diff --git a/snippets/pulumi/aws/add roles to rds instances.ts b/snippets/pulumi/aws/add roles to rds instances.ts
new file mode 100644
index 0000000..d7656f3
--- /dev/null
+++ b/snippets/pulumi/aws/add roles to rds instances.ts	
@@ -0,0 +1,25 @@
+import * as aws from "@pulumi/aws";
+import * as postgresql from "@pulumi/postgresql";
+import * as pulumi from "@pulumi/pulumi";
+
+const config = new pulumi.Config();
+const rdsInstance_output = aws.rds.getInstanceOutput({dbInstanceIdentifier: "pikachu-zambia-staging"});
+
+const rdsInstance_postgresqlProvider = new postgresql.Provider(
+    "rdsInstance", {
+        host: rdsInstance_output.address,
+        port: rdsInstance_output.port,
+        databaseUsername: rdsInstance_output.masterUsername,
+        database: rdsInstance_output.dbName,
+        password: config.requireSecret("rdsInstance_masterPassword"),
+    },
+);
+
+const engineering_postgresqlRole = new postgresql.Role(
+    "engineering",
+    {
+        name: "engineering",
+        inherit: true,  // required as it will be used by human users
+    },
+    { provider: rdsInstance_postgresqlProvider },
+);
diff --git a/snippets/pulumi/get kubeconfig file from existing eks cluster.ts b/snippets/pulumi/aws/get kubeconfig file from existing eks cluster.ts
similarity index 100%
rename from snippets/pulumi/get kubeconfig file from existing eks cluster.ts
rename to snippets/pulumi/aws/get kubeconfig file from existing eks cluster.ts
diff --git a/snippets/pulumi/run commands after instance creation.ts b/snippets/pulumi/aws/run commands after instance creation.ts
similarity index 78%
rename from snippets/pulumi/run commands after instance creation.ts
rename to snippets/pulumi/aws/run commands after instance creation.ts
index 7cfbfc9..bcc66f5 100644
--- a/snippets/pulumi/run commands after instance creation.ts	
+++ b/snippets/pulumi/aws/run commands after instance creation.ts	
@@ -9,22 +9,24 @@
 import * as aws from "@pulumi/aws";
 import * as command from "@pulumi/command";
 
-const instance = new aws.ec2.Instance(
-    "instance",
-    { … }
-);
+const instance_output = new aws.ec2.getInstanceOutput({
+    filters: [{
+        name: "tag:Name",
+        values: [ "instance-name-tag" ],
+    }],
+});
 
 command.local.Command(
     "notify",
     { create: "say 'instance created'" }
 );
 
-instance.privateDns.apply(hostIpAddress => new command.local.Command(
+instance_output.privateDns.apply(hostIpAddress => new command.local.Command(
     "ansiblePlaybook-ssh",
     { create: `ansible-playbook -i '${hostIpAddress},' -D 'playbook.yaml'` },
 ));
 
-instance.id.apply(instanceId => new command.local.Command(
+instance_output.id.apply(instanceId => new command.local.Command(
     "ansiblePlaybook-awsSsm",
     {
         create: `