Get started
Docs Home
Download & Install Pulumi
Get Started
Infrastructure as Code
Overview
Get Started
AWS
Introduction
Install Pulumi
Configure access
Create project
Deploy
Make an update
Create a component
Cleanup & destroy
Next steps
Azure
Introduction
Install Pulumi
Configure access
Create project
Deploy
Make an update
Create a component
Cleanup & destroy
Next steps
Google Cloud
Introduction
Install Pulumi
Configure access
Create project
Deploy
Make an update
Create a component
Cleanup & destroy
Next steps
Kubernetes
Introduction
Install Pulumi
Configure access
Create project
Deploy
Make an update
Create a component
Cleanup & destroy
Next steps
Terraform Users
Introduction
Install and Configure
First Look
Reference Terraform State
Import Terraform Modules
Use Terraform Providers
Convert HCL Code
Orchestrate Together
Store Terraform State
Next Steps
Concepts
Introduction
Pulumi Cloud
Projects
Introduction
Project file reference
Stack settings file reference
Stacks
Stash
Configuration
Resources
Introduction
Names
Resource options
Introduction
additionalSecretOutputs
aliases
customTimeouts
deleteBeforeReplace
deletedWith
dependsOn
envVarMappings
hideDiffs
hooks
ignoreChanges
import
parent
protect
provider
providers
replacementTrigger
replaceOnChanges
replaceWith
retainOnDelete
transformations
transforms
version
Providers
Introduction
Any Terraform Provider
Dynamic providers
Inputs & Outputs
Introduction
Apply
All
Helpers
State & backends
Secrets Handling
Introduction
Write-Only Fields
Functions
Introduction
Provider functions
Get functions
Resource methods
Function serialization
Components
Packages
Automation API
Assets & archives
Plugins
Converters
Guides
Basics
Introduction
How Pulumi IaC Works
Pulumi Cloud vs. OSS
Organizing Projects & Stacks
Building & Extending
Introduction
Components
Build a Component
Testing Components
Packaging Components
Packages
Introduction
Authoring a Source-Based Plugin Package
Authoring an Executable Plugin Package
Publishing to the Pulumi Registry
Repository Strategy
Local Packages
Pulumi Go Provider SDK
Schema reference
Providers
Introduction
Provider Architecture
Build a Provider
Author a Dynamic Provider
Provider Configuration
Debugging Providers
Direct Implementation
Introduction
Protocol Reference
Python
TypeScript
Using Existing Tools
Use a Terraform Module
Creating Templates
Automation API
Clouds
Introduction
AWS
Introduction
Choosing a Provider
API Gateway
AWS CDK
ECR
ECS
EKS
ELB
IAM
Lambda
VPC
Azure
Migration
Introduction
Migrating from...
Terraform
AWS CDK
Introduction
Migrating existing CDK
Using Pulumi with AWS CDK
AWS CloudFormation
Azure Resource Manager
Kubernetes YAML or Helm Charts
Serverless Framework
Importing Resources
Conversion tools
Finding AWS import IDs
Testing
Introduction
Unit testing
Integration testing
Introduction
Integration testing framework
Automation API testing
Operations
Introduction
Stack Management
Introduction
Targeted updates
Running your program on refresh and destroy
Update plans
Drift detection
Editing state files
Restoring deleted stacks
Using a DIY Backend
Refactoring with aliases
Continuous Delivery
Introduction
Argo CD
AWS Code Services
Azure DevOps
Bitbucket Pipelines
Buildkite
CircleCI
Codefresh
GitHub Actions
GitLab CI/CD
Google Cloud Build
Harness
Jenkins
Octopus Deploy
TeamCity
Travis CI
Troubleshooting
Troubleshooting
Overview
Update Conflicts
Server Errors
Post-Step Event Errors
Connection Issues
Destroy Failures
Interrupted Updates
macOS Architecture Mismatch
Debugging
Overview
Logging
Attaching a Debugger
Performance and Tracing
Using Dev Builds for Unreleased Fixes
Docker Images
Least Privilege Security
Languages & SDKs
Overview
TypeScript
Introduction
