pulumi-hugo-cn/themes/default/content/blog/provisioning-and-managing-cloud-infrastructure-with-pulumi/index.md

---
title: "Provisioning and Managing Cloud Infrastructure with Pulumi"
authors: ["donna-malayeri"]
tags: ["JavaScript","AWS"]
date: "2018-07-20"
meta_desc: "Use Pulumi AWS, Azure, and GCP libraries to provision and manage infrastructure. Configure alerting & monitoring directly in code using Pulumi."

---

If you've been following the blog, you know that Pulumi is great for
building [serverless applications](/blog/code-deploy-and-manage-a-serverless-rest-api-on-aws-with-pulumi/),
[container-based applications](/blog/deploying-production-ready-containers-with-pulumi/),
and a [combination of the two](/blog/build-a-video-thumbnailer-with-pulumi-using-lambdas-containers-and-infrastructure-on-aws/).
But, did you know that you can manage any cloud resource in AWS, Azure, or Google Cloud Platform?
<!--more-->

You can use the
[AWS](/registry/packages/aws/api-docs/),
[Azure](/registry/packages/azure/api-docs/),
or [Google Cloud](/registry/packages/gcp/api-docs/)
libraries to manage cloud resources. Using these libraries, you can
directly manage the properties of any cloud resource.

For example, in just a few lines of code, you can provision a security
group and an EC2 instance:

    let group = new aws.ec2.SecurityGroup("web-secgrp", {
        ingress: [
            { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
        ],
    });

    let server = new aws.ec2.Instance("web-server-www", {
        instanceType: "t2.micro",
        securityGroups: [ group.name ],   // reference the group object above
        ami: "ami-7172b611",
    });

Next, let's add a a CloudWatch metric alarm that is triggered when when
the CPU utilization is over 80%:

    const metricAlarm = new aws.cloudwatch.MetricAlarm("mymetricalarm", {
        comparisonOperator: "GreaterThanOrEqualToThreshold",
        evaluationPeriods: 2,
        metricName: "CPUUtilization",
        namespace: "AWS/EC2",
        period: 120,
        statistic: "Average",
        threshold: 80,
        alarmDescription: "This metric monitors ec2 cpu utilization"
    });

In addition to alerting, you may want to provision a [CloudWatch dashboard](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Dashboards.html)
to have a single monitoring view for all your application resources. You
can define this dashboard directly in code using Pulumi. The following
code defines a dashboard and specifies the widgets to include:

    const dashboard = new aws.cloudwatch.Dashboard("mydashboard", {
        dashboardName: "my-dashboard",
        dashboardBody: JSON.stringify({
            widgets: [
              {
                  type: "metric",
                  x: 0,
                  y: 0,
                  width: 12,
                  height: 6,
                  properties: {
                      metrics: [
                          [
                              "AWS/EC2",
                              "CPUUtilization",
                              "InstanceId",
                              "i-012345"
                          ]
                      ],
                      period: 300,
                      stat: "Average",
                      region: "us-east-1",
                      title: "EC2 Instance CPU"
                  }
              }
          ]
        })
    });

Perhaps you want to post to an SNS topic whenever a user signs in to the
AWS console for your production account. This requires provisioning
three resources: the SNS topic, a CloudWatch event rule, and a
CloudWatch event target. With Pulumi, this can all be specified with
just a few lines of JavaScript:

    const loginsTopic = new aws.sns.Topic("myloginstopic");

    const eventRule = new aws.cloudwatch.EventRule("myeventrule", {
        eventPattern: JSON.stringify({
            "detail-type": [
                "AWS Console Sign In via CloudTrail"
            ]
        })
    });

    const eventTarget = new aws.cloudwatch.EventTarget("myeventtarget", {
        rule: eventRule.name,
        targetId: "SendToSNS",
        arn: loginsTopic.arn
    })

These are just a few examples of the AWS resources you can manage in
Pulumi. You can provision
[Athena databases](/registry/packages/aws/api-docs/athena/),
[DynamoDB tables](/registry/packages/aws/api-docs/dynamodb/),
[IAM users, roles, groups, and role policies](/registry/packages/aws/api-docs/iam/),
[Kinesis streams](/registry/packages/aws/api-docs/kinesis/), and more.

To learn more, take a look at the
[AWS API documentation](/registry/packages/aws/api-docs/)
and the [sample code that provisions a variety of infrastructure resources](https://github.com/pulumi/examples/blob/master/aws-ts-resources/index.ts).