Version
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
docs
reference
services
tessl/maven-com-pulumi--aws
tessl install tessl/maven-com-pulumi--aws@7.16.0Pulumi Java SDK for AWS providing strongly-typed Infrastructure-as-Code for 227 AWS service packages including compute, storage, databases, networking, security, analytics, machine learning, and more.
getting-started.mddocs/
Getting Started with Pulumi AWS Java SDK
This guide will help you get started with the Pulumi AWS Java SDK for Infrastructure-as-Code.
Prerequisites
- Java 11 or later installed
- Maven or Gradle for dependency management
- Pulumi CLI installed (installation guide)
- AWS credentials configured (AWS CLI setup)
Installation
Maven
Add the dependency to your pom.xml:
<dependencies>
<dependency>
<groupId>com.pulumi</groupId>
<artifactId>pulumi</artifactId>
<version>0.13.0</version>
</dependency>
<dependency>
<groupId>com.pulumi</groupId>
<artifactId>aws</artifactId>
<version>7.16.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.2.2</version>
<configuration>
<archive>
<manifest>
<mainClass>com.example.App</mainClass>
</manifest>
</archive>
</configuration>
</plugin>
</plugins>
</build>Gradle
Add to your build.gradle:
plugins {
id 'java'
id 'application'
}
dependencies {
implementation 'com.pulumi:pulumi:0.13.0'
implementation 'com.pulumi:aws:7.16.0'
}
application {
mainClass = 'com.example.App'
}
java {
toolchain {
languageVersion = JavaLanguageVersion.of(11)
}
}AWS Credentials Configuration
The Pulumi AWS provider uses the standard AWS credential resolution chain:
- Environment variables:
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_SESSION_TOKEN - Shared credentials file:
~/.aws/credentials - IAM role (when running on EC2 or ECS)
Option 1: Using AWS CLI Configuration
aws configureThis creates ~/.aws/credentials and ~/.aws/config files.
Option 2: Using Environment Variables
export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
export AWS_REGION="us-west-2"Option 3: Using Named Profiles
In your Pulumi program:
import com.pulumi.aws.Provider;
import com.pulumi.aws.ProviderArgs;
var awsProvider = new Provider("aws", ProviderArgs.builder()
.region("us-west-2")
.profile("my-profile")
.build());Creating Your First Pulumi Project
Step 1: Initialize a New Project
mkdir my-aws-infrastructure
cd my-aws-infrastructure
pulumi new javaFollow the prompts to set up your project.
Step 2: Create a Simple Resource
Edit src/main/java/myproject/App.java:
package myproject;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create an S3 bucket
var bucket = new Bucket("my-first-bucket", BucketArgs.builder()
.bucket("my-unique-bucket-name-12345")
.build());
// Export the bucket name
ctx.export("bucketName", bucket.bucket());
ctx.export("bucketArn", bucket.arn());
}
}Step 3: Preview and Deploy
Preview the changes:
pulumi previewDeploy the infrastructure:
pulumi upType "yes" to confirm the deployment.
Step 4: View Outputs
After deployment, view the stack outputs:
pulumi stack output bucketName
pulumi stack output bucketArnStep 5: Clean Up
Destroy the resources when done:
pulumi destroyUnderstanding the Basic Structure
Main Application Entry Point
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Your infrastructure code here
}
}Pulumi.run()is the entry point for the Pulumi runtimestack()method contains your infrastructure definitionsContext ctxprovides stack context and export capabilities
Resource Creation Pattern
var resource = new ResourceType("resource-name", ResourceTypeArgs.builder()
.property1(value1)
.property2(value2)
.build());- First argument is the resource name (unique within the stack)
- Second argument is the configuration using builder pattern
- Returns a resource object with output properties
Working with Outputs
// Resource properties are Output<T>
Output<String> bucketName = bucket.bucket();
Output<String> bucketArn = bucket.arn();
// Transform outputs with apply()
Output<String> upperName = bucketName.apply(String::toUpperCase);
// Combine multiple outputs
Output<String> combined = Output.tuple(bucket.bucket(), bucket.arn())
.apply(tuple -> tuple.t1 + " - " + tuple.t2);
// Export outputs (visible in pulumi stack output)
ctx.export("bucketName", bucketName);Resource Dependencies
Pulumi automatically tracks dependencies when you pass Output values:
// Create VPC
var vpc = new Vpc("my-vpc", VpcArgs.builder()
.cidrBlock("10.0.0.0/16")
.build());
// Create subnet (depends on VPC automatically)
var subnet = new Subnet("my-subnet", SubnetArgs.builder()
.vpcId(vpc.id()) // Dependency is tracked here
.cidrBlock("10.0.1.0/24")
.build());Common First Projects
Example 1: Static Website with S3
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.aws.s3.*;
import com.pulumi.asset.FileAsset;
import java.util.Map;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create bucket
var bucket = new Bucket("website-bucket", BucketArgs.builder()
.website(BucketWebsiteArgs.builder()
.indexDocument("index.html")
.build())
.build());
// Make bucket public
new BucketPublicAccessBlock("public-access", BucketPublicAccessBlockArgs.builder()
.bucket(bucket.id())
.blockPublicAcls(false)
.blockPublicPolicy(false)
