Platform-Engineering-Pillars | Pulumi
Platform Engineering Pillars Series| pulumi
Ask a generic LLM to “fix my broken deployment,” and you’ll get generic advice. Ask Pulumi Neo the same question, and you’ll get a fix plan grounded in your actual infrastructure state. The difference isn’t about better prompts or newer models. It’s about what the AI actually knows. Generic LLMs have been trained on the internet. Neo has been trained on your infrastructure. This distinction matters more than you’d think. The grounding problem Most AI tools treat infrastructure l...| Pulumi Blog
Welcome to the fourth post in our IDP Best Practices series. Today we’re diving into the world of drift detection and remediation, those critical day 2 operations that keep your infrastructure aligned with its intended configuration long after the initial deployment. You’ve built a beautiful platform with robust guardrails, comprehensive templates, and well-defined golden paths. Your developers are productive, deployments are smooth, and everything seems perfect. Then reality hits. An on-...| Pulumi Blog
Neo just got significantly more capable. We’ve shipped three major updates: Operating Modes for flexible control, full ecosystem tool access, and Claude Sonnet 4.5 for better performance on complex infrastructure tasks. You decide how much control you keep The same action has different risks in different contexts. Building a new dev environment is low risk. Opening a PR that changes shared infrastructure requires more scrutiny. Operating Modes let you adjust autonomy based on context: Revie...| Pulumi Blog
Pulumi ESC (Environments, Secrets, and Configuration) provides centralized secrets management and configuration orchestration across your infrastructure and applications. Today, we’re excited to introduce a redesigned onboarding experience and a simpler, automated way to set up Pulumi ESC as an OpenID Connect (OIDC) provider. A new and refreshed onboarding experience Pulumi ESC helps you manage configuration for Pulumi programs, handle secret rotation, and centralize secrets stored across m...| Pulumi Blog
Open Approvals enable strict, auditable approval workflows for environment activation, ensuring governance and safer infrastructure operations.| pulumi
We’re excited to announce the Pulumi Remote MCP Server—a hosted service that brings AI-powered infrastructure management to any AI assistant that supports the Model Context Protocol. Connect your favorite AI assistant to https://mcp.ai.pulumi.com/mcp and instantly access your Pulumi Cloud infrastructure, search resources across stacks, and delegate complex automation tasks to Pulumi Neo. The Evolution of Pulumi MCP Earlier this year, we launched the Pulumi MCP server as a local npm packag...| Pulumi Blog
Since launching Pulumi Neo two weeks ago, we’ve seen platform teams discover creative ways to put their newest AI teammate to work. We have also been using Neo internally for a handful of use cases. Neo shifts the conversation from “what could AI do for infrastructure?” to “what can I actually accomplish with Neo today?” The answer is quite a bit. Here are 10 concrete workflows that platform teams can use Neo for right now, each one designed to save hours of manual work while keepin...| Pulumi Blog
Welcome to the third post in our IDP Best Practices series, where we explore how to implement policy as code with Pulumi CrossGuard to create deployment guardrails that make self-service infrastructure both powerful and safe. Platform engineering presents a fundamental tension: we want to enable developer velocity while maintaining security and compliance. Every platform team faces the same question: how do you give teams the freedom to deploy infrastructure quickly without compromising on sa...| Pulumi Blog
We’re excited to announce the v9 release of the Pulumi Google Cloud Provider! This major release contains important updates to Google Cloud resources and functions, and keeps you up to date with what’s new from Pulumi. The Pulumi Google Cloud provider can be used to provision any of the Google Cloud resources available in the upstream provider. The provider is open source and available on GitHub so you can be part of the community - issues and pull requests are always welcome! Here are a ...| Pulumi Blog
Automate tedious diagramming work in your CI/CD pipelines to maintain always-accurate architecture diagrams.| pulumi
Pulumi’s Infrastructure as Code has included a powerful policy engine from day one. Over the past year, we’ve been enhancing it significantly to provide stronger governance for modern cloud platforms. Until now, these capabilities were limited to our Business Critical tier. Today, we’re excited to announce that policy guardrails are now available to all Team and Enterprise customers. Alongside this, we’re launching a redesigned policy management experience and introducing out-of-the-b...| Pulumi Blog
AI coding assistants have transformed the speed at which developers can write and deploy code. Pull request velocity has increased significantly. Feature delivery has accelerated beyond what we thought possible just two years ago. This should be a victory for everyone in the software organization. Instead, it’s created significant challenges for infrastructure and platform teams. Every line of code that ships faster creates new platform needs: monitoring, secrets management, deployment pipe...| Pulumi Blog
