Introduction to Pulumi With Java

Last updated: February 10, 2025

Reviewed by: Eric Martin
Partner – Orkes – NPI EA (cat=Spring)
announcement - icon

Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.

Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.

With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.

Try a 14-Day Free Trial of Orkes Conductor today.

Partner – Orkes – NPI EA (tag=Microservices)
announcement - icon

Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.

Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.

With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.

Try a 14-Day Free Trial of Orkes Conductor today.

eBook – Guide Spring Cloud – NPI EA (cat=Spring Cloud)
announcement - icon

Let's get started with a Microservice Architecture with Spring Cloud:

>> Join Pro and download the eBook

eBook – Mockito – NPI EA (tag = Mockito)
announcement - icon

Mocking is an essential part of unit testing, and the Mockito library makes it easy to write clean and intuitive unit tests for your Java code.

Get started with mocking and improve your application tests using our Mockito guide:

Download the eBook

eBook – Java Concurrency – NPI EA (cat=Java Concurrency)
announcement - icon

Handling concurrency in an application can be a tricky process with many potential pitfalls. A solid grasp of the fundamentals will go a long way to help minimize these issues.

Get started with understanding multi-threaded applications with our Java Concurrency guide:

>> Download the eBook

eBook – Reactive – NPI EA (cat=Reactive)
announcement - icon

Spring 5 added support for reactive programming with the Spring WebFlux module, which has been improved upon ever since. Get started with the Reactor project basics and reactive programming in Spring Boot:

>> Join Pro and download the eBook

eBook – Java Streams – NPI EA (cat=Java Streams)
announcement - icon

Since its introduction in Java 8, the Stream API has become a staple of Java development. The basic operations like iterating, filtering, mapping sequences of elements are deceptively simple to use.

But these can also be overused and fall into some common pitfalls.

To get a better understanding on how Streams work and how to combine them with other language features, check out our guide to Java Streams:

>> Join Pro and download the eBook

eBook – Jackson – NPI EA (cat=Jackson)
announcement - icon

Do JSON right with Jackson

Download the E-book

eBook – HTTP Client – NPI EA (cat=Http Client-Side)
announcement - icon

Get the most out of the Apache HTTP Client

Download the E-book

eBook – Maven – NPI EA (cat = Maven)
announcement - icon

Get Started with Apache Maven:

Download the E-book

eBook – Persistence – NPI EA (cat=Persistence)
announcement - icon

Working on getting your persistence layer right with Spring?

Explore the eBook

eBook – RwS – NPI EA (cat=Spring MVC)
announcement - icon

Building a REST API with Spring?

Download the E-book

Course – LS – NPI EA (cat=Jackson)
announcement - icon

Get started with Spring and Spring Boot, through the Learn Spring course:

>> LEARN SPRING
Course – RWSB – NPI EA (cat=REST)
announcement - icon

Explore Spring Boot 3 and Spring 6 in-depth through building a full REST API with the framework:

>> The New “REST With Spring Boot”

Course – LSS – NPI EA (cat=Spring Security)
announcement - icon

Yes, Spring Security can be complex, from the more advanced functionality within the Core to the deep OAuth support in the framework.

I built the security material as two full courses - Core and OAuth, to get practical with these more complex scenarios. We explore when and how to use each feature and code through it on the backing project.

You can explore the course here:

>> Learn Spring Security

Partner – LambdaTest – NPI EA (cat=Testing)
announcement - icon

Browser testing is essential if you have a website or web applications that users interact with. Manual testing can be very helpful to an extent, but given the multiple browsers available, not to mention versions and operating system, testing everything manually becomes time-consuming and repetitive.

To help automate this process, Selenium is a popular choice for developers, as an open-source tool with a large and active community. What's more, we can further scale our automation testing by running on theLambdaTest cloud-based testing platform.

Read more through our step-by-step tutorial on how to set up Selenium tests with Java and run them on LambdaTest:

>> Automated Browser Testing With Selenium

Partner – Orkes – NPI EA (cat=Java)
announcement - icon

Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.

Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.

With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.

Try a 14-Day Free Trial of Orkes Conductor today.

Course – LSD – NPI EA (tag=Spring Data JPA)
announcement - icon

Spring Data JPA is a great way to handle the complexity of JPA with the powerful simplicity of Spring Boot.

