SANS Institute is using the Pulumi Cloud Engineering Platform to streamline the delivery of applications and infrastructure, increasing the speed of delivery by 3X. Pulumi enabled SANS to adopt cloud engineering best practices so that it could reduce deployment times, simplify its cloud architectures and ultimately create a better experience for end customers.

For example, SANS now delivers cloud infrastructure using TypeScript and GitOps workflows, allowing it to use the power of modern languages and software engineering to deploy and configure infrastructure through a single platform.

To ensure that their infrastructure is secure, SANS IT management uses a variety of methods. One is Pulumi’s Policy as Code framework, which allows them to enforce compliance for cloud resources. Additionally, they took advantage of Pulumi’s collection of libraries that model AWS infrastructure patterns using well-architected best practices. These libraries allow them to use default configurations for resources such as Amazon CloudWatch Alarms, CloudWatch Metrics, and CloudWatch Dashboards.

SANS has also begun developing its own SANS policy pack to verify that resources are spun up according to SANS standards, such as ensuring that Amazon S3 buckets are always encrypted and closed to public access.

Benefits of adopting Pulumi included: reducing deployment times for servers by up to 70% as well as streamlining cloud application delivery by replacing its legacy Infrastructure as Code workflow with the cloud engineering practices of using Git and CI/CD-driven workflows.