Meet Neo: Your Newest Platform Engineer.
Try now for free.
Star
Slack
Docs
Registry
Pulumi Neo
Contact Us
Pulumi Cloud
Sign In
Product
Core Product
Platform Overview
Everything platform engineering teams need to build, secure, and scale cloud infrastructure
Pulumi IaC
Infrastructure as code for engineers in Node.js, Python, Go, .NET, Java, and YAML
Key Capabilities
Infrastructure AI
Generative AI-powered intelligent cloud management
Secrets & Configuration
Environments, secrets, and configuration management
Insights & Governance
Asset management, compliance remediation, and AI insights over the cloud
Internal Developer Platform
The fastest, most secure way to deliver cloud infrastructure
For Engineers
Get started
Follow a step-by-step guide to quickly learn Pulumi
Documentation
Complete guides and API references
Registry
Browse 170+ cloud providers and packages
Templates
Deploy common architectures on any cloud
Tutorials
Get hands-on with Pulumi concepts
Events and Workshops
Live sessions and workshops
Community
Join 10k+ developers on Slack
Engineers love Pulumi
Hear from engineers why they love Pulumi
For Enterprises
Enterprise Solutions
Security, compliance, and support for teams
Case Studies
How Snowflake, Mercedes-Benz, and others use Pulumi
Request a Demo
See how Pulumi can help your team
Professional Services
Get expert help with your implementation
Contact Sales
Talk to our team about your needs
Docs
Blog
Pricing
Company
About us
Our purpose and values
Careers
Come work for Pulumi
Newsroom
Pulumi in the news
Awards
Recognition from press and analysts
Product
Core Product
Platform Overview
Infrastructure as Code
Key Capabilities
Infrastructure AI
Secrets & Configuration
Insights & Governance
Internal Developer Platform
For Engineers
Get started
Documentation
Registry
Templates
Tutorials
Events and Workshops
Community
Engineers love Pulumi
For Enterprises
Enterprise Solutions
Case Studies
Request a Demo
Professional Services
Contact sales
Docs
Blog
Pricing
Company
About us
Careers
Newsroom
Awards
Docs Home
Get Started
Get Started with Pulumi
Download & Install Pulumi
Infrastructure as Code
Overview
Get Started
AWS
Overview
Install Pulumi
Configure access
Create project
Deploy
Make an update
Create a component
Cleanup & destroy
Next steps
Azure
Overview
Install Pulumi
Create project
Review project
Deploy stack
Modify program
Deploy changes
Destroy stack
Next steps
Google Cloud
Overview
Install Pulumi
Create project
Review project
Deploy stack
Modify program
Deploy changes
Destroy stack
Next steps
Kubernetes
Overview
Install Pulumi
Create project
Review project
Deploy stack
Modify program
Deploy changes
Destroy stack
Next steps
Terraform Users
Overview
Install and Configure
First Look
Reference Terraform State
Import Terraform Modules
Use Terraform Providers
Convert HCL Code
Orchestrate Together
Next Steps
Concepts
Overview
How Pulumi works
Projects
Overview
Project file reference
Stack settings file reference
Stacks
Configuration
Resources
Overview
Names
Providers
Dynamic providers
Resource options
Overview
additionalSecretOutputs
aliases
customTimeouts
deleteBeforeReplace
deletedWith
dependsOn
hooks
ignoreChanges
import
parent
protect
provider
providers
replaceOnChanges
retainOnDelete
transformations
transforms
version
Inputs & Outputs
Overview
Apply
Property Paths
All
State & backends
Secrets Handling
Functions
Overview
Provider functions
Get functions
Resource methods
Function serialization
Components
Assets & archives
Guides
Basics
Overview
Least Privilege Security
Organizing Projects & Stacks
Update plans
Building & Extending
Overview
Components
Build a Component
Testing Components
Providers
Build a Provider
Pulumi Provider SDK
Packages
Packages
Publishing packages
Local Packages
Schema reference
Using Existing Tools
Use a Terraform Module
Continuous Delivery
Overview
AWS Code Services
ArgoCD
Azure DevOps
Buildkite
Bitbucket Pipelines
CircleCI
Codefresh
GitHub Actions
GitHub App
Harness
GitLab Integration
GitLab CI
Google Cloud Build
Jenkins
Octopus Deploy
Pulumi Kubernetes Operator
Travis CI
Spinnaker
TeamCity
Adding CI/CD support
Migration
Overview
Migrating from...
