Pulumi AWS Provider

The Pulumi AWS provider enables infrastructure-as-code management for Amazon Web Services using TypeScript, JavaScript, Python, Go, .NET, and Java.

Package Information

• Package: @pulumi/aws
• Version: 7.16.0
• Type: npm (TypeScript/JavaScript)
• Installation: npm install @pulumi/aws
• Official Docs: https://www.pulumi.com/registry/packages/aws/

Quick Start

New to Pulumi AWS? → Quick Start Guide (5 min)

Basic imports:

import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";

First resource:

const bucket = new aws.s3.BucketV2("my-bucket");
export const bucketName = bucket.id;

Coverage

• 229 AWS service modules - Complete AWS service coverage
• 1,605+ resource types - Create and manage AWS resources
• 1,242+ data sources - Query existing AWS infrastructure
• Multi-language support - TypeScript, JavaScript, Python, Go, .NET, Java

Documentation Structure

Getting Started

• Quick Start Guide - Get productive in 5 minutes
• Core Concepts - Understand Pulumi + AWS fundamentals
• Provider Configuration - Authentication and global settings
• Utility Functions - Top-level AWS utility functions

Task-Oriented Guides

• Authentication Guide - All authentication methods
• Common Patterns - Tagging, dependencies, cross-references
• Resource Lifecycle - Create, update, delete workflows
• Multi-Region Patterns - Cross-region and global resources
• Security Best Practices - Security patterns and guidelines

Quick Reference

• Service Index - Compact table of all 229 services
• Detailed Service Reference - Complete service listings
• Resource Types by Category - All resources organized by type
• Data Sources by Category - All data sources organized by type

Service Categories

Compute

Run code and manage servers → Compute Overview

• EC2 - Virtual Servers - Instances, AMIs, key pairs, placement groups
• Lambda - Serverless Functions - Functions, layers, event sources
• ECS - Container Service - Clusters, services, task definitions
• EKS - Kubernetes Service - Clusters, node groups, Fargate
• Auto Scaling - Groups, policies, lifecycle hooks
• Batch - Job queues, compute environments

Storage

Object, block, and file storage → Storage Overview

• S3 - Object Storage - Buckets, objects, policies, replication
• EBS - Block Storage - Volumes, snapshots, encryption
• EFS - File Systems - File systems, mount targets, access points
• FSx - Managed File Systems - Lustre, Windows, ONTAP, OpenZFS
• Glacier - Archive Storage - Vaults, archives, retrieval
• Backup - Centralized Backup - Plans, vaults, selections

Database

Relational, NoSQL, caching, and data warehousing → Database Overview

• RDS - Relational Databases - Instances, clusters, snapshots, Aurora
• DynamoDB - NoSQL Database - Tables, indexes, streams, global tables
• ElastiCache - In-Memory Cache - Redis, Memcached clusters
• Redshift - Data Warehouse - Clusters, parameter groups, snapshots
• Neptune - Graph Database - Clusters, instances, parameter groups
• DocumentDB - MongoDB Compatible - Clusters, instances

Networking

VPCs, DNS, CDN, load balancing, API management → Networking Overview

• VPC - Virtual Private Cloud - VPCs, subnets, route tables, gateways
• Route 53 - DNS Service - Zones, records, health checks
• CloudFront - CDN - Distributions, origins, cache behaviors
• API Gateway - REST APIs - REST APIs, resources, deployments
• API Gateway v2 - HTTP/WebSocket - HTTP and WebSocket APIs
• Load Balancers - ALB, NLB, target groups, listeners

Security

Identity, encryption, secrets, certificates, threat detection → Security Overview

• IAM - Identity & Access - Users, roles, policies, groups
• KMS - Key Management - Keys, aliases, grants
• Secrets Manager - Secrets, rotation, replication
• ACM - Certificate Manager - Certificates, validation
• WAF - Web Application Firewall - Web ACLs, rules, rule groups
• GuardDuty - Threat Detection - Detectors, filters, findings
• Security Hub - Security standards, insights

Application Integration

Messaging, queuing, notifications, workflows → Services Overview

• SNS - Notifications - Topics, subscriptions, platform applications
• SQS - Message Queues - Queues, dead letter queues
• EventBridge - Rules, buses, targets
• Step Functions - State machines, activities

Monitoring & Management

Logging, monitoring, auditing, configuration → Services Overview

• CloudWatch - Monitoring - Logs, metrics, alarms, dashboards
• CloudTrail - Audit Logging - Trails, event selectors
• Config - Resource Config - Rules, recorders, aggregators
• Systems Manager - Parameters, documents, patch baselines

Additional Services

Analytics, ML, DevOps, migration, cost management → Services Overview

• Analytics Services - Athena, EMR, Kinesis, Glue, OpenSearch
• AI/ML Services - SageMaker, Bedrock, Comprehend, Rekognition
• Developer Tools - CodeBuild, CodePipeline, CodeDeploy
• Migration Services - DMS, Transfer, DataSync
• Cost Management - Cost Explorer, Budgets, billing

Core Concepts

Resources

Resources are infrastructure components you create and manage.

class Resource extends pulumi.CustomResource {
    constructor(name: string, args: ResourceArgs, opts?: pulumi.CustomResourceOptions);
}

Example:

const vpc = new aws.ec2.Vpc("my-vpc", {
    cidrBlock: "10.0.0.0/16",
    tags: { Name: "my-vpc" },
});

Data Sources

Data sources query existing AWS resources.

function getResource(args: GetResourceArgs): Promise<GetResourceResult>;

