CloudTruth Documentation
Sign InAPIIntegrationsGitHubVisit our website
  • Overview
  • Getting Started
  • Architecture
    • 🔒Security Overview
  • Copilot
  • 🏢Org management
    • Account Setup
    • Access Control
      • 🔑API Tokens
      • 🌐Protecting Projects and Environments
      • 👥Users
    • Audit Log
  • 🛠️Config Management
    • Projects
    • Parameters
      • Sharing Config Data
      • Parameter Management
        • Internal Values
          • Dynamic Values
        • External Values
          • Terraform Remote State Files
        • Parameter Override
        • Environment Value Override
      • Parameter and Parameter Value Inheritance
      • Value Comparison
      • Value History
      • Value Validation
      • Value Expiration
    • Environments and Tags
    • Templates
      • 📒Sample Templates
    • Actions
      • Import Actions
      • Push Actions
    • CLI & API
      • CloudTruth CLI
      • Rest API
    • Integrations
      • Argo CD
      • Atlassian Compass
      • AWS
        • AWS Connection
        • AWS Role
          • CloudFormation
          • Terrraform
          • AWS Console
        • Parameter Store (SSM)
        • S3
        • Secrets Manager
      • Azure Key Vault
      • Bitbucket Pipelines
      • Docker
      • Docker Compose
      • GitHub
      • GitHub Actions
      • GitLab
      • Harness
      • Jenkins
      • Kubernetes
      • Pulumi
      • Terraform
      • Terragrunt
      • Explorer
      • Circle CI
    • Events, Notifications, Webhooks
    • Types
  • 🔎REPORTING
    • Compare
    • History
    • Expirations
  • 🚀PRODUCT
    • What is CloudTruth?
    • Interactive Demo
    • Kubernetes
    • Terraform
    • CI/CD Pipeline Configuration
    • Cloud CMDB
    • Secrets Management
    • GitOps
    • Our Manifesto
    • Open Source
    • FAQs
    • Our Mission
  • 📚Reference
    • 🎓Quick Start Videos
      • What is CloudTruth?
      • CloudTruth in Action
      • Environments and Projects
      • Secrets, Parameters, ENV variables
      • Audit Logs, RBAC, SSO
      • Containers - Kubernetes, Docker
      • Infrastructure as Code (IaC) - Terraform, Cloudformation, CDK, Azure Bicep, Pulumi
      • CICD Pipelines - GitHub Actions, ArgoCD, Jenkins, CircleCI, Harness, GitLab Pipelines
      • AWS Videos - Secret Manager, Parameter Store, S3, IAM
      • Azure Videos - Azure DevOps, Azure Bicep, PowerShell
    • Knowledge Base
      • Best Practices
        • Versioned Releases
      • CLI
        • History comparison of deleted parameters with null values
      • Integrations
        • Advanced AWS IAM policy permissions
        • K8s pull image from private Docker registry
        • S3 Region Selection
      • Templates
        • Templates render quotations in key values as quot
    • Roadmap and New Features
    • JMESPath Reference
    • REST API
Powered by GitBook

Copyright© 2023 CloudTruth

On this page
  • Prerequisites
  • Pulumi deploy with CloudTruth
  • Set CloudTruth Pulumi Variables
  • Create a CloudTruth Template
  • Deploying a Pulumi stack with CloudTruth
  • Create a new Pulumi project
  • Create a Pulumi configuration
  • Using CloudTruth templates to deploy with Pulumi
  • Cleanup

Was this helpful?

  1. Config Management
  2. Integrations

Pulumi

PreviousKubernetesNextTerraform

Last updated 3 years ago

Was this helpful?

This walkthrough shows you how to pass CloudTruth parameters to Pulumi.

Prerequisites

  • You know basic .

  • AWS CLI .

  • You have created a and installed the .

Pulumi deploy with CloudTruth

For this example we will deploy an EC2 instance defining variables with CloudTruth parameters. You can use any target for your deploys.

Set CloudTruth Pulumi Variables

Create a CloudTruth Project called Pulumi.

cloudtruth project set Pulumi

Now you can create CloudTruth parameters in the Pulumi project that we will pass to Pulumi as values.

cloudtruth --project Pulumi parameter set ami -v ami-0c2b8ca1dad447f8a
cloudtruth --project Pulumi parameter set instance_type -v t2.micro
cloudtruth --project Pulumi parameter set availability_zones -v [\"us-east-1a\",\"us-east-1b\",\"us-east-1c\"]

Create a CloudTruth Template

cloudtruth --project Pulumi template set pulumi-aws-template --body <(curl --silent https://raw.githubusercontent.com/cloudtruth-demo/pulumi-template/main/pulumi-aws-template)

Deploying a Pulumi stack with CloudTruth

Create a new Pulumi project

mkdir pulumi-demo && cd pulumi-demo
pulumi new aws-python

Note: If you have never used Pulumi before you will be prompted to login after running pulumi new.

You will be prompted to provide a project name, description, stack name, and AWS region. The sensible defaults are fine for all of these.

The AWS region you select for the Pulumi setup must match the availability zones that you enter as CloudTruth parameters. For this example, we are using us-east-1.

Create a Pulumi configuration

Next, you must create your Pulumi configuration file. From the Pulumi project directory just created in the last step, update your __main__.py with the following configuration:

import pulumi
import pulumi_aws as aws

config = pulumi.Config()
ami = config.require("ami")
instance_type = config.require("instance_type")
availability_zones = config.require_object("availability_zones")

cloudtruth = aws.ec2.Instance("cloudtruth",
    ami=ami,
    instance_type=instance_type,
    availability_zone=availability_zones[0])

pulumi.export("ami", cloudtruth.ami)
pulumi.export("instanceType", cloudtruth.instance_type)
pulumi.export("zone", cloudtruth.availability_zone)

This __main__.py will deploy an EC2 instance to us-east-1 and defines three variables that are centrally managed by CloudTruth.

Using CloudTruth templates to deploy with Pulumi

The last step is to use pulumi up to deploy your Pulumi configuration. Pass in your CloudTruth template created earlier to fill the configuration parameters. This is assuming the project is named Pulumi and the template is named pulumi-aws-template.

pulumi up $(cloudtruth --project Pulumi templates get pulumi-aws-template)

Congrats! You have now deployed an instance in EC2 leveraging Pulumi and CloudTruth configuration! 🙌

Cleanup

To tear down all resources, simply run pulumi destroy in the project directory.

In order for Pulumi to accept run-time configuration parameters, they must be in a . We can leverage CloudTruth to transform config data to output them in Pulumi's required format.

For this specific example, create a CloudTruth template named pulumi-aws-template directly from a we have created in GitHub for this demo:

This has the following Pulumi config that dynamically references CloudTruth parameters using mustache syntax: --config ami={{ami}} --config instance_type={{instance_type}} --config availability_zones={{{availability_zones}}}

To work with Pulumi, we must start a new . For this example we will be using AWS cloud with the Python programming language. To get started run:

Pulumi requires to deploy to AWS. If you already have the AWS CLI installed and configured, then Pulumi will respect those configuration settings.

🛠️
certain format
Templates
template file
template
project
AWS CLI access
Pulumi
configured
CloudTruth API Access token
Configuration
CLI