SDK docs ↗
Policy SDK docs ↗
Provider package version management
Python
Introduction
SDK docs ↗
Policy SDK docs ↗
Blocking & async
Resource identity
C#, F#, VB (.NET)
Introduction
SDK docs ↗
Go
Introduction
Inputs & outputs
SDK docs ↗
Java
Introduction
SDK docs ↗
YAML
Introduction
Reference
Component Reference
HCL
Introduction
Reference
Component Reference
Pulumi CLI
Introduction
Commands
Introduction
pulumi
about
cancel
config
console
convert
destroy
env
gen-completion
import
login
logout
logs
new
org
package
plugin
policy
preview
refresh
schema
stack
state
up
version
watch
whoami
Environment variables
Command-line completion
Available versions
Direct Resource Operations
Calling the Cloud API
Pulumi CLI Exit Codes
Comparisons
Introduction
Terraform
Introduction
OpenTofu vs. Terraform
Pulumi terminology
AWS CloudFormation
AWS CDK
CDKTF
Crossplane
OpenTofu
ARM Templates
Helm
Kubernetes YAML Manifests
Serverless Framework
Chef & Puppet
Cloud SDKs
Custom solutions
Deployments & Workflows
Overview
Get Started
Deployments
Introduction
Get Started Guides
Introduction
New Project Wizard
Pulumi and GitHub CLIs
Using Deployments
Introduction
Deployments Settings
Deployment Triggers
Private Git Repositories
Post-Deployment Automation
Cloud Credentials
Deployment Permissions
Runs
Introduction
Images
Customer-managed workflow runners
Drift detection
OIDC Setup
Introduction
AWS
Azure
Google Cloud
Review stacks
Time-to-live stacks
Schedules
Security and operations
Vs. Traditional CI/CD
Webhooks
Deploy with Pulumi button
Secrets & Configuration
Overview
Get Started
Concepts
Introduction
Environments
Providers
Rotators
Imports
Interpolations and References
Built-in Functions
Introduction
fn::concat
fn::final
fn::fromBase64
fn::fromJSON
fn::join
fn::open
fn::rotate
fn::split
fn::toBase64
fn::toJSON
fn::toString
fn::validate
fn::secret
Outputs
Versioning
Webhooks
Approvals
Customer Managed Keys
SDKs
Providers
Introduction
Login & OIDC
Introduction
aws-login
azure-login
doppler-login
gcp-login
gh-login
infisical-login
snowflake-login
vault-login
Secrets & config
Introduction
1password-secrets
aws-parameter-store
aws-secrets
azure-secrets
doppler-secrets
gcp-secrets
infisical-secrets
vault-secrets
pulumi-stacks
terraform-state
external
Rotators
Introduction
aws-iam
azure-app-secret
mysql
passphrase
password
postgres
snowflake-user
external
Operations
Introduction
Rotating secrets
Introduction
Best practices
AWS Lambda Rotation Connector
Database User Setup
Managing Secrets
Guides
Introduction
Kubernetes Cluster Access
Integrate with Pulumi IaC
Docker
Direnv
GitHub
Terraform
Running Commands with esc run
Cloudflare
Configuring OIDC
Introduction
AWS
Azure
Doppler
Google Cloud
Infisical
Vault
Integrations
Introduction
Pulumi Service Provider
Automation API
ESC VS Code Extension
Kubernetes
Introduction
External Secrets Operator (ESO)
Secrets Store CSI Driver
Administration
Introduction
Access control
Audit Logs
Deletion protection
Languages & SDKs
Overview
TypeScript
Python
Go
.NET
ESC CLI
Introduction
Download & Install
Commands
Introduction
esc
esc completion
esc env
esc env edit
esc env get
esc env init
esc env ls
esc env rm
esc env set
esc login
esc open
esc run
esc version
Command-line completion
Comparisons
Introduction
HashiCorp Vault
Infisical
Doppler
Insights & Governance
Overview
Discovery
Introduction
Get Started
Introduction
Before You Begin
Create Accounts
Manage Accounts and Scans
Using Resource Explorer
Add Policies
Accounts
Resource Search
Visual Import
Data Export
Policies
Introduction
Get Started
Policy Packs
Introduction
Pre-Built Packs
Write your own
Project File Reference
Policy Metadata
Policy Groups
Policy Findings
Integrations
Snyk Container Scanning
