diff --git a/Pulumi.mjs b/Pulumi.mjs
index 5f920811..993ed503 100644
--- a/Pulumi.mjs
+++ b/Pulumi.mjs
@@ -1,12 +1,19 @@
 import { createUploads } from './pulumi/uploads.mjs';
+import { createVpc } from './pulumi/vpc.mjs';
 import { createThumbnails } from './pulumi/thumbnails.mjs';
 import { createLambdaProcessUploads } from './pulumi/lambda-process-uploads.mjs';
 import { updateEnv } from './pulumi/env.mjs';
+import * as pulumi from "@pulumi/pulumi";
 
+const stack = pulumi.getStack();
 const { uploadsBucket, uploadsAccessKey } = createUploads();
 const thumbnailsBucket = createThumbnails();
 const processUploadsFunctionUrl = createLambdaProcessUploads(thumbnailsBucket);
+if (stack != 'dev') {
+    const vpc = createVpc();
+}
 updateEnv({
+    stack,
     uploadsBucket,
     uploadsAccessKey,
     thumbnailsBucket,
diff --git a/pulumi/env.mjs b/pulumi/env.mjs
index 286895d6..26894efd 100644
--- a/pulumi/env.mjs
+++ b/pulumi/env.mjs
@@ -5,8 +5,7 @@ import * as pulumi from "@pulumi/pulumi";
 // this has to be its own file rather than each function updating itself, because of the paralleization of pulumi causing a race condition for the .env file
 
 export const updateEnv = (obj) => {
-    const stack = pulumi.getStack();
-    const env = new Env(stack == 'dev' ? '.env' : '.env.' + stack);
+    const env = new Env(obj.stack == 'dev' ? '.env' : '.env.' + obj.stack);
     aws.getRegion({}).then(region => env.set('AWS_REGION', region.id));
     obj.uploadsAccessKey.id.apply(id => env.set("VING_AWS_UPLOADS_KEY", id));
     obj.uploadsAccessKey.secret.apply(secret => env.set("VING_AWS_UPLOADS_SECRET", secret));
diff --git a/pulumi/vpc.mjs b/pulumi/vpc.mjs
new file mode 100644
index 00000000..1ef4c02d
--- /dev/null
+++ b/pulumi/vpc.mjs
@@ -0,0 +1,16 @@
+import * as aws from "@pulumi/aws";
+import { prefix } from './utils.mjs';
+
+export const createVpc = () => {
+
+    const vpc = new aws.ec2.Vpc(prefix('vpc'), {
+        cidrBlock: "10.0.0.0/16",
+        enableDnsSupport: true,
+        enableDnsHostnames: true,
+        tags: {
+            Name: prefix('vpc'),
+        },
+    });
+
+    return vpc;
+}
\ No newline at end of file
diff --git a/ving/docs/change-log.md b/ving/docs/change-log.md
index fde51bba..5f8ac716 100644
--- a/ving/docs/change-log.md
+++ b/ving/docs/change-log.md
@@ -7,6 +7,7 @@ outline: deep
 
 ### 2024-08-02
 * Added Pulumi prod.
+* Pulumi prod creates a VPC.
 
 ## July 2024
 
diff --git a/ving/docs/subsystems/pulumi.md b/ving/docs/subsystems/pulumi.md
index a7c80ba8..ebd07c00 100644
--- a/ving/docs/subsystems/pulumi.md
+++ b/ving/docs/subsystems/pulumi.md
@@ -44,5 +44,6 @@ pulumi stack select dev
 
 Prod does the following things differently than dev:
 - stores its AWS generated variables in .env.prod
-- provisions a database
-- provisions a hosting environment (EC2)
\ No newline at end of file
+- provisions a VPC
+- provisions an Aurora Serverless database
+- provisions an EC2 instance
\ No newline at end of file