Categories
Alibaba Cloud

Alibaba Cloud Infrastructure Provision with Pulumi

Infrastructure as a code is one of the key factors for DevOps. There are tools and applications available to provision infrastructure. Some of the popular tools are Terraform, Ansible. This blog post covers another popular Infrastructure as a code provider named Pulumi. 

Pulumi helps developers to get started with infrastructure as code with a friendly programming language. Unlike where other tools are using YAML, with pulumi developers can use javascript, typescript, C# and visual basic to write infrastructure code. 

Pulumi supports almost all public cloud service providers. This blog post will help you build infrastructure on alibaba cloud with pulumi and javascript. 

With Pulumi infrastructure as a code following simple site infrastructure will be implemented. Future blog post will include some complex functionality.

To implement the above infrastructure you will need, 

Once the prerequisites are fulfilled follow the following steps to get started.

Step 1: Configure and install Pulumi 

There are multiple ways to install pulumi. Download and installation steps are provided on https://www.pulumi.com/docs/get-started/install/ . For this blog post, we will use Home brew package manager. 

Step 2: Generate Pulumi Access Token 

Generate an access token from pulumi dashboard ( https://www.pulumi.com/docs/intro/console/accounts-and-organizations/accounts/#access-tokens )

Step 3: Configure Pulumi on local system

Configure pulumi on the local system with pulumi login. Provide generated access token on step#2 to here. 

Step 4: Create a new project

Create a new project for Alibaba Cloud. To create a new project it is recommended to use an empty folder. For getting started enter pulumi new 

Note: Before executing pulumi new , make sure that nodejs is installed.

  • On entering pulumi new, the system will prompt for the templates, select Show additional templates and once list is populated, enter (select) alicloud-javascript. 
  • Enter project name as per your choice
  • Enter project description 
  • Enter stack name
  • Enter region. As per the plan we are going to deploy infrastructure in the Singapore region. For alibaba cloud, the singapore region code is ap-southeast-1. (To deploy infrastructure in different regions, please refer to the regions guide on Alibaba cloud.)

Once the project is created, details of the stack can be accessed with pulumi stack. To list of stacks, use “pulumi stack ls” 

The stack details can also be accessed from the pulumi dashboard. 

pulumi new command creates following file/folder structure on the system. 

A closure look at the files and folders

  • node_modules : This directory contains libraries from npm 
  • .gitignore: list of files/directories  to be ignored during the git push 
  • index.js : A sample file to create OSS. All the infrastructure creation commands will be provided here. 
  • package-lock.json : An auto generated file on modification of npm 
  • <project-name>.yaml: Alibaba cloud related configurations and stack secrets are stored here
  • Pulumi.yaml: Project details

Step 5: Configure Alibaba Cloud Credentials

Alibaba cloud credentials can be configured two ways. 

  • By setting environment variables:
    • export ALICLOUD_ACCESS_KEY=YOURALIBABACLOUDACCESSKEY
    • export ALICLOUD_SECRET_KEY=YOURALIBABACLOUDACCESSSECRET
  • By setting as pulumi configuration variables. This option is useful in a multiuser environment. All the parameters are encrypted before storing. 
    • pulumi config set alicloud:accessKey YOURALIBABACLOUDACCESSKEY –secret 
    • pulumi config set alicloud:secretKey YOURALIBABACLOUDACCESSSECRET –secret

Note: Make sure to use a secret flag while using the pulumi config. Without secret tag all the values will be stored in clear text.

Step 6: Create VPC

As all the basic configurations are completed, we can start with implementing infrastructure. 

Open index.js in your favourite code editor and update the code as follows. 