We’re excited to share a new update to Pulumi Cloud: a redesigned left-hand navigation that makes it faster and easier to find what you need. With this update, the most common workflows are now front and center, while related features are grouped in a way that better reflects how teams actually use Pulumi Cloud every day. This change is all about helping you spend less time clicking around and more time building, deploying, and managing your cloud infrastructure. Faster Access to What You U...| Pulumi Blog
Pulumi Cloud consolidates resources from multiple sources into unified views, reducing duplicates and improving infrastructure visibility.| pulumi
Today we’re excited to announce Azure Native Provider v3.8, featuring several enhancements that simplify authentication and extend support to private Azure environments. These updates make it easier than ever to manage Azure infrastructure using credentials provided by the hosting environment, such as in Azure Kubernetes Service (AKS), Azure VM, and Azure Cloud Shell. Simplified Authentication Across Environments The highlight of this release is a new authentication mode based on DefaultAzu...| Pulumi Blog
Sometimes infrastructure needs a clean slate. A VM with a corrupted disk, an expired certificate, or a stuck Kubernetes object. Pulumi CLI v3.192.0 introduces pulumi state taint and pulumi state untaint commands that let you mark resources for replacement—especially valuable when you have state access but restricted cloud permissions. The New Commands pulumi state taint <resource-urn> - Mark a resource for replacement pulumi state untaint <resource-urn> - Cancel the replacement (use --all t...| Pulumi Blog
Building and maintaining reusable infrastructure has always been about more than just writing good code. It’s about making that code discoverable, understandable, and easy to adopt across your organization. Today, we’re excited to announce a new feature that removes significant friction from sharing and consuming infrastructure components: automatic multi-language API documentation in Pulumi Private Registry. The Challenge of Sharing Infrastructure at Scale Platform teams invest significa...| Pulumi Blog
Azure Resource Manager (ARM) templates are powerful, but painful. If you’ve ever tried to provision cloud infrastructure using ARM, you know the challenges: Templates that started simple… and now span thousands of lines Manual configuration stitched together with bespoke deployment logic Lack of support for key services like Databricks Slow, error-prone deployments that require multiple manual steps No reuse, no testing, and no relief ARM wasn’t built for the complexity of modern Azure ...| Pulumi Blog
Build reusable infrastructure using components and templates to create golden paths that enable scalable, self-service internal developer platforms.| pulumi
Welcome to the first post in our IDP Best Practices series. In this guide, we’ll walk through the strategic foundations for designing an Internal Developer Platform that empowers developers without sacrificing governance, security, or operational control. At Pulumi, we’ve worked with hundreds of teams facing the same core challenge: How do you give developers the infrastructure access they need, while maintaining the governance and security your organization requires? That tension is at t...| Pulumi Blog
Developers are losing days every month to infrastructure bottlenecks, compliance hurdles, and inconsistent environments. Platform engineering promised to fix that, yet too many platforms fail before they deliver real impact. In this comparison of Backstage vs Pulumi IDP, we’ll explore why choosing the right architectural approach matters more than the tool itself. Quick comparison: Backstage vs Pulumi IDP Backstage is an open-source developer portal framework from Spotify that focuses on se...| Pulumi Blog
Pulumi AWS provider 7.0 is here with powerful new capabilities that simplify and scale infrastructure as code on AWS. As the most widely used provider in the Pulumi ecosystem, it offers access to the full surface area of the upstream Terraform AWS Provider in Pulumi projects in all supported languages, like TypeScript, Python, Go, C#, Java, and YAML. The 7.0 release brings fixes and improvements to the provider, including several breaking changes as part of the major version release. What’s...| Pulumi Blog
Approvals enables effective change management by bringing governance and oversight directly into their environment configuration workflows.| pulumi
It’s funny how technology has a way of sneaking back into your life just when you think you’ve moved on for good. Jenkins and I have quite the history. Think of it as that reliable but slightly temperamental friend from your college days who you haven’t seen in years. A Blast from the Jenkins Past The last time Jenkins and I were on speaking terms was during my tenure at my former workplace, back when the CI/CD landscape looked very different than it does today. We weren’t just casual...| Pulumi Blog
Today, we are announcing a new addition that allows Pulumi users to use Bun as their package manager, offering an alternative to npm, Yarn, or pnpm. Bun, a recently released JavaScript runtime, bundler, transpiler, and package manager, provides a faster way to manage Pulumi project dependencies. What is this Bun thing you’re talking about? If you’ve spent time around the JavaScript ecosystem, then you’ve probably heard of Bun. If you haven’t, then be aware that it presents itself as a...| Pulumi Blog
