1. Packages
  2. AWS Native
  3. API Docs
  4. iot
  5. DomainConfiguration

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi

aws-native.iot.DomainConfiguration

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi

    Create and manage a Domain Configuration

    Create DomainConfiguration Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DomainConfiguration(name: string, args?: DomainConfigurationArgs, opts?: CustomResourceOptions);
    @overload
    def DomainConfiguration(resource_name: str,
                            args: Optional[DomainConfigurationArgs] = None,
                            opts: Optional[ResourceOptions] = None)
    
    @overload
    def DomainConfiguration(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            authorizer_config: Optional[DomainConfigurationAuthorizerConfigArgs] = None,
                            domain_configuration_name: Optional[str] = None,
                            domain_configuration_status: Optional[DomainConfigurationStatus] = None,
                            domain_name: Optional[str] = None,
                            server_certificate_arns: Optional[Sequence[str]] = None,
                            server_certificate_config: Optional[DomainConfigurationServerCertificateConfigArgs] = None,
                            service_type: Optional[DomainConfigurationServiceType] = None,
                            tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
                            tls_config: Optional[DomainConfigurationTlsConfigArgs] = None,
                            validation_certificate_arn: Optional[str] = None)
    func NewDomainConfiguration(ctx *Context, name string, args *DomainConfigurationArgs, opts ...ResourceOption) (*DomainConfiguration, error)
    public DomainConfiguration(string name, DomainConfigurationArgs? args = null, CustomResourceOptions? opts = null)
    public DomainConfiguration(String name, DomainConfigurationArgs args)
    public DomainConfiguration(String name, DomainConfigurationArgs args, CustomResourceOptions options)
    
    type: aws-native:iot:DomainConfiguration
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DomainConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DomainConfigurationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DomainConfigurationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DomainConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DomainConfigurationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    const domainConfigurationResource = new aws_native.iot.DomainConfiguration("domainConfigurationResource", {
        authorizerConfig: {
            allowAuthorizerOverride: false,
            defaultAuthorizerName: "string",
        },
        domainConfigurationName: "string",
        domainConfigurationStatus: aws_native.iot.DomainConfigurationStatus.Enabled,
        domainName: "string",
        serverCertificateArns: ["string"],
        serverCertificateConfig: {
            enableOcspCheck: false,
        },
        serviceType: aws_native.iot.DomainConfigurationServiceType.Data,
        tags: [{
            key: "string",
            value: "string",
        }],
        tlsConfig: {
            securityPolicy: "string",
        },
        validationCertificateArn: "string",
    });
    
    Coming soon!
    

    DomainConfiguration Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The DomainConfiguration resource accepts the following input properties:

    AuthorizerConfig Pulumi.AwsNative.IoT.Inputs.DomainConfigurationAuthorizerConfig
    An object that specifies the authorization service for a domain.
    DomainConfigurationName string
    The name of the domain configuration. This value must be unique to a region.
    DomainConfigurationStatus Pulumi.AwsNative.IoT.DomainConfigurationStatus

    The status to which the domain configuration should be updated.

    Valid values: ENABLED | DISABLED

    DomainName string
    The name of the domain.
    ServerCertificateArns List<string>
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    ServerCertificateConfig Pulumi.AwsNative.IoT.Inputs.DomainConfigurationServerCertificateConfig

    The server certificate configuration.

    For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.

    ServiceType Pulumi.AwsNative.IoT.DomainConfigurationServiceType

    The type of service delivered by the endpoint.

    AWS IoT Core currently supports only the DATA service type.

    Tags List<Pulumi.AwsNative.Inputs.Tag>

    Metadata which can be used to manage the domain configuration.

    For URI Request parameters use format: ...key1=value1&key2=value2...

    For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

    For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

    TlsConfig Pulumi.AwsNative.IoT.Inputs.DomainConfigurationTlsConfig
    An object that specifies the TLS configuration for a domain.
    ValidationCertificateArn string
    The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS -managed domains.
    AuthorizerConfig DomainConfigurationAuthorizerConfigArgs
    An object that specifies the authorization service for a domain.
    DomainConfigurationName string
    The name of the domain configuration. This value must be unique to a region.
    DomainConfigurationStatus DomainConfigurationStatus

    The status to which the domain configuration should be updated.

    Valid values: ENABLED | DISABLED

    DomainName string
    The name of the domain.
    ServerCertificateArns []string
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    ServerCertificateConfig DomainConfigurationServerCertificateConfigArgs

    The server certificate configuration.

    For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.

    ServiceType DomainConfigurationServiceType

    The type of service delivered by the endpoint.

