Skip to content

Providers

Providers allow you to interact with cloud services.

A provider is what allows SST to interact with the APIs of various cloud services. These are packages that can be installed through your sst.config.ts.

SST is built on Pulumi/Terraform and supports 150+ providers. This includes the major clouds like AWS, Azure, and GCP; but also services like Cloudflare, Stripe, Vercel, Auth0, etc.

Check out the full list in the Directory.


Install

To add a provider to your app run.

Terminal window
sst add <provider>

This command adds the provider to your config, installs the packages, and adds the namespace of the provider to your globals.

SST manages these packages internally and you do not need to import the package in your sst.config.ts.

The name of a provider comes from the name of the package in the Directory. For example, sst add planetscale, will add the following to your sst.config.ts.

sst.config.ts
{
providers: {
planetscale: "0.0.7"
}
}

You can add multiple providers to your app.

sst.config.ts
{
providers: {
aws: "6.27.0",
cloudflare: "5.37.1"
}
}

Read more about the sst add command.


Configure

You can configure a provider in your sst.config.ts. For example, to change the region for AWS.

sst.config.ts
{
providers: {
aws: {
region: "us-west-2"
}
}
}

You can check out the available list of options that you can configure for a provider over on the provider’s docs. For example, here are the ones for AWS and Cloudflare.


Versions

By default, SST installs the latest version. If you want to use a specific version, you can change it in your config.

sst.config.ts
{
providers: {
aws: {
version: "6.27.0"
}
}
}

If you make any changes to the providers in your config, you’ll need to run sst install.

The version of the provider is always pinned to what’s in the sst.config.ts and does not auto-update. So if you want to update it, you’ll need to change it manually and run sst install.


Credentials

Most providers will read your credentials from the environment. For example, for Cloudflare you might set your token like so.

Terminal window
export CLOUDFLARE_API_TOKEN=aaaaaaaa_aaaaaaaaaaaa_aaaaaaaa

However, some providers also allow you to pass in the credentials through the config.

sst.config.ts
{
providers: {
cloudflare: {
apiToken: "aaaaaaaa_aaaaaaaaaaaa_aaaaaaaa"
}
}
}

Read more about configuring providers.


Components

The provider packages come with components that you can use in your app.

For example, running sst add aws will allow you to use all the components under the aws namespace.

sst.config.ts
new aws.s3.BucketV2("b", {
bucket: "mybucket",
tags: {
Name: "My bucket"
}
});

Aside from components in the providers, SST also has a list of built-in components. These are typically higher level components that make it easy to add features to your app.

You can check these out in the sidebar. Read more about Components.


Functions

Aside from the components, there are a collection of functions that are exposed by a provider. These are listed in the Pulumi docs as getXXXXXX on the sidebar.

For example, to get the AWS account being used in your app.

sst.config.ts
const current = await aws.getCallerIdentity({});
const accountId = current.accountId;
const callerArn = current.arn;
const callerUser = current.userId;

Or to get the current region.

sst.config.ts
const current = await aws.getRegion({});
const region = current.name;

Output versions

The above are async methods that return promises. That means that if you call these in your app, they’ll block the deployment of any resources that are defined after it.

So we instead recommend using the Output version of these functions. For example, if we wanted to set the above as environment variables in a function, we would do something like this

sst.config.ts
new sst.aws.Function("MyFunction, {
handler: "src/lambda.handler",
environment: {
ACCOUNT: aws.getCallerIdentityOutput({}).accountId,
REGION: aws.getRegionOutput().name
}
}

The aws.getXXXXOutput functions typically return an object of type Output<primitive>. Read more about Outputs.


Instances

You can create multiple instances of a provider that’s in your config. By default SST creates one instance of each provider in your sst.config.ts with the defaults. By you can create multiple instances in your app.

sst.config.ts
const useast1 = new aws.Provider("AnotherAWS");

This is useful for multi-region or multi-account deployments.


Multi-region

You might want to create multiple providers in cases where some resources in your app need to go to one region, while others need to go to a separate region.

Let’s look at an example. Assume your app is normally deployed to us-west-1. But you need to create an ACM certificate that needs to be deployed to us-east-1.

sst.config.ts
const useast1 = new aws.Provider("useast1", { region: "us-east-1" });
new sst.aws.Function("MyFunction, "src/lambda.handler");
new aws.acm.Certificate("cert", {
domainName: "foo.com",
validationMethod: "EMAIL",
}, { provider: useast1 });

Here the function is created in your default region, us-west-1. While the certificate is created in us-east-1.


Directory

Below is the full list of providers that SST supports.

Install any of the following using sst add <name>, where name is the package name. For example, sst add auth0.

