Feat/704 705 706 707 terraform improvements#789
Merged
hman38705 merged 4 commits intoMay 28, 2026
Merged
Conversation
…cking - Create bootstrap.sh script to initialize S3 bucket and DynamoDB table - Add backend-config.hcl for flexible backend configuration - Update main.tf to use dynamic backend configuration - Document bootstrap process in infrastructure/README.md - Enable versioning, encryption, and public access blocking on S3 - Enable point-in-time recovery on DynamoDB table
- Create locals.tf with common tags (Project, Environment, Owner, ManagedBy) - Update all modules (vpc, rds, redis, ecs, monitoring) to use common tags - Apply tags to all AWS resources using merge() function - Ensure consistent tagging across all environments for cost allocation and compliance
- Add validation for aws_region (valid AWS region format) - Add validation for vpc_cidr_block (valid CIDR notation) - Add validation for db_name (lowercase, alphanumeric, max 63 chars) - Add validation for db_username (1-16 characters) - Add validation for db_password (minimum 8 characters) - Add validation for db_instance_class (valid RDS instance type) - Add validation for allocated_storage (20-65536 GB) - Add validation for backup_retention_days (1-35 days) - Add validation for redis_node_type (valid ElastiCache node type) - Add validation for redis_num_nodes (1-500 nodes) - Add validation for redis_engine_version (X.Y format) - Add validation for api_image_uri (valid ECR image URI) - Add validation for api_container_port (1024-65535) - Add validation for api_desired_count (1-10 tasks) - Add validation for api_cpu (256, 512, 1024, 2048, 4096) - Add validation for api_memory (valid Fargate memory values) - All validations include descriptive error messages
- Reorganize environments directory with separate staging/ and production/ subdirectories - Create separate terraform.tfvars for each environment - Create separate backend.hcl configurations for staging and production - Each environment has distinct S3 bucket and DynamoDB table for state management - Add comprehensive environments/README.md with deployment instructions - Document CI/CD approval process for production deployments - Prevent accidental production changes through state isolation - Update main infrastructure/README.md with new structure
|
@Xoulomon Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Terraform Infrastructure Improvements - Issues #704, #705, #706, #707
Overview
Comprehensive infrastructure-as-code improvements for PredictIQ Terraform configuration, addressing remote state management, resource tagging, input validation, and environment separation.
Changes Implemented
Issue #704: Configure S3 Backend with DynamoDB State Locking
bootstrap.shscript to initialize S3 bucket and DynamoDB table for remote statebackend-config.hclfor flexible backend configuration managementmain.tfto use dynamic backend configuration via-backend-configflagIssue #705: Enforce Resource Tagging Strategy
locals.tfwith standardized common tags: Project, Environment, Owner, ManagedBymerge()functionIssue #706: Add Validation Blocks to variables.tf
aws_region: Valid AWS region format validationvpc_cidr_block: Valid CIDR notation validationdb_name: Lowercase alphanumeric, max 63 charactersdb_username: 1-16 character length validationdb_password: Minimum 8 character requirementdb_instance_class: Valid RDS instance type validationallocated_storage: 20-65536 GB range validationbackup_retention_days: 1-35 day range validationredis_node_type: Valid ElastiCache node type validationredis_num_nodes: 1-500 node range validationredis_engine_version: X.Y format validationapi_image_uri: Valid ECR image URI format validationapi_container_port: 1024-65535 port range validationapi_desired_count: 1-10 task count validationapi_cpu: Valid Fargate CPU values (256, 512, 1024, 2048, 4096)api_memory: Valid Fargate memory valuesIssue #707: Separate Staging and Production Environments
environments/directory structure:dev.tfvarsfor development (local state)staging/terraform.tfvars+staging/backend.hcl(separate S3 bucket & DynamoDB table)production/terraform.tfvars+production/backend.hcl(separate S3 bucket & DynamoDB table)environments/README.mdwith:Files Modified
infrastructure/terraform/main.tf- Dynamic backend configurationinfrastructure/terraform/variables.tf- Added 16 validation blocksinfrastructure/terraform/locals.tf- New common tags definitioninfrastructure/terraform/bootstrap.sh- New bootstrap scriptinfrastructure/terraform/backend-config.hcl- New backend configurationinfrastructure/terraform/modules/vpc/main.tf- Enforce tagginginfrastructure/terraform/modules/rds/main.tf- Enforce tagginginfrastructure/terraform/modules/redis/main.tf- Enforce tagginginfrastructure/terraform/modules/ecs/main.tf- Enforce tagginginfrastructure/terraform/modules/monitoring/main.tf- Enforce tagginginfrastructure/terraform/environments/README.md- New environment documentationinfrastructure/terraform/environments/staging/- New staging environment configinfrastructure/terraform/environments/production/- New production environment configinfrastructure/README.md- Updated with new structureTesting
terraform validatepasses with all validation blocks-backend-configflagBenefits
✅ Remote state management with team collaboration support
✅ Consistent resource tagging for cost allocation and compliance
✅ Input validation prevents invalid configurations at plan time
✅ Environment isolation prevents accidental production changes
✅ Comprehensive documentation for infrastructure management
Closes #704
Closes #705
Closes #706
Closes #707