"use strict";
const pulumi = require("@pulumi/pulumi");
const alicloud = require("@pulumi/alicloud");

// Create an Alibaba Cloud VPC
const vpc = new alicloud.vpc.Network("alicloud-pulumi-vpc", {
    cidrBlock: "192.168.0.0/16",
    description: "Alibaba Cloud VPC for Hosting Web Application created with pulumi"
});

//Exports VPC ID
exports.vpc = vpc.id;

Note: Pulumi API reference guide can be accessed from https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/alicloud/index.html

  • pulumi preview: Previews all the changes that will be made when command executes 
  • pulumi update (pulumi up): Applies changes to the infrastructure 

Alibaba cloud vRouter is deployed automatically with the VPC creation, there is no other code needed to create vRouter. 

As a best practice each component on infrastructure should be tagged. With pulumi you can apply changes to the infrastructure and validate changes before applying.

For our example, lets add two tags to the VPC. (Tags can be defined once and used for all the components, advanced pulumi code with javascript will be covered in subsequent posts)

"use strict";
const pulumi = require("@pulumi/pulumi");
const alicloud = require("@pulumi/alicloud");

// Create an Alibaba Cloud VPC
const vpc = new alicloud.vpc.Network("alicloud-pulumi-vpc", {
   cidrBlock: "192.168.0.0/16",
   description: "Alibaba Cloud VPC for Hosting Web Application created with pulumi",
   tags: {"create with": "pulumi", "created by": "Ankit"},
});

//Exports VPC ID
exports.vpc = vpc.id;

Note: As of writing this blog post there is no way to check VPC tags on the Alibaba cloud console directly. Current tags can be found on the pulumi. 

Step 7: Create VSwitch

As the VPC and vRouters are created, now it is time to create two VSwitches. We will place vSwitches in two different availability zones. Zone A will be treated as a public zone and Zone B will be treated as a private zone. 

"use strict";
const pulumi = require("@pulumi/pulumi");
const alicloud = require("@pulumi/alicloud");

// Create an Alibaba Cloud VPC
const vpc = new alicloud.vpc.Network("alicloud-pulumi-vpc", {
   cidrBlock: "192.168.0.0/16",
   description: "Alibaba Cloud VPC for Hosting Web Application created with pulumi",
   tags: {"create with": "pulumi", "created by": "Ankit"},
});

// Create VSwitches
const vswitchZ1 = new alicloud.vpc.Switch("alicloud-vswitch-zone-a", {
   vpcId: vpc.id,
   cidrBlock: "192.168.1.0/24",
   description: "Vswitch 1",
   availabilityZone: "ap-southeast-1a",
   tags: {"create with": "pulumi", "created by": "Ankit"},
});
const vswitchZ2 = new alicloud.vpc.Switch("alicloud-vswitch-zone-b", {
   vpcId: vpc.id,
   cidrBlock: "192.168.2.0/24",
   description: "Vswitch 2",
   availabilityZone: "ap-southeast-1b",
   tags: {"create with": "pulumi", "created by": "Ankit"},
});

//Exports Details
exports.vpc = vpc.id;
exports.vswitchZ1 = vswitchZ1.id;
exports.vswitchZ2 = vswitchZ2.id;

A closure look at the code

  • vpcid : VPC Identifier where the vSwitch will be created. If one wants to use an existing VPC then provide the exact id. 
  • cidrBlock: Provide a CIDR block that can be part of the VPC. Handy CIDR calculation tool https://www.ipaddressguide.com/cidr
  • description: Description of the vSwitch 
  • availabilityZone: Availability Zone where vSwitch will reside
  • tags: tags for the vswitch

Step 8: Create Security Group and Security Group Rules

This section will create VPC level firewall rules that can be attached to the Elastic Compute Service (ECS).

For our example, we want incoming traffic for port 80 (HTTP) and 443 (HTTPS) for web server, so ingress rule for these two ports will be created. The rule will be attached while ECS creation.

Another rule will be created to allow MySQL 3306 port access from the web sever zone to the db server zone.