    AWS IoT Core currently supports only the DATA service type.

    Tags TagArgs

    Metadata which can be used to manage the domain configuration.

    For URI Request parameters use format: ...key1=value1&key2=value2...

    For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

    For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

    TlsConfig DomainConfigurationTlsConfigArgs
    An object that specifies the TLS configuration for a domain.
    ValidationCertificateArn string
    The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS -managed domains.
    authorizerConfig DomainConfigurationAuthorizerConfig
    An object that specifies the authorization service for a domain.
    domainConfigurationName String
    The name of the domain configuration. This value must be unique to a region.
    domainConfigurationStatus DomainConfigurationStatus

    The status to which the domain configuration should be updated.

    Valid values: ENABLED | DISABLED

    domainName String
    The name of the domain.
    serverCertificateArns List<String>
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    serverCertificateConfig DomainConfigurationServerCertificateConfig

    The server certificate configuration.

    For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.

    serviceType DomainConfigurationServiceType

    The type of service delivered by the endpoint.

    AWS IoT Core currently supports only the DATA service type.

    tags List<Tag>

    Metadata which can be used to manage the domain configuration.

    For URI Request parameters use format: ...key1=value1&key2=value2...

    For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

    For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

    tlsConfig DomainConfigurationTlsConfig
    An object that specifies the TLS configuration for a domain.
    validationCertificateArn String
    The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS -managed domains.
    authorizerConfig DomainConfigurationAuthorizerConfig
    An object that specifies the authorization service for a domain.
    domainConfigurationName string
    The name of the domain configuration. This value must be unique to a region.
    domainConfigurationStatus DomainConfigurationStatus

    The status to which the domain configuration should be updated.

    Valid values: ENABLED | DISABLED

    domainName string
    The name of the domain.
    serverCertificateArns string[]
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    serverCertificateConfig DomainConfigurationServerCertificateConfig

    The server certificate configuration.

    For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.

    serviceType DomainConfigurationServiceType

    The type of service delivered by the endpoint.

    AWS IoT Core currently supports only the DATA service type.

    tags Tag[]

    Metadata which can be used to manage the domain configuration.

    For URI Request parameters use format: ...key1=value1&key2=value2...

    For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

    For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

    tlsConfig DomainConfigurationTlsConfig
    An object that specifies the TLS configuration for a domain.
    validationCertificateArn string
    The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS -managed domains.
    authorizer_config DomainConfigurationAuthorizerConfigArgs
    An object that specifies the authorization service for a domain.
    domain_configuration_name str
    The name of the domain configuration. This value must be unique to a region.
    domain_configuration_status DomainConfigurationStatus

    The status to which the domain configuration should be updated.

    Valid values: ENABLED | DISABLED

    domain_name str
    The name of the domain.
    server_certificate_arns Sequence[str]
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    server_certificate_config DomainConfigurationServerCertificateConfigArgs

    The server certificate configuration.

    For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.

    service_type DomainConfigurationServiceType

    The type of service delivered by the endpoint.

    AWS IoT Core currently supports only the DATA service type.

    tags Sequence[TagArgs]

    Metadata which can be used to manage the domain configuration.

    For URI Request parameters use format: ...key1=value1&key2=value2...

    For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

    For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

    tls_config DomainConfigurationTlsConfigArgs
    An object that specifies the TLS configuration for a domain.
    validation_certificate_arn str
    The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS -managed domains.
    authorizerConfig Property Map
    An object that specifies the authorization service for a domain.
    domainConfigurationName String
    The name of the domain configuration. This value must be unique to a region.
    domainConfigurationStatus "ENABLED" | "DISABLED"

    The status to which the domain configuration should be updated.

    Valid values: ENABLED | DISABLED

    domainName String
    The name of the domain.
    serverCertificateArns List<String>
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    serverCertificateConfig Property Map

    The server certificate configuration.

    For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.

    serviceType "DATA" | "CREDENTIAL_PROVIDER" | "JOBS"

    The type of service delivered by the endpoint.

    AWS IoT Core currently supports only the DATA service type.

    tags List<Property Map>

    Metadata which can be used to manage the domain configuration.

    For URI Request parameters use format: ...key1=value1&key2=value2...

