SST supports multiple cloud providers through Pulumi and Terraform. This guide shows you how to add and configure providers in your application.
What are providers? Providers give you access to cloud resources:
AWS — Lambda, S3, DynamoDB, RDS, etc.Cloudflare — Workers, R2, D1, KV, etc.Vercel — Projects and deploymentsMany more — 200+ providers available
Providers are automatically installed and configured by SST based on your sst.config.ts.
The home provider Every SST app has a “home” provider where state is stored:
app ( input ) { return { name: "my-app" , home: "aws" , // State stored in S3 }; }
Options:
"aws" — Store state in S3 (recommended)"cloudflare" — Store state in R2"local" — Store state on your machine
The home provider is automatically added to your app. You don’t need to explicitly add it to providers.
Adding providers Add providers using the sst add command:
This:
Installs the AWS provider package
Adds it to your sst.config.ts
Makes AWS resources available
Available providers Browse all providers in the Pulumi Registry :
sst add cloudflare sst add vercel sst add github sst add datadog sst add mongodb
Configuring providers Specify providers in your config:
app ( input ) { return { name: "my-app" , home: "aws" , providers: { aws: { region: "us-west-2" , }, cloudflare: "5.37.1" , }, }; }
Simple version Just specify a version:
providers : { aws : "6.27.0" , cloudflare : "5.37.1" , }
With configuration Add provider-specific settings:
providers : { aws : { version : "6.27.0" , region : "us-west-2" , profile : "my-profile" , }, cloudflare : { version : "5.37.1" , accountId : "abc123" , }, }
AWS provider Basic configuration providers : { aws : { region : "us-east-1" , }, }
Multiple regions Use multiple AWS providers for multi-region:
import * as aws from "@pulumi/aws" ; // Default region const usEast = new aws . Provider ( "us-east-1" , { region: "us-east-1" , }); // Secondary region const euWest = new aws . Provider ( "eu-west-1" , { region: "eu-west-1" , }); // Use specific provider const bucket = new aws . s3 . Bucket ( "MyBucket" , {}, { provider: euWest , });
Using profiles providers : { aws : { region : "us-east-1" , profile : "production" , }, }
Or use environment variables:
AWS_PROFILE = production sst deploy
Configuration options See all AWS provider options in the Pulumi docs.
Common options:
region — AWS regionprofile — AWS CLI profileallowedAccountIds — Restrict to specific accountsdefaultTags — Apply tags to all resources
Cloudflare provider Basic configuration providers : { cloudflare : { accountId : "abc123" , }, }
With API token providers : { cloudflare : { version : "5.37.1" , accountId : process . env . CLOUDFLARE_ACCOUNT_ID , apiToken : process . env . CLOUDFLARE_API_TOKEN , }, }
Or use environment variables:
CLOUDFLARE_ACCOUNT_ID = abc123 \ CLOUDFLARE_API_TOKEN=xyz789 \ sst deploy
Configuration options See all Cloudflare provider options .
Common options:
accountId — Cloudflare account IDapiToken — API token for authenticationapiKey — Alternative to API tokenemail — Email (with API key)
Installing providers After adding or changing providers, run:
This installs provider packages from npm:
@pulumi/aws@pulumi/cloudflare@pulumi/verceletc.
SST automatically runs sst install before deploying if providers changed.
Provider versions Lock versions Pin to specific versions:
providers : { aws : "6.27.0" , cloudflare : "5.37.1" , }
Version ranges Use semver ranges:
providers : { aws : "^6.27.0" , // Any 6.x.x version cloudflare : "~5.37.0" , // Any 5.37.x version }
Latest version Omit version to use latest:
Using latest versions can cause unexpected changes. Pin versions for production.
Using provider resources After adding a provider, import and use its resources:
import * as aws from "@pulumi/aws" ; import * as cloudflare from "@pulumi/cloudflare" ; export default $config ({ app ( input ) { return { name: "my-app" , home: "aws" , providers: { aws: "6.27.0" , cloudflare: "5.37.1" , }, }; } , async run () { // SST components const bucket = new sst . aws . Bucket ( "MyBucket" ); // Pulumi AWS resources const table = new aws . dynamodb . Table ( "MyTable" , { attributes: [{ name: "id" , type: "S" }], hashKey: "id" , billingMode: "PAY_PER_REQUEST" , }); // Cloudflare resources const worker = new sst . cloudflare . Worker ( "MyWorker" , { handler: "src/worker.ts" , }); } , }) ;
You don’t need to import provider packages in sst.config.ts. SST manages them automatically.
Multi-cloud apps Use multiple providers in one app:
export default $config ({ app ( input ) { return { name: "my-app" , home: "aws" , providers: { aws: "6.27.0" , cloudflare: "5.37.1" , }, }; } , async run () { // AWS resources const table = new sst . aws . Dynamo ( "MyTable" , { fields: { id: "string" }, primaryIndex: { hashKey: "id" }, }); // Cloudflare resources const worker = new sst . cloudflare . Worker ( "MyWorker" , { handler: "src/worker.ts" , link: [ table ], // Link across providers }); } , }) ;
Resources from different providers can link to each other.
Custom registries Use a custom npm registry:
NPM_REGISTRY = https://my-registry.com sst add aws
Or set in .npmrc:
registry =https://my-registry.com
With authentication SST supports .npmrc authentication:
registry =https://my-registry.com //my-registry.com/: _authToken =abc123
Or use username/password:
//my-registry.com/: username =user //my-registry.com/: _password =pass
Provider packages SST installs providers as npm packages:
{ "dependencies" : { "@pulumi/aws" : "^6.27.0" , "@pulumi/cloudflare" : "^5.37.1" } }
You can also install them manually:
npm install @pulumi/aws @pulumi/cloudflare
Then add to your config:
providers : { aws : "6.27.0" , cloudflare : "5.37.1" , }
SST also supports Terraform providers through Pulumi:
sst add terraform-provider/random
See the Pulumi docs for details.
Provider configuration per stage Use different settings per stage:
app ( input ) { return { name: "my-app" , home: "aws" , providers: { aws: { region: input . stage === "production" ? "us-east-1" : "us-west-2" , }, }, }; }
Troubleshooting Provider not found If SST can’t find a provider:
Check spelling in providers config
Run sst install to install packages
Verify the provider exists in Pulumi Registry
Version conflicts If you get version conflicts:
Pin all provider versions:
providers : { aws : "6.27.0" , cloudflare : "5.37.1" , }
Remove node_modules and reinstall:
rm -rf node_modules npm install sst install
Authentication errors For AWS authentication errors:
# Verify credentials aws sts get-caller-identity # Set credentials aws configure # Or use environment variables export AWS_ACCESS_KEY_ID = ... export AWS_SECRET_ACCESS_KEY = ...
For Cloudflare:
# Set environment variables export CLOUDFLARE_ACCOUNT_ID = abc123 export CLOUDFLARE_API_TOKEN = xyz789
Provider package errors If provider packages fail to install:
Check npm registry access
Try different registry:
NPM_REGISTRY = https://registry.npmjs.org sst install
Install manually:
Best practices Pin versions in production Always pin provider versions:
// Good providers : { aws : "6.27.0" , } // Avoid providers : { aws : {}, // Uses latest }
Use environment variables for secrets Don’t hardcode credentials:
// Good providers : { cloudflare : { apiToken : process . env . CLOUDFLARE_API_TOKEN , }, } // Avoid providers : { cloudflare : { apiToken : "hardcoded-token" , // Don't do this! }, }
Document required providers List providers in your README:
## Providers This app uses: - AWS ( `@pulumi/aws` v6.27.0) - Cloudflare ( `@pulumi/cloudflare` v5.37.1) Set these environment variables: - `AWS_ACCESS_KEY_ID` - `AWS_SECRET_ACCESS_KEY` - `CLOUDFLARE_ACCOUNT_ID` - `CLOUDFLARE_API_TOKEN`
Keep providers updated Regularly update provider versions:
# Check for updates npm outdated @pulumi/aws @pulumi/cloudflare # Update providers sst add aws # Installs latest sst add cloudflare
Test thoroughly after updating.
Next steps
Components Learn about SST components
AWS Resources Browse AWS components
Cloudflare Resources Browse Cloudflare components
Pulumi Registry Explore all providers
