diff --git a/knowledge base/pulumi.md b/knowledge base/pulumi.md index 5377ae1..b138cf6 100644 --- a/knowledge base/pulumi.md +++ b/knowledge base/pulumi.md @@ -5,7 +5,9 @@ 1. [Program](#program) 1. [Ignore changes](#ignore-changes) 1. [Delete before replacing](#delete-before-replacing) + 1. [Assign tags to resources by default](#assign-tags-to-resources-by-default) 1. [Outputs](#outputs) + 1. [Policy enforcement](#policy-enforcement) 1. [Stack](#stack) 1. [Monolith vs micro-stack](#monolith-vs-micro-stack) 1. [State](#state) @@ -416,10 +418,50 @@ const cluster = new aws.eks.Cluster("cluster", { If a resource is assigned a static name, the `deleteBeforeReplace` option _should be_ implicitly enabled. +### Assign tags to resources by default + +Read [Assigning tags by default on AWS with Pulumi] first to get an idea of pros and cons of the options, then pick one: + +1. Assign the tags to the default provider in the stack's configuration file (`Pulumi.{stackName}.yaml`): + + ```yaml + config: + aws:defaultTags: + tags: + ManagedBy: "Pulumi", + Owner: "user@company.com", + Team: "Infra", + ``` + +1. Create a provider with the wanted tags defined in it, then explicitly use that provider for all the resources + involved: + + ```ts + const provider = new aws.Provider("provider", { + defaultTags: { + tags: { + ManagedBy: "Pulumi", + Owner: "user@company.com", + Team: "Infra", + }, + }, + }); + const fargateProfile = new aws.eks.FargateProfile("fargateProfile", { + … + }, { + provider: provider, + … + }); + ``` + ### Outputs TODO +### Policy enforcement + +TODO: [Automatically Enforcing AWS Resource Tagging Policies], [Get started with Pulumi policy as code] + ## Stack Refer to [stacks] for more and updated information. @@ -491,8 +533,24 @@ const nested = new pulumi.StackReference("organization/nested/dev"); const eks = nested.getOutput("eks"); ``` -> All involved stacks must be stored in the same backend for them to be able to find the correct [stack references].
-> See [backend]. +All involved stacks must be stored in the same backend for them to be able to find the correct [stack references]: + +```txt +$ # Only showing files of interest +$ tree +root/ +├── infra/ +│ ├── Pulumi.yaml ───> backend.url: "file://.." +│ └── index.ts ───> export const eks = eks_cluster; +├── app/ +│ ├── Pulumi.yaml ───> backend.url: "file://.." +│ └── index.ts ───> const infraStack = new pulumi.StackReference(`organization/infra/${env}`); +│ └──> const eks = infraStack.getOutput("eks"); +└── .pulumi/ + └── stacks/ + ├── infra/… + └── app/… +``` ### State @@ -579,25 +637,6 @@ $ aws s3 ls --recursive s3://organization-backend/prefix/ 2024-03-19 17:21:28 2584430 prefix/.pulumi/stacks/test/dev.json.bak ``` -All involved stacks must be stored in the same backend for them to be able to find the correct [stack references]: - -```txt -$ # Only showing files of interest -$ tree -root/ -├── infra/ -│ ├── Pulumi.yaml ───> backend.url: "file://.." -│ └── index.ts ───> export const eks = eks_cluster; -├── app/ -│ ├── Pulumi.yaml ───> backend.url: "file://.." -│ └── index.ts ───> const infraStack = new pulumi.StackReference(`organization/infra/${env}`); -│ └──> const eks = infraStack.getOutput("eks"); -└── .pulumi/ - └── stacks/ - ├── infra/… - └── app/… -``` - ### Migrate to different backends 1. Get to the current backend: @@ -659,6 +698,8 @@ root/ - [State] - [Assigning tags by default on AWS with Pulumi] - [Organizing Pulumi projects & stacks] +- [Automatically Enforcing AWS Resource Tagging Policies] +- [Get started with Pulumi policy as code] +[automatically enforcing aws resource tagging policies]: https://www.pulumi.com/blog/automatically-enforcing-aws-resource-tagging-policies/ [blog]: https://www.pulumi.com/blog [code examples]: https://github.com/pulumi/examples [deletebeforereplace]: https://www.pulumi.com/docs/concepts/options/deletebeforereplace/ [documentation]: https://www.pulumi.com/docs/ +[get started with pulumi policy as code]: https://www.pulumi.com/docs/using-pulumi/crossguard/get-started/ [ignorechanges]: https://www.pulumi.com/docs/concepts/options/ignorechanges/ [organizing pulumi projects & stacks]: https://www.pulumi.com/docs/using-pulumi/organizing-projects-stacks/ [projects]: https://www.pulumi.com/docs/concepts/projects/