Terraform
AWS CDK
AWS CloudFormation
Azure Resource Manager
Kubernetes YAML or Helm Charts
Importing Resources
Conversion tools
Testing
Overview
Unit testing
Property testing
Integration testing
AI Integration
MCP server
Languages & SDKs
Overview
TypeScript (Node.js)
Overview
SDK docs ↗
Policy SDK docs ↗
Python
Overview
SDK docs ↗
Policy SDK docs ↗
Blocking & async
C#, F#, VB (.NET)
Overview
SDK docs ↗
Go
Overview
SDK docs ↗
Java
Overview
SDK docs ↗
YAML
Overview
Component Reference
Reference
Clouds
Overview
AWS
Overview
Guides
Overview
API Gateway
AWS CDK
Auto Scaling
CloudWatch
ECR
ECS
EKS
ELB
IAM
Lambda
VPC
More
Index of AWS Services
Azure
Google Cloud
Kubernetes
Overview
Guides
Overview
Playbooks
Control Plane
Worker nodes
Access clusters
Cluster defaults
Access control
Cluster services
App services
Updating worker nodes
Identity
Apps
Managed infra
Pulumi CLI
Overview
Commands
Overview
pulumi
about
cancel
config
console
convert
destroy
env
gen-completion
import
login
logout
logs
new
org
package
plugin
policy
preview
refresh
schema
stack
state
up
version
watch
whoami
Environment variables
Command-line completion
Automation API
Overview
Getting Started
Concepts
Comparisons
Overview
Terraform
Overview
OpenTofu vs. Terraform
Pulumi terminology
Cloud Templates
Overview
AWS CloudFormation
Cloud SDKs
Cloud Template Transpilers
Overview
Pulumi vs AWS Cloud Development Kit (CDK)
Serverless Framework
OpenTofu
Kubernetes YAML
Chef & Puppet
Crossplane
Custom solutions
Deployments & Workflows
Overview
Get Started
Overview
Pulumi Cloud and Open Source Pulumi
Onboarding Guide
Overview
Select the right model
Ways of working
Setting up for success
Migrating to Pulumi
Projects & stacks
Deployments
Overview
Get Started Guides
Overview
New Project Wizard
Pulumi and GitHub CLIs
Using Deployments
Overview
Deployments Settings
Deployment Triggers
Private Git Repositories
Post-Deployment Automation
Cloud Credentials
Deployment Permissions
Customer-managed agents
Drift detection
OIDC Setup
Overview
AWS
Azure
Google Cloud
Review stacks
Time-to-live stacks
Schedules
Security and operations
Vs. Traditional CI/CD
CI/CD assistant
Webhooks
Deploy with Pulumi button
Secrets & Configuration
Overview
Get started
Overview
Before you begin
Create environment
Store and retrieve secrets
Import environments
Use short term cloud credentials
Retrieve secrets from external sources
Integrate with Pulumi IaC
Concepts
Overview
How Pulumi ESC works
Environments
Overview
Working with environments
Importing environments
Versioning
Rotating Secrets
Overview
AWS Lambda Rotation Connector
Database User Setup
Dynamic environment variables
Configuring OIDC
Overview
AWS
Azure
Doppler
Google Cloud
Infisical
Vault
Webhooks
Integrations
Overview
Dynamic Login Credentials
Overview
aws-login
azure-login
doppler-login
gcp-login
gh-login
infisical-login
snowflake-login
vault-login
Dynamic Secrets
Overview
1password-secrets
aws-parameter-store
aws-secrets
azure-secrets
doppler-secrets
gcp-secrets
infisical-secrets
vault-secrets
Rotated Secrets
Overview
aws-iam
mysql
passphrase
password
postgres
snowflake-user
Dev tools
Overview
Direnv
Docker
GitHub
Infrastructure
Overview
Pulumi IaC
Overview
pulumi-stacks
Terraform
Cloudflare
Kubernetes
Overview
External Secrets Operator (ESO)
Kubernetes Cluster Access
Secrets Store CSI Driver
ESC CLI
Overview
Download & Install
Commands
Overview
esc
esc completion
esc env
esc env edit
esc env get
esc env init
esc env ls
esc env rm
esc env set
esc login
esc open
esc run
esc version
Command-line completion
Development
Overview
Automation API
ESC VS Code Extension
Pulumi Service Provider
Languages & SDKs
Overview
TypeScript (Node.js)
Overview
SDK docs ↗
Python
Overview
SDK docs ↗
Go
Overview
SDK docs ↗
Administration
Overview
Access control
Audit Logs
Approvals
Customer Managed Keys
OIDC authentication
Self-Hosting
Comparisons
Overview
