Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Docs
  2. Pulumi IaC
  3. Get started
  4. Pulumi for Terraform Users
  5. Install and Configure

Get started with Pulumi for Terraform Users

    Install Pulumi

    Download and install Pulumi alongside your existing Terraform setup:

    $ brew install pulumi/tap/pulumi
    $ curl -fsSL https://get.pulumi.com | sh
    All Windows examples in this tutorial assume you are running in PowerShell.
    > choco install pulumi
    Other installation options are available.

    Test your new installation by running the `pulumi version` command:

    $ pulumi version
v3.187.0

    If this doesn't work, you may need to restart your terminal to ensure the directory containing the pulumi command is on your PATH.

    $ pulumi version
v3.187.0

    If this doesn't work, you may need to restart your terminal to ensure the directory containing the pulumi command is on your PATH.

    > pulumi version
v3.187.0

    If this doesn't work, you may need to restart your terminal to ensure the directory containing the pulumi.exe command is on your PATH.

    Configure access to AWS

    Pulumi can use the same cloud provider credentials as Terraform. In this tutorial we’re going to focus on AWS. If you’re already using Terraform with AWS, or if you’ve installed and configured the AWS CLI, your existing configuration will work with Pulumi.

    You must use an IAM user account that has programmatic access with rights to deploy and manage S3 buckets.

    Testing access

    To test that your AWS access is configured properly, run:

    $ aws sts get-caller-identity

    > aws sts get-caller-identity

    If your AWS user ID, account, and ARN are printed, you are good to go. If not, read on:

    {
    "UserId": "BXO3165...ZP36NYY5FOU:my-session",
    "Account": "9263...9123",
    "Arn": "arn:aws:sts::9263...9123:assumed-role/.../my-session"
}

    Alternative approaches

    If you don’t have the AWS CLI installed, or you plan on using Pulumi in a CI/CD pipeline, retrieve your access key ID and secret access key and then set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables on your workstation:

    $ export AWS_ACCESS_KEY_ID="<YOUR_ACCESS_KEY_ID>"
$ export AWS_SECRET_ACCESS_KEY="<YOUR_SECRET_ACCESS_KEY>"

    > $env:AWS_ACCESS_KEY_ID = "<YOUR_ACCESS_KEY_ID>"
> $env:AWS_SECRET_ACCESS_KEY = "<YOUR_SECRET_ACCESS_KEY>"
    Consider using Pulumi ESC’s AWS login support for dynamic, short-lived AWS credentials via OpenID Connect (OIDC) instead of long-lived static credentials. This is a security best practice.

    You may optionally use AWS profiles if your configuration requires them:

    $ export AWS_PROFILE="<YOUR_PROFILE_NAME>"

    > $env:AWS_PROFILE = "<YOUR_PROFILE_NAME>"

    For detailed information on Pulumi’s use of AWS credentials, see AWS Setup.

    Choose your language

    Next, make sure you have the necessary runtimes installed for your preferred Pulumi language:

    • Go installed locally
    • .NET installed locally
    • No additional language runtime required

    Verify CLI installation

    After installing Pulumi, verify everything is in working order by running the pulumi CLI:

    $ pulumi version
    $ pulumi version
    > pulumi version

    If you run into trouble, please refer to the Download and install Pulumi page to troubleshoot your setup before moving on.

    ← Previous step Try it out →
      Guide to Secure Infrastructure Automation