Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

Heldinhow/pulumi

Name: pulumi
Author: Heldinhow

pulumi/SKILL.md

npx skillsauth add Heldinhow/awesome-opencode-dev-skills pulumi

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Pulumi

Setup

# Install CLI
brew install pulumi

# Login (state backend)
pulumi login            # Pulumi Cloud (free)
pulumi login --local    # local state (file system)
pulumi login s3://my-bucket  # AWS S3 backend

# Create new project
mkdir infra && cd infra
pulumi new aws-typescript    # TypeScript + AWS
pulumi new gcp-typescript    # TypeScript + GCP
pulumi new azure-typescript  # TypeScript + Azure

Project Structure

infra/
  Pulumi.yaml          # project config
  Pulumi.dev.yaml      # stack config (dev)
  Pulumi.prod.yaml     # stack config (prod)
  index.ts             # infrastructure code
  package.json

Basic AWS Example

// index.ts
import * as aws from '@pulumi/aws'
import * as pulumi from '@pulumi/pulumi'

const config = new pulumi.Config()
const env = pulumi.getStack() // "dev" | "prod"

// S3 Bucket
const bucket = new aws.s3.BucketV2('my-bucket', {
  bucket: `my-app-${env}`,
  tags: { Environment: env, ManagedBy: 'pulumi' },
})

// Enable versioning
new aws.s3.BucketVersioningV2('my-bucket-versioning', {
  bucket: bucket.id,
  versioningConfiguration: { status: 'Enabled' },
})

// Lambda function
const role = new aws.iam.Role('lambda-role', {
  assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: 'lambda.amazonaws.com' }),
})

new aws.iam.RolePolicyAttachment('lambda-basic', {
  role: role.name,
  policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole,
})

const fn = new aws.lambda.Function('my-fn', {
  runtime: aws.lambda.Runtime.NodeJS20dX,
  code: new pulumi.asset.AssetArchive({
    '.': new pulumi.asset.FileArchive('./dist'),
  }),
  handler: 'index.handler',
  role: role.arn,
  environment: {
    variables: {
      NODE_ENV: env,
      DB_URL: config.requireSecret('dbUrl'),
    },
  },
  timeout: 30,
  memorySize: 512,
})

// API Gateway
const api = new aws.apigatewayv2.Api('api', {
  protocolType: 'HTTP',
  corsConfiguration: {
    allowOrigins: ['*'],
    allowMethods: ['GET', 'POST', 'PUT', 'DELETE'],
    allowHeaders: ['Content-Type', 'Authorization'],
  },
})

const integration = new aws.apigatewayv2.Integration('integration', {
  apiId: api.id,
  integrationType: 'AWS_PROXY',
  integrationUri: fn.arn,
  payloadFormatVersion: '2.0',
})

const route = new aws.apigatewayv2.Route('route', {
  apiId: api.id,
  routeKey: '$default',
  target: pulumi.interpolate`integrations/${integration.id}`,
})

new aws.apigatewayv2.Stage('stage', {
  apiId: api.id,
  name: '$default',
  autoDeploy: true,
}, { dependsOn: [route] })

// Allow API Gateway to invoke Lambda
new aws.lambda.Permission('api-invoke', {
  action: 'lambda:InvokeFunction',
  function: fn.name,
  principal: 'apigateway.amazonaws.com',
  sourceArn: pulumi.interpolate`${api.executionArn}/*/*`,
})

// Exports
export const bucketName = bucket.id
export const apiUrl = api.apiEndpoint
export const functionName = fn.name

Stack Config

# Set config values
pulumi config set aws:region us-east-1
pulumi config set --secret dbUrl postgresql://...

# Pulumi.dev.yaml (auto-generated)
config:
  aws:region: us-east-1
  my-project:environment: dev

Commands

pulumi up           # preview + deploy
pulumi up --yes     # deploy without confirmation
pulumi preview      # preview changes only
pulumi destroy      # destroy all resources
pulumi stack        # show current stack info
pulumi stack ls     # list stacks
pulumi stack select prod   # switch stack
pulumi stack output apiUrl # print exported value
pulumi logs         # view logs
pulumi refresh      # sync state with real cloud

Component Resource (Reusable)

import * as pulumi from '@pulumi/pulumi'
import * as aws from '@pulumi/aws'

interface WebAppArgs {
  domain: string
  certificateArn: pulumi.Input<string>
}

class WebApp extends pulumi.ComponentResource {
  public readonly bucketName: pulumi.Output<string>
  public readonly url: pulumi.Output<string>

  constructor(name: string, args: WebAppArgs, opts?: pulumi.ComponentResourceOptions) {
    super('custom:infra:WebApp', name, {}, opts)

    const bucket = new aws.s3.BucketV2(`${name}-bucket`, {
      tags: { Component: name },
    }, { parent: this })