HashiCorp Vault
Infisical
Doppler
Insights & Governance
Overview
Get started
Overview
Before you begin
Create Accounts
Manage Accounts and Scans
Using Resource Explorer
Add Policies
Concepts
Overview
How Pulumi Insights Account Discovery works
Discovery
Policy
Overview
Policy as Code
Overview
Get started
Concepts
Policy violations
Policy configuration
Best practices
Pre-Built Packs
AWSGuard
Snyk container scanning
Compliance-ready policies
Overview
Policy manager
AWS Policies
AWS Cloud Control Policies
Azure Policies
Azure Native Policies
GCP Policies
Google Native Policies
Kubernetes Policies
Preventative vs. Audit
Resource search
Visual Import
Data export
Internal Developer Platform
Overview
Get Started
Overview
Before you begin
Private Registry
Workflows
Services
Publishing Components from GitHub Actions
Developer Portals
Overview
Organization templates
New Project Wizard
Pulumi Backstage plugin
Best Practices
Overview
The Four Factors Framework
Patterns
Overview
One ESC environment per service
One ESC environment per team
One ESC environment per lifecycle stage
Composable environments
Multiple workloads on shared infrastructure
Policies as tests
Components using other Components
Validating Component Inputs using Policy functions
Cost control using Components, Policies, and constrained inputs
Security Updates using Components
Infrastructure AI
Overview
Get Started
Tasks
Pull Requests
Previews
Copilot
Administration
Overview
Organizations & Teams
Overview
Accounts
Organizations
Billing managers
Access & Identity
Overview
Role-Based Access Control (RBAC)
Overview
Teams
Roles
Permissions
Scopes
Overview
Environments
Insights accounts
Organization settings
Stacks
Stack permissions
Access tokens
OpenID client
Overview
Github
AWS EKS
Google GKE
SAML(SSO)
Overview
Using SAML
Auth0
Entra ID
OneLogin
Google Workspace
Okta
SCIM
Overview
Entra ID
Okta
OneLogin
ESC Access Control
ESC OIDC Authentication
Security & Compliance
Overview
Audit Logs
Customer Managed Keys
Overview
AWS KMS
ESC Approvals
ESC Audit Logs
ESC Customer Managed Keys
Self-Hosting
Overview
Deployment options
Overview
Docker Compose
ECS
EKS
AKS
GKE
Local-Docker
Bring-your-own infra
Components
Overview
Pulumi API
Pulumi console
OpenSearch cluster
Pulumi Deployments
ESC Self-Hosting
SAML SSO
Network reqs
Air-Gapped
Changelog
Reference
Overview
CLI
Pulumi CLI
ESC CLI
SDKs
TypeScript (Node.js) ↗
Python ↗
Go ↗
.NET ↗
Java ↗
TypeScript Policy SDK ↗
Python Policy SDK ↗
Environment Definition Reference
Overview
Top-Level Keys
Overview
imports
values
Interpolations and References
Built-in Functions
Overview
fn::concat
fn::fromBase64
fn::fromJSON
fn::join
fn::open
fn::rotate
fn::secret
fn::toBase64
fn::toJSON
fn::toString
Built-in Properties
Overview
context
environments
imports
Providers
Rotators
Reserved Properties
Overview
environmentVariables
files
pulumiConfig
Sample Environment Definition
Pulumi Cloud REST API
Overview
API Basics
Audit Logs
Copilot
Data Export
Deployment Runners
Deployments
Neo
Environments
Insights Accounts
OAuth Token Exchange
OIDC Issuers
Organizations
Personal Access Tokens
Policy Groups
Policy Packs
Policy Results
Registry
Resource Search
Resources Under Management
Schedules
Services
Stack Config
Stack Policy
Stack Tags
Stack Updates
Stacks
Webhooks
Registry ↗
Tutorials ↗
Support
Overview
Troubleshooting
Overview
CI/CD
Common Issues
Overview
Update Conflicts
Server Errors
Post-Step Event Errors
Connection Issues
Destroy Failures
Interrupted Updates
Editing state Files
Debugging
Overview
Logging
Attaching a Debugger
Performance and Tracing
Debugging providers
FAQ
Overview
Infrastructure FAQ
Secrets & Config FAQ
Policies FAQ
SCIM FAQ
Pulumi Cloud FAQ
Cloud Partners
On this page
On this page
Sign up for our newsletter
Trademark Usage
Acceptable Use Policy
Terms & Conditions
Privacy Policy
Professional Services Agreement
© Pulumi 2025