pulumi · lichtie · Jul 18, 2025 · Jul 15, 2025 · Jul 15, 2025 · Jul 15, 2025
diff --git a/content/docs/pulumi-cloud/get-started/onboarding-guide.md b/content/docs/pulumi-cloud/get-started/onboarding-guide.md
diff --git a/content/docs/pulumi-cloud/get-started/onboarding-guide/_index.md b/content/docs/pulumi-cloud/get-started/onboarding-guide/_index.md
@@ -0,0 +1,29 @@
+---
+title: Setting Up Pulumi for Your Organization
+meta_desc: Learn how to onboard your entire team to Pulumi, and build out your infrastructure platform, with built-in security, best practices, and compliance.
+menu:
+    cloud:
+        name: Onboarding guide
+        parent: pulumi-cloud-get-started
+        weight: 2
+        identifier: pulumi-onboarding-guide
+---
+
+In this guide, you’ll find everything you need to know about using Pulumi within your organization, from setting things up to recommended usage patterns and practices.
+
+{{% notes type="tip" %}}
+
+**Pro tips**
+
+* To help everyone quickly adopt Pulumi in your organization, identify a group of “Pulumi champions” across your organization who will encourage other team members to get started right away. The faster your team uses Pulumi, the faster you can ship.
+* Check out the [Pulumi Glossary](/docs/iac/concepts/glossary/) for specific terms we use across our sites and documentation.
+{{% /notes %}}
+
+## In this guide
+
+* Setup and start using Pulumi Cloud, whether SaaS or self-hosted
+* Set and achieve onboarding goals for your team’s first 30 to 90 days
+* Understand and adopt recommended practices for Pulumi’s suite of products
+* Work through (and prepare for) common first-time user challenges
+
+{{< get-started-stepper >}}
diff --git a/content/docs/pulumi-cloud/get-started/onboarding-guide/choose-subscription.md b/content/docs/pulumi-cloud/get-started/onboarding-guide/choose-subscription.md
@@ -0,0 +1,101 @@
+---
+title: Select the right model and subscription
+meta_desc: Understanding your deployment options, subscription tiers, and support needs to help you choose the right approach for your organization.
+weight: 1
+menu:
+    cloud:
+        name: Select the right model 
+        parent: pulumi-onboarding-guide
+        identifier: select-a-model
+---
+
+Setting up your Pulumi Cloud account will lay the foundation for onboarding your team and enabling collaboration. Understanding your deployment options, subscription tiers, and support needs will help you choose the right approach for your organization.
+
+## Choose your subscription tier
+
+Your subscription tier determines the level of support, training, and features available to your team.
+
+{{%notes type="info"%}}
+Pulumi’s community has grown to hundreds of thousands of practitioners worldwide. Check out the [Pulumi Community](https://www.pulumi.com/community/) to connect!
+{{%/notes%}}
+
+### Individual and Team tiers
+
+Perfect for smaller teams or getting started. Access community support through GitHub [Discussions](https://github.com/pulumi/pulumi/discussions) and [Issues](https://github.com/pulumi/pulumi/issues), [Community Slack](https://slack.pulumi.com), and free workshops.
+
+You can also make use of the [Pulumi AI](https://www.pulumi.com/ai), detailed documentation in the [Pulumi Registry](https://www.pulumi.com/registry/), and the [examples repo](https://github.com/pulumi/examples) to help you get started.
+
+### Enterprise and Business Critical tiers
+
+Designed for larger organizations with mission-critical workloads. These tiers include:
+
+- **Premium support**: 12x5 or 24x7 support is available with ticketing, guaranteed SLAs, and private Slack channels
+- **Dedicated resources**: Personal account managers and architects to help solve complex problems
+- **Priority access**: Prioritized bugs and feature requests, plus product roadmap reviews
+- **Custom training**: Tailored onboarding and ongoing training for your team
+
+Access your support through the [support portal](https://support.pulumi.com/hc/en-us) if you're on a premium plan.
+
+{{% notes type="info" %}}
+Learn more about the differences between our subscription tiers [here](https://www.pulumi.com/pricing/)
+{{% /notes %}}
+
+{{% notes type="info" %}}
+For hands-on engineering support, consider Pulumi Professional Services. Our team can help design and implement best practices, build custom providers and components, migrate existing infrastructure, and more. We offer standard packages and custom solutions. [Learn more about Professional Services](https://www.pulumi.com/proserv/).
+{{% /notes %}}
+
+## Choose your deployment model
+
+Pulumi Cloud offers two deployment options, each designed for different organizational needs and security requirements.
