Pulumi — Operations¶

Scope

Production deployment patterns, operational procedures, performance tuning, and troubleshooting for Pulumi.

Deployment¶

Installation & Setup¶

# Install
brew install pulumi

# Login to backend
pulumi login                    # Pulumi Cloud
pulumi login --local            # Local state
pulumi login s3://my-state      # S3 backend

# New project
pulumi new typescript

Stack Management¶

# Create and select stacks
pulumi stack init staging
pulumi stack init production
pulumi stack select production

# Preview changes
pulumi preview

# Deploy
pulumi up --yes

# Destroy
pulumi destroy --yes

State Operations¶

# Export/import state
pulumi stack export > state.json
pulumi stack import < state.json

# Refresh state from cloud
pulumi refresh

# Import existing resource
pulumi import aws:s3:Bucket my-bucket my-bucket-name

Secrets Management¶

# Set encrypted secret
pulumi config set --secret dbPassword "s3cr3t"

# Change encryption provider
pulumi stack change-secrets-provider "awskms://alias/pulumi"

Common Issues¶

Issue	Diagnosis	Fix
State conflict	Multiple deployers	Use Pulumi Cloud or state locking
Import drift	`pulumi refresh`	Refresh then `pulumi up`
Plugin version mismatch	`pulumi plugin ls`	`pulumi plugin install resource aws v6.0.0`
Stack locked	Concurrent operation	`pulumi cancel`