anvil-cloud 0.0.3

Anvil — secure-by-default cloud infrastructure components

Anvil — Python SDK

Secure-by-default cloud infrastructure components for Pulumi.

Anvil wraps raw cloud resources with opinionated, security-hardened defaults so you ship infrastructure that's secure from day one — without the boilerplate.

Install

pip install anvil-cloud

Quick start

import pulumi
import pulumi_anvil as anvil

# Create an S3 bucket with encryption, versioning, and public access
# blocked by default — no 30-line config required.
bucket = anvil.aws.Bucket("my-data",
    data_classification="sensitive",
    lifecycle=90,
)

pulumi.export("bucket_name", bucket.bucket_name)

# Deploy a Lambda function into a VPC
fn = anvil.aws.Lambda("my-api",
    name="api-handler",
    vpc="vpc-abc123",
)

# GCP Cloud Storage with uniform bucket-level access
gcs = anvil.gcp.StorageBucket("analytics",
    data_classification="internal",
    location="US",
)

What you get

Component	Cloud	Secure defaults
anvil.aws.Bucket	AWS S3	Encryption, versioning (sensitive), public access block, lifecycle
anvil.aws.Lambda	AWS Lambda	VPC placement, least-privilege role
anvil.gcp.StorageBucket	GCP Cloud Storage	Uniform bucket-level access, encryption
anvil.gcp.Function	GCP Cloud Functions v2	Secure defaults

Overrides

Every component accepts a transform argument to override or extend the underlying resource configuration when the defaults don't fit:

bucket = anvil.aws.Bucket("custom",
    data_classification="public",
    transform=anvil.aws.BucketTransformArgs(
        overrides=anvil.aws.BucketOverrides(
            force_destroy=True,
            tags={"env": "dev"},
        ),
    ),
)

Requirements

• Python >= 3.8
• Pulumi >= 3.0.0
• The pulumi-resource-anvil provider binary (installed via anvil CLI or manually)

Links

• GitHub
• npm (Node SDK)
• Go SDK

License

Apache-2.0