Get started with Spring Data JPA through the guided reference course:

>> CHECK OUT THE COURSE

Partner – Moderne – NPI EA (cat=Spring Boot)
announcement - icon

Refactor Java code safely — and automatically — with OpenRewrite.

Refactoring big codebases by hand is slow, risky, and easy to put off. That’s where OpenRewrite comes in. The open-source framework for large-scale, automated code transformations helps teams modernize safely and consistently.

Each month, the creators and maintainers of OpenRewrite at Moderne run live, hands-on training sessions — one for newcomers and one for experienced users. You’ll see how recipes work, how to apply them across projects, and how to modernize code with confidence.

Join the next session, bring your questions, and learn how to automate the kind of work that usually eats your sprint time.

eBook – Guide Spring Cloud – NPI (cat=Cloud/Spring Cloud)
announcement - icon

Let's get started with a Microservice Architecture with Spring Cloud:

>> Join Pro and download the eBook

1. Introduction

Pulumi is a modern infrastructure-as-code (IaC) tool that allows developers to define and manage cloud resources using general-purpose programming languages like Java. Unlike traditional IaC tools that use domain-specific languages (DSLs), Pulumi leverages the power of Java to create reusable, modular, and type-safe infrastructure code.

In this article, we’ll use Pulumi with Java to create and manage AWS resources, including an S3 bucket, an EC2 instance, and a security group. We’ll also expose the EC2 instance to the internet, update the infrastructure, and destroy all resources.

2. Setting up Pulumi Using Java

Before we start, we must ensure we have the Pulumi CLI installed. We can install it from the official website.

After installing it, we can create a new Pulumi project using the AWS Java template:

$ pulumi new aws-java

This generates a basic project structure. After that, we navigate to the project directory and install dependencies:

$ cd my-pulumi-project
$ mvn install

Now we have all the structure ready to start writing the code.

3. Creating Simple AWS Resources

In this section, we’ll see how we can create simple standalone resources in AWS. After that, we’ll explore how to make slightly more complicated architectures to expose a web service on the Internet.

Amazon S3 (Simple Storage Service) is a highly scalable object storage solution from AWS, widely used for storing files, backups, and media. This way, we can showcase Pulumi’s capabilities in a straightforward yet impactful way. With Pulumi, defining an S3 bucket is as simple as declaring a bucket resource:

var bucket = new Bucket("pulumi-bucket", BucketArgs.builder()
  .build());

Once we define our S3 bucket in Pulumi, we can deploy it to AWS. Pulumi provides a simple command to do this:

$ pulumi up

When running pulumi up, Pulumi shows the resources that will be created:

plumi up s3

Pulumi analyzes the code and shows what resources will be created, modified, or deleted. Also, it asks for a confirmation, so we can review the planned changes before proceeding.

4. Creating a Web Server

Now that we’ve started with an S3 bucket, let’s take things further and build the infrastructure needed for a web service. To deploy an EC2 instance for serving web requests, we must configure a Virtual Private Cloud (VPC), a Subnet, an Internet Gateway, and other essential network components.

4.1. Creating the Network Infrastructure

A VPC (Virtual Private Cloud) is an isolated network within AWS where we can launch resources such as EC2 instances, databases, and other services. It allows us to define IP address ranges, create subnets, and configure routing rules for controlling how resources communicate.

Let’s create a VPC with a CIDR block of 10.0.0.0/16, meaning it can hold many IP addresses:

var vpc = new Vpc("vpc", VpcArgs.builder()
  .cidrBlock("10.0.0.0/16")
  .build());

A subnet is a subdivision of a VPC, allowing us to organize resources within smaller network segments. For our EC2 instance to be publicly accessible, it must be in a public subnet that automatically assigns public IP addresses to instances:

var subnet = new Subnet("subnet", SubnetArgs.builder()
  .vpcId(vpc.id())
  .cidrBlock("10.0.1.0/24")
  .mapPublicIpOnLaunch(true)
  .build());

By default, resources inside a VPC cannot access the internet. To allow traffic to flow in and out, we need an Internet Gateway (IGW). This AWS-managed service connects our VPC to the public internet:

var gateway = new InternetGateway("gateway", InternetGatewayArgs.builder()
  .vpcId(vpc.id())
  .build());

Even with an Internet Gateway, instances inside the subnet won’t automatically know how to reach the Internet. We need to configure a route table, which acts like a traffic control system, defining how network traffic flows. We set up a default route (0.0.0.0/0) that sends all outbound traffic to the internet through the gateway:

var routes = new RouteTable("routes", RouteTableArgs.builder()
  .vpcId(vpc.id())
  .routes(RouteTableRouteArgs.builder()
    .cidrBlock("0.0.0.0/0")
    .gatewayId(gateway.id())
    .build())
  .build());

var routeTableAssociation = new RouteTableAssociation("route-table-association", RouteTableAssociationArgs.builder()
  .subnetId(subnet.id())
  .routeTableId(routes.id())
  .build());

Also, we link the route table to the public subnet so that the EC2 instance inside it can use the Internet Gateway.

