Serverless React + Postgres

Ship a small full-stack web app in one `pulumi up`, with a React UI, a serverless backend, and a managed PostgreSQL database the backend queries. Scale-to-zero compute where the cloud supports it, and no CORS setup in the browser.

Step 1 of 1

Choose cloud

Choose an option to continue.

Frequently asked questions

Do I need the Pulumi landing-zone stack first?
Yes. This blueprint reads the landing-zone networkId, privateSubnetIds, and secretsStore outputs through a StackReference so the database lives on the shared private network and the function secret lands under your cloud’s central secret store. Deploy the landing-zone family in the same cloud account first, then pulumi config set landingZoneStack <your-org>/landing-zone/dev.
Why a SPA plus API instead of server-side rendering?
Pure FaaS (Lambda, Azure Functions, Cloud Run functions) is a natural fit for JSON-returning handlers but awkward for SSR because streaming responses and adapter shims vary per cloud. Splitting the app into a static bundle plus one JSON endpoint keeps the backend trivial and lets the CDN cache the SPA.
Does this scale to zero?
The function scales to zero on all three clouds. The database tier varies - Aurora Serverless v2 on AWS can scale to 0 ACUs, so idle cost is storage plus backups only. Azure Database for PostgreSQL Flexible Server and Cloud SQL for PostgreSQL keep a minimum compute tier running; the blueprint picks the cheapest Burstable / db-f1-micro size and the cost + cleanup section shows how to stop the server manually.
How is the database password stored?
Pulumi generates a random.RandomPassword during pulumi up, writes it into {{secret_service}} under the landing-zone’s secrets-store scope, and injects the secret value into the function at cold start. The password never appears in stack outputs or in state files; pulumi config keeps the secret handle, not the value.
How do I add more API routes?
Edit api/src/handler.ts. The blueprint ships a one-route router for GET /api/random; add more case arms for new paths, run npm run build in api/, and rerun pulumi up. The Pulumi program repackages the bundle and redeploys the function.
How is the SPA bundled?
The website/ folder is a Vite + React project. Run npm install and npm run build in website/ before pulumi up; the Pulumi program uploads the built website/dist/ directory to the object-storage bucket and invalidates the CDN. If you want to test the SPA against the deployed API first, run npm run dev and point Vite at the Pulumi-exported apiUrl.
Can I use this without the landing-zone stack?
Yes, but you have to replace the StackReference block in the entrypoint with the network id, private subnets, and a secret-store scope you already control. The blueprint assumes the landing-zone values exist so the DB can land in a private subnet and the function can reach it through the cloud’s VPC integration.
What does this cost?
Idle cost on AWS is approximately storage plus the Aurora Serverless v2 minimum if ACUs are paused, plus the CloudFront distribution. Azure and GCP keep a small DB compute tier running continuously, so expect a low-double-digit monthly baseline even at zero traffic. pulumi destroy tears the whole stack down when you are done.