Providers

Providers allow you to interact with cloud services.

A provider is what allows SST to interact with the APIs of various cloud services. These are packages that can be installed through your sst.config.ts.

SST is built on Pulumi/Terraform and supports 150+ providers. This includes the major clouds like AWS, Azure, and GCP; but also services like Cloudflare, Stripe, Vercel, Auth0, etc.

Check out the full list in the Directory.

Install

To add a provider to your app run.

sst add <provider>

This command adds the provider to your config, installs the packages, and adds the namespace of the provider to your globals.

SST manages these packages internally and you do not need to import the package in your sst.config.ts.

The name of a provider comes from the name of the package in the Directory. For example, sst add planetscale, will add the following to your sst.config.ts.

{
  providers: {
    planetscale: "0.0.7"
  }
}

You can add multiple providers to your app.

{
  providers: {
    aws: "6.27.0",
    cloudflare: "5.37.1"
  }
}

Configure

You can configure a provider in your sst.config.ts. For example, to change the region for AWS.

{
  providers: {
    aws: {
      region: "us-west-2"
    }
  }
}

You can check out the available list of options that you can configure for a provider over on the provider’s docs. For example, here are the ones for AWS and Cloudflare.

Versions

By default, SST installs the latest version. If you want to use a specific version, you can change it in your config.

{
  providers: {
    aws: {
      version: "6.27.0"
    }
  }
}

If you make any changes to the providers in your config, you’ll need to run sst install.

The version of the provider is always pinned to what’s in the sst.config.ts and does not auto-update. This is the case, even if there is no version set. This is to make sure that the providers don’t update in the middle of your dev workflow.

So if you want to update it, you’ll need to change it manually and run sst install.

Credentials

Most providers will read your credentials from the environment. For example, for Cloudflare you might set your token like so.

export CLOUDFLARE_API_TOKEN=aaaaaaaa_aaaaaaaaaaaa_aaaaaaaa

However, some providers also allow you to pass in the credentials through the config.

{
  providers: {
    cloudflare: {
      apiToken: "aaaaaaaa_aaaaaaaaaaaa_aaaaaaaa"
    }
  }
}

Components

The provider packages come with components that you can use in your app.

For example, running sst add aws will allow you to use all the components under the aws namespace.

new aws.s3.BucketV2("b", {
  bucket: "mybucket",
  tags: {
    Name: "My bucket"
  }
});

Aside from components in the providers, SST also has a list of built-in components. These are typically higher level components that make it easy to add features to your app.

You can check these out in the sidebar. Read more about Components.

Functions

Aside from the components, there are a collection of functions that are exposed by a provider. These are listed in the Pulumi docs as getXXXXXX on the sidebar.

For example, to get the AWS account being used in your app.

const current = await aws.getCallerIdentity({});

const accountId = current.accountId;
const callerArn = current.arn;
const callerUser = current.userId;

Or to get the current region.

const current = await aws.getRegion({});

const region = current.name;

Output versions

The above are async methods that return promises. That means that if you call these in your app, they’ll block the deployment of any resources that are defined after it.

So we instead recommend using the Output version of these functions. For example, if we wanted to set the above as environment variables in a function, we would do something like this

new sst.aws.Function("MyFunction, {
  handler: "src/lambda.handler",
  environment: {
    ACCOUNT: aws.getCallerIdentityOutput({}).accountId,
    REGION: aws.getRegionOutput().name
  }
}

The aws.getXXXXOutput functions typically return an object of type Output<primitive>. Read more about Outputs.

Instances

You can create multiple instances of a provider that’s in your config. By default SST creates one instance of each provider in your sst.config.ts with the defaults. By you can create multiple instances in your app.

const useast1 = new aws.Provider("AnotherAWS");

This is useful for multi-region or multi-account deployments.

Multi-region

You might want to create multiple providers in cases where some resources in your app need to go to one region, while others need to go to a separate region.

