aws
# Create an AWS provider for the us-east-1 region.
useast1 = aws.Provider("useast1", region="us-east-1")
# Create an ACM certificate in us-east-1.
cert = aws.acm.Certificate("cert",
domain_name="foo.com",
validation_method="EMAIL",
opts=pulumi.ResourceOptions(provider=useast1))
# Create an ALB listener in the default region that references the ACM certificate created above.
listener = aws.lb.Listener("listener",
load_balancer_arn=load_balancer_arn,
port=443,
protocol="HTTPS",
ssl_policy="ELBSecurityPolicy-2016-08",
certificate_arn=cert.arn,
default_action={
"target_group_arn": target_group_arn,
"type": "forward",
})
// Create an AWS provider for the us-east-1 region.
useast1, err := aws.NewProvider(ctx, "useast1", &aws.ProviderArgs{
Region: pulumi.String("us-east-1"),
})
if err != nil {
return err
}
// Create an ACM certificate in us-east-1.
cert, err := acm.NewCertificate(ctx, "myInstance", &acm.CertificateArgs{
DomainName: pulumi.String("foo.com"),
ValidationMethod: pulumi.String("EMAIL"),
}, pulumi.Provider(useast1))
if err != nil {
return err
}
// Create an ALB listener in the default region that references the ACM certificate created above.
listener, err := lb.NewListener(ctx, "myInstance", &lb.ListenerArgs{
LoadBalancerArn: loadBalancerArn,
Port: pulumi.Int(443),
Protocol: pulumi.String("HTTPS"),
SslPolicy: pulumi.String("ELBSecurityPolicy-2016-08"),
CertificateArn: cert.Arn,
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
TargetGroupArn: targetGroupArn,
Type: pulumi.String("forward"),
},
},
})
if err != nil {
return err
}
// Create an AWS provider for the us-east-1 region.
var useast1 = new Aws.Provider("useast1", new Aws.ProviderArgs { Region = "us-east-1" });
// Create an ACM certificate in us-east-1.
var cert = new Aws.Acm.Certificate("cert", new Aws.Acm.CertificateArgs
{
DomainName = "foo.com",
ValidationMethod = "EMAIL",
}, new CustomResourseOptions { Provider = useast1 });
// Create an ALB listener in the default region that references the ACM certificate created above.
var listener = new Aws.Lb.Listener("listener", new Aws.Lb.ListenerArgs
{
LoadBalancerArn = loadBalancerArn,
Port = 443,
Protocol = "HTTPS",
SslPolicy = "ELBSecurityPolicy-2016-08",
CertificateArn = cert.arn,
DefaultAction: new Aws.Lb.ListenerDefaultAction
{
TargetGroupArn = targetGroupArn,
Type = "forward",
},
});
// Create an AWS provider for the us-east-1 region.
var useast1 = new Provider("useast1",
ProviderArgs.builder().region("us-east-1").build());
// Create an ACM certificate in us-east-1.
var cert = new Certificate("cert",
CertificateArgs.builder()
.domainName("foo.com")
.validationMethod("EMAIL")
.build(),
CustomResourceOptions.builder()
.provider(useast1)
.build());
// Create an ALB listener in the default region that references the ACM certificate created above.
var listener = new Listener("listener",
ListenerArgs.builder()
.loadBalancerArn(loadBalancerArn)
.port(443)
.protocol("HTTPS")
.sslPolicy("ELBSecurityPolicy-2016-08")
.certificateArn(cert.arn())
.defaultActions(ListenerDefaultActionArgs.builder()
.targetGroupArn(targetGroupArn)
.type("forward")
.build())
.build());
$ pulumi config set aws:region us-west-2
Component resources also accept a set of providers to use with their child resources. For example, the EC2 instance parented to myResource
in the program below is created in us-east-1
, and the Kubernetes pod parented to myResource is created in the cluster targeted by the test-ci
context.
