{"id":4473,"date":"2025-08-09T16:20:22","date_gmt":"2025-08-09T16:20:22","guid":{"rendered":"https:\/\/uplatz.com\/blog\/?p=4473"},"modified":"2025-08-09T16:20:22","modified_gmt":"2025-08-09T16:20:22","slug":"pulumi-pocket-book","status":"publish","type":"post","link":"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/","title":{"rendered":"Pulumi Pocket Book"},"content":{"rendered":"<p><!-- Pulumi Pocket Book \u2014 Uplatz (50 Cards, Wide Layout, Readable Code, Scoped Styles) --><\/p>\n<div style=\"margin:16px 0;\">\n<style>\n    .wp-pulumi-pb { font-family: Arial, sans-serif; max-width: 1320px; margin:0 auto; }\n    .wp-pulumi-pb .heading{\n      background: linear-gradient(135deg, #ecfdf5, #e0f2fe); \/* light green -> light blue *\/\n      color:#0f172a; padding:22px 24px; border-radius:14px;\n      text-align:center; margin-bottom:18px; box-shadow:0 8px 20px rgba(0,0,0,.08);\n      border:1px solid #cbd5e1;\n    }\n    .wp-pulumi-pb .heading h2{ margin:0; font-size:2.1rem; letter-spacing:.2px; }\n    .wp-pulumi-pb .heading p{ margin:6px 0 0; font-size:1.02rem; opacity:.9; }<\/p>\n<p>    \/* Wide, dense grid *\/\n    .wp-pulumi-pb .grid{\n      display:grid; gap:14px;\n      grid-template-columns: repeat(auto-fill, minmax(400px, 1fr));\n    }\n    @media (min-width:1200px){\n      .wp-pulumi-pb .grid{ grid-template-columns: repeat(3, 1fr); }\n    }<\/p>\n<p>    .wp-pulumi-pb .section-title{\n      grid-column:1\/-1; background:#f8fafc; border-left:8px solid #10b981; \/* green *\/\n      padding:12px 16px; border-radius:10px; font-weight:700; color:#0f172a; font-size:1.08rem;\n      box-shadow:0 2px 8px rgba(0,0,0,.05); border:1px solid #e2e8f0;\n    }\n    .wp-pulumi-pb .card{\n      background:#ffffff; border-left:6px solid #10b981;\n      padding:18px; border-radius:12px;\n      box-shadow:0 6px 14px rgba(0,0,0,.06);\n      transition:transform .12s ease, box-shadow .12s ease;\n      border:1px solid #e5e7eb;\n    }\n    .wp-pulumi-pb .card:hover{ transform: translateY(-3px); box-shadow:0 10px 22px rgba(0,0,0,.08); }\n    .wp-pulumi-pb .card h3{ margin:0 0 10px; font-size:1.12rem; color:#0f172a; }\n    .wp-pulumi-pb .card p{ margin:0; font-size:.96rem; color:#334155; line-height:1.62; }<\/p>\n<p>    \/* Color helpers *\/\n    .bg-blue { border-left-color:#0ea5e9 !important; background:#eef6ff !important; }\n    .bg-green{ border-left-color:#10b981 !important; background:#f0fdf4 !important; }\n    .bg-amber{ border-left-color:#f59e0b !important; background:#fffbeb !important; }\n    .bg-violet{ border-left-color:#8b5cf6 !important; background:#f5f3ff !important; }\n    .bg-rose{ border-left-color:#ef4444 !important; background:#fff1f2 !important; }\n    .bg-cyan{ border-left-color:#06b6d4 !important; background:#ecfeff !important; }\n    .bg-lime{ border-left-color:#22c55e !important; background:#ecfdf5 !important; }\n    .bg-orange{ border-left-color:#f97316 !important; background:#fff7ed !important; }\n    .bg-indigo{ border-left-color:#6366f1 !important; background:#eef2ff !important; }\n    .bg-emerald{ border-left-color:#059669 !important; background:#ecfdf5 !important; }\n    .bg-slate{ border-left-color:#334155 !important; background:#f8fafc !important; }<\/p>\n<p>    \/* Utilities & code *\/\n    .tight ul{ margin:0; padding-left:18px; }\n    .tight li{ margin:4px 0; }\n    .mono{ font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace; }\n    .wp-pulumi-pb code{ background:#f1f5f9; padding:0 4px; border-radius:4px; border:1px solid #e2e8f0; }\n    .wp-pulumi-pb pre{\n      background:#f5f5f5; color:#111827; border:1px solid #e5e7eb;\n      padding:12px; border-radius:8px; overflow:auto; font-size:.92rem; line-height:1.55;\n    }\n    .q{font-weight:700;}\n    .qa p{ margin:8px 0; }\n  <\/style>\n<div class=\"wp-pulumi-pb\">\n<div class=\"heading\">\n<h2>Pulumi Pocket Book \u2014 Uplatz<\/h2>\n<p>50 in-depth cards \u2022 Wide layout \u2022 Readable examples \u2022 20-question interview Q&amp;A included<\/p>\n<\/p><\/div>\n<div class=\"grid\">\n      <!-- ===================== SECTION 1: FOUNDATIONS (1\u201310) ===================== --><\/p>\n<div class=\"section-title\">Section 1 \u2014 Foundations<\/div>\n<div class=\"card bg-green\">\n<h3>1) What is Pulumi?