New Connect cloud accounts wizard discovers every AWS account, Azure subscription, or Google Cloud project in an organization and onboards them all in a single guided flow, handling OIDC setup, ESC environments, and default scans and policies automatically.
Pulumi Blog
Usage limits for Pulumi Neo let organizations set a monthly dollar cap that pauses the AI agent when reached. Per-member limits and email notifications at 50%, 80%, 95%, and 100% are also available for paid plan organizations.
Google's Open Knowledge Format (OKF) v0.1 formalizes the Karpathy wiki pattern as a specification: markdown files with YAML frontmatter, organized in a directory tree with reserved index.md and log.md filenames. Platform teams can now store runbooks, decision records, and architecture knowledge as code alongside their Pulumi infrastructure, linked via the resource field mapping to Pulumi URNs.
Pulumi Cloud now supports passkeys for users who sign in with email and password, using Touch ID, Face ID, Windows Hello, or hardware keys. Passkeys are phishing-resistant and synced across devices; existing password and MFA configurations remain unchanged.
The Pulumi CLI command reference and SDK API documentation (Node.js, Python, .NET, Java) now include a version selector dropdown, allowing users to view documentation matching their installed version. Immutable snapshots are available back to v3.150.0.
New ISO/IEC 27001:2022 policy pack for AWS, available in Pulumi Cloud as iso-27001-aws, includes 238 ready-to-run policies that map the standard's security controls to AWS resource configurations.
Pulumi ESC now supports webhooks that trigger when an environment’s secrets are rotated, notifying on success or failure. Configure them via the Pulumi Cloud Console, the Pulumi Service Provider, or the CLI.
New guide covers provisioning a governed Databricks workspace baseline with Pulumi, including cluster policies, notebooks, secret scopes, permissions, and automated jobs.
New blog post walks through building a standardized Cloudflare edge baseline with Pulumi, covering DNS records, WAF custom rules, a Worker canary, and Zero Trust Access policies.
Pulumi introduced Neo code reviews, now in public preview, which analyze pull request changes against live cloud infrastructure and preview output. Reviews post as comments on GitHub PRs, respect existing RBAC and guardrails, and are free during preview before GA on July 1, 2026.
Workshop writeup covers six recommendations for Kubernetes on Azure, including enabling Cilium on AKS, picking a team-aligned language, using AI-assisted debugging to route around Docker Hub rate limits, splitting infra from workload into stacks, and managing state with Pulumi Cloud.
Article explores loop engineering, a shift from manually prompting coding agents turn-by-turn to designing automated systems that prompt agents continuously. Covers five building blocks (automations, worktrees, skills, connectors, sub-agents) plus memory infrastructure, and discusses verification, token costs, and knowledge maintenance as ongoing responsibilities.
Pulumi Deployments can now trigger pulumi up automatically when a git tag is pushed, with glob-based tag filters to control which tags deploy. The feature is available across GitHub, GitLab, Bitbucket, Azure DevOps, and custom VCS integrations, and sets the PULUMI_CI_TAG_NAME environment variable for use in pre-run commands or Pulumi programs.
New guide shows how to build an environment factory on Amazon EKS using Pulumi and vCluster, adapting Deloitte's architecture that achieved 89% faster testing environment provisioning. The pattern consolidates multiple isolated, ephemeral Kubernetes environments into a single host cluster using EKS Auto Mode and virtual clusters, reducing provisioning time and operational overhead while maintaining strong tenant isolation.
New guide shows how to run Google's open-weight Gemma 4 12 B model locally on a Mac using llama.cpp for native inference, k3d for local Kubernetes, Pulumi for infrastructure as code, and Tailscale for secure access. The setup achieves about 20 output tokens per second on an M3 Max MacBook Pro with 36 GB RAM and supports multimodal input including images and audio.
New guide covers running multiple AI coding agents in parallel on infrastructure using Pulumi components, CrossGuard policies, review stacks, and ESC environments for isolation. The playbook adapts five patterns from application-code parallelism—issue as spec, plan/build/validate loop, parallel worktrees, fresh-session review, and self-healing layer—to infrastructure work, with stack-scoped isolation replacing port and database isolation.




