Tech Talk: Pulumi
In this tech talk, you will follow along as our IT experts discuss the Pulumi Infrastructure as Code SDK and how it can be used for deployments to any cloud platform using various programming languages. You will learn about the ins and outs of the Pulumi service, how and when to use it, and how it compares with other infrastructure as code tools.
If you have any feedback relating to this tech talk, feel free to get in touch with us at firstname.lastname@example.org.
- Obtain a foundational understanding of Pulumi
- Learn how to use the service to deploy infrastructure to the cloud
- Understand the differences between Pulumi and Terraform
This course is intended for IT professionals or anyone considering using Pulumi to deploy and manage their infrastructure in the cloud.
- Familiarity with the concept of infrastructure as code
- [Man] So with the Pulumi cloud package, is that always targeting AWS? Or how does it know it's going to AWS?
- [Andy] That's a good question. I can configure it. Yes, there's configure option. Yeah, it's a really good question. I definitely definitely it's, well AWS is definitely the most the best supported cloud as alignment say, I think stuff like this wouldn't necessarily work as well with PCP.
- [Man 1] Okay.
- Thanks for the talk, Andy. Coming into it I thought that I was more of a competitor to Terraform but it seems like they have the strategy to sort of work with Terraform more so than trying to upend it. So like you said earlier more of an evolution than a revolution. Yeah. Interesting strategy that they had. To me, it sounds more like AWS's CDK where they're putting infrastructure more into code. But I'd like to see what Luke thinks about it given he's our resident Terraform expert.
- Yeah, I agree. The, a lot of the Terraform doing a lot of the logical complexities is pretty muddled. That's why a lot of people up use Terragram, a lot of that logic. But yeah, I think it's pretty slick that it works well with Terraform, so you can do the conditional logic with Pulumi and then before your Terraform, that's pretty cool. One thing that I can see the nice part about Terraform is that it's written in HCL, which is very like readable and easy to pick up. So a lot of like enterprises that use Terraform to like represent their documentation, I can see that having more of a one up versus Pulumi. So yeah, I can see the trade offs for both for sure. It seems Pulumi, you can do a lot more complex things. But yeah, it seems like Terraform is more like team oriented, people that aren't really just getting into coding. Like some of the like system engineers or app engineers that are getting into infrastructure development. I could see it more beneficial for those types of roles, but yeah, I like Pulumi, that's really sweet. How can you like modulize like your, your stack? And I think you're talking about that a little bit or like you have like a stack that's like parametized you can use it in different environments with different parameters and stuff.
- Yeah so, it's quite involved, it creates, Should I stop presenting? By default it creates a deb STAT, and they, things like, so that's like across all environments Yeah, so does that answer the question?
- Yeah to do all that for, like if I wanted to, like, let's say I wanted to deploy a set of servers in one environment but I wanted to deploy like similar servers in another one, and the name of the servers is just going to change. Can I like, parametize that, reuse the same code?
- Yeah, you'd like I think the advantage of Pulumi is that you could do that using the program language.
- Oh awesome.
- So like,
- You wouldn't, you wouldn't be too, it's no longer a part of the infrastructure is code talk. So you know, it's in other words, message. And then you just train the message here, so anything you can do in code, you can do to parametize it.
- The possibilities are pretty endless.
- Yeah, and I actually agree with you, I really like ACL. I like the fact it's declarative. But you know, a lot of people, obviously just want to be able to use code.
- Yeah the fact that they're I didn't know they're getting PowerShell support.
- Mm hmm.
- That's huge 'cause of the a lot of the Windows folks really they're just all about PowerShell. So that's a huge, huge market right there. That'll be really interesting. 'Cause Azure is all PowerShell. That's going to be really interesting to see the adoption.
- Andy, just so I'm clear as far as multi cloud support, in that really simple config file, if you change that instead of AWS to Azure, everything would just work directly on Azure? As long as it was supported?
- As long as it's supported, yeah. We can try it now if you want.
- No, it's okay.
- I don't, I don't. Sorry go ahead.
- Sorry. Yeah when I first heard about Terraform that's sorta what I thought it was like. That I could just write the infrastructure once, and I could deploy it anywhere. But then when learned how to actually write Terraform stuff you do still have to know the intricacies of each different cloud. So that this is maybe closer to what I first thought Terraform was going to be.
- Yeah I think maybe if it was just, you know, a static website using object storage maybe that would work well in cloud, but it'd be more complicated than that. Probably isn't going to. Yeah.
- And just, about Sharing State with vanilla Terraform. You said that you can go from Terraform into Pulumi, but does it work both ways? That if you had something in Pulumi could you migrate out into Terraform? Or is there something in the state that Pulumi has that might mess up a vanilla Terraform?
