Overview

Pulumi is an infrastructure as code (IaC) platform that enables developers and operations teams to define, deploy, and manage cloud infrastructure using standard programming languages such as TypeScript, Python, Go, .NET, Java, and YAML. Founded in 2017, Pulumi addresses the challenge of provisioning and managing cloud resources by allowing teams to use familiar development tools and practices, moving beyond domain-specific languages (DSLs) often associated with traditional IaC solutions. This approach aims to reduce the learning curve for developers new to infrastructure management and integrate infrastructure definitions more seamlessly into software development lifecycles.

Pulumi's core offering includes the open-source Pulumi engine and CLI, which orchestrates deployments, and the Pulumi Cloud service, which provides state management, collaboration features, policy enforcement, and audit capabilities. The platform supports a wide array of cloud providers, including AWS, Azure, Google Cloud, Kubernetes, and other SaaS providers, allowing for multi-cloud and hybrid-cloud infrastructure definitions from a single codebase. This multi-cloud capability is particularly beneficial for organizations seeking to avoid vendor lock-in or manage distributed applications across different environments.

The system operates by translating code written in supported languages into desired cloud resource states. When a Pulumi program is executed, it computes the necessary changes to reach the declared state and then performs API calls to the respective cloud providers to apply those changes. This process includes creating, updating, or deleting resources. Pulumi's developer-centric approach extends to its tooling, offering a command-line interface (CLI) for managing deployments, as well as integrations with continuous integration/continuous delivery (CI/CD) pipelines. Teams can define infrastructure policies as code, enforcing security, compliance, and cost management rules programmatically across their cloud environments. This policy-as-code functionality helps ensure that all deployed resources adhere to organizational standards before or during deployment, preventing misconfigurations and enhancing governance.

Pulumi shines in scenarios where development teams prefer to use a single language for both application logic and infrastructure provisioning. For example, a TypeScript developer can use TypeScript to define both their serverless functions and the AWS Lambda resources, API Gateway endpoints, and DynamoDB tables they require. This reduces context switching and promotes a more unified engineering culture. The platform is well-suited for modern cloud infrastructure deployment, particularly for organizations adopting microservices, serverless architectures, or Kubernetes, where programmatic control over infrastructure is advantageous. The Pulumi Cloud service further simplifies team collaboration by managing state and providing visibility into deployments, which is crucial for larger teams and complex projects.

Key features

  • Multi-language support: Define infrastructure using TypeScript, Python, Go, .NET, Java, or YAML, allowing developers to use familiar programming languages for infrastructure as code.
  • Multi-cloud and SaaS provider support: Manage resources across AWS, Azure, Google Cloud, Kubernetes, and over 100 other cloud and SaaS providers from a single codebase, facilitating consistent deployments.
  • Policy as Code: Enforce organizational policies for security, compliance, and cost management by defining rules in code, which are evaluated before or during infrastructure deployment.
  • State Management: Pulumi Cloud handles the state of deployed infrastructure, providing a reliable source of truth and enabling collaborative team workflows.
  • Preview and Diff: Before making changes, Pulumi provides a detailed preview of what will be created, updated, or deleted, allowing for review and approval.
  • Secrets Management: Securely manage sensitive information like API keys and database credentials through built-in encryption and integration with cloud secret stores.
  • Component Resources: Create reusable, composable infrastructure components that encapsulate complex configurations, promoting modularity and reducing boilerplate code.
  • Integrated CI/CD: Easily integrate Pulumi deployments into existing CI/CD pipelines for automated infrastructure provisioning and updates.

Pricing

Pulumi offers a free tier for individuals and scales up to team and enterprise plans with usage-based components. Pricing details are subject to change, so consulting the official Pulumi pricing page is recommended for the most current information. The following table provides a summary as of May 2026:

Plan Details Cost (per month)
Individual Up to 1 user, 100 resource updates/month, 10 stacks Free
Team Starts at 5 users, 5,000 resource updates/month, unlimited stacks, policy as code, advanced collaboration $50 + usage overages
Enterprise Custom number of users, unlimited resource updates, advanced security, dedicated support, self-hosting options Custom pricing

Common integrations

Alternatives

  • HashiCorp Terraform: A widely adopted IaC tool that uses HashiCorp Configuration Language (HCL) for defining infrastructure, offering extensive provider support.
  • AWS CloudFormation: Amazon's native IaC service for provisioning AWS resources using JSON or YAML templates.
  • Azure Resource Manager: Microsoft Azure's deployment and management service for creating, updating, and deleting resources in an Azure subscription.
  • OpenStack Heat: An orchestration service for OpenStack that allows developers to define and deploy infrastructure through templates.
  • Ansible: An open-source automation engine that can be used for configuration management, application deployment, and task automation, including infrastructure provisioning.

Getting started

To begin using Pulumi, you typically install the Pulumi CLI, log in to the Pulumi Cloud, and then initialize a new project in your chosen language. The following TypeScript example demonstrates how to provision an AWS S3 bucket. This program defines a new S3 bucket with a specific name and public read access, which is then deployed to your AWS account.

Before running the code, ensure you have the Pulumi CLI installed and configured with your AWS credentials. You can find detailed installation instructions on the Pulumi installation guide. This example showcases the declarative nature of Pulumi, where you define the desired state of your infrastructure, and Pulumi handles the necessary actions to achieve that state.

import * as aws from "@pulumi/aws";

// Create an AWS S3 bucket
const bucket = new aws.s3.Bucket("my-unique-bucket", {
    acl: "public-read", // Example: set public read access
    tags: {
        Environment: "Development",
        Project: "MyPulumiApp",
    },
});

// Export the name of the bucket
export const bucketName = bucket.id;

// Export the URL of the bucket (for public access example)
export const bucketEndpoint = pulumi.interpolate`http://${bucket.websiteEndpoint}`;

This TypeScript code block defines an AWS S3 bucket named my-unique-bucket. The acl: "public-read" property configures the bucket for public read access, and tags are applied for organizational purposes. The export statements make the bucket's ID and its public endpoint accessible as stack outputs after deployment. This allows you to retrieve important information about your deployed resources programmatically or via the Pulumi CLI. For more complex scenarios, Pulumi's programming language support allows for conditional logic, loops, and function calls, which are not typically available in declarative templating languages like YAML or JSON, providing greater flexibility in defining infrastructure.

The ability to use general-purpose programming languages for infrastructure deployment is a core advantage, as highlighted by discussions on developer experience in cloud engineering, such as those found on InfoQ's analysis of IaC evolution. This approach can lead to more maintainable and testable infrastructure code, aligning with modern software development best practices.