"use strict";
const pulumi = require("@pulumi/pulumi");
const alicloud = require("@pulumi/alicloud");

// Create an Alibaba Cloud VPC
const vpc = new alicloud.vpc.Network("alicloud-pulumi-vpc", {
    cidrBlock: "192.168.0.0/16",
    description: "Alibaba Cloud VPC for Hosting Web Application created with pulumi",
    tags: {"create with": "pulumi", "created by": "Ankit"},
});

// Create VSwitches 
const vswitchZ1 = new alicloud.vpc.Switch("alicloud-vswitch-zone-a", {
    vpcId: vpc.id,
    cidrBlock: "192.168.1.0/24",
    description: "Vswitch 1",
    availabilityZone: "ap-southeast-1a",
    tags: {"create with": "pulumi", "created by": "Ankit"},
});
const vswitchZ2 = new alicloud.vpc.Switch("alicloud-vswitch-zone-b", {
    vpcId: vpc.id,
    cidrBlock: "192.168.2.0/24",
    description: "Vswitch 2",
    availabilityZone: "ap-southeast-1b",
    tags: {"create with": "pulumi", "created by": "Ankit"},
}); 

// Create Security Group Web
const securitygroup = new alicloud.ecs.SecurityGroup("alicloud-security-group", {
    name: "alicloud-security-group",
    description: "Alicloud Security Group",
    vpcId: vpc.id,
    innnerAccessPolicy: "Allow",
    securityGroupType: "normal",
    tags: {"create with": "pulumi", "created by": "Ankit"},
 });
 
 // Create Security Group Rules HTTP
 const securitygroupruleexternalhttp = new alicloud.ecs.SecurityGroupRule("alicloud-securitygrouprule-external-http", {
     name: "alicloud-security-grouprule-1-http",
     description: "Allow Web Access",
     securityGroupId: securitygroup.id,
     cidrIp: "0.0.0.0/0",
     ipProtocol: "tcp",
     policy: "accept",
     portRange: "80/80",
     priority: 1,
     type: "ingress",
     tags: {"create with": "pulumi", "created by": "Ankit"},
     });
     
 // Create Security Group Rules HTTPS
 const securitygroupruleexternalhttps = new alicloud.ecs.SecurityGroupRule("alicloud-securitygrouprule-external-https", {
     name: "alicloud-security-grouprule-2-https",
     description: "Allow Secure Web Access",
     securityGroupId: securitygroup.id,
     cidrIp: "0.0.0.0/0",
     ipProtocol: "tcp",
     policy: "accept",
     portRange: "443/443",
     priority: 1,
     type: "ingress",
     tags: {"create with": "pulumi", "created by": "Ankit"},
     });
 
// Create security group DB
const securitygroupdb = new alicloud.ecs.SecurityGroup("alicloud-security-group-db", {
    name: "alicloud-security-group-db",
    description: "Alicloud DB Security Group",
    vpcId: vpc.id,
    innnerAccessPolicy: "Allow",
    securityGroupType: "normal",
    tags: {"create with": "pulumi", "created by": "Ankit"},
    });
    
// Create Security Group Rules DB
const securitygroupruleinternaldb = new alicloud.ecs.SecurityGroupRule("alicloud-securitygrouprule-internal-db", {
    name: "alicloud-security-grouprule-db",
    description: "Allow DB Access",
    securityGroupId: securitygroupdb.id,
    cidrIp: "192.168.1.0/24",
    ipProtocol: "tcp",
    policy: "accept",
    portRange: "3306/3306",
    priority: 1,
    type: "ingress",
    tags: {"create with": "pulumi", "created by": "Ankit"},
    });

//Exports Data
exports.vpc = vpc.id;
exports.vswitchZ1 = vswitchZ1.id;
exports.vswitchZ2 = vswitchZ2.id;
exports.securitygroup = securitygroup.id;
exports.securitygroupruleexternalhttp = securitygroupruleexternalhttp.id;
exports.securitygroupruleexternalhttps = securitygroupruleexternalhttps.id;
exports.securitygroupdb = securitygroupdb.id;
exports.securitygroupruleinternaldb = securitygroupruleinternaldb.id;

