CI/CD for AWS infrastructure using Pulumi
Preview and deploy AWS infrastructure changes using Pulumi.
Use template →1env:
2 AWS_ROLE_ARN: arn:aws:iam::AWS-ACCOUNT-ID:role/SOME-ROLE
3 PULUMI_STACK: xxx
4
5steps:
6 - label: ":pulumi: Preview"
7 commands:
8 - npm install
9 - pulumi preview -s $PULUMI_STACK | tee preview
10 - printf '```\n%b\n```\n' "$(cat preview)" | buildkite-agent annotate --style "info"
11 plugins:
12 - aws-assume-role-with-web-identity#v1.0.0:
13 role-arn: $AWS_ROLE_ARN
14 - docker#v5.9.0:
15 image: "pulumi/pulumi-nodejs"
16 propagate-aws-auth-tokens: true
17 mount-buildkite-agent: true
18 environment:
19 - PULUMI_ACCESS_TOKEN
20
21 - block: "Deploy?"
22
23 - label: ":pulumi: Deploy"
24 commands:
25 - npm install
26 - pulumi stack select $PULUMI_STACK
27 - pulumi up -s $PULUMI_STACK --yes
28 plugins:
29 - aws-assume-role-with-web-identity#v1.0.0:
30 role-arn: $AWS_ROLE_ARN
31 - docker#v5.9.0:
32 image: "pulumi/pulumi-nodejs"
33 propagate-aws-auth-tokens: true
34 mount-buildkite-agent: true
35 environment:
36 - PULUMI_ACCESS_TOKEN
- Languages
- JavaScript
- Tools
- Pulumi
CI/CD for AWS infrastructure using Pulumi
This template gives you a continuous integration and continuous deployment (CI/CD) pipeline that previews a Pulumi change before deploying it to AWS.
At a glance:
- For Pulumi projects
- Uses Node.js and npm
- Requires Docker
- Prompts for confirmation before deploying
- Deploys to AWS
How it works
This template:
- Assumes a role in AWS using Buildkite’s OIDC.
- Installs Node dependencies using npm.
- Prints a preview of the Pulumi change in an annotation on the build.
- Asks for manual confirmation to deploy the change.
- Deploys the Pulumi change to AWS with
pulumi up
.
The runtime environment uses a Docker image with the Pulumi CLI and Node.js.
Next steps
After you select Use template, you’ll:
- Connect the Git repository with your Pulumi code.
- Set Buildkite as an OIDC provider in AWS.
- Set the
AWS_ROLE_ARN
environment variable to a role with permission to deploy Pulumi changes to your AWS account. - Set the
PULUMI_STACK
environment variable to the Pulumi Stack being deployed. - Store
PULUMI_ACCESS_TOKEN
in your pipeline secrets. - Configure the compute—run locally, on-premises, or in the cloud.
- Run the pipeline.
You can then play around with the pipeline settings. For example, run the pipeline locally while you iterate on the definition or set a schedule to trigger a nightly build.
If you need help, please check our documentation, raise an issue , or reach out to support.