    For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

    For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

    tlsConfig Property Map
    An object that specifies the TLS configuration for a domain.
    validationCertificateArn String
    The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS -managed domains.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DomainConfiguration resource produces the following output properties:

    Arn string
    The Amazon Resource Name (ARN) of the domain configuration.
    DomainType Pulumi.AwsNative.IoT.DomainConfigurationDomainType
    The type of service delivered by the domain.
    Id string
    The provider-assigned unique ID for this managed resource.
    ServerCertificates List<Pulumi.AwsNative.IoT.Outputs.DomainConfigurationServerCertificateSummary>
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    Arn string
    The Amazon Resource Name (ARN) of the domain configuration.
    DomainType DomainConfigurationDomainType
    The type of service delivered by the domain.
    Id string
    The provider-assigned unique ID for this managed resource.
    ServerCertificates []DomainConfigurationServerCertificateSummary
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    arn String
    The Amazon Resource Name (ARN) of the domain configuration.
    domainType DomainConfigurationDomainType
    The type of service delivered by the domain.
    id String
    The provider-assigned unique ID for this managed resource.
    serverCertificates List<DomainConfigurationServerCertificateSummary>
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    arn string
    The Amazon Resource Name (ARN) of the domain configuration.
    domainType DomainConfigurationDomainType
    The type of service delivered by the domain.
    id string
    The provider-assigned unique ID for this managed resource.
    serverCertificates DomainConfigurationServerCertificateSummary[]
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    arn str
    The Amazon Resource Name (ARN) of the domain configuration.
    domain_type DomainConfigurationDomainType
    The type of service delivered by the domain.
    id str
    The provider-assigned unique ID for this managed resource.
    server_certificates Sequence[DomainConfigurationServerCertificateSummary]
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
    arn String
    The Amazon Resource Name (ARN) of the domain configuration.
    domainType "ENDPOINT" | "AWS_MANAGED" | "CUSTOMER_MANAGED"
    The type of service delivered by the domain.
    id String
    The provider-assigned unique ID for this managed resource.
    serverCertificates List<Property Map>
    The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.

    Supporting Types

    DomainConfigurationAuthorizerConfig, DomainConfigurationAuthorizerConfigArgs

    AllowAuthorizerOverride bool
    A Boolean that specifies whether the domain configuration's authorization service can be overridden.
    DefaultAuthorizerName string
    The name of the authorization service for a domain configuration.
    AllowAuthorizerOverride bool
    A Boolean that specifies whether the domain configuration's authorization service can be overridden.
    DefaultAuthorizerName string
    The name of the authorization service for a domain configuration.
    allowAuthorizerOverride Boolean
    A Boolean that specifies whether the domain configuration's authorization service can be overridden.
    defaultAuthorizerName String
    The name of the authorization service for a domain configuration.
    allowAuthorizerOverride boolean
    A Boolean that specifies whether the domain configuration's authorization service can be overridden.
    defaultAuthorizerName string
    The name of the authorization service for a domain configuration.
    allow_authorizer_override bool
    A Boolean that specifies whether the domain configuration's authorization service can be overridden.
    default_authorizer_name str
    The name of the authorization service for a domain configuration.
    allowAuthorizerOverride Boolean
    A Boolean that specifies whether the domain configuration's authorization service can be overridden.
    defaultAuthorizerName String
    The name of the authorization service for a domain configuration.

    DomainConfigurationDomainType, DomainConfigurationDomainTypeArgs

    Endpoint
    ENDPOINT
    AwsManaged
    AWS_MANAGED
    CustomerManaged
    CUSTOMER_MANAGED
    DomainConfigurationDomainTypeEndpoint
    ENDPOINT
    DomainConfigurationDomainTypeAwsManaged
    AWS_MANAGED
    DomainConfigurationDomainTypeCustomerManaged
    CUSTOMER_MANAGED
    Endpoint
    ENDPOINT
    AwsManaged
    AWS_MANAGED
    CustomerManaged
    CUSTOMER_MANAGED
    Endpoint
    ENDPOINT
    AwsManaged
    AWS_MANAGED
    CustomerManaged
    CUSTOMER_MANAGED
    ENDPOINT
    ENDPOINT
    AWS_MANAGED
    AWS_MANAGED
    CUSTOMER_MANAGED
    CUSTOMER_MANAGED
    "ENDPOINT"
    ENDPOINT
    "AWS_MANAGED"
    AWS_MANAGED
    "CUSTOMER_MANAGED"
    CUSTOMER_MANAGED

    DomainConfigurationServerCertificateConfig, DomainConfigurationServerCertificateConfigArgs

    EnableOcspCheck bool
    A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not. For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.
    EnableOcspCheck bool
    A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not. For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.
    enableOcspCheck Boolean
    A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not. For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.
    enableOcspCheck boolean
    A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not. For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.
    enable_ocsp_check bool
    A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not. For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.
    enableOcspCheck Boolean
    A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not. For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.