ProviderPackage
ACI@netascode/aci
ACME@pulumiverse/acme
Aivenaiven
Akamaiakamai
Alibaba Cloudalicloud
Amazon EKSeks
Aquasec@pulumiverse/aquasec
Artifactoryartifactory
Astra DB@pulumiverse/astra
Auth0auth0
Auto Deployauto-deploy
AWS API Gatewayaws-apigateway
AWS Classicaws
AWS Control Tower@lbrlabs/pulumi-awscontroltower
AWS IAMaws-iam
AWS Nativeaws-native
AWS QuickStart Aurora Postgresaws-quickstart-aurora-postgres
AWS QuickStart Redshiftaws-quickstart-redshift
AWS QuickStart VPCaws-quickstart-vpc
AWS S3 Replicated Bucketaws-s3-replicated-bucket
AWS Static Websiteaws-static-website
AWSxawsx
AzAPI@ediri/azapi
Azure Active Directoryazuread
Azure Classicazure
Azure Justrunpulumi-azure-justrun
Azure Nativeazure-native
Azure Quickstart ACR Geo Replicationazure-quickstart-acr-geo-replication
Azure QuickStart ACR Geo Replicationazure-quickstart-acr-geo-replication
Azure Static Websiteazure-static-website
AzureDevOpsazuredevops
Buildkite@pulumiverse/buildkite
Checkly@checkly/pulumi
Cisco Catalyst SD-WANsdwan
Cisco ISEise
Civocivo
Cloud-Initcloudinit
CloudAMQPcloudamqp
Cloudflarecloudflare
CockroachDB@pulumiverse/cockroach
Commandcommand
Confluentconfluentcloud
Consulconsul
Control Plane@pulumiverse/cpln
Databricksdatabricks
Datadogdatadog
dbt Clouddbtcloud
DigitalOceandigitalocean
DNSimplednsimple
Dockerdocker
Docker Builddocker-build
Doppler@pulumiverse/doppler
Dynatrace@pulumiverse/dynatrace
Elastic Cloudec
Equinix@equinix-labs/pulumi-equinix
ESXi Native@pulumiverse/esxi-native
Event Store Cloud@eventstore/pulumi-eventstorecloud
Exoscale@pulumiverse/exoscale
F5 BIG-IPf5bigip
Fastlyfastly
Flux@worawat/flux
Fortios@pulumiverse/fortios
FusionAuthpulumi-fusionauth
Gandi@pulumiverse/gandi
GCP Global CloudRungcp-global-cloudrun
Genesis Cloud@genesiscloud/pulumi-genesiscloud
GitHubgithub
GitLabgitlab
Google Cloud Classicgcp
Google Cloud Nativegoogle-native
Google Cloud Static Websitegoogle-cloud-static-website
Grafana@pulumiverse/grafana
Harbor@pulumiverse/harbor
Harnessharness
HashiCorp Vaultvault
HCP@grapl/pulumi-hcp
Hetzner Cloudhcloud
Impart Security@impart-security/pulumi-impart
InfluxDB@komminarlabs/influxdb
Kafkakafka
Keycloakkeycloak
Kongkong
Koyeb@koyeb/pulumi-koyeb
Kuberneteskubernetes
Kubernetes Cert Managerkubernetes-cert-manager
Kubernetes CoreDNSkubernetes-coredns
LaunchDarkly@lbrlabs/pulumi-lauchdarkly
LBr Labs EKS@lbrlabs/pulumi-eks
libvirtlibvirt
Linodelinode
Mailgunmailgun
Matchbox@pulumiverse/matchbox
Minifluxaws-miniflux
MinIOminio
MongoDB Atlasmongodbatlas
MSSQL@pulumiverse/mssql
MySQLmysql
New Relicnewrelic
NGINX Ingress Controllerkubernetes-ingress-nginx
ngrok@pierskarsenbarg/ngrok
Nomadnomad
NS1ns1
Nuagenuage
Nutanix@pierskarsenbarg/nutanix
Oktaokta
OneLoginonelogin
OpenStackopenstack
Opsgenieopsgenie
Oracle Cloud Infrastructureoci
OVHCloud@ovh-devrelteam/pulumi-ovh
PagerDutypagerduty
Pinecone@pinecone-database/pulumi
PlanetScaleplanetscale
Port@port-labs/port
PostgreSQLpostgresql
Prodvana@prodvana/pulumi-prodvana
Proxmox Virtual Environment@muhlba91/pulumi-proxmoxve
Pulumi Cloudpulumiservice
purrl@pulumiverse/purrl
Qovery@ediri/qovery
RabbitMQrabbitmq
Rancher2rancher2
randomrandom
Redis Cloud@rediscloud/pulumi-rediscloud
Rootly@rootly/pulumi
Runpod@runpod-infra/pulumi
Scaleway@pulumiverse/scaleway
Sentry@pulumiverse/sentry
SignalFxsignalfx
Slackslack
Snowflakesnowflake
Splight@splightplatform/pulumi-splight
Splunksplunk
Spotinstspotinst
Statuscake@pulumiverse/statuscake
Strata Cloud Managerscm
Stripepulumi-stripe
StrongDM@pierskarsenbarg/sdm
Sumo Logicsumologic
Supabasesupabase
Symbiosis@symbiosis-cloud/symbiosis-pulumi
Synced Foldersynced-folder
Tailscaletailscale
Talos Linux@pulumiverse/talos
Time@pulumiverse/time
TLStls
Twingate@twingate/pulumi-twingate
Unifi@pulumiverse/unifi
Upstash@upstash/pulumi
Venafivenafi
Vercel@pulumiverse/vercel
VMware vSpherevsphere
Volcengine@volcengine/pulumi
vSpherevsphere
Vultr@ediri/vultr
Wavefrontwavefront
Yandexyandex
Zitadel@pulumiverse/zitadel
Zscaler Internet Access@bdzscaler/pulumi-zia
Zscaler Private Access@bdzscaler/pulumi-zpa

Any missing providers or typos? Feel free to Edit this page and submit a PR.