<\/h3>\n<p>Pulumi is an Infrastructure as Code (IaC) platform that lets you define cloud infrastructure using real programming languages (TypeScript\/JavaScript, Python, Go, C#, Java, YAML). It manages desired state via stacks, provisions resources through providers (AWS, Azure, GCP, Kubernetes, Cloudflare, etc.), and stores state locally or in a backend (Pulumi Service, S3, Azure Blob, GCS).<\/p>\n<pre><code class=\"mono\"># CLI install\r\ncurl -fsSL https:\/\/get.pulumi.com | sh\r\npulumi new aws-typescript  # scaffold a starter project<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-blue\">\n<h3>2) Core Concepts<\/h3>\n<p><b>Project<\/b> (code + Pulumi.yaml), <b>Stack<\/b> (an instance like <code>dev<\/code>, <code>prod<\/code>), <b>State<\/b> (resource map), <b>Provider<\/b> (cloud plugin), and <b>Resource<\/b> (managed object). Operations: <code>preview<\/code>, <code>up<\/code>, <code>destroy<\/code>.<\/p>\n<pre><code class=\"mono\">pulumi stack init dev\r\npulumi preview\r\npulumi up -y\r\npulumi destroy -y<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-amber\">\n<h3>3) Declarative with Real Code<\/h3>\n<p>Pulumi resources are declared as objects; dependencies are tracked automatically via inputs\/outputs. Use loops, conditionals, functions, and modules to build abstractions\u2014without YAML templating complexity.<\/p>\n<pre><code class=\"mono\">\/\/ TypeScript example\r\nimport * as aws from \"@pulumi\/aws\";\r\nconst bucket = new aws.s3.Bucket(\"site\", { website: { indexDocument: \"index.html\" }});\r\nexport const websiteUrl = bucket.websiteEndpoint;<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-violet\">\n<h3>4) Inputs &#038; Outputs<\/h3>\n<p>Resource properties are often <code>Input&lt;T&gt;<\/code>; computed values are <code>Output&lt;T&gt;<\/code>. Use <code>apply<\/code> to work with outputs. Don\u2019t escape to real values unless you\u2019re exporting, logging, or passing into other Pulumi inputs.<\/p>\n<pre><code class=\"mono\">bucket.websiteEndpoint.apply(url =&gt; console.log(\"URL:\", url));<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-rose\">\n<h3>5) State Backends<\/h3>\n<p>Default is Pulumi Service (SaaS) with history, RBAC, and state locking. Self-manage via AWS S3+DynamoDB, Azure Blob, or GCS. Choose per security\/compliance needs.<\/p>\n<pre><code class=\"mono\">pulumi login s3:\/\/my-state-bucket\r\n# or\r\npulumi login<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-cyan\">\n<h3>6) Configuration &#038; Secrets<\/h3>\n<p>Per-stack config is stored in <code>Pulumi.&lt;stack&gt;.yaml<\/code>. Use <code>pulumi config<\/code> to set values; mark sensitive values as secrets\u2014encrypted with a KMS or passphrase.<\/p>\n<pre><code class=\"mono\">pulumi config set aws:region us-east-1\r\npulumi config set dbPassword supersecret --secret<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-lime\">\n<h3>7) Providers &#038; Plugins<\/h3>\n<p>Providers map to clouds and services (e.g., <code>@pulumi\/aws<\/code>, <code>@pulumi\/azure-native<\/code>, <code>@pulumi\/kubernetes<\/code>). Plugins download automatically when you run <code>pulumi up<\/code>.<\/p>\n<pre><code class=\"mono\">npm i @pulumi\/aws @pulumi\/pulumi<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-orange\">\n<h3>8) Stacks &#038; Environments<\/h3>\n<p>Create multiple stacks (dev\/stage\/prod). Use per-stack config for region, sizes, and secrets. Export outputs for CI\/CD to consume.<\/p>\n<pre><code class=\"mono\">pulumi stack select dev\r\npulumi config set size small\r\npulumi stack output websiteUrl<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-indigo\">\n<h3>9) Previews, Plans, and Policies<\/h3>\n<p><code>pulumi preview<\/code> shows diffs; you can enforce policies with CrossGuard (policy-as-code) to block risky configurations (e.g., public S3 buckets).<\/p>\n<pre><code class=\"mono\">pulumi preview --diff\r\npulumi up --policy-pack .\/org-policies<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-emerald\">\n<h3>10) Q&amp;A \u2014 \u201cPulumi vs Terraform?\u201d<\/h3>\n<p><span class=\"q\">Answer:<\/span> Pulumi uses general-purpose languages for IaC (no HCL), enabling rich logic, type checking, and reuse through packages. It also supports YAML. Terraform excels with its huge module registry; Pulumi interoperates via converters and the Terraform Bridge for many providers.<\/p>\n<\/p><\/div>\n<p>      <!