    // ... CloudFront, Route53, etc.

    this.bucketName = bucket.id
    this.url = pulumi.output(`https://${args.domain}`)

    this.registerOutputs({ bucketName: this.bucketName, url: this.url })
  }
}

// Usage
const app = new WebApp('frontend', { domain: 'example.com', certificateArn: cert.arn })
export const appUrl = app.url

RDS + VPC Example

const vpc = new aws.ec2.Vpc('vpc', { cidrBlock: '10.0.0.0/16' })

const subnetA = new aws.ec2.Subnet('subnet-a', {
  vpcId: vpc.id,
  cidrBlock: '10.0.1.0/24',
  availabilityZone: 'us-east-1a',
})

const db = new aws.rds.Instance('db', {
  engine: 'postgres',
  engineVersion: '16.3',
  instanceClass: 'db.t3.micro',
  allocatedStorage: 20,
  dbName: 'myapp',
  username: 'admin',
  password: config.requireSecret('dbPassword'),
  vpcSecurityGroupIds: [sg.id],
  dbSubnetGroupName: subnetGroup.name,
  skipFinalSnapshot: env !== 'prod',
})

export const dbEndpoint = db.endpoint

Heldinhow/pulumi

pulumi/SKILL.md

Use when provisioning cloud infrastructure with Pulumi using TypeScript or Python. Covers AWS, GCP, Azure resources, stacks, state management, and component resources as Infrastructure as Code.

2 stars

development

Updated Apr 22, 2026

$ install --global

skillsauth

npx skillsauth add Heldinhow/awesome-opencode-dev-skills pulumi

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 22, 2026, 7:38 AM120.1s1 file scanned

SKILL.md

name:: pulumi
description:: Use when provisioning cloud infrastructure with Pulumi using TypeScript or Python. Covers AWS, GCP, Azure resources, stacks, state management, and component resources as Infrastructure as Code.

Pulumi

Setup

# Install CLI
brew install pulumi

# Login (state backend)
pulumi login            # Pulumi Cloud (free)
pulumi login --local    # local state (file system)
pulumi login s3://my-bucket  # AWS S3 backend

# Create new project
mkdir infra && cd infra
pulumi new aws-typescript    # TypeScript + AWS
pulumi new gcp-typescript    # TypeScript + GCP
pulumi new azure-typescript  # TypeScript + Azure

Project Structure

infra/
  Pulumi.yaml          # project config
  Pulumi.dev.yaml      # stack config (dev)
  Pulumi.prod.yaml     # stack config (prod)
  index.ts             # infrastructure code
  package.json

Basic AWS Example

// index.ts
import * as aws from '@pulumi/aws'
import * as pulumi from '@pulumi/pulumi'

const config = new pulumi.Config()
const env = pulumi.getStack() // "dev" | "prod"

// S3 Bucket
const bucket = new aws.s3.BucketV2('my-bucket', {
  bucket: `my-app-${env}`,
  tags: { Environment: env, ManagedBy: 'pulumi' },
})

// Enable versioning
new aws.s3.BucketVersioningV2('my-bucket-versioning', {
  bucket: bucket.id,
  versioningConfiguration: { status: 'Enabled' },
})

// Lambda function
const role = new aws.iam.Role('lambda-role', {
  assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: 'lambda.amazonaws.com' }),
})

new aws.iam.RolePolicyAttachment('lambda-basic', {
  role: role.name,
  policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole,
})

const fn = new aws.lambda.Function('my-fn', {
  runtime: aws.lambda.Runtime.NodeJS20dX,
  code: new pulumi.asset.AssetArchive({
    '.': new pulumi.asset.FileArchive('./dist'),
  }),
  handler: 'index.handler',
  role: role.arn,
  environment: {
    variables: {
      NODE_ENV: env,
      DB_URL: config.requireSecret('dbUrl'),
    },
  },
  timeout: 30,
  memorySize: 512,
})

