Infrastructure-as-Code (IaC) company Pulumi has created what it calls a “modern” Internal Developer Platform (IDP) for developer self-service functions with built-in security and compliance. In the race to provide IDP tools for the growing platform engineering space (which in some circles is lauded to overtake DevOps) – where software engineers build from backend toolchains, workflows and service layers as a default – the company is hoping to shake up cloud infrastructure delivery.
Pulumi aims to make this reinvention happen through best practice methods that (it hopes) will go beyond pre-existing tooling inside platforms like Terraform for automation of infrastructure provisioning and management and use of HashiCorp Configuration Language (HCL) instructions.
The technology wizards at magical analyst house Gartner forecast that some 80% of large organisations will make use of IDP technologies in the next two years. If it’s 60% within the next five years, the shift would still be profound. Even with the advent of generative and agentic AI services driving code creation, unit testing and application user interface services, software engineers need ship cloud-native applications faster, at wider (and higher) scale and through secure service layers.
Distilled lessons
Talking about the progression that has already happened, Pulumi says its customers have already built their own IDPs using Pulumi’s open source IaC platform, but now, Pulumi IDP “distils lessons” from hundreds of these real-world implementations into a technology foundation that may help organisations accelerate software delivery while embedding security and governance by design.
Promising a route to cloud deployments in “minutes not months”, the company now claims to have 3,500 customers and 350,000 users worldwide, with more than 1 million weekly downloads. Does it really take that long? Comments shown on SaaStr suggest that a typical Salesforce deployment can take six months. Servermanis thinks that the total timeline for [a typical] deployment ends up at nearly a four-month process or about 17 weeks.
Pulumi users have said that they enjoy Pulumi’s ability to let them use a custom, higher-level and much simpler-to-use YAML schema than previous tools. Where traditional approaches might require a trade-off between building everything custom versus adopting rigid, top-down solutions, Pulumi IDP advocates say the technology “meets platform teams where they already are” i.e. at the point of cloud infrastructure. It then extends from there to facilitate developer self-service and speed.
“Engineering leaders tell us that the pace of innovation is faster than ever,” said Joe Duffy, co-founder and CEO of Pulumi. “To succeed, developers must move fast, without breaking things. Pulumi IDP is the cloud infrastructure platform modern teams have been asking for: infrastructure-first, multi-cloud, immensely powerful and flexible, with built-in security and full visibility and controls. It turns the cloud into a competitive advantage.”
Private organisation registry
Platform teams publish patterns as Component, Template and Policy building blocks to Pulumi IDP using a private organisation registry. These building blocks encapsulate reusable infrastructure best practices written in languages spanning TypeScript, Python, Go, C#, Java, or YAML (and onward) to form blueprints for creating new projects like applications, microservices,or clusters, with standard configurations.
Security, compliance, cost and operational rules are then enforced for new and existing infrastructure. The registry includes built-in documentation, search, semantic versioning and usage tracking to make it easy to discover and share patterns.
Developer self-service + guardrails
Duffy reminds us that developers, data scientists and other end users can access Pulumi IDP through their preferred interface to provision and manage cloud applications and infrastructure using these building blocks. They can do so using a complete no-code user interface, low-code YAML-based CI/CD pipelines, IaC directly in their preferred language, or a REST API with full extensibility.
End users can organise their projects into so-called Services, which are logical containers of cloud infrastructure, configuration, secrets, documentation and observability dashboards. Examples of services include a web application, a microservice, a Jupyter notebook, or a data pipeline.
“Docker makes software supply chains more secure by standardising build, packaging and shipping containerised applications – core to any modern internal developer platform. Pulumi complements this by enabling platform teams to define secure, reusable infrastructure patterns. Golden paths are incredibly important to our customers and we’re excited that Pulumi makes it easier to create and adopt them. Together, Docker and Pulumi help teams streamline developer workflows and accelerate delivery from code to cloud,” said Justin Cormack, CTO at Docker.
Golden pathways
Pulumi IDP works for setting up “golden paths” and using them as well as day-two and beyond operations. This includes drift and policy detection and remediation, auditing of outdated components and templates and change management when rolling out updated versions.
Approval workflows enable teams to delegate and maintain guardrails. A new visual importer tool helps teams bring existing unmanaged cloud infrastructure under the management of Pulumi with just a few clicks. Pulumi IDP features a new advanced IAM system to enable least-privilege access, extending Pulumi’s existing security foundation with custom roles and permissions, fine-grained access controls and integration with SAML/SSO identity providers.
Pulumi IDP is available as a managed SaaS solution or self-hosted for advanced compliance needs. It integrates with Pulumi’s enterprise capabilities, including Pulumi Copilot for AI-driven infrastructure management, Pulumi Deployments for workflow automation, Pulumi CrossGuard for policies and a common REST API and data model for extensibility. Pulumi IDP is now available in public preview and is free for Pulumi customers and community members to use.