CI/CD for AWS infrastructure using Pulumi
Preview and deploy AWS infrastructure changes using Pulumi.
Use template →1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36env: AWS_ROLE_ARN: arn:aws:iam::AWS-ACCOUNT-ID:role/SOME-ROLE PULUMI_STACK: xxx steps: - label: ":pulumi: Preview" commands: - npm install - pulumi preview -s $PULUMI_STACK | tee preview - printf '```\n%b\n```\n' "$(cat preview)" | buildkite-agent annotate --style "info" plugins: - aws-assume-role-with-web-identity#v1.0.0: role-arn: $AWS_ROLE_ARN - docker#v5.9.0: image: "pulumi/pulumi-nodejs" propagate-aws-auth-tokens: true mount-buildkite-agent: true environment: - PULUMI_ACCESS_TOKEN - block: "Deploy?" - label: ":pulumi: Deploy" commands: - npm install - pulumi stack select $PULUMI_STACK - pulumi up -s $PULUMI_STACK --yes plugins: - aws-assume-role-with-web-identity#v1.0.0: role-arn: $AWS_ROLE_ARN - docker#v5.9.0: image: "pulumi/pulumi-nodejs" propagate-aws-auth-tokens: true mount-buildkite-agent: true environment: - PULUMI_ACCESS_TOKEN
- Languages
- JavaScript
- Tools
- Pulumi
CI/CD for AWS infrastructure using Pulumi
This template gives you a continuous integration and continuous deployment (CI/CD) pipeline that previews a Pulumi change before deploying it to AWS.
At a glance:
- For Pulumi projects
- Uses Node.js and npm
- Requires Docker
- Prompts for confirmation before deploying
- Deploys to AWS
How it works
This template:
- Assumes a role in AWS using Buildkite’s OIDC.
- Installs Node dependencies using npm.
- Prints a preview of the Pulumi change in an annotation on the build.
- Asks for manual confirmation to deploy the change.
- Deploys the Pulumi change to AWS with
pulumi up.
The runtime environment uses a Docker image with the Pulumi CLI and Node.js.
Next steps
After you select Use template, you’ll:
- Connect the Git repository with your Pulumi code.
- Set Buildkite as an OIDC provider in AWS.
- Set the
AWS_ROLE_ARNenvironment variable to a role with permission to deploy Pulumi changes to your AWS account. - Set the
PULUMI_STACKenvironment variable to the Pulumi Stack being deployed. - Store
PULUMI_ACCESS_TOKENin your pipeline secrets. - Configure the compute—run locally, on-premises, or in the cloud.
- Run the pipeline.
You can then play around with the pipeline settings. For example, run the pipeline locally while you iterate on the definition or set a schedule to trigger a nightly build.
If you need help, please check our documentation, raise an issue , or reach out to support.