Let’s look at an example. Assume your app is normally deployed to us-west-1. But you need to create an ACM certificate that needs to be deployed to us-east-1.

const useast1 = new aws.Provider("useast1", { region: "us-east-1" });

new sst.aws.Function("MyFunction, "src/lambda.handler");

new aws.acm.Certificate("cert", {
  domainName: "foo.com",
  validationMethod: "EMAIL",
}, { provider: useast1 });

Here the function is created in your default region, us-west-1. While the certificate is created in us-east-1.

Directory

Below is the full list of providers that SST supports.

sst add <provider>

Install any of the following using the package name as the provider. For example, sst add auth0.

If you want SST to support a Terraform provider or update a version, you can submit a PR to the sst/provider repo.

Provider	Package
ACI	`@netascode/aci`
ACME	`@pulumiverse/acme`
Aiven	`aiven`
Akamai	`akamai`
Alibaba Cloud	`alicloud`
Amazon EKS	`eks`
Aquasec	`@pulumiverse/aquasec`
Artifactory	`artifactory`
Astra DB	`@pulumiverse/astra`
Auth0	`auth0`
Auto Deploy	`auto-deploy`
AWS API Gateway	`aws-apigateway`
AWS Classic	`aws`
AWS Control Tower	`@lbrlabs/pulumi-awscontroltower`
AWS IAM	`aws-iam`
AWS Native	`aws-native`
AWS QuickStart Aurora Postgres	`aws-quickstart-aurora-postgres`
AWS QuickStart Redshift	`aws-quickstart-redshift`
AWS QuickStart VPC	`aws-quickstart-vpc`
AWS S3 Replicated Bucket	`aws-s3-replicated-bucket`
AWS Static Website	`aws-static-website`
AWSx	`awsx`
AzAPI	`@ediri/azapi`
Azure Active Directory	`azuread`
Azure Classic	`azure`
Azure Justrun	`pulumi-azure-justrun`
Azure Native	`azure-native`
Azure Quickstart ACR Geo Replication	`azure-quickstart-acr-geo-replication`
Azure QuickStart ACR Geo Replication	`azure-quickstart-acr-geo-replication`
Azure Static Website	`azure-static-website`
AzureDevOps	`azuredevops`
Buildkite	`@pulumiverse/buildkite`
Checkly	`@checkly/pulumi`
Cisco Catalyst SD-WAN	`sdwan`
Cisco ISE	`ise`
Civo	`civo`
Cloud-Init	`cloudinit`
CloudAMQP	`cloudamqp`
Cloudflare	`cloudflare`
CockroachDB	`@pulumiverse/cockroach`
Command	`command`
Confluent	`confluentcloud`
Consul	`consul`
Control Plane	`@pulumiverse/cpln`
Databricks	`databricks`
Datadog	`datadog`
dbt Cloud	`dbtcloud`
DigitalOcean	`digitalocean`
DNSimple	`dnsimple`
Docker	`docker`
Docker Build	`docker-build`
Doppler	`@pulumiverse/doppler`
Dynatrace	`@pulumiverse/dynatrace`
Elastic Cloud	`ec`
Equinix	`@equinix-labs/pulumi-equinix`
ESXi Native	`@pulumiverse/esxi-native`
Event Store Cloud	`@eventstore/pulumi-eventstorecloud`
Exoscale	`@pulumiverse/exoscale`
F5 BIG-IP	`f5bigip`
Fastly	`fastly`
Flux	`@worawat/flux`
Fortios	`@pulumiverse/fortios`
FusionAuth	`pulumi-fusionauth`
Gandi	`@pulumiverse/gandi`