-- ===================== SECTION 2: LANGUAGE FLAVORS & BASICS (11\u201320) ===================== --><\/p>\n<div class=\"section-title\">Section 2 \u2014 Language Flavors &#038; Basic Patterns<\/div>\n<div class=\"card bg-green\">\n<h3>11) TypeScript\/JavaScript<\/h3>\n<p>Great DX, async\/await, NPM ecosystem. Use ts-node or compile. Strong typings from provider packages reduce runtime errors.<\/p>\n<pre><code class=\"mono\">import * as aws from \"@pulumi\/aws\";\r\nnew aws.ec2.Instance(\"web\", { instanceType: \"t3.micro\", ami: \"ami-...\" });<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-blue\">\n<h3>12) Python<\/h3>\n<p>Concise syntax; ideal for data teams. Use venv\/poetry. Beware of lazy Outputs\u2014use <code>apply<\/code> or pass Outputs directly to Inputs.<\/p>\n<pre><code class=\"mono\">import pulumi_aws as aws\r\nbucket = aws.s3.Bucket(\"logs\")<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-amber\">\n<h3>13) Go<\/h3>\n<p>Fast, static; great for tooling. Outputs are generic types; you\u2019ll use <code>ApplyT<\/code> to transform. Module structure matters for larger programs.<\/p>\n<pre><code class=\"mono\">bucket.WebsiteEndpoint.ApplyT(func(url string) error { fmt.Println(url); return nil })<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-violet\">\n<h3>14) .NET (C#)<\/h3>\n<p>Strong typing; integrates with enterprise stacks. Use NuGet packages (<code>Pulumi.Aws<\/code>, etc.). Async pattern with <code>Output<\/code> tasks.<\/p>\n<pre><code class=\"mono\">var bucket = new Aws.S3.Bucket(\"site\");<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-rose\">\n<h3>15) YAML<\/h3>\n<p>For teams that want declarative configs with minimal code. Good for simple stacks; complex logic better in real code or Components.<\/p>\n<pre><code class=\"mono\">name: myproj\r\nruntime: yaml\r\nresources:\r\n  site:\r\n    type: aws:s3:Bucket<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-cyan\">\n<h3>16) Project Structure<\/h3>\n<p>Keep infra modules small and composable. Use a <code>src\/<\/code> folder for components, <code>index.ts<\/code> to compose, and <code>Pulumi.yaml<\/code> at root.<\/p>\n<pre><code class=\"mono\">.\r\n\u251c\u2500 Pulumi.yaml\r\n\u251c\u2500 Pulumi.dev.yaml\r\n\u2514\u2500 src\/\r\n   \u251c\u2500 network.ts\r\n   \u2514\u2500 web.ts<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-lime\">\n<h3>17) Config Access<\/h3>\n<p>Access config via language bindings; secrets stay encrypted in state. Provide defaults in code.<\/p>\n<pre><code class=\"mono\">\/\/ TS\r\nimport * as pulumi from \"@pulumi\/pulumi\";\r\nconst cfg = new pulumi.Config();\r\nconst size = cfg.get(\"size\") ?? \"small\";<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-orange\">\n<h3>18) Stack Outputs<\/h3>\n<p>Export values for other stacks or CI\/CD. Keep outputs minimal and safe (avoid secrets unless necessary).<\/p>\n<pre><code class=\"mono\">export const url = bucket.websiteEndpoint;<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-indigo\">\n<h3>19) Error Handling &#038; Debug<\/h3>\n<p>Use <code>pulumi up --logtostderr -v=9<\/code> for verbose logs. In code, add <code>try\/catch<\/code> around data lookups. Use <code>pulumi stack history<\/code> to inspect changes.<\/p>\n<pre><code class=\"mono\">pulumi stack history\r\npulumi logs -f  # for serverless<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-emerald\">\n<h3>20) Q&amp;A \u2014 \u201cWhen to choose YAML runtime?\u201d<\/h3>\n<p><span class=\"q\">Answer:<\/span> For small, declarative stacks or teams unfamiliar with programming languages. For large-scale infra with reuse, pick TS\/Python\/Go and build Components.<\/p>\n<\/p><\/div>\n<p>      <!-- ===================== SECTION 3: AWS\/AZURE\/GCP\/K8s BASICS (21\u201330) ===================== --><\/p>\n<div class=\"section-title\">Section 3 \u2014 Multi-Cloud &#038; Kubernetes Essentials<\/div>\n<div class=\"card bg-green\">\n<h3>21) AWS Example: Static Website<\/h3>\n<p>Create an S3 website bucket, upload content, and export endpoint. Attach CloudFront for CDN later.<\/p>\n<pre><code class=\"mono\">import * as aws from \"@pulumi\/aws\";\r\nconst site = new aws.s3.Bucket(\"site\", { website:{ indexDocument:\"index.html\" }});\r\nconst obj = new aws.s3.BucketObject(\"index\", { bucket: site, source: new pulumi.asset.FileAsset(\"index.html\"), contentType:\"text\/html\" });\r\nexport const url = site.websiteEndpoint;<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-blue\">\n<h3>22) Azure Example: Storage + WebApp<\/h3>\n<p>Provision resource group, storage account, and a Linux Web App on Azure App Service.