Skip to main content
TealTiger provides official Pulumi packages for deploying AI security infrastructure with your preferred programming language. Get full IDE support, type checking, and testing for your infrastructure code.

Why Pulumi?

  • Type-safe — Full IDE autocomplete and compile-time checks
  • Multi-language — TypeScript, Python, Go, C#, Java
  • Testing — Unit test your infrastructure with standard frameworks
  • State management — Built-in state with Pulumi Cloud or self-hosted backends
  • Reusable components — Share infrastructure as packages

Quick Start

import * as tealtiger from "@tealtiger/pulumi";

const engine = new tealtiger.ServerlessEngine("tealtiger-engine", {
  runtime: "python3.12",
  memorySize: 512,
  timeout: 30,
  environment: "production",
  secrets: {
    openaiApiKey: config.requireSecret("openai-api-key"),
  },
});

export const apiEndpoint = engine.apiEndpoint;

pulumi up

Installation

npm install @tealtiger/pulumi

AWS Components

Serverless (Lambda + API Gateway)

import * as tealtiger from "@tealtiger/pulumi";
import * as aws from "@pulumi/aws";

const engine = new tealtiger.aws.ServerlessEngine("engine", {
  runtime: "python3.12",
  memorySize: 512,
  timeout: 30,

  apiGateway: {
    enabled: true,
    stageName: "v1",
    domainName: "api.example.com",
    certificate: cert.arn,
  },

  vpc: {
    subnetIds: vpc.privateSubnetIds,
    securityGroupIds: [sg.id],
  },

  environment: {
    TEALTIGER_ENV: "production",
    TEALTIGER_LOG_LEVEL: "INFO",
  },

  secrets: {
    OPENAI_API_KEY: openaiSecret.arn,
    ANTHROPIC_API_KEY: anthropicSecret.arn,
  },
});

export const endpoint = engine.apiEndpoint;
export const functionArn = engine.functionArn;

ECS Fargate

const service = new tealtiger.aws.ContainerService("engine", {
  clusterName: "tealtiger",
  image: "ghcr.io/tealtiger/python-sdk:latest",
  cpu: 512,
  memory: 1024,
  port: 8080,

  autoscaling: {
    minCapacity: 2,
    maxCapacity: 20,
    cpuTarget: 70,
  },

  loadBalancer: {
    enabled: true,
    certificate: cert.arn,
  },

  vpcId: vpc.vpcId,
  subnetIds: vpc.privateSubnetIds,
});

Google Cloud Components

Cloud Run

const service = new tealtiger.gcp.CloudRunService("engine", {
  project: gcpProject,
  region: "us-central1",
  image: "ghcr.io/tealtiger/python-sdk:latest",
  cpu: "1",
  memory: "512Mi",

  autoscaling: {
    minInstances: 0,
    maxInstances: 100,
  },

  domainMapping: "api.example.com",

  secrets: {
    OPENAI_API_KEY: openaiSecret.secretId,
  },
});

Azure Components

Azure Functions

const func = new tealtiger.azure.FunctionApp("engine", {
  resourceGroupName: rg.name,
  location: "eastus",
  runtime: { name: "python", version: "3.12" },

  appSettings: {
    TEALTIGER_ENV: "production",
  },

  keyVaultId: vault.id,
});

Multi-Region Deployment

const regions = ["us-east-1", "eu-west-1", "ap-southeast-1"];

const engines = regions.map(region =>
  new tealtiger.aws.ServerlessEngine(`engine-${region}`, {
    runtime: "python3.12",
    memorySize: 512,
    region,
    environment: {
      TEALTIGER_REGION: region,
    },
  })
);

// Latency-based DNS routing
const dns = new aws.route53.Record("api", {
  zoneId: hostedZone.zoneId,
  name: "api.example.com",
  type: "A",
  latencyRoutingPolicies: engines.map((e, i) => ({
    region: regions[i],
    setIdentifier: regions[i],
  })),
  aliases: engines.map(e => ({
    name: e.apiGatewayDomain,
    zoneId: e.apiGatewayZoneId,
  })),
});

Testing Infrastructure

Pulumi supports unit testing your infrastructure code with standard test frameworks. 
import * as pulumi from "@pulumi/pulumi/runtime";
import { describe, it, expect } from "vitest";

describe("TealTiger Infrastructure", () => {
  it("should create a Lambda with 512MB memory", async () => {
    const engine = new tealtiger.aws.ServerlessEngine("test", {
      runtime: "python3.12",
      memorySize: 512,
    });

    const memorySize = await new Promise(resolve =>
      engine.memorySize.apply(resolve)
    );
    expect(memorySize).toBe(512);
  });

  it("should enable API Gateway", async () => {
    const engine = new tealtiger.aws.ServerlessEngine("test", {
      runtime: "python3.12",
      apiGateway: { enabled: true, stageName: "v1" },
    });

    const endpoint = await new Promise(resolve =>
      engine.apiEndpoint.apply(resolve)
    );
    expect(endpoint).toBeDefined();
  });
});

Stack Configuration

Manage environment-specific settings with Pulumi stack configs. 
# Pulumi.production.yaml
config:
  tealtiger:region: us-east-1
  tealtiger:memorySize: "512"
  tealtiger:timeout: "30"
  tealtiger:minInstances: "2"
  tealtiger:openai-api-key:
    secure: AAABxxxxxxxxxxxx

const config = new pulumi.Config("tealtiger");

const engine = new tealtiger.aws.ServerlessEngine("engine", {
  runtime: "python3.12",
  memorySize: config.getNumber("memorySize") ?? 512,
  timeout: config.getNumber("timeout") ?? 30,
  secrets: {
    OPENAI_API_KEY: config.requireSecret("openai-api-key"),
  },
});

Next Steps

Terraform

Deploy with Terraform modules

Helm Charts

Deploy on Kubernetes with Helm

CI/CD

Integrate Pulumi into your CI/CD pipeline

Monitoring

Set up monitoring for your deployment