Pulumi Cloud

Infrastructure as Code platform

Pulumi Cloud is the easiest way to use Pulumi open source at scale. It stores infrastructure state and secrets, provides search and clear visibility into all your clouds, runs remote deployments, integrates with CI/CD pipelines, and enforces policies.

Pulumi Service Screenshot

Key capabilities

Manage infrastructure state, secrets, and configuration

  • Store your infrastructure’s state for any cloud in Pulumi’s secure backend, which has built-in scaling, availability, and fault tolerance.

    Allow developers to safely deploy in parallel with concurrent state-locking.

    Audit changes or rollback to previous versions with a complete history of your state.

  • Use built-in secrets management for encrypted data such as credentials or tokens. Store and manage collections of config in Pulumi ESC into environment groupings.

    Your infrastructure state is encrypted in transit and at rest.

    Sensitive configurations (e.g. database passwords, cloud tokens) are stored as secrets.

    Use Pulumi’s secrets manager or integrate with AWS KMS, Azure Key Vault, Google KMS, and HashiCorp Vault.

Increase productivity and collaboration

  • Add teammates to Pulumi so you can work on projects together, ship code collaboratively, and coordinate changes to infrastructure.

    Invite new team members and share projects to collaborate on infrastructure.

    View timelines that show diffs of changed resources and who made the changes.

    Tag stacks for easier filtering and searching.

  • Integrate Pulumi with your software delivery pipeline so that you can version, build, test, and deploy infrastructure code like software.

    Work with existing tools like IDEs, test frameworks, and package managers.

    Integrate your source control system so teams can trace changes back to commits and pull requests.

    Continuously deliver infrastructure through existing pipelines with CI/CD integrations.

    Use event-based webhooks to notify external services like Slack or continuous integration tools.

    Use the Service API to manage stacks, updates, teams, and more.

Build infrastructure automation that scales

  • Run remote infrastructure commands to provision, configure, and destroy cloud resources, all executed in a secure cloud environment.

    Trigger deployments via REST API, click to deploy from Pulumi Cloud’s console, Git Push to Deploy, Remote Automation API, and other programmatic building blocks.

    Use a simple, centralized format for specifying everything needed to deploy your infrastructure stacks.

  • Use the Pulumi Deployments REST API to programmatically trigger deployments for high volume infrastructure automation use cases.

    Call Pulumi’s REST API endpoint to trigger Pulumi commands that run in Pulumi Cloud (e.g., update, destroy, refresh, preview).

    Offload your local Automation API deployment workloads to Pulumi Cloud via the Remote Automation API feature.

View and search all infrastructure from one place

  • View resources deployed in all your clouds, organized in projects and stacks, so that you know what’s running and where.

    View dashboards for quick insights into your infrastructure, such as how many resources are running and who has made changes.

    Tag stacks for easier filtering and searching.

    Jump directly to the cloud console for each resource you’ve deployed with Pulumi.

  • Easily look for resources in a single cloud or across all your clouds with structured queries or natural language search.

    Search for resources by filtering with facets like type, provider, project, and stack.

    Use a structured query syntax or natural language search (coming soon).

    Share queries with your teammates.

Automate infrastructure management across any cloud

  • Generate a Pulumi program and deploy cloud infrastructure in seconds with a few simple text prompts.

    Example Pulumi Copilot prompts:

    “Create a new serverless application on AWS”

    “Configure a Kubernetes cluster with best practices on Azure”

    “Deploy a Cloudflare worker that uses sticky load balancing to distribute traffic to my Google Cloud backend”

  • Pulumi Copilot has access to all of your Pulumi projects and stacks, and can relate those to your live cloud environments.

    Example Pulumi Copilot prompts:

    “What versions of Kubernetes do I currently have deployed?”

    “What AWS account does VPC vpc-04a11 live within?”

    “What environments do we have related to Azure?”

    “Describe the architecture of my www-frontend project.”

  • Pulumi Copilot uses a combination of Pulumi and cloud understanding to discover and reclaim cloud waste.

    Example Pulumi Copilot prompts:

    “What are my least used, most expensive resources?”

    “What are my top 10 most expensive cloud resources?”

    “How much did my cloud costs increase month over month – and what team was responsible for driving them upwards?”

  • Pulumi Copilot leverages knowledge about security best practices by combining Pulumi’s supergraph and cloud skills.

    Example Pulumi Copilot prompts:

    “Do I have any insecure endpoints open to the Internet?”

    “Do any of my S3 buckets have public-read access? If yes, help me make them private.”

    “Do you see any anomalous activity within the past 48 hours?”

  • Pulumi Copilot can access history, logs, and runtime metrics so you can easily get answers about what is failing and why.

    Example Pulumi Copilot prompts:

    “Why did my deployment yesterday fail?”

    “We had an outage Thursday evening around 11pm. Do you understand why?”

    “I can’t access my EC2 instance i-3f8e over the Internet, why?”

Set guardrails and access controls

  • Integrate SSO and your identity provider with Pulumi, set user permissions for each stack, and track user activity with audit logs.

    Single sign-on with any SAML 2.0 identity provider like Azure Active Directory, Google Workspace , Okta, and OneLogin.

    Manage Pulumi access from your central identity provider via SCIM 2.0 integration.

    Set role-based access controls that limit who can access infrastructure.

    Track the activity of users within your organization with audit logs.

  • Set guardrails for developers deploying with Pulumi by creating policy packs that enforce your deployment rules.

    Define Policy as Code rules for security, best practices, and more.

    Assign policy packs that run on specific stacks (e.g., dev/test/staging rules).

    Automatically block deployments that violate your organization’s policies.

The easiest way to use Pulumi open source

Pulumi Cloud is a managed service for Pulumi’s open source CLI and SDK. It tracks your infrastructure’s state and coordinates updates with the CLI, which creates or updates resources to reach your infrastructure’s desired state.

You can also use any cloud or on-premises storage to build and run your own backend.

Pulumi Open Source

Pulumi takes security seriously

Pulumi Cloud runs in an AWS VPC and our architecture follows industry best practices. All network communication is encrypted using TLS and Pulumi’s endpoints are only accessible via HTTPS. Your data is also encrypted at-rest and Pulumi is compliant with SOC 2 Type II.

Pulumi Open Source

Customers innovating with Pulumi Cloud


Developers reduced their time spent on maintenance by 50%.


Increased developers’ agility and speed through platform engineering.


Increased velocity and speed, with deployments that are up to 3x faster.


Enabled developers to deploy across hybrid cloud environments.


Standardized infrastructure architectures with reusable components.


Built a multi-cloud, Kubernetes-based platform to standardize all deployments

Deployment options


Use Pulumi Cloud without worrying about scaling, availability, fault tolerance, and concurrency.


Run Pulumi Cloud in your on-premises or cloud environment and manage it yourself.


Pulumi Cloud offers Editions for Individual, Team, Enterprise, and Business Critical. Support is available on Enterprise and Business Critical. You only pay for what you use, and there are free tiers available.

Get started today

Pulumi is open source and free to get started. Deploy your first stack today.