4.2. Security Group: Controlling Traffic

A Security Group is a virtual firewall that controls which types of network traffic are allowed to reach an EC2 instance. We’ll start by creating one and associating it with our VPC:

var securityGroup = new SecurityGroup("security-group", SecurityGroupArgs.builder()
  .name("allow_public")
  .vpcId(vpc.id())
  .build());

At this point, the security group exists but has no rules yet. AWS security groups default deny all the traffic until we define rules explicitly. For users to be able to access our server we need to allow HTTP inbound traffic:

var allowPort80Ipv4 = new SecurityGroupIngressRule("allowPort80Ingress", SecurityGroupIngressRuleArgs.builder()
  .securityGroupId(securityGroup.id())
  .cidrIpv4("0.0.0.0/0")
  .fromPort(80)
  .ipProtocol("tcp")
  .toPort(80)
  .build());

We attach the rule to our previously created security group and allow all traffic to port 80 (which is used for HTTP web traffic). We’ll also have to add a rule for outbound to let our service access the internet:

var allowAllTrafficIpv4 = new SecurityGroupEgressRule("allowAllTrafficEgress", SecurityGroupEgressRuleArgs.builder()
  .securityGroupId(securityGroup.id())
  .cidrIpv4("0.0.0.0/0")
  .ipProtocol("-1")
  .build());

This ensures our EC2 instance can download updates and install dependencies during setup

4.3. User Data: Automating Server Setup

When launching an EC2 instance, we can pass a user data script that runs automatically on startup:

String userData = """
    #!/bin/bash
    yum update -y
    yum install -y httpd
    systemctl start httpd
    systemctl enable httpd
    echo "<h1>Hello World, welcome to our Pulumi deployed infrastructure.</h1>" > /var/www/html/index.html
    """;

This script will:

  1. update the system
  2. install Apache HTTP Server
  3. start the web server
  4. create a basic HTML page

This ensures that when the EC2 instance starts, it immediately serves a webpage without any manual setup.

4.4. Launching the EC2 Instance

With security and automation in place, we can now define and deploy an EC2 instance:

var instance = new Instance("my-instance", InstanceArgs.builder()
  .instanceType(InstanceType.T2_Micro)
  .ami("ami-0e320147c22e46f12")
  .subnetId(subnet.id())
  .vpcSecurityGroupIds(Output.all(securityGroup.id()))
  .associatePublicIpAddress(true)
  .userData(userData) // Add user data to the instance
  .build());

The instance type is set to t2.micro, a small and cost-effective option. Also, this instance type is part of the AWS Free Tier. The Amazon Machine Image (AMI) used is Amazon Linux 2, a lightweight and AWS-optimized operating system. Since the instance needs to be publicly accessible, it’s assigned a public IP address. This makes it reachable from the internet, allowing us to test the web server later.

We can print the public IP address assigned to our EC2 instance in our console:

ctx.export("publicIp", instance.publicIp());

This way, we can retrieve the instance’s public IP without manually checking the AWS console. After running pulumi up, the public IP will be displayed in the command output:pulumi up ec2

4.5. Verifying the Web Server Deployment

Once the EC2 instance is up, we can verify that the web server is accessible. However, before testing, we should wait a few minutes for the instance to complete its initialization. In particular, the web server might take some time to start, especially if updates and package installations are still in progress. The simplest way to verify the deployment is by entering the public IP of the instance into a web browser:

test

Now we can see the message from our user data script.

For a quick verification from the command line, we can use curl to send an HTTP request to the instance:

$ curl http://3.69.254.86/

5. Destroying the Infrastructure

After testing our web server, we should remove the deployed resources to prevent unnecessary AWS costs. Cloud resources like EC2 instances incur charges as long as they exist, even if they aren’t actively used.