A closure look at the code 

Security Group:

  • vpcId: VPC ID where the security group will be created
  • innerAccessPolicy: Security group to Allow or Drop (deny) 
  • securityGroupType: normal or enterprise security 

Security Group Rules:

  • securityGroupId: Security group id where the security group will be tied to  
  • cidrIp: IP / IP Range for where the security group will be applicable 
  • ipProtocol: Protocol for which the security group will be applicable to 
  • policy: Accept or Deny traffic
  • portRange: Port range where the rule is applicable
  • priority: Rule execution priority
  • type: Rule type ingress or egress

Step 9: Create SSH Keys

In this step we will create two SSH keys which will be assigned to instances in the later stage. As a best practice we will create separate keys for the web and database server.

"use strict";
const pulumi = require("@pulumi/pulumi");
const alicloud = require("@pulumi/alicloud");

// Create an Alibaba Cloud VPC
const vpc = new alicloud.vpc.Network("alicloud-pulumi-vpc", {
    cidrBlock: "192.168.0.0/16",
    description: "Alibaba Cloud VPC for Hosting Web Application created with pulumi",
    tags: {"create with": "pulumi", "created by": "Ankit"},
});

// Create VSwitches 
const vswitchZ1 = new alicloud.vpc.Switch("alicloud-vswitch-zone-a", {
    vpcId: vpc.id,
    cidrBlock: "192.168.1.0/24",
    description: "Vswitch 1",
    availabilityZone: "ap-southeast-1a",
    tags: {"create with": "pulumi", "created by": "Ankit"},
});
const vswitchZ2 = new alicloud.vpc.Switch("alicloud-vswitch-zone-b", {
    vpcId: vpc.id,
    cidrBlock: "192.168.2.0/24",
    description: "Vswitch 2",
    availabilityZone: "ap-southeast-1b",
    tags: {"create with": "pulumi", "created by": "Ankit"},
}); 

// Create Security Group Web
const securitygroup = new alicloud.ecs.SecurityGroup("alicloud-security-group", {
    name: "alicloud-security-group",
    description: "Alicloud Security Group",
    vpcId: vpc.id,
    innnerAccessPolicy: "Allow",
    securityGroupType: "normal",
    tags: {"create with": "pulumi", "created by": "Ankit"},
 });
 
 // Create Security Group Rules HTTP
 const securitygroupruleexternalhttp = new alicloud.ecs.SecurityGroupRule("alicloud-securitygrouprule-external-http", {
     name: "alicloud-security-grouprule-1-http",
     description: "Allow Web Access",
     securityGroupId: securitygroup.id,
     cidrIp: "0.0.0.0/0",
     ipProtocol: "tcp",
     policy: "accept",
     portRange: "80/80",
     priority: 1,
     type: "ingress",
     tags: {"create with": "pulumi", "created by": "Ankit"},
     });
     
 // Create Security Group Rules HTTPS
 const securitygroupruleexternalhttps = new alicloud.ecs.SecurityGroupRule("alicloud-securitygrouprule-external-https", {
     name: "alicloud-security-grouprule-2-https",
     description: "Allow Secure Web Access",
     securityGroupId: securitygroup.id,
     cidrIp: "0.0.0.0/0",
     ipProtocol: "tcp",
     policy: "accept",
     portRange: "443/443",
     priority: 1,
     type: "ingress",
     tags: {"create with": "pulumi", "created by": "Ankit"},
     });
 
// Create security group DB
const securitygroupdb = new alicloud.ecs.SecurityGroup("alicloud-security-group-db", {
    name: "alicloud-security-group-db",
    description: "Alicloud DB Security Group",
    vpcId: vpc.id,
    innnerAccessPolicy: "Allow",
    securityGroupType: "normal",
    tags: {"create with": "pulumi", "created by": "Ankit"},
    });
    