    DomainConfigurationServerCertificateSummary, DomainConfigurationServerCertificateSummaryArgs

    ServerCertificateArn string
    The ARN of the server certificate.
    ServerCertificateStatus Pulumi.AwsNative.IoT.DomainConfigurationServerCertificateSummaryServerCertificateStatus
    The status of the server certificate.
    ServerCertificateStatusDetail string
    Details that explain the status of the server certificate.
    ServerCertificateArn string
    The ARN of the server certificate.
    ServerCertificateStatus DomainConfigurationServerCertificateSummaryServerCertificateStatus
    The status of the server certificate.
    ServerCertificateStatusDetail string
    Details that explain the status of the server certificate.
    serverCertificateArn String
    The ARN of the server certificate.
    serverCertificateStatus DomainConfigurationServerCertificateSummaryServerCertificateStatus
    The status of the server certificate.
    serverCertificateStatusDetail String
    Details that explain the status of the server certificate.
    serverCertificateArn string
    The ARN of the server certificate.
    serverCertificateStatus DomainConfigurationServerCertificateSummaryServerCertificateStatus
    The status of the server certificate.
    serverCertificateStatusDetail string
    Details that explain the status of the server certificate.
    server_certificate_arn str
    The ARN of the server certificate.
    server_certificate_status DomainConfigurationServerCertificateSummaryServerCertificateStatus
    The status of the server certificate.
    server_certificate_status_detail str
    Details that explain the status of the server certificate.
    serverCertificateArn String
    The ARN of the server certificate.
    serverCertificateStatus "INVALID" | "VALID"
    The status of the server certificate.
    serverCertificateStatusDetail String
    Details that explain the status of the server certificate.

    DomainConfigurationServerCertificateSummaryServerCertificateStatus, DomainConfigurationServerCertificateSummaryServerCertificateStatusArgs

    Invalid
    INVALID
    Valid
    VALID
    DomainConfigurationServerCertificateSummaryServerCertificateStatusInvalid
    INVALID
    DomainConfigurationServerCertificateSummaryServerCertificateStatusValid
    VALID
    Invalid
    INVALID
    Valid
    VALID
    Invalid
    INVALID
    Valid
    VALID
    INVALID
    INVALID
    VALID
    VALID
    "INVALID"
    INVALID
    "VALID"
    VALID

    DomainConfigurationServiceType, DomainConfigurationServiceTypeArgs

    Data
    DATA
    CredentialProvider
    CREDENTIAL_PROVIDER
    Jobs
    JOBS
    DomainConfigurationServiceTypeData
    DATA
    DomainConfigurationServiceTypeCredentialProvider
    CREDENTIAL_PROVIDER
    DomainConfigurationServiceTypeJobs
    JOBS
    Data
    DATA
    CredentialProvider
    CREDENTIAL_PROVIDER
    Jobs
    JOBS
    Data
    DATA
    CredentialProvider
    CREDENTIAL_PROVIDER
    Jobs
    JOBS
    DATA
    DATA
    CREDENTIAL_PROVIDER
    CREDENTIAL_PROVIDER
    JOBS
    JOBS
    "DATA"
    DATA
    "CREDENTIAL_PROVIDER"
    CREDENTIAL_PROVIDER
    "JOBS"
    JOBS

    DomainConfigurationStatus, DomainConfigurationStatusArgs

    Enabled
    ENABLED
    Disabled
    DISABLED
    DomainConfigurationStatusEnabled
    ENABLED
    DomainConfigurationStatusDisabled
    DISABLED
    Enabled
    ENABLED
    Disabled
    DISABLED
    Enabled
    ENABLED
    Disabled
    DISABLED
    ENABLED
    ENABLED
    DISABLED
    DISABLED
    "ENABLED"
    ENABLED
    "DISABLED"
    DISABLED

    DomainConfigurationTlsConfig, DomainConfigurationTlsConfigArgs

    SecurityPolicy string
    The security policy for a domain configuration. For more information, see Security policies in the AWS IoT Core developer guide .
    SecurityPolicy string
    The security policy for a domain configuration. For more information, see Security policies in the AWS IoT Core developer guide .
    securityPolicy String
    The security policy for a domain configuration. For more information, see Security policies in the AWS IoT Core developer guide .
    securityPolicy string
    The security policy for a domain configuration. For more information, see Security policies in the AWS IoT Core developer guide .
    security_policy str
    The security policy for a domain configuration. For more information, see Security policies in the AWS IoT Core developer guide .
    securityPolicy String
    The security policy for a domain configuration. For more information, see Security policies in the AWS IoT Core developer guide .

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi