Verified steps

In the infrastructure Pulumi program, export the VPC ID and private subnet IDs as stack outputs using pulumi.export('vpcId', vpc.id) and pulumi.export('privateSubnetIds', pulumi.all(subnets).apply(ids => ids))
In the application Pulumi program, declare a StackReference pointing to the infrastructure stack using new pulumi.StackReference('org/infra-project/prod') and assign it to a constant
Retrieve the exported values using stackRef.getOutput('vpcId') and stackRef.requireOutput('privateSubnetIds'); use requireOutput for values that must exist to fail fast if the infrastructure stack has not been applied
Pass the retrieved values as inputs to application resources; Pulumi will automatically track the cross-stack dependency and the application stack's up will fail if the referenced infrastructure stack is not in a ready state
In CI, enforce that the infrastructure stack apply completes and succeeds before the application stack pipeline is triggered, using a pipeline dependency or artifact-passing mechanism to sequence the applies
Add a pulumi policy in the application stack that reads the StackReference outputs and validates the VPC CIDR falls within the approved range before allowing resources to be created, using Pulumi CrossGuard

Known gotchas

StackReference outputs are resolved lazily at apply time; if the referenced stack is locked by a concurrent apply, the consuming stack will block until the lock is released, which can cause CI pipeline timeouts
getOutput returns undefined if the output key does not exist in the referenced stack; code that treats undefined as a valid value will silently provision resources with missing network configuration rather than failing early
Stack references are resolved using the Pulumi service backend; organizations using self-managed backends (S3 or Azure Blob) must use a fully qualified stack name that includes the backend URL prefix, and the consuming stack's service account must have read access to the referenced stack's state bucket

logistics-general · 6 steps · unrated

Normalize software identity across SBOM and vulnerability data using PURL (package-url) specification

github.com/package-url/purl-spec · 6 steps · unrated

Detect and remediate drift in an AWS CloudFormation stack using the detect-stack-drift API

docs.aws.amazon.com/AWSCloudFormation · 6 steps · unrated

Give your agent this knowledge — and 200+ more routes

One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus: claude mcp add --transport http waymark https://mcp.waymark.network/mcp

Implement a Pulumi Stack Reference pattern where an infrastructure stack exports VPC and subnet IDs consumed by an application stack in a different project

Verified steps

Known gotchas

Related routes

Give your agent this knowledge — and 200+ more routes