Example:

const defaultVpc = await aws.ec2.getVpc({ default: true });

Outputs

Outputs represent resource properties that may not be known until after deployment.

interface Output<T> {
    apply<U>(func: (t: T) => Input<U>): Output<U>;
}

Example:

export const bucketArn = bucket.arn;  // Output<string>

Dependencies

Pulumi automatically tracks dependencies between resources.

const vpc = new aws.ec2.Vpc("vpc", { cidrBlock: "10.0.0.0/16" });
const subnet = new aws.ec2.Subnet("subnet", {
    vpcId: vpc.id,  // Automatic dependency
    cidrBlock: "10.0.1.0/24",
});

Provider

The Provider configures AWS authentication and default settings.

class Provider extends pulumi.ProviderResource {
    constructor(name: string, args?: ProviderArgs, opts?: pulumi.ResourceOptions);
}

interface ProviderArgs {
    region?: pulumi.Input<string>;
    profile?: pulumi.Input<string>;
    accessKey?: pulumi.Input<string>;
    secretKey?: pulumi.Input<string>;
    assumeRoles?: pulumi.Input<pulumi.Input<AssumeRole>[]>;
    defaultTags?: pulumi.Input<DefaultTags>;
    // ... additional configuration
}

Example:

const provider = new aws.Provider("my-provider", {
    region: "us-west-2",
    defaultTags: { tags: { Environment: "production" } },
});

const bucket = new aws.s3.BucketV2("bucket", {}, { provider });

Full Provider Documentation

Common Patterns

Tagging Resources

const commonTags = {
    Environment: "production",
    Project: "my-app",
    ManagedBy: "pulumi",
};

const bucket = new aws.s3.BucketV2("bucket", {
    tags: commonTags,
});

Using Outputs

const bucket = new aws.s3.BucketV2("bucket");

// Apply transformations to outputs
const bucketDomain = bucket.bucket.apply(name => `${name}.s3.amazonaws.com`);

// Use outputs as inputs to other resources
const policy = new aws.s3.BucketPolicy("policy", {
    bucket: bucket.id,  // Output<string> used as Input<string>
    policy: bucket.arn.apply(arn => JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Principal: "*",
            Action: "s3:GetObject",
            Resource: `${arn}/*`,
        }],
    })),
});

Cross-Stack References

// Export from one stack
export const vpcId = vpc.id;
export const subnetIds = subnets.map(s => s.id);

// Import in another stack
const stackRef = new pulumi.StackReference("my-org/network-stack/prod");
const vpcId = stackRef.getOutput("vpcId");
const subnetIds = stackRef.getOutput("subnetIds");

Multi-Region Resources

const usWest = new aws.Provider("us-west", { region: "us-west-2" });
const usEast = new aws.Provider("us-east", { region: "us-east-1" });

const westBucket = new aws.s3.BucketV2("west-bucket", {}, { provider: usWest });
const eastBucket = new aws.s3.BucketV2("east-bucket", {}, { provider: usEast });

More Patterns

Type System

Input Types

Accept literals, promises, or outputs:

type Input<T> = T | Promise<T> | Output<T>;

Common Interfaces

// Tags
interface Tags {
    [key: string]: pulumi.Input<string>;
}

// ARN
type ARN = string;

// Policy Documents
interface PolicyDocument {
    Version?: string;
    Statement: PolicyStatement[];
}

interface PolicyStatement {
    Effect: "Allow" | "Deny";
    Action?: string | string[];
    Resource?: string | string[];
    Principal?: PolicyPrincipal;
    Condition?: { [operator: string]: { [key: string]: string | string[] } };
}

Best Practices

Security

1. Never hard-code credentials - use IAM roles or profiles
2. Enable encryption for sensitive data (S3, EBS, RDS)
3. Use Secrets Manager for sensitive values
4. Apply least-privilege IAM policies
5. Enable CloudTrail and GuardDuty

Security Best Practices Guide

Organization

1. Use consistent naming conventions
2. Apply tags to all resources
3. Group related resources in component resources
4. Use separate stacks for different environments
5. Export outputs for cross-stack references

Performance

1. Batch resource creation when possible
2. Use data sources to reference existing resources
3. Leverage parallel resource creation (Pulumi automatic)
4. Cache stack references when used multiple times

More in Common Patterns Guide

Troubleshooting

Common Issues

Authentication Errors

• Check AWS credentials configuration
• Verify IAM permissions
• Ensure region is specified

Full Authentication Guide

Resource Conflicts

• Check for existing resources with same name
• Verify unique resource identifiers
• Review AWS service quotas

Dependency Errors

• Ensure dependencies are explicitly declared when needed
• Use dependsOn option for non-automatic dependencies
• Check for circular dependencies

Resource Lifecycle Guide

Finding Services

By Category

• Compute: Overview
• Storage: Overview
• Database: Overview
• Networking: Overview
• Security: Overview
• Other Services: Overview

By Name

• Alphabetical Index: Service Index (compact table)
• Detailed Listings: Detailed Reference (all services A-Z)

By Resource Type

• Resource Types by Category
• Data Sources by Category

Additional Resources

• Official Pulumi AWS Docs: https://www.pulumi.com/registry/packages/aws/
• AWS Documentation: https://docs.aws.amazon.com/
• Pulumi Examples: https://github.com/pulumi/examples
• Community: https://pulumi-community.slack.com/

Version Information

This documentation covers @pulumi/aws version 7.16.0. For version-specific changes, see the official changelog.