Azure
Build, deploy, and manage Azure infrastructure with Pulumi. This page links to every Pulumi capability for Azure: Infrastructure as Code, Environments, Secrets, and Configuration (ESC), Insights account scanning, and policy packs.
To start from scratch, follow the Azure get-started guide.
Infrastructure as Code
Pulumi IaC lets you define cloud infrastructure using TypeScript, Python, Go, C#, Java, or YAML — with deterministic deployments, a state backend, and a rich ecosystem of packages.
Pulumi provides several packages for Azure. For core infrastructure, Azure Native is the recommended choice; Azure Classic is the older alternative. Additional packages cover identity (azuread), Azure DevOps, and static websites. For a deeper comparison, see Choosing a Pulumi Azure provider.
- Azure Native provider — always up to date; covers 100% of the resources in Azure Resource Manager.
- Azure Classic provider — older provider with fewer resources and slower feature coverage.
- Azure Active Directory (Azure AD) — manage Azure AD identities, groups, and applications.
- Azure DevOps — provision Azure DevOps projects, pipelines, and repositories.
- Azure Static Website — high-level component for static sites on Azure.
- Docker — build and push Docker images to Azure Container Registry or other registries.
- Kubernetes — deploy application workloads to AKS or any Kubernetes cluster.
Architecture templates
Pulumi templates are ready-to-deploy starting points for common architectures. Run pulumi new <template> to bootstrap a new project.
Start new Azure projects from a pre-built template:
- Container service on Azure — containerized service on Azure Container Apps or App Service.
- Serverless application on Azure — Azure Functions with supporting resources.
- Static website on Azure — storage-account static site with CDN.
- Virtual machine on Azure — Azure VM with configurable networking.
- Kubernetes cluster on Azure — Azure Kubernetes Service (AKS) cluster ready for workloads.
Guides
Hands-on Infrastructure as Code guides for building on Azure with Pulumi.
- Choosing a Pulumi Azure provider — compare Azure Native and Azure Classic.
- Convert ARM templates to Pulumi — migrate existing ARM templates.
- Azure DevOps CI/CD — drive Pulumi stack updates from Azure DevOps pipelines.
Secrets & configuration (ESC)
Pulumi ESC (Environments, Secrets, and Configuration) is a centralized service for managing secrets, configuration, and short-lived credentials. It composes values from many sources — including Azure — into environments that Pulumi programs, CLIs, and CI/CD workflows can consume.
ESC integrates directly with Azure for short-lived credentials and secret retrieval:
- Azure OIDC login — generate short-lived Azure credentials for Pulumi programs and workflows.
- Azure Key Vault — pull secrets from Key Vault into ESC environments.
- Azure application secret rotation — rotate Azure AD application secrets on a schedule.
Insights
Pulumi Insights continuously scans your clouds to build a searchable inventory of every resource — whether created by Pulumi or not — so you can find, audit, and govern cloud infrastructure across accounts, regions, and providers.
For Azure, Insights connects subscriptions to inventory existing resources, search across subscriptions, and export data. See Add an Azure account for a step-by-step setup guide and Insights discovery overview for background.
Policy packs
Pulumi Policies lets you enforce rules on infrastructure at preview and update time, rejecting stacks that violate security, cost, or compliance standards. Pre-built policy packs are maintained by Pulumi and cover common regulatory and best-practice frameworks.
For Azure:
- Pulumi best practices for Azure — Pulumi-authored policies for common Azure misconfigurations.
- CIS Microsoft Azure Foundations Benchmark
- HITRUST CSF for Azure
- CIS Kubernetes Benchmark on Azure — for AKS clusters.
Migration
Migrate existing Azure infrastructure from another IaC tool to Pulumi. The guides below walk through converting or coexisting with each source format.
- From ARM and Bicep — convert ARM templates and Bicep files to Pulumi in your preferred language.
- From Terraform — convert Terraform HCL and state to Pulumi.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.