class MyResource extends pulumi.ComponentResource {
constructor(name, opts) {
let instance = new aws.ec2.Instance("instance", { ... }, { parent: this });
let pod = new kubernetes.core.v1.Pod("pod", { ... }, { parent: this });
}
}
let useast1 = new aws.Provider("useast1", { region: "us-east-1" });
let myk8s = new kubernetes.Provider("myk8s", { context: "test-ci" });
let myResource = new MyResource("myResource", { providers: { aws: useast1, kubernetes: myk8s } });
class MyResource extends pulumi.ComponentResource {
constructor(name, opts) {
let instance = new aws.ec2.Instance("instance", { ... }, { parent: this });
let pod = new kubernetes.core.v1.Pod("pod", { ... }, { parent: this });
}
}
let useast1 = new aws.Provider("useast1", { region: "us-east-1" });
let myk8s = new kubernetes.Provider("myk8s", { context: "test-ci" });
let myResource = new MyResource("myResource", { providers: { aws: useast1, kubernetes: myk8s } });
class MyResource(pulumi.ComponentResource):
def __init__(self, name, opts):
instance = aws.ec2.Instance("instance", ..., opts=pulumi.ResourceOptions(parent=self))
pod = kubernetes.core.v1.Pod("pod", ..., opts=pulumi.ResourceOptions(parent=self))
useast1 = aws.Provider("useast1", region="us-east-1")
myk8s = kubernetes.Provider("myk8s", context="test-ci")
my_resource = MyResource("myResource", pulumi.ResourceOptions(providers={
"aws": useast1,
"kubernetes": myk8s,
})
useast1, err := aws.NewProvider(ctx, "useast1", &aws.ProviderArgs{
Region: pulumi.String("us-east-1"),
})
if err != nil {
return err
}
myk8s, err := kubernetes.NewProvider(ctx, "myk8s", &kubernetes.ProviderArgs{
Context: pulumi.String("test-ci"),
})
if err != nil {
return err
}
myResource, err := NewMyResource(ctx, "myResource", pulumi.ProviderMap(map[string]pulumi.ProviderResource{
"aws": useast1,
"kubernetes": myk8s,
}))
if err != nil {
return err
}
using Pulumi;
using Aws = Pulumi.Aws;
using Kubernetes = Pulumi.Kubernetes;
class MyResource : ComponentResource
{
public MyResource(string name, ComponentResourceOptions opts)
: base(name, opts)
{
var instance = new Aws.Ec2.Instance("instance", new Aws.Ec2.InstanceArgs { ... }, new CustomResourceOptions { Parent = this });
var pod = new Kubernetes.Core.V1.Pod("pod", new Kubernetes.Core.V1.PodArgs { ... }, new CustomResourceOptions { Parent = this });
}
}
class MyStack
{
public MyStack()
{
var useast1 = new Aws.Provider("useast1",
new Aws.ProviderArgs { Region = "us-east-1" });
var myk8s = new Kubernetes.Provider("myk8s",
new Kubernetes.ProviderArgs { Context = "test-ci" });
var myResource = new MyResource("myResource",
new ComponentResourceOptions { Providers = { useast1, myk8s } });
}
}
final var usEast1 = new com.pulumi.aws.Provider("aws",
com.pulumi.aws.ProviderArgs.builder()
.region("us-east-1")
.build());
final var myk8s = new com.pulumi.kubernetes.Provider("kubernetes",
com.pulumi.kubernetes.ProviderArgs.builder()
.kubeconfig(kubeconfig)
.build());
final var myresource = new MyResource("myResource",
ComponentResourceOptions.builder()
.providers(usEast1, myk8s)
.build());
Disabling Default Providers
While default providers are enabled by default, they can be disabled on a per stack basis. Disabling default
providers is a good idea if you want to ensure that your programs must be explicit about which provider they
will use. For example, to disable the aws
provider, you can run:
$ pulumi config set --path 'pulumi:disable-default-providers[0]' aws
If you wanted to also disable the kubernetes
default provider, as well as the aws
default provider, you could run:
$ pulumi config set --path 'pulumi:disable-default-providers[1]' kubernetes
This adds a new entry to the list pulumi:disable-default-providers
. To disable all default providers, use *
as the package name:
$ pulumi config set --path 'pulumi:disable-default-providers[0]' '*'
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.