<\/p>\n<pre><code class=\"mono\">import * as azure from \"@pulumi\/azure-native\";\r\nconst rg = new azure.resources.ResourceGroup(\"rg\");\r\nconst plan = new azure.web.AppServicePlan(\"plan\",{ resourceGroupName:rg.name, kind:\"Linux\", sku:{ name:\"B1\", tier:\"Basic\" }, reserved:true });\r\nconst app = new azure.web.WebApp(\"app\",{ resourceGroupName:rg.name, serverFarmId: plan.id, siteConfig:{ linuxFxVersion:\"DOTNETCORE|7.0\" }});<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-amber\">\n<h3>23) GCP Example: GCS + Cloud Run<\/h3>\n<p>Push a container to Artifact Registry and deploy via Cloud Run. Pulumi can build images with Docker helpers.<\/p>\n<pre><code class=\"mono\">import * as gcp from \"@pulumi\/gcp\";\r\nconst bucket = new gcp.storage.Bucket(\"assets\");\r\nconst service = new gcp.cloudrunv2.Service(\"svc\",{ location:\"us-central1\", template:{ containers:[{ image:\"gcr.io\/PROJECT\/IMG:tag\" }]}});<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-violet\">\n<h3>24) Kubernetes: Provider &#038; Stack<\/h3>\n<p>Point Pulumi at a kubeconfig or create a cluster first (EKS\/AKS\/GKE). Then deploy manifests or Helm charts declaratively.<\/p>\n<pre><code class=\"mono\">import * as k8s from \"@pulumi\/kubernetes\";\r\nconst provider = new k8s.Provider(\"k\", { kubeconfig: fs.readFileSync(\"kubeconfig\", \"utf8\") });\r\nnew k8s.helm.v3.Chart(\"nginx\", { chart:\"nginx\", repo:\"bitnami\" }, { provider });<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-rose\">\n<h3>25) Cross-Cloud Composition<\/h3>\n<p>Mix providers in one program (e.g., AWS S3 + Cloudflare DNS + SendGrid). Languages make wiring outputs together easy.<\/p>\n<pre><code class=\"mono\">\/\/ export an AWS endpoint; create DNS record in Cloudflare with it<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-cyan\">\n<h3>26) Import Existing Resources<\/h3>\n<p>Adopt resources created outside Pulumi using <code>import<\/code> or <code>pulumi import<\/code> to align state without re-creating.<\/p>\n<pre><code class=\"mono\">pulumi import aws:s3\/bucket:Bucket site my-existing-bucket<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-lime\">\n<h3>27) Taint &#038; Replace<\/h3>\n<p>Force recreation of a resource on next update if it\u2019s unhealthy or drifted badly.<\/p>\n<pre><code class=\"mono\">pulumi state delete urn::...   # or use replaceOnChanges in code<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-orange\">\n<h3>28) Policy as Code (CrossGuard)<\/h3>\n<p>Write TypeScript\/Go policies to enforce org rules (e.g., no public S3, required tags). Run policies during preview\/up.<\/p>\n<pre><code class=\"mono\">pulumi policy new aws-typescript\r\npulumi up --policy-pack .\/policies<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-indigo\">\n<h3>29) Secrets Providers<\/h3>\n<p>Back secrets by KMS (AWS), Key Vault (Azure), KMS (GCP), or passphrase. Rotate providers carefully and re-encrypt stack files.<\/p>\n<pre><code class=\"mono\">pulumi stack init --secrets-provider=\"awskms:\/\/arn:aws:kms:...\"<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-emerald\">\n<h3>30) Q&amp;A \u2014 \u201cState in Pulumi Service vs S3?\u201d<\/h3>\n<p><span class=\"q\">Answer:<\/span> Pulumi Service adds history, RBAC, and concurrency control out-of-box; S3 is self-managed and cheaper but you must manage locking (DynamoDB) and access policies.<\/p>\n<\/p><\/div>\n<p>      <!-- ===================== SECTION 4: ADVANCED PATTERNS (31\u201340) ===================== --><\/p>\n<div class=\"section-title\">Section 4 \u2014 Advanced Patterns, Components &#038; CI\/CD<\/div>\n<div class=\"card bg-green\">\n<h3>31) Component Resources<\/h3>\n<p>Encapsulate multiple resources into a reusable class (a \u201ccomponent\u201d) with clean inputs\/outputs. Publish internal packages for teams to reuse.