This is the blog posts in which we try to outline our experience regarding the engineering at HARA. HARA is a blockchain-based data exchange for the food sector and provides farmers and all agriculture player access to reliable data and transactions. If you want to know HARA in depth, please check our medium page.
Today, many company used terraform as a tools for configure their favorite cloud infrastructure. This will makes their configuration more accurate and well documented, we know this as Infrastructure-as-Code (IAC). No exception at HARA, we used terraform to build our cloud infrastructure because they provides many benefits. We also use serverless framework to deploy application on serverless architecture. Everything is great, but today we are not going to talk about this two or other tools. There is another way to build infrastructure as well as serverless on cloud that is Pulumi and we decide to explore this tool as alternative. You might as well try pulumi (By the time writer write this, pulumi version is
Getting started on Pulumi
Their websites is a good starting place, install pulumi on your computer and sign up in their websites to access our console . Because pulumi is also supported immutable infrstructure like terraform, when you create resources, all of the activity and states of your infrastructure will be recorded in their websites. Its different from terraform when you can store “resources states” in many way (you need to specify the backends on terraform).
Create token first and enter your access token when you are prompted or just save your token with name
PULUMI_ACCESS_TOKEN as environment variables and you will be set.
There are several providers that supported on pulumi (GCP, Azure, AWS and Kubernetes). Pulumi create several packages to support each provider, that is:
- @pulumi: used for accessing the core programming model around resources, configuration, etc.
- @pulumi/aws: used for deploying resources to AWS.
- @pulumi/aws-infra: Additional AWS libraries to provide AWS networking and infrastructure.
- @pulumi/aws-serverless: Additional AWS libraries for writing serverless applications on AWS.
- @pulumi/azure: used for deploying resources to Azure.
- @pulumi/gcp: used for deploying resources to Google Cloud Platform.
- @pulumi/kubernetes: used for deploying resources to Kubernetes.
- @pulumi/cloud: Cloud-agnostic package
To start, type:
First, we need to import
@pulumi-aws. We can create IAM user by using
aws.iam.User class. To provides additional access key or login profile, we use
In Pulumi, it requires to specify the unique
nameas first argument passed to the resource constructor, this is how they recognize if the resource already exist or not. To create dependencies between resources, just references the output properties of resource (the output of createUser used as argument on createAccessKey). You could add another function like add user to the group membership or attach policy the the user. After we create the functionUser.js, now we define the main function.
To preview the changes in our stack before applying, type
pulumi preview. In terraform it is same as
terraform plancommand. We can see that our stack already have 2 resources before and will create 1 resource that is
After finishing the preview, we can type
pulumi updateto apply or update the stacks. In terraform it is same as
terraform apply command. This command will adjust the existing resouces and creates new resources based on previous stacks. You can see the history of you stacks in pulumi console.
When you want to see the output in the latest stack, just type
pulumi stack output. We can add more users by updating list or delete user by simply comment the function. With this, we can control IAM users easier and readable. You can also use loop function to iterate through user list, its your choice.