Pulumi
설치
AWS
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
AWS Access Key ID and Access Key: IAM -> 사용자 -> <user> -> 보안 자격 증명 -> 액세스 키 만들기
aws configure --profile <profile>
S3
- ACL 비활성화됨
- 모든 퍼블릭 액세스 차단
- 버킷 버전 관리 비활성화
- 기본 암호화 활성화
Pulumi
curl -fsSL https://get.pulumi.com | sh
pulumi_config_passphrase
<암호>
# pulumi
export PULUMI_CONFIG_PASSPHRASE_FILE=<path>/pulumi_config_passphrase
또는
# pulumi
export PULUMI_CONFIG_PASSPHRASE=<암호>
Tutorial
Directory structure
- TypeScript
- Python
test/
├── __init__.py
├── __main__.py
├── pyproject.toml
├── Pulumi.yaml
├── Pulumi.test.dev.yaml
└── src/
├── __init__.py
├── variable.py
└── ec2/
├── __init__.py
└── ec2.py
test/
├── package.json
├── tsconfig.json
├── Pulumi.yaml
├── Pulumi.test.dev.yaml
└── src/
├── index.ts
├── variable.ts
└── ec2/
├── index.ts
└── ec2.ts
Project file(Pulumi.yaml)
- TypeScript
- Python
Pulumi.yaml
name: <project>
runtime:
name: python
backend:
url: s3://<bucket>[?region=<region>&profile=<profile>]
Pulumi.yaml
name: <project>
runtime: nodejs
backend:
url: s3://<bucket>[?region=<region>&profile=<profile>]
Package file
- TypeScript
- Python
pyproject.toml
[tool.poetry]
name = "<project>"
version = "0.1.0"
description = ""
authors = ["Hyeonki Hong <[email protected]>"]
[tool.poetry.dependencies]
python = "^3.11"
pulumi = "^3.45.0"
pulumi-aws = "^5.19.0"
[tool.poetry.group.dev.dependencies]
black = "^22.10.0"
isort = "^5.10.1"
pylint = "^2.15.5"
[build-system]
build-backend = "poetry.core.masonry.api"
requires = ["poetry-core"]
package.json
{
"name": "<project>",
"main": "src/index.ts",
"devDependencies": {
"@types/node": "^14"
},
"dependencies": {
"@pulumi/aws": "^5.19.0",
"@pulumi/pulumi": "^3.45.0",
"tsconfig-paths": "^4.1.0"
}
}
tsconfig.json
{
"compilerOptions": {
"strict": true,
"outDir": "bin",
"target": "es2016",
"module": "commonjs",
"moduleResolution": "node",
"sourceMap": true,
"experimentalDecorators": true,
"pretty": true,
"noFallthroughCasesInSwitch": true,
"noImplicitReturns": true,
"forceConsistentCasingInFileNames": true,
"baseUrl": "./src",
"paths": {
"@src/*": ["./*"]
}
},
"files": ["src/index.ts"]
}
Stack Configuration file
pulumi stack init test.dev
Pulumi.test.dev.yaml
encryptionsalt: "*****"
config:
# pulumi.Config("aws")
aws:region: <region>
aws:profile: <profile>
info
Self-Managed Backend(S3, local filesystem, ...)을 사용할 때, 조직은 organization으로 고정됩니다.
backend.url을 공유하는 여러 프로젝트는, pulumi.StackReference로 다른 스택에 접근이 가능합니다.
IAC code
- TypeScript
- Python
src/variable.py
import pulumi
stack_name = pulumi.get_stack()
config = pulumi.Config()
src/ec2/ec2.py
import pulumi
import pulumi_aws as aws
from .. import variable
def create_ec2(name: str) -> aws.ec2.Instace:
return aws.ec2.Instance(
name,
ami="ami-090717c950a5c34d3",
instance_type="t3.micro",
tags={
"Name": name,
"loliot.net/stack": variable.stack_name,
},
)
aws_instance = create_ec2("app-server")
src/ec2/__init__.py
import pulumi
from . import ec2
pulumi.export("instance_id", ec2.aws_instance.id)
pulumi.export("instance_public_ip", ec2.aws_instance.public_ip)
__main__.py
from src import ec2
src/variable.ts
import * as pulumi from "@pulumi/pulumi";
export const stackName = pulumi.getStack();
// const config = new pulumi.Config();
src/ec2/ec2.ts
import * as aws from "@pulumi/aws";
import * as variable from "@src/variable";
const appServerName = "app-server";
new aws.ec2.Instance(appServerName, {
ami: "ami-090717c950a5c34d3",
instanceType: "t3.micro",
tags: {
Name: appServerName,
"loliot.net/stack": variable.stackName,
},
});
src/ec2/index.ts
import * as ec2_ from "./ec2";
ec2_;
export const ec2 = {};
src/index.ts
import { loadConfig, register } from "tsconfig-paths";
const tsConfig = loadConfig(".");
if (tsConfig.resultType === "failed") {
console.log("Could not load tsconfig to map paths, aborting.");
process.exit(1);
}
register({
baseUrl: tsConfig.absoluteBaseUrl,
paths: tsConfig.paths,
});
import { ec2 } from "./ec2";
export { ec2 };
Execution
pulumi refresh --skip-preview --yes
pulumi up
pulumi stack output
pulumi destroy --skip-preview
pulumi stack rm test.dev