+
+### SaaS (Recommended for most organizations)
+
+Choose Pulumi Cloud SaaS if you want the simplest setup with enterprise-grade reliability built in. You get high availability, disaster recovery, and geo-replication out of the box, plus security and compliance features detailed in the [Pulumi Cloud Security Whitepaper](https://www.pulumi.com/security/pulumi-cloud-security-whitepaper.pdf). Simply sign up at [pulumi.com](http://pulumi.com) to get started.
+
+### Self-hosted (For regulated or air-gapped environments)
+
+{{% notes type="warning" %}}
+Self-hosted Pulumi Cloud is only available for Business Critical customers.
+{{% /notes %}}
+
+Choose [self-hosted Pulumi Cloud](https://www.pulumi.com/product/self-hosted/) if you need complete control over your hosting environment. This is ideal for air-gapped environments or customers who require an isolated version of the Pulumi platform. You can deploy anywhere: on-premises, in your cloud account, or any infrastructure you control.
+
+{{% notes type="info" %}}
+
+To get started with self-hosted Pulumi Cloud, follow the guides to set up your [state backend](https://www.pulumi.com/docs/iac/concepts/state-and-backends/#logging-into-the-aws-s3-backend) and [self-hosting infrastructure](https://www.pulumi.com/docs/pulumi-cloud/admin/self-hosted/)
+
+{{% /notes %}}
+
+## Choose your billing approach
+
+Pulumi offers flexible billing options to match your organization's procurement preferences.
+
+### Monthly billing
+
+Pay monthly with a credit card. This option provides flexibility and is ideal for teams that want to start quickly or have variable usage patterns.
+
+### Annual commitment pricing
+
+Pay upfront with invoicing to access significant cost savings through commitment pricing. This option works well for organizations with predictable usage and established procurement processes. [Contact us](https://www.pulumi.com/contact/) to explore commitment pricing options.
+
+{{% notes type="info" %}}
+Both billing options include detailed usage insights through the Billing & usage page in your organization settings. Track IaC resources, deployment minutes, ESC secrets, and download usage history. Only organization administrators and designated [billing administrators](https://www.pulumi.com/docs/pulumi-cloud/access-management/billing-managers/) can access these pages. You'll also receive monthly usage reports via email.
+{{% /notes %}}
+
+## Getting started with your chosen model
+
+{{% notes type="info" %}}
+
+If you are using a self-hosted installation of the Pulumi platform, the URLs used in the following documentation will need to be replaced with your instance's customer URLs.
+
+{{% /notes %}}
+
+### Create your account
+
+Sign up using your email address and password, or connect with your GitHub, GitLab, or Atlassian identity at [app.pulumi.com/signup](http://app.pulumi.com/signup). After signup, you can configure SAML/SSO for team onboarding. Learn more about [account management](https://www.pulumi.com/docs/pulumi-cloud/access-management/teams/).
+
+### Explore the console
+
+Access the Pulumi Cloud console through the "Sign In" link at [pulumi.com](http://pulumi.com) or go directly to [app.pulumi.com](http://app.pulumi.com). The dashboard provides useful content and links, while the left navigation gives you access to stacks, resources, and settings. Use the search function to find specific resources, and click the sparkle icon to access Pulumi Copilot, your AI assistant.
+
+{{< get-started-stepper >}}
diff --git a/content/docs/pulumi-cloud/get-started/onboarding-guide/migrating-to-pulumi.md b/content/docs/pulumi-cloud/get-started/onboarding-guide/migrating-to-pulumi.md
@@ -0,0 +1,79 @@
+---
+title: Migrating to Pulumi
+meta_desc: Focus on building momentum with early wins while establishing practices that will scale with your organization.
+weight: 4
+menu:
+    cloud:
+        name: Migrating to Pulumi
+        parent: pulumi-onboarding-guide
+        identifier: migrating-to-pulumi
+---
+Successfully migrating to Pulumi requires strategic decisions about your migration approach. Focus on building momentum with early wins while establishing practices that will scale with your organization.
+
+## Migrating existing infrastructure
+
+If you have existing cloud infrastructure to bring into Pulumi IaC, you have several strategies available.
+
+### Choose your migration approach
+
+**Start fresh:** Simply throw away existing infrastructure and begin anew. This ensures you can adopt all best practices from the outset without technical debt. This option isn't always practical for business-critical services.