<\/p>\n<pre><code class=\"mono\">class StaticSite extends pulumi.ComponentResource {\r\n  constructor(name, args, opts) {\r\n    super(\"pkg:StaticSite\", name, {}, opts);\r\n    const bucket = new aws.s3.Bucket(name, { website:{ indexDocument:\"index.html\" }}, { parent:this });\r\n    this.url = bucket.websiteEndpoint;\r\n    this.registerOutputs({ url:this.url });\r\n  }\r\n}<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-blue\">\n<h3>32) Dynamic Providers<\/h3>\n<p>For resources lacking providers, implement CRUD with a dynamic provider. Use sparingly; prefer official providers.<\/p>\n<pre><code class=\"mono\">\/\/ TS dynamic provider skeleton with create\/read\/update\/delete<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-amber\">\n<h3>33) Automation API<\/h3>\n<p>Run Pulumi programs from your own code (build portals\/CLIs). Great for on-demand environments and self-service.<\/p>\n<pre><code class=\"mono\">import * as auto from \"@pulumi\/pulumi\/automation\";\r\nconst stack = await auto.LocalWorkspace.createOrSelectStack({ stackName:\"dev\", projectName:\"p\", program: myProgram });<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-violet\">\n<h3>34) Multi-Stack Orchestration<\/h3>\n<p>Compose stacks (network \u2192 data \u2192 app). Use StackReference to read outputs across stacks while keeping isolated state.<\/p>\n<pre><code class=\"mono\">const net = new pulumi.StackReference(\"org\/network\/dev\");\r\nexport const vpcId = net.getOutput(\"vpcId\");<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-rose\">\n<h3>35) Blue\/Green &#038; Canary Infra<\/h3>\n<p>Represent versions as separate stacks or prefixes; swap traffic via DNS\/Load Balancer resources; roll back by flipping records.<\/p>\n<pre><code class=\"mono\">\/\/ CloudFront origins A\/B and Route53 weighted records<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-cyan\">\n<h3>36) GitHub Actions \/ CI<\/h3>\n<p>In CI, run <code>pulumi login<\/code>, select stack, set config from secrets, preview, and up on main merges. Use <code>--yes<\/code> for non-interactive.<\/p>\n<pre><code class=\"mono\">pulumi login\r\npulumi stack select dev\r\npulumi preview\r\npulumi up --yes<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-lime\">\n<h3>37) Drift Detection<\/h3>\n<p>Rerun previews regularly; for K8s, enable <code>retainOnDelete<\/code> carefully; consider scheduled Automation API previews to alert on drift.<\/p>\n<\/p><\/div>\n<div class=\"card bg-orange\">\n<h3>38) Testing (unit\/integration)<\/h3>\n<p>Unit test with mocks (simulate providers) and assert properties\/graph. Integration test in ephemeral stacks and destroy after.<\/p>\n<pre><code class=\"mono\">\/\/ Node: @pulumi\/pulumi\/runtime mocks; Python: pulumi.runtime.set_mocks<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-indigo\">\n<h3>39) Cost &#038; Tagging<\/h3>\n<p>Standardize tags\/labels at component level. Add budgets\/alerts in cloud providers. Pull estimates via cost tools in CI.<\/p>\n<pre><code class=\"mono\">const tags = { project:\"shop\", env:\"dev\", owner:\"team-x\" };<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-emerald\">\n<h3>40) Q&amp;A \u2014 \u201cHow to share components across repos?\u201d<\/h3>\n<p><span class=\"q\">Answer:<\/span> Publish a package (npm\/PyPI\/Go module) or a mono-repo workspace. Version components, keep breaking changes documented, and ship examples.<\/p>\n<\/p><\/div>\n<p>      <!-- ===================== SECTION 5: RECIPES, CHECKLISTS & INTERVIEW (41\u201350) ===================== --><\/p>\n<div class=\"section-title\">Section 5 \u2014 Practical Recipes, Checklists &#038; Interview Q&amp;A<\/div>\n<div class=\"card bg-green\">\n<h3>41) Recipe: Serverless API (AWS)<\/h3>\n<p>Provision an API Gateway + Lambda with Pulumi; export endpoint. Use code archives or Docker images for Lambdas.<\/p>\n<pre><code class=\"mono\">const role = new aws.iam.Role(\"r\",{ assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({Service:\"lambda.amazonaws.com\"})});\r\nconst fn = new aws.lambda.Function(\"fn\",{ runtime:\"nodejs18.x\", role: role.arn, handler:\"index.handler\", code: new pulumi.asset.AssetArchive({ \".\": new pulumi.asset.FileArchive(\".\/lambda\") })});\r\nconst api = new aws.apigatewayv2.Api(\"api\",{ protocolType:\"HTTP\" });\r\nnew aws.apigatewayv2.Integration(\"i\",{ apiId:api.id, integrationType:\"AWS_PROXY\", integrationUri: fn.arn });\r\nexport const endpoint = api.apiEndpoint;<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-blue\">\n<h3>42) Recipe: EKS Cluster<\/h3>\n<p>Create VPC + EKS (or use community component). Then use the generated kubeconfig to deploy workloads with the k8s provider.