AWS Organizations Tag Policies
CLI Reference
CI/CD Integration
API & SDK Reference
Self-hosted Insights
Internal Developer Platform
Overview
Concepts
Introduction
Private Registry
Organization templates
New Project Wizard
No-code stacks
Services
Pulumi Backstage plugin
Guides
Introduction
Best Practices
Introduction
The Four Factors Framework
Patterns
Introduction
One ESC environment per service
One ESC environment per team
One ESC environment per lifecycle stage
Composable environments
Multiple workloads on shared infrastructure
Policies as tests
Components using other Components
Validating Component Inputs using Policy functions
Cost control using Components, Policies, and constrained inputs
Security Updates using Components
Publishing Components from GitHub Actions
Infrastructure AI
Overview
Get Started
Pulumi CLI
Tasks
Automations
Pull Requests
Previews
Settings
Integrations
Introduction
CLI Integrations
GitHub
Slack
MCP Integrations
Agent Skills
MCP server
Administration
Overview
Organizations & Teams
Overview
Accounts
Organizations
Agent Accounts
Billing managers
Onboarding Guide
Introduction
Select the right model
Ways of working
Setting up for success
Migrating to Pulumi
Access & Identity
Overview
Role-Based Access Control (RBAC)
Introduction
Teams
Roles
Permission sets
Scopes
Introduction
Environments
Insights accounts
Organization settings
Stacks
Access tokens
OIDC Issuers
Introduction
GitHub
GitLab
AWS EKS
Google GKE
SAML(SSO)
Introduction
Using SAML
Auth0
Entra ID
Google Workspace
JumpCloud
Okta
OneLogin
SAML admin
Troubleshooting
SCIM
Introduction
Entra ID
Okta
OneLogin
ESC Access Control
Security & Compliance
Overview
Audit Logs
Introduction
Export to AWS S3
Export to Microsoft Sentinel
Customer Managed Keys
Introduction
AWS KMS
ESC Approvals
ESC Audit Logs
ESC Customer Managed Keys
Self-Hosting
Overview
Deployment options
Introduction
Docker Compose
ECS
EKS
AKS
GKE
Local-Docker
Bring-your-own infra
Components
Introduction
Pulumi API
Pulumi console
OpenSearch cluster
Pulumi Deployments
SAML SSO
Network reqs
Air-Gapped
Operations
Introduction
Architecture
Database
Compute Sizing
Object Storage
Networking
Monitoring
Backup and Recovery
Upgrades
Security Hardening
Changelog
Integrations
Overview
Clouds
Overview
AWS
Azure
Google Cloud
Kubernetes
Introduction
Pulumi Kubernetes Operator
crd2pulumi
Version Control
Overview
GitHub
GitLab
Bitbucket
Azure DevOps
Custom VCS
Reference
Overview
CLI
Pulumi CLI
ESC CLI
SDKs
TypeScript ↗
Python ↗
Go ↗
.NET ↗
Java ↗
TypeScript Policy SDK ↗
Python Policy SDK ↗
TypeScript ESC SDK ↗
Python ESC SDK ↗
Go ESC SDK ↗
.NET ESC SDK ↗
Pre-built Policy Packs
CIS
AWS
Azure
Google Cloud
CIS Kubernetes
AWS (EKS)
Azure (AKS)
Google Cloud (GKE)
HITRUST
AWS
Azure
Google Cloud
NIST
AWS
PCI DSS
AWS
AWS Organizations Tag Policies
Pulumi Best Practices
AWS
Azure
Google Cloud
Registry URLs
REST API Docs
Introduction
Access Tokens
API Basics
AI
AI Agents
Audit Logs
Cloud Setup
Data Export
Deployment Runners
Deployments
Environments
Insights Accounts
Invites
Neo
OAuth Token Exchange
OIDC Issuers
Organizations
Policy Groups
Policy Packs
Policy Results
Registry
Registry Preview
Resource Search
Resources Under Management
Schedules
Services
Stack Config
Stack Policy
Stacks
Stack Tags
Stack Updates
Users
VCS Integrations
Webhooks
Miscellaneous
Schema
Property Paths
PulumiPlugin.yaml
Glossary
Support & Troubleshooting
Overview
Getting Support
Filing Issues
FAQ
Overview
Infrastructure FAQ
Secrets & Config FAQ
Policies FAQ
SCIM FAQ
Pulumi Cloud FAQ
Tutorials ↗
Registry ↗
Gads
On this page
On this page
Trademark Usage
Acceptable Use Policy
Terms & Conditions
Privacy Policy
Professional Services Agreement
© Pulumi 2026