Skip to content

Comments

Add pulumi to the project to start deploying infrastructure#290

Draft
iainlane wants to merge 1 commit intomainfrom
iainlane/pulumi
Draft

Add pulumi to the project to start deploying infrastructure#290
iainlane wants to merge 1 commit intomainfrom
iainlane/pulumi

Conversation

@iainlane
Copy link
Owner

@iainlane iainlane commented Jun 6, 2024

We're using Pulumi here to deploy two things

  • A Cloudfront distribution
  • An OIDC provider

This required a small amount of reconfiguration of the linters to allow for the slightly different settings that Pulumi requires.

We've added pulumi to the dev container so that it can be run from there.

We're also adding a GitHub Actions workflow to deploy the infrastructure when the code is pushed to the main branch, using the OIDC provider (which has been applied manually to bootstrap the process).

@iainlane iainlane force-pushed the iainlane/pulumi branch 13 times, most recently from 479511c to c6883b4 Compare June 7, 2024 19:59
@github-actions
Copy link

github-actions bot commented Jun 7, 2024
edited
Loading

🍹 preview on coldoutsi.de/organization/coldoutsi.de/dev

Pulumi report 
Previewing update (dev):
@ previewing update...........

@ previewing update....
pulumi:pulumi:Stack coldoutsi.de-dev running 
@ previewing update.........
pulumi:providers:aws aws-us-east-1  
@ previewing update.....
aws:acm:Certificate dev-cert  
aws:route53:Zone zone  
aws-native:s3:Bucket requestLogs  
aws-native:cloudfront:CachePolicy coldoutsi.de-cache-policy  
aws:route53:Record dev-cert-validation  
aws-native:cloudfront:Distribution coldoutsi.de-dev  
aws:acm:CertificateValidation certificateValidation  
pulumi:pulumi:Stack coldoutsi.de-dev running read aws-native:kms:Alias stateBucketKey
aws-native:iam:OidcProvider github-oidc  
aws:route53:Record dns-dev.coldoutsi.de  
aws-native:iam:Role oidcRole  
aws-native:iam:RolePolicy cloudControlGetResourcesPolicy  
aws-native:s3:BucketPolicy stateBucketPolicy  
@ previewing update....
pulumi:pulumi:Stack coldoutsi.de-dev running read aws-native:kms:Alias stateBucketKey
pulumi:pulumi:Stack coldoutsi.de-dev running read aws-native:kms:Key stateBucketKey
aws-native:kms:Key stateBucketKey  warning: Can't import write-only properties: bypassPolicyLockoutSafetyCheck, pendingWindowInDays, rotationPeriodInDays
pulumi:pulumi:Stack coldoutsi.de-dev running read aws-native:kms:Key stateBucketKey
aws-native:iam:RolePolicy kmsReadOnlyPolicy  
@ previewing update....
aws-native:kms:Key stateBucketKey  1 warning
pulumi:pulumi:Stack coldoutsi.de-dev  
Diagnostics:
aws-native:kms:Key (stateBucketKey):
warning: Can't import write-only properties: bypassPolicyLockoutSafetyCheck, pendingWindowInDays, rotationPeriodInDays

Resources:
15 unchanged

@iainlane
Add pulumi to the project to start deploying infrastructure
0880121 
We're using Pulumi here to deploy two things

- A Cloudfront distribution
- An OIDC provider

This required a small amount of reconfiguration of the linters to allow for the
slightly different settings that Pulumi requires.

We've added pulumi to the dev container so that it can be run from there.

We're also adding a GitHub Actions workflow to deploy the infrastructure
when the code is pushed to the main branch, using the OIDC provider (which has
been applied manually to bootstrap the process).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@iainlane