We’re excited to introduce Google Cloud support to Insights Account Discovery. This new capability expands Pulumi’s resource discovery to help you uncover infrastructure in Google Cloud, regardless of how those resources are managed. With full visibility into all of your cloud resources, you can monitor, search, and manage your environments more effectively. Scan an Entire Google Cloud Project in Minutes With Pulumi Insights, gaining visibility into your Google Cloud environment is fast a...| Pulumi Blog
Compare secrets management tools and find the best solution for your infrastructure with expert analysis and recommendations.| pulumi
Pulumi now allows you to run custom code at any point in the resource lifecycle| pulumi
Infrastructure as Code (IaC) has evolved beyond simple automation into a fundamental shift toward applying software engineering practices to infrastructure management. In 2025, leading organizations aren’t just provisioning infrastructure—they’re treating it as software, complete with testing, version control, code reviews, and continuous integration. As infrastructure complexity grows, teams increasingly seek approaches that provide the same developer productivity tools they use for ap...| Pulumi Blog
We are excited to announce support for Doppler within Pulumi ESC! Pulumi ESC centralizes secrets and configuration management, providing a unified source of truth across your environments. With the addition of Doppler, a popular secrets management platform, ESC further extends its ecosystem, enabling seamless and secure access to secrets stored across diverse systems. This release introduces two distinct dynamic providers for Doppler, each designed to improve security and streamline your work...| Pulumi Blog
Today, we’re excited to announce a major advancement in Pulumi’s mission to make modern infrastructure as code accessible to every developer: direct support for executing Terraform modules. This new capability addresses one of the most significant challenges our users face when migrating from Terraform to Pulumi—complex projects with extensive module dependencies. The Path to Modern Infrastructure as Code At Pulumi, we believe the ideal infrastructure as code experience leverages the fu...| Pulumi Blog
AWS RDS supports blue/green deployments to support database maintainence. In a blue/green deployment, you have one production (blue) and one staging (green) database. You can safely make changes to the green instance without affecting production and promote it to be the main instance. When you enable blue/green updates, Pulumi will temporarily set up a blue/green deployment for the duration of the update to minimize downtime. There are many benefits to using blue/green deployments for updates...| Pulumi Blog
When managing infrastructure as code at scale, reliable state storage is essential. Pulumi Cloud provides a fully managed, secure, and scalable solution out of the box. For teams that choose to build and maintain their own backend, Pulumi now offers support for PostgreSQL as a DIY state storage option—though this requires additional operational overhead and careful consideration around performance, security, and maintenance. The Need for Database-Backed State Storage Traditional DIY backend...| Pulumi Blog
Today we’re excited to launch support for Customer-Managed Keys (CMKs) in Pulumi ESC. This feature gives your organization full control over how your secrets and state are encrypted — empowering you to meet the most demanding compliance requirements like HIPAA, GDPR, and FedRAMP, all while maintaining the ease-of-use that Pulumi is known for. Why Customer-Managed Keys? Pulumi encrypts secrets and other sensitive information stored in ESC using data keys, which are encrypted with Pulumi-Ma...| Pulumi Blog
Transform governance from manual bureaucracy into an automated enabler by embedding policy-as-code, RBAC, and automated controls directly into your platform.| pulumi
Frustratedly trying to figure out what's actually happeningIn previous articles in this series, we’ve shown how platform engineering turns infrastructure chaos into consistency, gives teams self-service tools, smooths developer workflows, and bakes security into the platform. Each pillar builds on the last. Together, they create an internal developer platform that cuts friction and speeds innovation. Even so, teams still face a big challenge: seeing what’s really happening. Whether things...| Pulumi Blog
Introducing Pulumi IAM: A new era of granular access control across Pulumi Cloud, starting with Custom Roles and scoped Access Tokens for enhanced security and automation.| pulumi
Learn how to transform infrastructure management from configuration chaos to programming languages using effective change management strategies.| pulumi
How SEITENBAU built a flexible platform serving 20+ independent projects with Pulumi's buffet approach, offering reusable components teams can mix and match.| pulumi
We’re excited to announce the new AI capabilities for Pulumi CLI powered by Pulumi Copilot that translate complex infrastructure changes into clear, human-readable explanations and help resolve deployment errors with actionable guidance. Enable these preview features with the --copilot flag. At Pulumi, we’re committed to helping you deploy infrastructure efficiently and with minimal friction. Anyone who has worked with cloud infrastructure knows the frustration of sifting through large pr...| Pulumi Blog