+
+**Import existing infrastructure:** Pulumi has tools to import any cloud infrastructure regardless of how it was created — even manually through cloud consoles. The [Visual Import](https://www.pulumi.com/docs/insights/import/) feature is the recommended approach for importing resources. However, Pulumi also offers tailored migration tools for Terraform, AWS CloudFormation/CDK, Azure ARM, and Kubernetes YAML. These tools generate Pulumi IaC code in your chosen language and actively place existing resource management under Pulumi IaC, swapping out management without disrupting resources for zero downtime.
+
+**Coexist and migrate incrementally:** Pulumi supports coexisting with existing ecosystems. You can deploy Helm charts as-is or consume Terraform workspace outputs. This enables incremental migration over time when the value is right.
+
+**Get professional help:** Pulumi offers professional services to help with migration.
+
+{{% notes type="info" %}}
+
+Learn more at the [Pulumi Migration Hub](https://www.pulumi.com/docs/iac/adopting-pulumi/migrating-to-pulumi/) or [detailed migration tooling documentation](https://www.pulumi.com/docs/iac/adopting-pulumi/).
+
+{{%/notes%}}
+
+## Drive and measure migration success
+
+Successfully migrating to Pulumi requires treating it like a product launch with clear success metrics and strategic execution.
+
+### Start with a beachhead win
+
+**Goal:** Get your first 1-3 workloads into production as soon as possible (typically 3-6 months for most organizations).
+
+This "beachhead" win accomplishes three things:
+
+- Keeps you grounded in reality without going dark too long
+- Lays groundwork for onboarding more workloads while improving your platform
+- Provides tangible accomplishments to showcase to management and broader teams
+
+These workloads should be automated with CI/CD pipelines and use as many best practices as possible, even though you'll be early in figuring out components and templates.
+
+### Stay focused on impact
+
+**Take a "workload-first" strategy:** Rather than creating dozens of abstractly-useful components, inform specific component requirements from real-world applications emerging from your beachhead win.
+
+**Resist the redesign temptation:** Don't conflate redesigning projects with new cloud architectures and platform migration. This adds risk. Get workloads onto Pulumi first, then refactor and redesign in place.
+
+### Treat your platform like a product
+
+An internal cloud platform is a product requiring superb developer experiences. While self-service is the primary goal, it's a journey. Start by:
+
+- Getting your platform well-architected
+- Documenting components and templates. You can use [Pulumi Cloud IDP](https://www.pulumi.com/product/internal-developer-platforms/) to provide user visibility and access to your templates and components.
+- Instituting an internal open source strategy for collaboration
+- Building comprehensive platform capabilities over time
+
+### Don't defer security
+
+Use this moment of change to build security into your platform from day one. Implement Pulumi IaC's Policy as Code features and short-lived cloud credentials with [Pulumi ESC and OIDC](https://www.pulumi.com/docs/esc/integrations/dynamic-login-credentials/). Teams that build up technical debt in this area face costly implications later.
+
+### Measure your success
+
+Establish clear success metrics from the outset:
+
+**Common improvement metrics:**
+
+- Time from checking in code until it ships to production
+- DORA metrics (deployment frequency and related measurements)
+- Time for developers to get new cloud environments
+
+Pulumi customers commonly see 5-10X improvements in these areas, with environment setup times reducing from months to minutes through self-service techniques.
+{{< get-started-stepper >}}
diff --git a/content/docs/pulumi-cloud/get-started/onboarding-guide/setting-up-for-success.md b/content/docs/pulumi-cloud/get-started/onboarding-guide/setting-up-for-success.md
@@ -0,0 +1,71 @@
+---
+title: Setting up for success
+meta_desc: Make key decisions about security, testing strategies, and code reusability that will set your team up for success.
+weight: 3
+menu:
+    cloud:
+        name: Setting up for success
+        parent: pulumi-onboarding-guide
+        identifier: setting-up-for-success
+---
+Before creating projects and shipping to the cloud, make key decisions that will set your team up for success. Focus on security, testing strategies, and code reusability: all the essential considerations for scaling infrastructure as code effectively.
+
+## Secure your infrastructure from day one
+
+Security is a team effort that's best established from the outset. Pulumi Cloud makes it easy to adopt security best practices during team onboarding.
+
+### Choose your compliance approach
+
+Modern enterprises face rigorous compliance requirements. Pulumi Cloud is SOC 2 Type II certified and AWS-reviewed for compliance best practices. The infrastructure hosting Pulumi Cloud aligns with IT security standards including SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3, FISMA, FedRAMP, DOD SRG Levels 2 and 4, PCI DSS Level 1, EU Model Clauses, ISO 9001/27001/27017/27018, ITAR, IRAP, FIPS 140-2, MLPS Level 3, and MTCS. Learn more at [Pulumi Security](https://www.pulumi.com/security/).
