Pulumi as Infrastructure as Code software
Introduction
This is the blog posts in which we try to outline our experience regarding the engineering at HARA. HARA is a blockchain-based data exchange for the food sector and provides farmers and all agriculture player access to reliable data and transactions. If you want to know HARA in depth, please check our medium page.
Today, many company used terraform as a tools for configure their favorite cloud infrastructure. This will makes their configuration more accurate and well documented, we know this as Infrastructure-as-Code (IAC). No exception at HARA, we used terraform to build our cloud infrastructure because they provides many benefits. We also use serverless framework to deploy application on serverless architecture. Everything is great, but today we are not going to talk about this two or other tools. There is another way to build infrastructure as well as serverless on cloud that is Pulumi and we decide to explore this tool as alternative. You might as well try pulumi (By the time writer write this, pulumi version is 0.14.1)
Getting started on Pulumi
Their websites is a good starting place, install pulumi on your computer and sign up in their websites to access our console . Because pulumi is also supported immutable infrstructure like terraform, when you create resources, all of the activity and states of your infrastructure will be recorded in their websites. Its different from terraform when you can store “resources states” in many way (you need to specify the backends on terraform).
Create token first and enter your access token when you are prompted or just save your token with name PULUMI_ACCESS_TOKEN as environment variables and you will be set.
There are several providers that supported on pulumi (GCP, Azure, AWS and Kubernetes). Pulumi create several packages to support each provider, that is:
- @pulumi: used for accessing the core programming model around resources, configuration, etc.
- @pulumi/aws: used for deploying resources to AWS.
- @pulumi/aws-infra: Additional AWS libraries to provide AWS networking and infrastructure.
- @pulumi/aws-serverless: Additional AWS libraries for writing serverless applications on AWS.
- @pulumi/azure: used for deploying resources to Azure.
- @pulumi/gcp: used for deploying resources to Google Cloud Platform.
- @pulumi/kubernetes: used for deploying resources to Kubernetes.
- @pulumi/cloud: Cloud-agnostic package
When you want to compare terraform and pulumi, Terraform is more like Infrastructure as Declarative Statement. As for Pulumi, there are four programming languages that has been supported, that is: Python, Go, Typescript or Javascript. For nodejs SDK in pulumi itself, is written using TypeScript.
An example that i provide will be using AWS as cloud provider. I will create simple program to create IAM user resources using Javascript. I will use code that already been in terraform (check here) and transform into Pulumi.
To start, type: pulumi new aws-javascript in empty folder and pulumi will initialize and create a new project. Fill the project name, project description and stack name. New files will be created (.js and .yaml files) and node_modules depedencies will be installed in that folder.
First, we need to import @pulumi and @pulumi-aws. We can create IAM user by using aws.iam.User class. To provides additional access key or login profile, we use aws.iam.AccessKey and aws.iam.UserLoginProfile class.
In Pulumi, it requires to specify the unique nameas first argument passed to the resource constructor, this is how they recognize if the resource already exist or not. To create dependencies between resources, just references the output properties of resource (the output of createUser used as argument on createAccessKey). You could add another function like add user to the group membership or attach policy the the user. After we create the functionUser.js, now we define the main function.
To preview the changes in our stack before applying, type pulumi preview. In terraform it is same as terraform plancommand. We can see that our stack already have 2 resources before and will create 1 resource that is UserLoginProfile.
After finishing the preview, we can type pulumi updateto apply or update the stacks. In terraform it is same as terraform apply command. This command will adjust the existing resouces and creates new resources based on previous stacks. You can see the history of you stacks in pulumi console.
When you want to see the output in the latest stack, just type pulumi stack output. We can add more users by updating list or delete user by simply comment the function. With this, we can control IAM users easier and readable. You can also use loop function to iterate through user list, its your choice.
Many people needs more feature on terraform (rather than just a “declarative” programming) even though maybe you can hack-your-way into it. Also, as someone like me who more familiar with programming languages like Javascript, pulumi is great choice to provide resources or write applications in our cloud infrastructure. Just give it a try.
Learn more about HARA
- Visit the HARA website
- Read our White Paper
- Join our Telegram Community
- Follow our Social Media
Facebook, Twitter, Instagram, Medium & LinkedIn