Pulumi Go Provider SDK is now generally available: Build custom infrastructure providers in hours, not weeks, while unlocking cross-team collaboration and standardization| pulumi
Discover how Pulumi Cloud can accelerate speed, ensure security, scale operations, and save costs in your multi-cloud environment.| pulumi
Introducing Pulumi Visual Import—discover, codify, and generate clean infrastructure code with AI assistance.| pulumi
Pulumi now supports excluding specific resources from stack operations, giving you more control and efficiency in managing your infrastructure| pulumi
2 Months ago, user deacon91, after years of working in the industry has declared DevOps to be a dead end on Reddit’s r/devops. And I’ve been thinking about his thoughts on the industry since then. His point was that DevOps, the breaking down of silos between development and operations, had been tried. We learned the lessons of this approach and need to do something better: Platform Engineering. And platform engineering has certainly emerged as a new hot area. But is it truly an evolutiona...| Pulumi Blog
As part of the Pulumi IDP announcement at PulumiUP, we introduced the Pulumi Private Registry. For years, we’ve worked with organizations that have built their own internal developer platforms on top of Pulumi. During that time, we identified what we believe is the best method for creating flexible golden paths – a bottom-up approach that utilizes a central source of truth to drive golden paths. Thanks to Pulumi Private Registry, this approach has never been simpler. Codified Security and...| Pulumi Blog
Today, we’re excited to introduce Pulumi IDP, the latest evolution of the Pulumi Cloud Platform, designed to help organizations automate, secure, and manage everything they run in the cloud. Get Started with Pulumi IDP For the past eight years, we’ve helped organizations simplify the deployment and management of their infrastructure. Pulumi launched at the height of DevOps, bringing general-purpose programming languages to infrastructure as code (IaC) at a time when application teams were...| Pulumi Blog
Infrastructure as Code (IaC) tools such as Pulumi can provide enormous amounts of leverage, but they must be used correctly to also provide safety. One of our main jobs as infrastructure engineers is to not break things, so leverage without safety is useless. If something is safe, we can change things easily without even thinking about it. If it isn’t, we’ll be up until 2 a.m. fixing what we broke. At Oso, we recently had to do a large infrastructure migration and learned three key princi...| Pulumi Blog
Snowflake is the data cloud powerhouse for countless businesses, critical for everything from customer dashboards to billing pipelines. The stakes are immense: this data must be strictly secured and always available. But managing this with static credentials or manual key rotation creates persistent security vulnerabilities and introduces operational instability, risking disruptions during clumsy updates. Pulumi ESC eliminates this dilemma with two purpose-built Snowflake integrations: snowfl...| Pulumi Blog
Securing access to critical data stores is paramount in today’s cloud-native world. Yet, managing database credentials often involves static, long-lived passwords – a significant security blind spot. These static secrets, frequently embedded in application configurations or accessible to multiple team members, represent a prime target for attackers. Manually rotating these credentials is a cumbersome, error-prone task that’s often neglected, leaving databases vulnerable for extended per...| Pulumi Blog
Learn how security can enable innovation by embedding guardrails directly into your platform.| pulumi
Learn how to boost developer experience, productivity, and velocity with an internal developer platform using service catalogs, templates, and CI/CD.| pulumi
Unlock developer productivity with self-service infrastructure through modular abstraction and intent-based specifications for your internal developer platform.| pulumi
Build a reliable infrastructure provisioning foundation with version control, automation, and golden-path templates for your internal developer platform.| pulumi
Explore the essential pillars of Platform Engineering and learn how to transform infrastructure chaos into a streamlined development experience.| pulumi
Pulumi ESC's Rotated Secrets automates credential rotation, enhancing security, reducing manual effort, and ensuring compliance for long-lived secrets| pulumi
Learn how to manage Kubernetes secrets securely with Pulumi ESC and the Secrets Store CSI Driver.| pulumi
Manage Amazon EKS Hybrid Nodes with Pulumi: Use AWS's control plane while running workloads on-premises or at the edge.| pulumi
Release of the next version of the Pulumi Provider for AWS EKS| pulumi
In this post in the continuing series on IaC recommended practices, the Zephyr teams starts using the Pulumi Automation API to orchestrate multiple stacks.| pulumi
This is the fifth post in a series on recommended practices for infrastructure as code with Pulumi. This post focuses on RBAC and security.| pulumi
Automatically keep dependent stacks up to date with Deployment Webhook Destinations and the pulumi-auto-deploy package.| pulumi
Review Stacks give you an automated cloud environment for every pull request so your team can ship faster, safer, and more collaboratively.| pulumi