+
+Use Pulumi's Policy as Code engine, [CrossGuard](https://www.pulumi.com/docs/iac/crossguard/), to enforce compliant infrastructure practices. CrossGuard includes hundreds of out-of-the-box policies for AWS, Azure, Google Cloud, and Kubernetes, spanning PCI DSS, ISO 27001, SOC 2, HITRUST, and CIS Benchmarks. You can also write custom policies for your specific industry or enterprise requirements.
+
+CrossGuard identifies issues in existing cloud infrastructure and prevents new problems from being introduced. Configure it at various warning and error levels, and apply it flexibly across projects—for example, GDPR rules might only apply to infrastructure in European regions. CrossGuard also features automatic remediations.
+
+Pulumi Cloud maintains an audit log of every activity and who performed it for complete visibility.
+
+### Select your cloud authentication method
+
+Pulumi supports hundreds of cloud providers, though most organizations use AWS, Azure, Google Cloud, and Kubernetes. Other supported providers include SaaS infrastructure products like Cloudflare, DataDog, MongoDB, and Snowflake, plus on-premises technologies like VMware vSphere. Find the complete list in the [Pulumi Registry](https://pulumi.com/registry), your one-stop shop for provider documentation and configuration guidance.
+
+**Recommended approach:** Use Pulumi ESC's OpenID Connect (OIDC) support for [dynamic, short-lived credentials](https://www.pulumi.com/docs/esc/integrations/dynamic-login-credentials/). This is the most secure method and should be preferred for supported providers.
+
+**Alternative approach:** If your chosen cloud lacks Pulumi ESC OIDC support, consult the registry documentation. Each provider has an "Install & config" section with authentication guidance. See [AWS Installation & Configuration](https://www.pulumi.com/docs/esc/integrations/dynamic-login-credentials/) as an example. Pulumi uses native tools and techniques for authentication, keeping it consistent with your existing usage patterns.
+
+## Test your infrastructure code
+
+Infrastructure as code is code and should be tested. This yields more predictable deployments, increases confidence, and minimizes costly mistakes. Pulumi's use of standard languages gives you access to entire ecosystems of testing tools and techniques.
+
+### Choose your testing strategy
+
+Implement a three-tier testing approach:
+
+**Unit tests** test targeted functionality without deploying actual cloud infrastructure. These are part of your inner development loop and run quickly. Pulumi makes it easy to mock cloud capabilities for this testing.
+
+**Policy as Code** acts as a form of testing that blocks deployments failing to meet predetermined policies. This was covered in your security decisions above.
+
+**Integration tests** coordinate with actual Pulumi deployments to verify that real infrastructure is provisioned to specification.
+
+### Consider advanced testing techniques
+
+Build sophisticated test strategies on this foundation. Options include fuzz testing to verify your infrastructure configurations react correctly to varying inputs, or chaos testing that destroys infrastructure components to test system responses.
+
+Also consider using linters and static analysis tools to enforce industry standards and your team's coding guidelines. See the [Testing Pulumi programs guide](https://www.pulumi.com/docs/iac/concepts/testing/) for more details.
+
+## Share and reuse code effectively
+
+Pulumi projects, stacks, and environments help reduce "sprawl"—the copy-and-paste configurations that legacy IaC tools create. Sprawl causes unintended drift between environments and can lead to outages and security mistakes.
+
+### Choose your abstraction level
+
+**[Components](https://www.pulumi.com/docs/iac/concepts/components/)** are IaC resources you define to abstract and encapsulate one or more other resources. For example, an AWS Virtual Private Cloud (VPC) might consist of dozens of resources: public and private subnets, Internet and NAT Gateways, the VPC itself, and more. Rather than coding the VPC definition in every project—potentially hundreds or thousands of lines of code—use a component. The Pulumi AWSX package offers a VPC component out of the box, but you can create your own by subclassing the component resource base class.
+
+Components provide all the benefits of native language packages: storage in package managers, versioning, secure dependencies, and more.
+
+**[Templates](https://www.pulumi.com/docs/pulumi-cloud/developer-platforms/templates/)** are blueprints that scaffold entirely new projects. While components encapsulate cloud resource usage patterns, templates provide standard starting points for complete projects with many resources. [Pulumi offers templates](https://www.pulumi.com/templates/) for common architectures and patterns, but you can create your own. You can also register your organization's templates in the Pulumi Cloud New Project Wizard for easy access.
+
+### Make the decision
+
+Start with existing components and templates, then create custom ones as your team identifies common patterns. This approach ensures consistency and reduces maintenance overhead as you scale.
+
+{{< get-started-stepper >}}