// Create Security Group Rules DB
const securitygroupruleinternaldb = new alicloud.ecs.SecurityGroupRule("alicloud-securitygrouprule-internal-db", {
    name: "alicloud-security-grouprule-db",
    description: "Allow DB Access",
    securityGroupId: securitygroupdb.id,
    cidrIp: "192.168.1.0/24",
    ipProtocol: "tcp",
    policy: "accept",
    portRange: "3306/3306",
    priority: 1,
    type: "ingress",
    tags: {"create with": "pulumi", "created by": "Ankit"},
    });


// Create SSH Key-pair for web server
const keypairweb = new alicloud.ecs.KeyPair("alicloud-webserver-keypair", {
    name: "Alicloud Web Server Key",
    keyFile: "aliyun-werbserver-key",
    keyNamePrefix: "pulumi-",
    tags: {"create with": "pulumi", "created by": "Ankit"},
 });
// Create SSH Key-pair for Database sevrer
const keypairdb = new alicloud.ecs.KeyPair("alicloud-dbserver-keypair", {
    name: "Alicloud DB server Key",
    keyFile: "aliyun-dbserver-key",
    keyNamePrefix: "pulumi-",
    tags: {"create with": "pulumi", "created by": "Ankit"},
 });

//Exports Data
exports.vpc = vpc.id;
exports.vswitchZ1 = vswitchZ1.id;
exports.vswitchZ2 = vswitchZ2.id;
exports.securitygroup = securitygroup.id;
exports.securitygroupruleexternalhttp = securitygroupruleexternalhttp.id;
exports.securitygroupruleexternalhttps = securitygroupruleexternalhttps.id;
exports.securitygroupdb = securitygroupdb.id;
exports.securitygroupruleinternaldb = securitygroupruleinternaldb.id;

Once the keys are generated, they can be found on the root of the project. 

A closure look at the code 

  • keyFile: key file name to store file in the project 
  • keyNamePrefix: key file name prefix while storing on Alibaba Cloud

Step 10: Create Instances

As the components needed for an ECS  are created, now it is time to bind them all together and create ECS servers. There will be two ECS servers, one for web-server and the other one for database server.

Both servers will be placed in separate vSwitch. Web-server will be created with a public IP address while a database server will be created without a public IP address.  

"use strict";
const pulumi = require("@pulumi/pulumi");
const alicloud = require("@pulumi/alicloud");

// Create an Alibaba Cloud VPC
const vpc = new alicloud.vpc.Network("alicloud-pulumi-vpc", {
    cidrBlock: "192.168.0.0/16",
    description: "Alibaba Cloud VPC for Hosting Web Application created with pulumi",
    tags: {"create with": "pulumi", "created by": "Ankit"},
});

// Create VSwitches 
const vswitchZ1 = new alicloud.vpc.Switch("alicloud-vswitch-zone-a", {
    vpcId: vpc.id,
    cidrBlock: "192.168.1.0/24",
    description: "Vswitch 1",
    availabilityZone: "ap-southeast-1a",
    tags: {"create with": "pulumi", "created by": "Ankit"},
});
const vswitchZ2 = new alicloud.vpc.Switch("alicloud-vswitch-zone-b", {
    vpcId: vpc.id,
    cidrBlock: "192.168.2.0/24",
    description: "Vswitch 2",
    availabilityZone: "ap-southeast-1b",
    tags: {"create with": "pulumi", "created by": "Ankit"},
}); 

// Create Security Group Web
const securitygroup = new alicloud.ecs.SecurityGroup("alicloud-security-group", {
    name: "alicloud-security-group",
    description: "Alicloud Security Group",
    vpcId: vpc.id,
    innnerAccessPolicy: "Allow",
    securityGroupType: "normal",
    tags: {"create with": "pulumi", "created by": "Ankit"},
 });
 