<\/p>\n<pre><code class=\"mono\">\/\/ Use @pulumi\/eks or aws.eks.Cluster; export kubeconfig<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-amber\">\n<h3>43) Recipe: Azure AKS + ACR<\/h3>\n<p>Provision ACR, build &amp; push image, wire AKS to pull images via role assignment, deploy Helm app.<\/p>\n<pre><code class=\"mono\">\/\/ azure-native.resources, containerservice, containerregistry, roleassignments<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-violet\">\n<h3>44) Recipe: GCP GKE + CloudSQL<\/h3>\n<p>Deploy GKE and a private CloudSQL instance; connect via private IP; set secrets via K8s Secret.<\/p>\n<\/p><\/div>\n<div class=\"card bg-rose\">\n<h3>45) Migration from Terraform<\/h3>\n<p>Import state with <code>pulumi import<\/code> or use <i>tf2pulumi<\/i> to convert HCL \u2192 Pulumi TS\/Python\/Go scaffolding. Validate diffs carefully.<\/p>\n<pre><code class=\"mono\">npx tf2pulumi<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-cyan\">\n<h3>46) Security Checklist<\/h3>\n<p>Use KMS-backed secrets, least-privilege roles for CI, policy packs for guardrails, provider credentials from OIDC, and secret outputs only when necessary.<\/p>\n<pre><code class=\"mono\">pulumi config set --secret dbPassword ...<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-lime\">\n<h3>47) Production Checklist<\/h3>\n<p>Versioned components, policy packs, drift checks, cost tags, CI previews, change reviews, backup state, and rollback plans (blue\/green, stack refs).<\/p>\n<pre><code class=\"mono\">pulumi stack export &gt; backup.json<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-orange\">\n<h3>48) Common Pitfalls<\/h3>\n<p>Forgetting <code>apply<\/code> on Outputs, mixing real values\/Outputs incorrectly, leaking secrets in logs, not pinning provider versions, and giant monolithic programs without components.<\/p>\n<pre><code class=\"mono\">\/\/ Always pass Outputs to Inputs; avoid toString() on secrets<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-indigo\">\n<h3>49) Cost-Saving Tips<\/h3>\n<p>Use smaller instance types in dev stacks, turn off autoscaling in sandbox, schedule off-hours with Automation API, and prefer serverless where suitable.<\/p>\n<pre><code class=\"mono\">\/\/ Automation API cron to destroy preview envs nightly<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-emerald qa\">\n<h3>50) Interview Q&amp;A \u2014 20 Practical Questions (Expanded)<\/h3>\n<p><b>1) Pulumi vs Terraform?<\/b> Pulumi uses real languages with type systems, native loops\/functions, and Components; Terraform uses HCL and modules. Both are declarative in effect.<\/p>\n<p><b>2) What is a Stack?<\/b> An isolated instance of a project (dev\/prod). Each has its own config and state.<\/p>\n<p><b>3) Inputs vs Outputs?<\/b> Inputs are desired properties; Outputs are computed results. Transform Outputs with <code>apply<\/code>.<\/p>\n<p><b>4) How are secrets handled?<\/b> Encrypted at rest in stack files via secrets provider (KMS\/Key Vault\/GCP KMS\/passphrase) and redacted in logs\/outputs.<\/p>\n<p><b>5) What is a ComponentResource?<\/b> A reusable higher-level construct that groups resources and exposes outputs\u2014your internal module system for IaC.<\/p>\n<p><b>6) State backends trade-offs?<\/b> Pulumi Service (managed, RBAC, history) vs self-managed object storage (control, cost, DIY locking\/backup).<\/p>\n<p><b>7) Cross-stack references?<\/b> Use <code>StackReference<\/code> to read outputs from another stack safely (CI\/CD-friendly).<\/p>\n<p><b>8) Policy as code?<\/b> CrossGuard prevents unsafe patterns (e.g., public buckets, unencrypted databases). Policies run in preview\/up.<\/p>\n<p><b>9) Importing existing infra?<\/b> <code>pulumi import<\/code> maps cloud IDs to Pulumi resources; validate diffs before applying.<\/p>\n<p><b>10) Handling drift?<\/b> Regular previews, alerts via Automation API, and explicit <code>replaceOnChanges<\/code> for risky props.<\/p>\n<p><b>11) How to avoid secret leaks?<\/b> Use secret config, avoid printing outputs, never convert secret outputs to strings except as other secret inputs.<\/p>\n<p><b>12) Outputs in CI?<\/b> Use <code>pulumi stack output<\/code> (JSON) and pass to deploy steps; keep secrets marked secret.<\/p>\n<p><b>13) K8s best practices?