Articles

Pulumi Java: Write Infrastructure in Java (2026)

April 18, 2026 4 min read

You can write your infrastructure as code in Java using Pulumi, which lets you use familiar programming language constructs like classes, loops, and conditional logic for managing cloud resources.

Here’s a simple example of deploying a single AWS S3 bucket using Pulumi with Java:

import com.pulumi.*;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;

public class MyStack extends Stack {
    public MyStack() {
        // Create an AWS resource (S3 Bucket)
        var bucket = new Bucket("my-java-bucket", new BucketArgs.Builder()
            .bucketName("my-unique-java-bucket-name-12345") // Must be globally unique
            .build());

        // Export the bucket name
        this.bucketName = bucket.bucketName();
        this.bucketId = bucket.id();
    }

    @Output public Output<String> bucketName;
    @Output public Output<String> bucketId;
}

To run this, you’d first set up your Pulumi project with Java:

  1. Initialize a Pulumi project:

    pulumi new aws-java

    This creates a pom.xml file with the necessary Pulumi AWS SDK dependencies and a default MyStack.java file.

  2. Replace MyStack.java content: Paste the code above into your src/main/java/com/example/myproject/MyStack.java file. You’ll need to adjust the bucketName to be globally unique.

  3. Deploy:

    pulumi up

    Pulumi will show you a preview of the S3 bucket to be created and ask for confirmation.

Pulumi’s Java SDK mirrors the structure of its other language SDKs. You define your infrastructure within a class that extends Stack. Each instance of a Pulumi resource (like Bucket) is created by instantiating its corresponding Java class and passing configuration arguments. These arguments are often builder-pattern based, as seen with BucketArgs.Builder. The Output<T> type is crucial here; it represents a value that might not be known until deployment time (e.g., the ID of a created resource) and allows Pulumi to construct the dependency graph of your infrastructure.

The core problem Pulumi solves is the complexity and boilerplate associated with managing cloud resources across different providers and services. Traditionally, this meant learning provider-specific CLIs, YAML/JSON templating languages, or imperative SDKs that often lead to inconsistent state management and error-prone deployments. Pulumi allows you to leverage your existing Java development skills, including IDE support, debugging tools, and testing frameworks, to define and manage infrastructure. It abstracts away the differences between cloud providers, presenting a unified programming model.

When you run pulumi up, Pulumi performs several key steps:

  1. Analysis: It analyzes your Stack class to discover all the resources you’ve declared.
  2. Dependency Graph: It builds a directed acyclic graph (DAG) of these resources, understanding their dependencies (e.g., a subnet must exist before a VM can be placed in it).
  3. Provider Communication: It communicates with the respective cloud provider’s API (AWS, Azure, GCP, etc.) to provision, update, or delete resources according to your desired state.
  4. State Management: It maintains a state file that tracks the current resources managed by your Pulumi project, enabling pulumi up to perform diffs and apply only necessary changes.

The most surprising thing about Pulumi’s Java integration is how deeply it integrates with Java’s type system and build tools. It’s not just a thin wrapper; you can use standard Java constructs like try-catch blocks for error handling during resource creation (though Pulumi’s reconciliation engine handles most transient failures), for loops to create multiple similar resources, and even object-oriented patterns to define reusable infrastructure components. The pom.xml for your Pulumi project functions like any other Java project’s build file, allowing you to manage dependencies and build artifacts.

One aspect that often trips up new users is how outputs are handled. You declare Output<T> fields in your Stack class to expose values from your infrastructure. When you try to use an Output<String> value directly in another resource’s argument that expects a plain String, you’ll encounter a compile-time error. This is by design. To use an output value, you must chain .apply() to it, which takes a function that will be executed when the output value is resolved. For example, if you wanted to create a security group rule that uses the ID of the bucket you just created:

// Inside MyStack constructor
var rule = new SecurityRule("my-rule", new SecurityRuleArgs.Builder()
    .port(80)
    .protocol("tcp")
    .cidrBlock(bucket.bucketName().apply(name -> "0.0.0.0/0")) // Example: Apply to bucket name
    .build());

The .apply() method ensures that your code only executes after the upstream resource’s output is available, maintaining the correct execution order and dependency resolution.

The next concept you’ll likely encounter is managing multiple cloud providers within a single Pulumi project, or abstracting common infrastructure patterns into reusable components.

Want structured learning?

Take the full Pulumi course →