 // Create Security Group Rules HTTP
 const securitygroupruleexternalhttp = new alicloud.ecs.SecurityGroupRule("alicloud-securitygrouprule-external-http", {
     name: "alicloud-security-grouprule-1-http",
     description: "Allow Web Access",
     securityGroupId: securitygroup.id,
     cidrIp: "0.0.0.0/0",
     ipProtocol: "tcp",
     policy: "accept",
     portRange: "80/80",
     priority: 1,
     type: "ingress",
     tags: {"create with": "pulumi", "created by": "Ankit"},
     });
     
 // Create Security Group Rules HTTPS
 const securitygroupruleexternalhttps = new alicloud.ecs.SecurityGroupRule("alicloud-securitygrouprule-external-https", {
     name: "alicloud-security-grouprule-2-https",
     description: "Allow Secure Web Access",
     securityGroupId: securitygroup.id,
     cidrIp: "0.0.0.0/0",
     ipProtocol: "tcp",
     policy: "accept",
     portRange: "443/443",
     priority: 1,
     type: "ingress",
     tags: {"create with": "pulumi", "created by": "Ankit"},
     });
 
// Create security group DB
const securitygroupdb = new alicloud.ecs.SecurityGroup("alicloud-security-group-db", {
    name: "alicloud-security-group-db",
    description: "Alicloud DB Security Group",
    vpcId: vpc.id,
    innnerAccessPolicy: "Allow",
    securityGroupType: "normal",
    tags: {"create with": "pulumi", "created by": "Ankit"},
    });
    
// Create Security Group Rules DB
const securitygroupruleinternaldb = new alicloud.ecs.SecurityGroupRule("alicloud-securitygrouprule-internal-db", {
    name: "alicloud-security-grouprule-db",
    description: "Allow DB Access",
    securityGroupId: securitygroupdb.id,
    cidrIp: "192.168.1.0/24",
    ipProtocol: "tcp",
    policy: "accept",
    portRange: "3306/3306",
    priority: 1,
    type: "ingress",
    tags: {"create with": "pulumi", "created by": "Ankit"},
    });


// Create SSH Key-pair for web server
const keypairweb = new alicloud.ecs.KeyPair("alicloud-webserver-keypair", {
    name: "Alicloud Web Server Key",
    keyFile: "aliyun-werbserver-key",
    keyNamePrefix: "pulumi-",
    tags: {"create with": "pulumi", "created by": "Ankit"},
 });
// Create SSH Key-pair for Database sevrer
const keypairdb = new alicloud.ecs.KeyPair("alicloud-dbserver-keypair", {
    name: "Alicloud DB server Key",
    keyFile: "aliyun-dbserver-key",
    keyNamePrefix: "pulumi-",
    tags: {"create with": "pulumi", "created by": "Ankit"},
 });

 // Create Webserver ECS 
const webserver = new alicloud.ecs.Instance("alicloud-web", {
    name: "Web Server",
    availabilityZone: "ap-southeast-1a",
    creditSpecification: "Standard",
    description: "Web Server",
    dryRun: "false",
    forceDelete: "true",
    hostName: "webserver1.anky.it",
    imageId: "ubuntu_18_04_64_20G_alibase_20190624.vhd",
    instanceChargeType: "PostPaid",
    instanceName: "webserver1.anky.it",
    instanceType: "ecs.t5-lc1m1.small",
    systemDiskCategory: "cloud_ssd",
    internetChargeType: "PayByTraffic",
    internetMaxBandwidthIn: 1,
    internetMaxBandwidthOut: 1,
    isOutdated: "false",
    keyName: keypairweb.keyName,
    securityEnhancementStrategy: "Active",
    securityGroups: [securitygroup.id],
    vswitchId: vswitchZ1.id,
    systemDiskSize: 20,
    tags: {"create with": "pulumi", "created by": "Ankit"},
 });