.ignorePublicAcls(false)
.restrictPublicBuckets(false)
.build());
// Upload index.html
new BucketObject("index", BucketObjectArgs.builder()
.bucket(bucket.id())
.key("index.html")
.source(new FileAsset("index.html"))
.contentType("text/html")
.acl("public-read")
.build());
ctx.export("websiteUrl", bucket.websiteEndpoint());
}
}Example 2: EC2 Instance with Security Group
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.aws.ec2.*;
import com.pulumi.aws.ec2.inputs.*;
import java.util.List;
import java.util.Map;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Get the default VPC
var vpcId = Ec2Functions.getVpc(GetVpcArgs.builder()
.default_(true)
.build())
.applyValue(vpc -> vpc.id());
// Create security group
var securityGroup = new SecurityGroup("web-sg", SecurityGroupArgs.builder()
.vpcId(vpcId)
.description("Allow HTTP and SSH")
.ingress(
SecurityGroupIngressArgs.builder()
.protocol("tcp")
.fromPort(80)
.toPort(80)
.cidrBlocks(List.of("0.0.0.0/0"))
.description("Allow HTTP")
.build(),
SecurityGroupIngressArgs.builder()
.protocol("tcp")
.fromPort(22)
.toPort(22)
.cidrBlocks(List.of("0.0.0.0/0"))
.description("Allow SSH")
.build()
)
.egress(SecurityGroupEgressArgs.builder()
.protocol("-1")
.fromPort(0)
.toPort(0)
.cidrBlocks(List.of("0.0.0.0/0"))
.build())
.build());
// Get latest Amazon Linux 2 AMI
var ami = Ec2Functions.getAmi(GetAmiArgs.builder()
.mostRecent(true)
.owners(List.of("amazon"))
.filters(List.of(GetAmiFilterArgs.builder()
.name("name")
.values(List.of("amzn2-ami-hvm-*-x86_64-gp2"))
.build()))
.build());
// Create EC2 instance
var server = new Instance("web-server", InstanceArgs.builder()
.instanceType("t2.micro")
.ami(ami.applyValue(result -> result.id()))
.vpcSecurityGroupIds(List.of(securityGroup.id()))
.userData("""
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello from Pulumi</h1>" > /var/www/html/index.html
""")
.tags(Map.of("Name", "web-server"))
.build());
ctx.export("instanceId", server.id());
ctx.export("publicIp", server.publicIp());
ctx.export("publicDns", server.publicDns());
}
}Example 3: Lambda Function with API Gateway
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.aws.iam.*;
import com.pulumi.aws.lambda.*;
import com.pulumi.aws.apigatewayv2.*;
import com.pulumi.asset.FileArchive;
import java.util.Map;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create IAM role for Lambda
var role = new Role("lambda-role", RoleArgs.builder()
.assumeRolePolicy("""
{
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Principal": {"Service": "lambda.amazonaws.com"},
"Effect": "Allow"
}]
}
""")
.build());
// Attach basic execution policy
new RolePolicyAttachment("lambda-policy", RolePolicyAttachmentArgs.builder()
.role(role.name())
.policyArn("arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole")
.build());
// Create Lambda function
var lambda = new Function("hello-lambda", FunctionArgs.builder()
.runtime("python3.9")
.role(role.arn())
.handler("index.handler")
.code(new FileArchive("./lambda-function"))
.build());
// Create HTTP API
var api = new Api("http-api", ApiArgs.builder()
.protocolType("HTTP")
.build());
// Create Lambda integration
var integration = new Integration("lambda-integration", IntegrationArgs.builder()
.apiId(api.id())
.integrationType("AWS_PROXY")
.integrationUri(lambda.arn())
.payloadFormatVersion("2.0")
.build());
// Create route
new Route("route", RouteArgs.builder()
.apiId(api.id())
.routeKey("GET /hello")
.target(integration.id().apply(id -> "integrations/" + id))
.build());
// Create stage
var stage = new Stage("stage", StageArgs.builder()
.apiId(api.id())
.name("$default")
.autoDeploy(true)
.build());
// Grant API Gateway permission to invoke Lambda
new Permission("api-lambda-permission", PermissionArgs.builder()
.action("lambda:InvokeFunction")
.function(lambda.name())
.principal("apigateway.amazonaws.com")
.sourceArn(api.executionArn().apply(arn -> arn + "/*/*"))
.build());
ctx.export("apiEndpoint", api.apiEndpoint());
}
}Configuration Management
Pulumi supports configuration values that can be set per stack.
Setting Configuration Values
pulumi config set aws:region us-west-2
pulumi config set myapp:instanceType t2.micro
pulumi config set --secret myapp:dbPassword mySecretPasswordUsing Configuration in Code
import com.pulumi.Config;
public static void stack(Context ctx) {
var config = new Config();
// Get required value (throws if not set)
String instanceType = config.require("instanceType");
// Get optional value with default
String region = config.get("region").orElse("us-east-1");
// Get secret value
String dbPassword = config.requireSecret("dbPassword");
// Get typed values
int port = config.requireInt("port");
boolean enableLogging = config.requireBoolean("enableLogging");
}Next Steps
- Common Patterns - Learn the most frequently used patterns
- Web Application Guide - Deploy a complete web application
- Data Pipeline Guide - Build data processing pipelines
- Security Best Practices - Secure your infrastructure
- Service Documentation - Explore AWS services in detail
Additional Resources
- Pulumi Documentation
- Pulumi AWS Provider
- AWS Documentation
- Provider Configuration - Detailed provider configuration