- Yes, it should just be able to import and export well. So one of the interesting things that someone I read when I was researching essence. Even though you know, Pulumi appears to be imperative code rather than declarative, it is just using a Terraform state path because compiled down to that words. So it's just like a graph of resources and technically speaking under the hood it's still character. So yeah, you absolutely can. I think yeah, like there was, there's an import, export option. So you can go back and forth as much as you want.
- Cool. And what does the command workflow look like if you were to update the stack that you deployed. Would it just be another Pulumi up? Or how does it manage the changes?
- Yeah, we can try it. Yeah I mean, it works the same as Terraform. So it's going to preview that, not much has changed. All right, so it says nothing's changed. That's interesting. Cause I changed the message, but yeah, the infrastructure.
- Infrastructure hasn't changed, so.
- Yeah. Well actually the Lambda should have changed, right? 'Cause it's the Lambda that should tell me the message. Hmm. I wonder if we could pause this, oh no it did actually change, there it is. Sorry.
- Let's try that again. And it should change the Lambda. Yeah, and it's also changing changing all that stuff.
- Cool. Luca, you've been a bit quiet.
- I have a question regarding the host of the state. I mean, which is the difference between a user in a free market or a user of the Pulumi simple state? Am I going to lose a certain feature? Or is it the same?
- What, if you hosted yourself? Yeah, like Pulumi would say yes, and I would agree with them. I mean my last job we had a big, I remember sitting in a meeting with we had a big conversation about whether we should use Terraform, if we use Terraform how are we gonna host the state? I think particularly for large companies, it's actually it's a really big deal that you've got to do access control on the state. Pulumi offers check pointing as well. We'll say auditing, there's a lot of things to think about and with the state, the big problem so the big risk is that if it becomes compromised, that's more potentially sensitive information about your infrastructure, that you know, an attacker could use. So yeah, I think, I think there is value there, for sure. It really comes down to how much you trust them. That being said, I mean, if you, if you, if you Skype it properly and host your own state and you know, do it properly then I guess it's really sort of a one time thing. Yeah, I don't know, maybe yeah. What do you think?
- Well, I don't know, Barry you have more power handling your states. And also yeah, if Pulumi is down you can store your infrastructure. But yeah, I don't know in this case. And what about the pricing?
- Pricing, I'm not sure actually let's double check.
- I was wondering that too, 'cause you started off saying that they're for profit, but then it's open source. So I wonder if it's based on the support plan? Or if it's--
- Yeah, it's definitely like, you know, so, so it sounds like they're restricting the number of people that you use the same stack,
- the same stacks at one time. Yeah I mean, that's fair enough to me, you know like hosting the services are free so they gotta charge for it somehow.
- Yeah, I think they're obviously aiming to be as reliable as or to be perceived as reliable as the cloud providers themselves. So you know, their people trust AWS to be up and they want people to trust them to be up.
- That under the enterprise one, it says self host available. Is that the state site host? Do you have to have enterprise licensing?
- I thought you could self host anyway. That's interesting, yeah. Yeah that's a good point. You can definitely like yeah, I'm not sure what the difference is between that and there's an option to just store the state locally. But if you do that if you do that, like that's free, if you do that you could just put that on as three, you know. I suppose you'd have to sink it down. I don't know how they restrict that.
- They are going to make you use a password and entire feature for you someplace.
- Yeah, yeah.
- You mean like regulatory requirements. If you have to keep the state on your own servers. It's kind of like Terraform Enterprise too, I guess, isn't it?
- Yeah, that's how I'm thinking of it.
- What's Terraform Enterprise like?
- So it's like you know, Terraform cloud. It's like their cloud hosted solution for storing state. And you can do some other stuff, like you can kick off the deployments and automate payments with it. But they also have that product on prem where you can host it in your own isolated environment. So then that, that product is called Terraform Enterprise. So I'm guessing it's the same thing. Maybe they're giving like a Pulumi Enterprise product that you can install on prem or in an isolated environment and use like the dashboard and stuff.
- All right, cool. It sounds like they're doing CICD as well then. I'll have to have a look at that.
- Yep you can, for Terraform cloud, you can hook it up to like get up and do triggers on whole and stuff. You like get ops workflows and stuff. And they just added like a policy compliance. It's called Terraform Sentinel. So yeah, it's interesting.
- That'd be similar to that'd be similar to CrossGuard then. So they're probably more similar than I thought. Like Terraform and Pulumi.
- I think we'll wrap it up there. So thanks again, Andy, for the presentation and the demo and everyone for contributing to the discussion. Okay, thanks a lot guys, have a good day.
- Cool, thanks guys.
Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes. He holds the AWS Certified Developer - Associate certification.