GCP Global CloudRun	`gcp-global-cloudrun`
Genesis Cloud	`@genesiscloud/pulumi-genesiscloud`
GitHub	`github`
GitLab	`gitlab`
Google Cloud Classic	`gcp`
Google Cloud Native	`google-native`
Google Cloud Static Website	`google-cloud-static-website`
Grafana	`@pulumiverse/grafana`
Harbor	`@pulumiverse/harbor`
Harness	`harness`
HashiCorp Vault	`vault`
HCP	`@grapl/pulumi-hcp`
Hetzner Cloud	`hcloud`
Impart Security	`@impart-security/pulumi-impart`
InfluxDB	`@komminarlabs/influxdb`
Kafka	`kafka`
Keycloak	`keycloak`
Kong	`kong`
Koyeb	`@koyeb/pulumi-koyeb`
Kubernetes	`kubernetes`
Kubernetes Cert Manager	`kubernetes-cert-manager`
Kubernetes CoreDNS	`kubernetes-coredns`
LaunchDarkly	`@lbrlabs/pulumi-lauchdarkly`
LBr Labs EKS	`@lbrlabs/pulumi-eks`
libvirt	`libvirt`
Linode	`linode`
Mailgun	`mailgun`
Matchbox	`@pulumiverse/matchbox`
Miniflux	`aws-miniflux`
MinIO	`minio`
MongoDB Atlas	`mongodbatlas`
MSSQL	`@pulumiverse/mssql`
MySQL	`mysql`
Neon	`neon`
New Relic	`newrelic`
NGINX Ingress Controller	`kubernetes-ingress-nginx`
ngrok	`@pierskarsenbarg/ngrok`
Nomad	`nomad`
NS1	`ns1`
Nuage	`nuage`
Nutanix	`@pierskarsenbarg/nutanix`
Okta	`okta`
OneLogin	`onelogin`
OpenStack	`openstack`
Opsgenie	`opsgenie`
Oracle Cloud Infrastructure	`oci`
OVHCloud	`@ovh-devrelteam/pulumi-ovh`
PagerDuty	`pagerduty`
Pinecone	`@pinecone-database/pulumi`
PlanetScale	`planetscale`
Port	`@port-labs/port`
PostgreSQL	`postgresql`
Prodvana	`@prodvana/pulumi-prodvana`
Proxmox Virtual Environment	`@muhlba91/pulumi-proxmoxve`
Pulumi Cloud	`pulumiservice`
purrl	`@pulumiverse/purrl`
Qovery	`@ediri/qovery`
RabbitMQ	`rabbitmq`
Rancher2	`rancher2`
random	`random`
Redis Cloud	`@rediscloud/pulumi-rediscloud`
Rootly	`@rootly/pulumi`
Runpod	`@runpod-infra/pulumi`
Scaleway	`@pulumiverse/scaleway`
Sentry	`@pulumiverse/sentry`
SignalFx	`signalfx`
Slack	`slack`
Snowflake	`snowflake`
Splight	`@splightplatform/pulumi-splight`
Splunk	`splunk`
Spotinst	`spotinst`
Statuscake	`@pulumiverse/statuscake`
Strata Cloud Manager	`scm`
Stripe	`pulumi-stripe`
StrongDM	`@pierskarsenbarg/sdm`
Sumo Logic	`sumologic`
Supabase	`supabase`
Symbiosis	`@symbiosis-cloud/symbiosis-pulumi`
Synced Folder	`synced-folder`
Tailscale	`tailscale`
Talos Linux	`@pulumiverse/talos`
Time	`@pulumiverse/time`
TLS	`tls`
Twingate	`@twingate/pulumi-twingate`
Unifi	`@pulumiverse/unifi`
Upstash	`@upstash/pulumi`
Venafi	`venafi`
Vercel	`@pulumiverse/vercel`
VMware vSphere	`vsphere`
Volcengine	`@volcengine/pulumi`
vSphere	`vsphere`
Vultr	`@ediri/vultr`
Wavefront	`wavefront`
Yandex	`yandex`
Zitadel	`@pulumiverse/zitadel`
Zscaler Internet Access	`@bdzscaler/pulumi-zia`
Zscaler Private Access	`@bdzscaler/pulumi-zpa`

Any missing providers or typos? Feel free to Edit this page and submit a PR.