Define Cloud Infrastructure with Pulumi Using Best Practices and Modular Components

Write a Pulumi infrastructure-as-code program in [LANGUAGE] (TypeScript, Python, Go, or C#) that provisions the following resources on [CLOUD_PROVIDER] (AWS, Azure, or GCP): **Resources to create:** - [RESOURCE_LIST] (e.g., VPC with public/private subnets, ECS Fargate service, RDS PostgreSQL instance, S3 bucket with lifecycle policies, CloudFront distribution) **Architecture requirements:** - The application serves [APPLICATION_DESCRIPTION] and expects [TRAFFIC_PATTERN] (e.g., ~1000 RPM with spikes to 5000) - Target environment: [ENVIRONMENT] (dev/staging/production) - Region: [REGION] **Pulumi best practices to follow:** 1. **Modular Design**: Create reusable ComponentResource classes for logical groupings (e.g., NetworkStack, DatabaseStack, AppStack). Each component should accept a typed args interface/class and expose relevant outputs. 2. **Configuration**: Use Pulumi.Config for environment-specific values like [CONFIG_VALUES] (e.g., instance sizes, replica counts, domain names). Provide a Pulumi.[STACK].yaml example. 3. **Security**: - Use Pulumi secrets for [SENSITIVE_VALUES] (e.g., database passwords, API keys) - Apply least-privilege IAM roles/policies - Enable encryption at rest and in transit where applicable - No hardcoded credentials anywhere 4. **Networking**: Implement proper network isolation with security groups/firewall rules allowing only necessary traffic between components. 5. **Outputs**: Export essential values (endpoints, ARNs, connection strings) using pulumi.export() with descriptive names. 6. **Tags**: Apply consistent tagging strategy: Environment, Project=[PROJECT_NAME], ManagedBy=Pulumi, CostCenter=[COST_CENTER]. Provide the complete project structure (file tree), all source files, and a README with prerequisites and deployment commands (`pulumi up` workflow).