<\/b> Separate cluster and workloads into stacks, use Helm\/manifest resources, and enable server-side apply where useful.<\/p>\n<p><b>14) Blue\/green strategy?<\/b> Two stacks or two target groups; shift traffic via DNS\/ALB weight; rollback by flipping back.<\/p>\n<p><b>15) When to use Dynamic Providers?<\/b> Only when no official provider exists and the resource is small\/safe to own. Prefer contributing to providers.<\/p>\n<p><b>16) Testing Pulumi code?<\/b> Mocks for unit tests; ephemeral stacks for integration; assert resource graphs and props.<\/p>\n<p><b>17) Multi-cloud in one program?<\/b> Yes\u2014instantiate multiple providers and wire outputs (e.g., S3 endpoint to Cloudflare DNS).<\/p>\n<p><b>18) Handling long-lived creds?<\/b> Prefer OIDC to cloud providers in CI (no static keys), short-lived tokens, and least privilege.<\/p>\n<p><b>19) Team structure for IaC?<\/b> Platform team builds components\/policies; product teams compose them; CI enforces reviews and policies.<\/p>\n<p><b>20) Common mistakes?<\/b> Treating Outputs as plain values, stacking everything in one file, no policy guardrails, and storing secrets unencrypted.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Pulumi Pocket Book \u2014 Uplatz 50 in-depth cards \u2022 Wide layout \u2022 Readable examples \u2022 20-question interview Q&amp;A included Section 1 \u2014 Foundations 1) What is Pulumi? Pulumi is an <span class=\"readmore\"><a href=\"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/\">Read More &#8230;<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2462,2435],"tags":[],"class_list":["post-4473","post","type-post","status-publish","format-standard","hentry","category-pocket-book","category-pulumi"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pulumi Pocket Book | Uplatz Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pulumi Pocket Book | Uplatz Blog\" \/>\n<meta property=\"og:description\" content=\"Pulumi Pocket Book \u2014 Uplatz 50 in-depth cards \u2022 Wide layout \u2022 Readable examples \u2022 20-question interview Q&amp;A included Section 1 \u2014 Foundations 1) What is Pulumi? Pulumi is an Read More ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/\" \/>\n<meta property=\"og:site_name\" content=\"Uplatz Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Uplatz-1077816825610769\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-09T16:20:22+00:00\" \/>\n<meta name=\"author\" content=\"uplatzblog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@uplatz_global\" \/>\n<meta name=\"twitter:site\" content=\"@uplatz_global\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"uplatzblog\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/pulumi-pocket-book\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/pulumi-pocket-book\\\/\"},\"author\":{\"name\":\"uplatzblog\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/person\\\/8ecae69a21d0757bdb2f776e67d2645e\"},\"headline\":\"Pulumi Pocket Book\",\"datePublished\":\"2025-08-09T16:20:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/pulumi-pocket-book\\\/\"},\"wordCount\":1534,\"publisher\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#organization\"},\"articleSection\":[\"Pocket Book\",\"Pulumi\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/pulumi-pocket-book\\\/\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/pulumi-pocket-book\\\/\",\"name\":\"Pulumi Pocket Book | Uplatz Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#website\"},\"datePublished\":\"2025-08-09T16:20:22+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/pulumi-pocket-book\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/uplatz.com\\\/blog\\\/pulumi-pocket-book\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/pulumi-pocket-book\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pulumi Pocket Book\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/\",\"name\":\"Uplatz Blog\",\"description\":\"Uplatz is a global IT Training &amp; Consulting