chore(pulumi): improve output management notes

examples/pulumi/multi-part cloud-init/index.ts

@@ -35,6 +35,19 @@ export const userData = new cloudinit.Config(
                 filename: "cloud-config.security-updates.yml",
                 mergeType: "dict(recurse_array,no_replace)+list(append)",
             },
+            {
+                contentType: "text/cloud-config",
+                content: yaml.stringify({
+                    package_upgrade: false,
+                    packages: [ "postgresql" ],
+                    runcmd: [
+                        "systemctl daemon-reload",
+                        "systemctl enable --now 'postgres'",
+                    ]
+                }),
+                filename: "cloud-config.postgres.yml",
+                mergeType: "dict(allow_delete,no_replace)+list(append)",
+            },
         ],
     },
 );

knowledge base/pulumi.md

@@ -43,7 +43,7 @@ Projects (and hence stacks) [can be nested][monolith vs micro-stack].
 Target single resources with `-t`, `--target`. Target also those that depend on them with `--target-dependents`.
 
 <details>
-  <summary>Installation</summary>
+  <summary>Setup</summary>
 
 ```sh
 # Install.
@@ -237,6 +237,11 @@ pulumi plugin rm 'resource' 'aws' '6.37.0'
 pulumi plugin rm --all
 
 
+# Use terraform providers.
+# Follow the instructions that come after the provider installation.
+pulumi package add terraform-provider 'planetscale/planetscale'
+
+
 # Run in Docker.
 docker run … -it \
   -v "$(pwd):/pulumi/projects" \
@@ -245,7 +250,7 @@ docker run … -it \
   bash -c "npm ci && pulumi login 's3://bucket/prefix' && pulumi pre --parallel $(nproc) -s 'dev'"
 
 
-# Plans
+# Use Plans.
 # *Experimental* feature at the time of writing.
 # Has issues with apply operations?
 pulumi pre … --save-plan 'plan.json'
@@ -270,21 +275,26 @@ const cluster = new aws.eks.Cluster("cluster", {
 const encryptionKey = aws.kms.getKeyOutput({
   keyId: "00001111-2222-3333-4444-555566667777",
 });
-const clusterServiceRole = new aws.iam.Role("clusterServiceRole", {
+new aws.iam.Role(
-  inlinePolicies: [{
+  "clusterServiceRole",
-    policy: encryptionKey.arn.apply(arn => JSON.stringify({
+  {
-      Version: "2012-10-17",
+    inlinePolicies: [{
-      Statement: [{
+      policy: encryptionKey.arn.apply(
-        Effect: "Allow",
+        keyArn => JSON.stringify({
-        Action: [
+          Version: "2012-10-17",
-          "kms:CreateGrant",
+          Statement: [{
-          "kms:DescribeKey",
+            Effect: "Allow",
-        ],
+            Action: [
-        Resource: arn,
+              "kms:CreateGrant",
-      }],
+              "kms:DescribeKey",
-    })),
+            ],
-  }]
+            Resource: keyArn,
-});
+          }],
+        }),
+      ),
+    }],
+  },
+);
 ```
 
 </details>

snippets/pulumi/run commands after instance creation.ts

@@ -19,12 +19,12 @@ command.local.Command(
     { create: "say 'instance created'" }
 );
 
-instance.privateDns.apply(host => new command.local.Command(
+instance.privateDns.apply(hostIpAddress => new command.local.Command(
     "ansiblePlaybook-ssh",
-    { create: `ansible-playbook -i '${host},' -D 'playbook.yaml'` },
+    { create: `ansible-playbook -i '${hostIpAddress},' -D 'playbook.yaml'` },
 ));
 
-instance.id.apply(id => new command.local.Command(
+instance.id.apply(instanceId => new command.local.Command(
     "ansiblePlaybook-awsSsm",
     {
         create: `
@@ -34,7 +34,7 @@ instance.id.apply(id => new command.local.Command(
                 -e 'ansible_aws_ssm_bucket_name=ssm-bucket'
                 -e 'ansible_aws_ssm_region=eu-west-1'
                 -e 'ansible_remote_tmp=/tmp/.ansible-\${USER}/tmp'
-                -i '${id},'
+                -i '${instanceId},'
                 -D 'playbook.yaml'
         `,
     },