Pulumi makes it easy to tear down the infrastructure with a single command:

$ pulumi destroy

This command will:

  • terminate the EC2 instance
  • delete the security group, VPC, subnet, and route table
  • remove the S3 bucket (note that we must first empty the bucket manually if it contains files)

Pulumi prompts for confirmation before proceeding with the deletion. After confirming, it sequentially removes all previously created resources.

6. Conclusion

In this tutorial, we demonstrated how to use Pulumi to create and manage AWS infrastructure, including an S3 bucket, a VPC, an EC2 instance, and related resources like security groups and route tables. Next, we broke down each part of the code to understand how Pulumi simplifies the provisioning of cloud infrastructure using familiar programming languages like Java.

By running pulumi up, we saw how easy it is to deploy resources, and with pulumi destroy, we can clean up those resources, avoiding any unwanted costs in AWS. Whether we’re provisioning simple storage with S3 or more complex networking and compute resources like EC2 instances, Pulumi provides a flexible and powerful way to manage cloud infrastructure programmatically.

The code backing this article is available on GitHub. Once you're logged in as a Baeldung Pro Member, start learning and coding on the project.
Baeldung Pro – NPI EA (cat = Baeldung)
announcement - icon

Baeldung Pro comes with both absolutely No-Ads as well as finally with Dark Mode, for a clean learning experience:

>> Explore a clean Baeldung

Once the early-adopter seats are all used, the price will go up and stay at $33/year.

Partner – Orkes – NPI EA (cat = Spring)
announcement - icon

Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.

Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.

With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.

Try a 14-Day Free Trial of Orkes Conductor today.

Partner – Orkes – NPI EA (tag = Microservices)
announcement - icon

Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.

Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.

With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.

Try a 14-Day Free Trial of Orkes Conductor today.

eBook – HTTP Client – NPI EA (cat=HTTP Client-Side)
announcement - icon

The Apache HTTP Client is a very robust library, suitable for both simple and advanced use cases when testing HTTP endpoints. Check out our guide covering basic request and response handling, as well as security, cookies, timeouts, and more:

>> Download the eBook

eBook – Java Concurrency – NPI EA (cat=Java Concurrency)
announcement - icon

Handling concurrency in an application can be a tricky process with many potential pitfalls. A solid grasp of the fundamentals will go a long way to help minimize these issues.

Get started with understanding multi-threaded applications with our Java Concurrency guide:

>> Download the eBook

eBook – Java Streams – NPI EA (cat=Java Streams)
announcement - icon

Since its introduction in Java 8, the Stream API has become a staple of Java development. The basic operations like iterating, filtering, mapping sequences of elements are deceptively simple to use.

But these can also be overused and fall into some common pitfalls.

To get a better understanding on how Streams work and how to combine them with other language features, check out our guide to Java Streams:

>> Join Pro and download the eBook

eBook – Persistence – NPI EA (cat=Persistence)
announcement - icon

Working on getting your persistence layer right with Spring?

Explore the eBook

Course – LS – NPI EA (cat=REST)

announcement - icon

Get started with Spring Boot and with core Spring, through the Learn Spring course:

>> CHECK OUT THE COURSE

Partner – Moderne – NPI EA (tag=Refactoring)
announcement - icon

Modern Java teams move fast — but codebases don’t always keep up. Frameworks change, dependencies drift, and tech debt builds until it starts to drag on delivery. OpenRewrite was built to fix that: an open-source refactoring engine that automates repetitive code changes while keeping developer intent intact.

The monthly training series, led by the creators and maintainers of OpenRewrite at Moderne, walks through real-world migrations and modernization patterns. Whether you’re new to recipes or ready to write your own, you’ll learn practical ways to refactor safely and at scale.

If you’ve ever wished refactoring felt as natural — and as fast — as writing code, this is a good place to start.

eBook Jackson – NPI EA – 3 (cat = Jackson)
Do JSON right with Jackson - book cover
Do JSON right with Jackson - icon
Do JSON right with Jackson
Download the E-book
eBook – eBook Guide Spring Cloud – NPI (cat=Cloud/Spring Cloud)
A Microservice Architecture with Spring Boot and Spring Cloud - book cover
A Microservice Architecture with Spring Boot and Spring Cloud - icon
Build your Microservice Architecture with
Spring Boot and Spring Cloud
>> Join Pro and download the eBook