// Create Db server ECS 
const dbserver = new alicloud.ecs.Instance("alicloud-db", {
    name: "DB Server",
    availabilityZone: "ap-southeast-1b",
    creditSpecification: "Standard",
    description: "DB Server",
    dryRun: "false",
    forceDelete: "true",
    hostName: "dbserver1.anky.it",
    imageId: "ubuntu_18_04_64_20G_alibase_20190624.vhd",
    instanceChargeType: "PostPaid",
    instanceName: "dbserver1.anky.it",
    instanceType: "ecs.t5-lc1m1.small",
    systemDiskCategory: "cloud_ssd",
    internetChargeType: "PayByTraffic",
    internetMaxBandwidthIn: 1,
    internetMaxBandwidthOut: 0,
    isOutdated: "false",
    keyName: keypairdb.keyName,
    securityEnhancementStrategy: "Active",
    securityGroups: [securitygroupdb.id],
    vswitchId: vswitchZ2.id,
    systemDiskSize: 20,
    tags: {"create with": "pulumi", "created by": "Ankit"},
 });

//Exports Data
exports.vpc = vpc.id;
exports.vswitchZ1 = vswitchZ1.id;
exports.vswitchZ2 = vswitchZ2.id;
exports.securitygroup = securitygroup.id;
exports.securitygroupruleexternalhttp = securitygroupruleexternalhttp.id;
exports.securitygroupruleexternalhttps = securitygroupruleexternalhttps.id;
exports.securitygroupdb = securitygroupdb.id;
exports.securitygroupruleinternaldb = securitygroupruleinternaldb.id;
exports.webserver = webserver.id;
exports.webserverip = webserver.privateIp;
exports.webserverip = webserver.publicIp;
exports.dbserver = dbserver.id;
exports.dbserverip = dbserver.privateIp;
exports.dbserverip = dbserver.publicIp;

A closure look at the code

  • availabilityZone: Availability zone where the instance will be created
  • creditSpecification: Running performance of the burstable instance
  • Description: Server description
  • dryRun: A dry-run request is sent and no instance is created to validate the configuration
  • forceDelete: the “PrePaid” instance will be change to “PostPaid” and then deleted forcibly
  • hostName: server host name
  • imageId: OS/Image to deploy
  • instanceChargeType: Instance billing type
  • instanceName: Instance Name
  • instanceType: Instance Type
  • systemDiskCategory: System disk type
  • internetChargeType: Traffic charge type
  • internetMaxBandwidthIn: Max bandwidth for public Ingress
  • internetMaxBandwidthOut: Max bandwidth for public egress
  • isOutdated: Whether to use outdated instance type
  • keyName: key pair to map
  • securityEnhancementStrategy: enable security enhancement strategy, it only works on system images.
  • securityGroups: Security group ids to map
  • vswitchId: Virtual switch id to map
  • systemDiskSize: System disk size

Step 11: Destroy Infrastructure

To destroy the infrastructure provisioned by this script use “pulumi destroy”

Summary:

Pulumi is comparatively easy infrastructure as a code framework where developers can provision infrastructure without much effort, in the programming language they know. 

Pulumi community edition is free forever for a single user. It supports all public cloud providers and with proper planning, one can create and deploy infrastructure quickly.

Commands Mindmap:

Next Steps:

Like all other development life cycles, it is important to validate infrastructure code. The next blog post will help understanding and writing infrastructure unit test codes. 

About Author:

Ankit Mehta is a Alibaba Cloud MVP (2018-2020) and works as a DevOps specialist at Central-Tech . Ankit helps development teams to improve Continuous Integration and Continuous Deployment processes.

To know more about Central Tech and various openings please visit https://jobs.central.tech/jobs/

Be a part of Central Tech Retail Labs by submitting your project / idea at CTRL, https://ctrl.central.tech/

Reference Links:

By Ankit Mehta

Ankit Mehta is an IT professional with more than 14 years of IT experience from application development to deployment and management. Currently working as a DevOps specialist in Bangkok.

Ankit strongly believes in "Sharing is caring" and help the open source communities by arranging meetups and sharing knowledge on various blogging platforms.