Skip to main content
Sign in Dashboard Get started
  1. Docs
  2. Infrastructure as Code
  3. Concepts
  4. Pulumi Cloud

Pulumi Cloud

    Pulumi Cloud is the default state backend for the Pulumi CLI. It is also a managed platform that adds the capabilities teams need to operate Pulumi at scale: access control, reusable configuration and secrets, policy enforcement, cloud resource inventory, scheduled drift detection, managed deployments, and an AI agent. Using Pulumi Cloud is optional; Pulumi also works with a self-managed (DIY) backend. Pulumi Cloud is the default because it removes the work of running, securing, and scaling a backend yourself.

    On top of state, Pulumi Cloud adds:

    • Role-based access control with SAML/SSO integration and fine-grained access tokens for automation.
    • Reusable configuration and secrets via Pulumi ESC, so environments can be defined once and consumed across stacks.
    • Policy as code enforcement applied centrally to every update, with pre-built policy packs for common security, compliance, and cost rules.
    • Cloud resource inventory that discovers resources across your cloud accounts, including resources not managed by Pulumi.
    • Scheduled drift detection that alerts you or remediates automatically when deployed infrastructure diverges from its declared state.
    • Managed deployments that run Pulumi operations remotely, for example in response to Git pushes, and emit webhooks for event-driven workflows.
    • Pulumi Neo, an AI agent that helps debug deployments, write infrastructure as code, and answer questions about your environment.
    • Ephemeral environments such as Review Stacks and TTL Stacks.

    Pulumi Cloud is available as a hosted SaaS and as a self-hosted edition you can run in your own environment. The Individual tier is free. Sign up for a Pulumi account to get started.

    For a detailed, capability-by-capability comparison of Pulumi Cloud and open source Pulumi, including which features are available with each option and what operational concerns each one entails, see Pulumi Cloud vs. OSS.

    Organizations

    An organization is the top-level account in Pulumi Cloud that groups related projects, stacks, and people. It is the primary unit of collaboration: teams and role-based access control, billing, and shared Pulumi ESC environments all belong to an organization. The organization name is also the first segment of a stack’s fully qualified name, in the form <organization>/<project>/<stack>.

    When you sign up for Pulumi Cloud, you automatically get a personal organization named after your username. You can also create organizations for your teams or be invited to existing ones. You can be a member of multiple organizations at once, and you switch between them in the Pulumi Cloud console or with the pulumi org CLI commands.

    Getting the current organization programmatically

    Your program can read the name of the organization it is deploying into at runtime, which is useful for naming or tagging resources or for constructing references to other stacks.

    const organization = pulumi.getOrganization();

    organization = pulumi.get_organization()

    organization := ctx.Organization()

    var organization = Deployment.Instance.OrganizationName;

    var organization = ctx.organizationName();

    variables:
  organization: ${pulumi.organization}