company\",\"publisher\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#organization\",\"name\":\"uplatz.com\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/11\\\/Uplatz-Logo-Copy-2.png\",\"contentUrl\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/11\\\/Uplatz-Logo-Copy-2.png\",\"width\":1280,\"height\":800,\"caption\":\"uplatz.com\"},\"image\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/Uplatz-1077816825610769\\\/\",\"https:\\\/\\\/x.com\\\/uplatz_global\",\"https:\\\/\\\/www.instagram.com\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/7956715?trk=tyah&amp;amp;amp;amp;trkInfo=clickedVertical:company,clickedEntityId:7956715,idx:1-1-1,tarId:1464353969447,tas:uplatz\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/person\\\/8ecae69a21d0757bdb2f776e67d2645e\",\"name\":\"uplatzblog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g\",\"caption\":\"uplatzblog\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pulumi Pocket Book | Uplatz Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/","og_locale":"en_US","og_type":"article","og_title":"Pulumi Pocket Book | Uplatz Blog","og_description":"Pulumi Pocket Book \u2014 Uplatz 50 in-depth cards \u2022 Wide layout \u2022 Readable examples \u2022 20-question interview Q&amp;A included Section 1 \u2014 Foundations 1) What is Pulumi? Pulumi is an Read More ...","og_url":"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/","og_site_name":"Uplatz Blog","article_publisher":"https:\/\/www.facebook.com\/Uplatz-1077816825610769\/","article_published_time":"2025-08-09T16:20:22+00:00","author":"uplatzblog","twitter_card":"summary_large_image","twitter_creator":"@uplatz_global","twitter_site":"@uplatz_global","twitter_misc":{"Written by":"uplatzblog"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/#article","isPartOf":{"@id":"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/"},"author":{"name":"uplatzblog","@id":"https:\/\/uplatz.com\/blog\/#\/schema\/person\/8ecae69a21d0757bdb2f776e67d2645e"},"headline":"Pulumi Pocket Book","datePublished":"2025-08-09T16:20:22+00:00","mainEntityOfPage":{"@id":"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/"},"wordCount":1534,"publisher":{"@id":"https:\/\/uplatz.com\/blog\/#organization"},"articleSection":["Pocket Book","Pulumi"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/","url":"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/","name":"Pulumi Pocket Book | Uplatz Blog","isPartOf":{"@id":"https:\/\/uplatz.com\/blog\/#website"},"datePublished":"2025-08-09T16:20:22+00:00","breadcrumb":{"@id":"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/uplatz.com\/blog\/pulumi-pocket-book\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/uplatz.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Pulumi Pocket Book"}]},{"@type":"WebSite","@id":"https:\/\/uplatz.com\/blog\/#website","url":"https:\/\/uplatz.com\/blog\/","name":"Uplatz Blog","description":"Uplatz is a global IT Training &amp; Consulting company","publisher":{"@id":"https:\/\/uplatz.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/uplatz.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/uplatz.com\/blog\/#organization","name":"uplatz.com","url":"https:\/\/uplatz.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/uplatz.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2016\/11\/Uplatz-Logo-Copy-2.png","contentUrl":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2016\/11\/Uplatz-Logo-Copy-2.png","width":1280,"height":800,"caption":"uplatz.com"},"image":{"@id":"https:\/\/uplatz.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Uplatz-1077816825610769\/","https:\/\/x.com\/uplatz_global","https:\/\/www.instagram.com\/","https:\/\/www.linkedin.com\/company\/7956715?trk=tyah&amp;amp;amp;amp;trkInfo=clickedVertical:company,clickedEntityId:7956715,idx:1-1-1,tarId:1464353969447,tas:uplatz"]},{"@type":"Person","@id":"https:\/\/uplatz.com\/blog\/#\/schema\/person\/8ecae69a21d0757bdb2f776e67d2645e","name":"uplatzblog","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g","caption":"uplatzblog"}}]}},"_links":{"self":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts\/4473","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/comments?post=4473"}],"version-history":[{"count":1,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts\/4473\/revisions"}],"predecessor-version":[{"id":4474,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts\/4473\/revisions\/4474"}],"wp:attachment":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/media?parent=4473"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/categories?post=4473"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/tags?post=4473"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}