Pulumi Reference
CLI Commands
# Create new project
pulumi new aws-typescript
pulumi new gcp-python
pulumi new azure-go
# Stack management
pulumi stack init dev
pulumi stack init production
pulumi stack ls
pulumi stack select production
pulumi stack rm dev --force
# Preview and deploy
pulumi preview # show planned changes
pulumi up # deploy changes
pulumi up --yes # auto-approve
pulumi up --diff # show full diff
# Destroy
pulumi destroy
pulumi destroy --target urn:pulumi:prod::myapp::aws:s3/bucket:Bucket::my-bucket
# Refresh state
pulumi refresh
# Import existing resource
pulumi import aws:s3/bucket:Bucket my-bucket my-bucket-name
Config & Secrets
# Set config values
pulumi config set aws:region us-east-1
pulumi config set appVersion 2.1.0
pulumi config set --secret dbPassword SuperSecure123!
# Get config
pulumi config get aws:region
pulumi config get --show-secrets dbPassword
# List all config
pulumi config
# Use in code (TypeScript)
import * as pulumi from "@pulumi/pulumi";
const config = new pulumi.Config();
const region = config.require("aws:region");
const dbPassword = config.requireSecret("dbPassword"); // Output<string>
const appVersion = config.get("appVersion") ?? "latest";
# Use in code (Python)
import pulumi
config = pulumi.Config()
region = config.require("region")
db_password = config.require_secret("dbPassword") # Output[str]
TypeScript Example
// index.ts
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const config = new pulumi.Config();
const env = pulumi.getStack();
// S3 bucket
const bucket = new aws.s3.Bucket("my-bucket", {
bucket: `my-app-${env}`,
versioning: { enabled: true },
tags: {
Environment: env,
ManagedBy: "pulumi",
},
});
// Lambda function
const role = new aws.iam.Role("lambda-role", {
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({
Service: "lambda.amazonaws.com",
}),
});
const fn = new aws.lambda.Function("my-function", {
runtime: aws.lambda.Runtime.NodeJS20dX,
code: new pulumi.asset.AssetArchive({
".": new pulumi.asset.FileArchive("./dist"),
}),
handler: "index.handler",
role: role.arn,
environment: {
variables: {
BUCKET_NAME: bucket.bucket,
ENVIRONMENT: env,
},
},
});
export const bucketName = bucket.bucket;
export const functionArn = fn.arn;
Python Example
"""A Python Pulumi program"""
import pulumi
import pulumi_aws as aws
import pulumi_gcp as gcp
env = pulumi.get_stack()
# GCS bucket
bucket = gcp.storage.Bucket(
"my-bucket",
location="US",
versioning=gcp.storage.BucketVersioningArgs(enabled=True),
labels={"environment": env, "managed_by": "pulumi"},
)
# Cloud Run service
service = gcp.cloudrunv2.Service(
"my-service",
location="us-central1",
template=gcp.cloudrunv2.ServiceTemplateArgs(
containers=[
gcp.cloudrunv2.ServiceTemplateContainerArgs(
image="gcr.io/my-project/my-app:latest",
resources=gcp.cloudrunv2.ServiceTemplateContainerResourcesArgs(
limits={"cpu": "1", "memory": "512Mi"},
),
envs=[
gcp.cloudrunv2.ServiceTemplateContainerEnvArgs(
name="BUCKET_NAME",
value=bucket.name,
)
],
)
],
),
)
pulumi.export("bucket_url", bucket.url)
pulumi.export("service_url", service.uri)
Component Resources & Stack References
// Component resource (reusable)
class WebApp extends pulumi.ComponentResource {
public readonly url: pulumi.Output<string>;
constructor(name: string, args: WebAppArgs, opts?: pulumi.ComponentResourceOptions) {
super("myorg:web:WebApp", name, {}, opts);
const bucket = new aws.s3.Bucket(`${name}-bucket`, {}, { parent: this });
const distribution = new aws.cloudfront.Distribution(`${name}-cdn`, {
// ... config using bucket
}, { parent: this });
this.url = distribution.domainName;
this.registerOutputs({ url: this.url });
}
}
// Use component
const app = new WebApp("production", { ... });
export const appUrl = app.url;
// Stack references (cross-stack)
const networkStack = new pulumi.StackReference("my-org/network/production");
const vpcId = networkStack.getOutput("vpcId");
const subnetIds = networkStack.getOutput("subnetIds");