Back to Integrations

Pulumi Integration

Manage TigerAccess infrastructure as code with Pulumi. Define access policies, resources, and configurations using TypeScript, Python, Go, and other modern languages.

View DocumentationRequest Demo
Features

Modern Infrastructure as Code

Manage TigerAccess with the power and flexibility of real programming languages.

Multi-Language SDKs

Use TypeScript, Python, Go, C#, or Java to define TigerAccess resources with full type safety and IDE support.

Resource Provisioning

Declaratively manage users, roles, access rules, integrations, and all TigerAccess resources as code.

GitOps Workflows

Version control your access policies, review changes in PRs, and deploy with CI/CD pipelines.

State Management

Secure state storage with encryption, team collaboration, and drift detection built-in.

Capabilities

Full-Featured Pulumi Provider

TypeScript/JavaScript provider
Python SDK support
Go SDK support
C# and Java SDKs
Resource creation & updates
State encryption
Stack references
Secret handling
Policy as code
Automation API
Preview deployments
Drift detection
Component resources
Dynamic providers
Cross-stack references
Pulumi ESC integration
Setup

Get Started with Pulumi

Install the provider and start managing TigerAccess as code in minutes.

1

Install Pulumi Provider

Install the TigerAccess Pulumi provider for your preferred language.

# TypeScript/JavaScript
npm install @tigeraccess/pulumi

# Python
pip install tigeraccess-pulumi

# Go
go get github.com/tigeraccess/pulumi-tigeraccess/sdk/go/tigeraccess
2

Configure Provider

Set up authentication and connection to your TigerAccess cluster.

import * as tigeraccess from "@tigeraccess/pulumi";

// Configure provider
const provider = new tigeraccess.Provider("tigeraccess", {
  authServer: "https://auth.example.com:3025",
  // Use identity file or token for authentication
  identityFile: "~/.tac/identity",
});
3

Create Resources

Define TigerAccess resources using your preferred programming language.

// Create a role
const devRole = new tigeraccess.Role("dev-role", {
  metadata: {
    name: "developers",
    description: "Developer access role",
  },
  spec: {
    allow: {
      logins: ["ubuntu", "ec2-user"],
      nodeLabels: {
        env: ["dev", "staging"],
      },
    },
  },
}, { provider });

// Create a user
const user = new tigeraccess.User("jane", {
  metadata: {
    name: "[email protected]",
  },
  spec: {
    roles: [devRole.metadata.name],
  },
}, { provider });
4

Deploy with CI/CD

Integrate Pulumi into your CI/CD pipeline for automated deployments.

# GitHub Actions example
name: Pulumi Deploy
on:
  push:
    branches: [main]
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: pulumi/actions@v4
        with:
          command: up
          stack-name: prod
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
          TIGERACCESS_AUTH_SERVER: ${{ secrets.TIGERACCESS_AUTH_SERVER }}
          TIGERACCESS_IDENTITY_FILE: ${{ secrets.TIGERACCESS_IDENTITY }}
Examples

Real-World Code Examples

See how to manage TigerAccess resources in your preferred language.

TypeScript Example

Complete example of managing TigerAccess resources with TypeScript.

import * as pulumi from "@pulumi/pulumi";
import * as tigeraccess from "@tigeraccess/pulumi";

// Create roles
const adminRole = new tigeraccess.Role("admin", {
  metadata: {
    name: "admins",
    labels: { team: "platform" },
  },
  spec: {
    allow: {
      logins: ["root", "admin"],
      nodeLabels: { "*": ["*"] },
      rules: [{
        resources: ["*"],
        verbs: ["*"],
      }],
    },
  },
});

// Create access list
const onCallAccess = new tigeraccess.AccessList("oncall", {
  metadata: {
    name: "oncall-production",
  },
  spec: {
    title: "On-call production access",
    grants: {
      roles: ["admins"],
    },
    audit: {
      nextAuditDate: "2024-06-01",
    },
  },
});

// Create integration
const awsIntegration = new tigeraccess.Integration("aws", {
  metadata: {
    name: "aws-prod",
  },
  spec: {
    type: "aws",
    aws: {
      accountId: "123456789012",
      roleArn: "arn:aws:iam::123456789012:role/TigerAccessRole",
      regions: ["us-east-1", "us-west-2"],
    },
  },
});

export const roleName = adminRole.metadata.name;
export const accessListId = onCallAccess.metadata.name;

Python Example

Python SDK example for infrastructure teams.

import pulumi
import tigeraccess_pulumi as tigeraccess

# Create a database connection
postgres_db = tigeraccess.Database("postgres-prod",
    metadata=tigeraccess.MetadataArgs(
        name="postgres-production",
        labels={"env": "prod", "team": "data"}
    ),
    spec=tigeraccess.DatabaseSpecArgs(
        protocol="postgres",
        uri="postgres.example.com:5432",
        ca_cert="/etc/certs/postgres-ca.pem",
        admin_user=tigeraccess.DatabaseUserArgs(
            name="admin"
        )
    )
)

# Create bot for CI/CD
ci_bot = tigeraccess.Bot("ci-bot",
    metadata=tigeraccess.MetadataArgs(
        name="github-actions-bot"
    ),
    spec=tigeraccess.BotSpecArgs(
        roles=["ci-deployer"],
        traits=[
            tigeraccess.TraitArgs(
                name="github-actions",
                values=["deploy", "test"]
            )
        ]
    )
)

pulumi.export("database_name", postgres_db.metadata.name)
pulumi.export("bot_name", ci_bot.metadata.name)
Use Cases

Infrastructure as Code Scenarios

Infrastructure Provisioning

Deploy TigerAccess alongside your infrastructure. Create SSH nodes, database connections, and Kubernetes clusters as part of your Pulumi stacks.

RBAC Management

Define roles, permissions, and access rules as code. Review access policy changes through pull requests before deploying to production.

Multi-Environment Setup

Use Pulumi stacks to manage dev, staging, and production TigerAccess configurations with environment-specific settings and shared base configurations.

Compliance Automation

Enforce compliance policies using Pulumi Policy Packs. Automatically validate that TigerAccess configurations meet security and compliance requirements.

FAQ

Frequently Asked Questions

Which languages does the TigerAccess Pulumi provider support?

The provider supports TypeScript, JavaScript, Python, Go, C#, and Java. All languages provide full type safety and intellisense support in modern IDEs.

How do I manage secrets in Pulumi with TigerAccess?

Use Pulumi's built-in secret management to encrypt sensitive values like certificates and tokens. You can also integrate with Pulumi ESC (Environments, Secrets, and Configuration) for centralized secret management across stacks.

Can I import existing TigerAccess resources into Pulumi?

Yes. Use the pulumi import command to import existing TigerAccess resources into your Pulumi state. This allows you to gradually migrate to infrastructure as code without recreating resources.

How does Pulumi detect drift in TigerAccess configurations?

Run pulumi preview to compare your code against the actual state of resources in TigerAccess. Pulumi will show any differences and allow you to either update your code or refresh the state to match reality.

Can I use Pulumi Automation API with TigerAccess?

Yes. The Automation API allows you to embed Pulumi in your applications and build custom workflows. This is useful for building self-service portals where users can request access and have roles automatically provisioned.

How do I handle multi-environment deployments?

Use Pulumi stacks for each environment (dev, staging, prod). Share common configuration using stack references and component resources. Override environment-specific settings using stack configuration files.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free TrialContact Sales

No credit card required • 14-day free trial • Enterprise support available