// API Gateway
const api = new aws.apigatewayv2.Api('api', {
  protocolType: 'HTTP',
  corsConfiguration: {
    allowOrigins: ['*'],
    allowMethods: ['GET', 'POST', 'PUT', 'DELETE'],
    allowHeaders: ['Content-Type', 'Authorization'],
  },
})

const integration = new aws.apigatewayv2.Integration('integration', {
  apiId: api.id,
  integrationType: 'AWS_PROXY',
  integrationUri: fn.arn,
  payloadFormatVersion: '2.0',
})

const route = new aws.apigatewayv2.Route('route', {
  apiId: api.id,
  routeKey: '$default',
  target: pulumi.interpolate`integrations/${integration.id}`,
})

new aws.apigatewayv2.Stage('stage', {
  apiId: api.id,
  name: '$default',
  autoDeploy: true,
}, { dependsOn: [route] })

// Allow API Gateway to invoke Lambda
new aws.lambda.Permission('api-invoke', {
  action: 'lambda:InvokeFunction',
  function: fn.name,
  principal: 'apigateway.amazonaws.com',
  sourceArn: pulumi.interpolate`${api.executionArn}/*/*`,
})

// Exports
export const bucketName = bucket.id
export const apiUrl = api.apiEndpoint
export const functionName = fn.name

Stack Config

# Set config values
pulumi config set aws:region us-east-1
pulumi config set --secret dbUrl postgresql://...

# Pulumi.dev.yaml (auto-generated)
config:
  aws:region: us-east-1
  my-project:environment: dev

Commands

pulumi up           # preview + deploy
pulumi up --yes     # deploy without confirmation
pulumi preview      # preview changes only
pulumi destroy      # destroy all resources
pulumi stack        # show current stack info
pulumi stack ls     # list stacks
pulumi stack select prod   # switch stack
pulumi stack output apiUrl # print exported value
pulumi logs         # view logs
pulumi refresh      # sync state with real cloud

Component Resource (Reusable)

import * as pulumi from '@pulumi/pulumi'
import * as aws from '@pulumi/aws'

interface WebAppArgs {
  domain: string
  certificateArn: pulumi.Input<string>
}

class WebApp extends pulumi.ComponentResource {
  public readonly bucketName: pulumi.Output<string>
  public readonly url: pulumi.Output<string>

  constructor(name: string, args: WebAppArgs, opts?: pulumi.ComponentResourceOptions) {
    super('custom:infra:WebApp', name, {}, opts)

    const bucket = new aws.s3.BucketV2(`${name}-bucket`, {
      tags: { Component: name },
    }, { parent: this })

    // ... CloudFront, Route53, etc.

    this.bucketName = bucket.id
    this.url = pulumi.output(`https://${args.domain}`)

    this.registerOutputs({ bucketName: this.bucketName, url: this.url })
  }
}

// Usage
const app = new WebApp('frontend', { domain: 'example.com', certificateArn: cert.arn })
export const appUrl = app.url

RDS + VPC Example

const vpc = new aws.ec2.Vpc('vpc', { cidrBlock: '10.0.0.0/16' })

const subnetA = new aws.ec2.Subnet('subnet-a', {
  vpcId: vpc.id,
  cidrBlock: '10.0.1.0/24',
  availabilityZone: 'us-east-1a',
})

const db = new aws.rds.Instance('db', {
  engine: 'postgres',
  engineVersion: '16.3',
  instanceClass: 'db.t3.micro',
  allocatedStorage: 20,
  dbName: 'myapp',
  username: 'admin',
  password: config.requireSecret('dbPassword'),
  vpcSecurityGroupIds: [sg.id],
  dbSubnetGroupName: subnetGroup.name,
  skipFinalSnapshot: env !== 'prod',
})

export const dbEndpoint = db.endpoint

Related Skills

Heldinhow/websocket-real-time

tools

VerifiedTrustedCommunity

Implement WebSocket communication for real-time bidirectional client-server communication.

2SKILL.mdUpdated Apr 24, 2026

Heldinhow/websocket-real-time

Heldinhow/webhook-handler

development

VerifiedTrustedCommunity

Implement webhook handlers for processing incoming events from external services.

2SKILL.mdUpdated Apr 24, 2026

Heldinhow/webhook-handler

Heldinhow/webapp-testing

development

VerifiedTrustedCommunity

Test web applications using Playwright for end-to-end browser testing.

2SKILL.mdUpdated Apr 24, 2026

Heldinhow/webapp-testing

Heldinhow/web-artifacts-builder

development

VerifiedTrustedCommunity

Build production-quality HTML artifacts using React, Tailwind CSS, and shadcn/ui.

2SKILL.mdUpdated Apr 24, 2026

Heldinhow/web-artifacts-builder

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/Heldinhow/awesome-opencode-dev-skills.git

# Copy into Claude Code skills folder (global)
cp -r awesome-opencode-dev-skills/pulumi ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

Heldinhow/awesome-opencode-dev-skills

2 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT