### Makefile: Initialize Terraform Workspace Source: https://context7.com/afreidah/terraform_design_project/llms.txt Initializes the Terraform backend and downloads provider plugins for a specified environment. Supports standard initialization and upgrading all providers to their latest versions. ```bash # Initialize production environment make init ENV=production # Initialize and upgrade all providers to latest versions make init-upgrade ENV=production # Output: # ✓ Using environment: production # Initializing Terraform for production... # Terraform has been successfully initialized! ``` -------------------------------- ### Untitled No description -------------------------------- ### Makefile: Terraform Plan and Apply Source: https://context7.com/afreidah/terraform_design_project/llms.txt Manages the creation and application of Terraform execution plans. Supports creating a plan, applying changes, and targeting specific resources for planning or applying. ```bash # Create execution plan make plan ENV=production # Review plan and apply changes make apply ENV=production # Plan specific resource target make plan-target ENV=production TARGET=module.rds # Apply specific resource target make apply-target ENV=production TARGET=module.rds # Output shows resource changes: # Plan: 25 to add, 0 to change, 0 to destroy ``` -------------------------------- ### Full Deployment Workflow Source: https://context7.com/afreidah/terraform_design_project/llms.txt Executes all pre-deployment checks and then applies the infrastructure changes for production. This is the complete process to deploy the infrastructure. ```bash # Full deployment workflow make deploy ENV=production # Runs: all checks + apply # Output: ✓ Deployment complete for production ``` -------------------------------- ### Pre-Deployment Workflow Source: https://context7.com/afreidah/terraform_design_project/llms.txt Runs a comprehensive set of checks before deploying to production. This includes formatting, linting, security scanning, and plan generation to ensure the infrastructure is ready for deployment. ```bash # Complete pre-deployment workflow make all ENV=production # Runs: fmt, lint, security, plan # Output: ✓ All checks passed for production - ready to deploy ``` -------------------------------- ### Untitled No description -------------------------------- ### Untitled No description -------------------------------- ### Post-Merge Auto-Deployment Source: https://context7.com/afreidah/terraform_design_project/llms.txt Automates the deployment process after a merge for production environments. This includes initialization and an auto-approved apply, streamlining the deployment after code has been integrated. ```bash # Post-merge auto-deployment (production only) make merge ENV=production # Runs: init, apply with auto-approve # Output: ✓✓✓ Deployment complete ``` -------------------------------- ### Untitled No description -------------------------------- ### Makefile: Linting and Validation Source: https://context7.com/afreidah/terraform_design_project/llms.txt Ensures Terraform code quality through formatting, validation, and linting. Supports formatting, checking formatting without changes, validating configurations, running tflint, and executing all linting checks. ```bash # Format all Terraform files make fmt # Check formatting without changes make fmt-check # Validate configuration make validate ENV=production # Run tflint make tflint ENV=production # Run all linting checks make lint ENV=production # Output: # ✓ Formatting complete # ✓ Validation passed # ✓ All linting checks passed ``` -------------------------------- ### Makefile: Docker Development Environment Source: https://context7.com/afreidah/terraform_design_project/llms.txt Provides a Dockerized development environment for Terraform tooling. Enables building the Docker image, testing tools within the container, opening an interactive shell, and running specific commands remotely. ```bash # Build Docker image with all tools make docker-build # Test all tools in container make docker-test # Open interactive shell in container make docker-shell # Run specific command in container make docker-run CMD="make plan ENV=production" ``` -------------------------------- ### Terraform RDS Database Module Source: https://context7.com/afreidah/terraform_design_project/llms.txt Provisions a managed PostgreSQL/MySQL database instance with support for multi-AZ deployments, automated backups, encryption at rest, and Performance Insights. It requires KMS key ARN, VPC security group IDs, and subnet IDs. Outputs include the database endpoint and port. ```hcl module "rds" { source = "./modules/rds" identifier = "production-postgres" engine = "postgres" engine_version = "15.4" instance_class = "db.r6g.xlarge" allocated_storage = 100 max_allocated_storage = 500 storage_encrypted = true kms_key_id = module.kms.key_arn db_name = "myapp" username = "dbadmin" password = random_password.db_password.result port = 5432 vpc_security_group_ids = [aws_security_group.rds_sg.id] db_subnet_group_subnet_ids = module.networking.private_data_subnet_ids multi_az = true publicly_accessible = false deletion_protection = true skip_final_snapshot = false final_snapshot_identifier = "production-postgres-final-snapshot" backup_retention_period = 7 backup_window = "03:00-04:00" maintenance_window = "sun:04:00-sun:05:00" performance_insights_enabled = true performance_insights_retention_period = 7 performance_insights_kms_key_id = module.kms.key_arn monitoring_interval = 60 monitoring_role_arn = aws_iam_role.rds_monitoring.arn enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"] tags = { Environment = "production" } } ``` -------------------------------- ### Makefile: Security Scanning Pipeline Source: https://context7.com/afreidah/terraform_design_project/llms.txt Executes comprehensive security scans using tfsec, trivy, and checkov to detect misconfigurations and vulnerabilities. Supports running all scanners or individual tools. ```bash # Run all security scanners make security ENV=production # Run individual scanners make tfsec ENV=production make trivy ENV=production make checkov ENV=production # Output includes: # - tfsec: 0 potential problems detected # - trivy: 0 HIGH or CRITICAL findings # - checkov: Passed checks: 45, Failed checks: 0 ``` -------------------------------- ### Configure Application Load Balancer with Terraform Source: https://context7.com/afreidah/terraform_design_project/llms.txt This Terraform module sets up an Application Load Balancer (ALB) with HTTP to HTTPS redirect, multiple target groups, health checks, and SSL termination. It supports access logs and deletion protection, integrating with the VPC networking module. ```hcl module "alb" { source = "./modules/alb" name = "production-alb" internal = false vpc_id = module.networking.vpc_id subnet_ids = module.networking.public_subnet_ids security_group_ids = [aws_security_group.alb_sg.id] certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/abc123" enable_deletion_protection = true drop_invalid_header_fields = true access_logs_enabled = true access_logs_bucket = "my-alb-logs-bucket" target_groups = { app = { port = 8080 protocol = "HTTP" target_type = "instance" deregistration_delay = 30 health_check = { enabled = true healthy_threshold = 2 interval = 30 matcher = "200" path = "/health" port = "traffic-port" protocol = "HTTP" timeout = 5 unhealthy_threshold = 3 } stickiness = { enabled = true type = "lb_cookie" cookie_duration = 86400 } } } tags = { Environment = "production" } } ``` -------------------------------- ### Docker CI Pipeline Execution Source: https://context7.com/afreidah/terraform_design_project/llms.txt Executes the full CI pipeline within a Docker container for production environments. This command ensures all necessary tools like Terraform, TFLint, TFSec, Trivy, and Checkov are verified and working correctly. ```bash make docker-ci ENV=production ``` -------------------------------- ### Terraform OpenSearch Module Source: https://context7.com/afreidah/terraform_design_project/llms.txt Provisions a managed OpenSearch domain with multi-AZ deployment, encryption, and fine-grained access control. It supports dedicated master nodes, zone awareness, and EBS volume configuration with specified IOPS and throughput. Requires subnet IDs and security group IDs, and integrates with KMS for encryption. ```hcl module "opensearch" { source = "./modules/opensearch" domain_name = "production-search" engine_version = "OpenSearch_2.11" instance_type = "r6g.xlarge.search" instance_count = 3 dedicated_master_enabled = true dedicated_master_type = "r6g.large.search" dedicated_master_count = 3 zone_awareness_enabled = true availability_zone_count = 3 ebs_enabled = true volume_type = "gp3" volume_size = 100 iops = 3000 throughput = 125 encrypt_at_rest_enabled = true node_to_node_encryption_enabled = true kms_key_id = module.kms.key_arn domain_endpoint_options = { enforce_https = true tls_security_policy = "Policy-Min-TLS-1-2-2019-07" } advanced_security_options = { enabled = true internal_user_database_enabled = true master_user_name = "admin" master_user_password = random_password.opensearch_master.result } subnet_ids = module.networking.private_data_subnet_ids security_group_ids = [aws_security_group.opensearch_sg.id] automated_snapshot_start_hour = 2 enable_audit_logs = true cloudwatch_retention_days = 7 cloudwatch_kms_key_id = module.kms.key_id tags = { Environment = "production" } } ``` -------------------------------- ### Terraform MSK Kafka Module Source: https://context7.com/afreidah/terraform_design_project/llms.txt Sets up a managed Kafka cluster with encryption, CloudWatch logging, and scalable EBS storage. It supports TLS encryption for client-broker and in-cluster communication, and requires subnet IDs and security group IDs. Outputs include the Zookeeper connect string and broker endpoints. ```hcl module "msk" { source = "./modules/msk" cluster_name = "production-kafka" kafka_version = "3.5.1" number_of_broker_nodes = 3 broker_node_instance_type = "kafka.m5.large" broker_node_ebs_volume_size = 1000 subnet_ids = module.networking.private_app_subnet_ids security_group_ids = [aws_security_group.msk_sg.id] encryption_in_transit_client_broker = "TLS" encryption_in_transit_in_cluster = true encryption_at_rest_kms_key_arn = module.kms.key_arn enhanced_monitoring = "PER_TOPIC_PER_BROKER" cloudwatch_logs_enabled = true cloudwatch_retention_days = 7 cloudwatch_kms_key_id = module.kms.key_id s3_logs_enabled = true s3_logs_bucket = "my-msk-logs-bucket" s3_logs_prefix = "kafka-logs/" tags = { Environment = "production" } } ``` -------------------------------- ### Untitled No description -------------------------------- ### Pull Request Validation Workflow Source: https://context7.com/afreidah/terraform_design_project/llms.txt Automates the validation process for pull requests in a production environment. This workflow includes formatting checks, linting, testing, security scanning, and plan generation to ensure code quality before merging. ```bash # Full PR validation workflow make pull_request ENV=production # Runs: fmt-check, lint, test, security, plan # Output: ✓✓✓ Pull request checks passed - ready for review ``` -------------------------------- ### Deploy VPC Networking with Terraform Source: https://context7.com/afreidah/terraform_design_project/llms.txt This Terraform module configures a multi-tier VPC architecture with public, private application, and private data subnets across multiple availability zones. It includes NAT gateways for high availability and outputs key networking components. ```hcl module "networking" { source = "./modules/general-networking" vpc_cidr = "10.0.0.0/16" vpc_name = "production" availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] public_subnet_cidrs = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] private_app_subnet_cidrs = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"] private_data_subnet_cidrs = ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"] tags = { Environment = "production" Project = "my-app" } } # Outputs include: # - VPC ID, CIDR block # - Public, private app, and private data subnet IDs # - NAT gateway IDs and Elastic IPs # - Route table IDs for each tier # - Internet gateway ID ``` -------------------------------- ### Terraform WAF Web ACL Module for Security Source: https://context7.com/afreidah/terraform_design_project/llms.txt Sets up an AWS WAF v2 Web ACL with managed rule groups, rate limiting, geo-blocking, and CloudWatch metrics. This module protects web applications from common exploits and unwanted traffic. ```hcl module "waf" { source = "./modules/waf" name = "production-waf" scope = "REGIONAL" # Use "CLOUDFRONT" for global distributions default_action = "allow" enable_aws_managed_rules = true enable_ip_reputation = true enable_rate_limiting = true enable_geo_blocking = true rate_limit = 2000 # Requests per 5 minutes per IP blocked_countries = ["CN", "RU", "KP"] cloudwatch_metrics_enabled = true sampled_requests_enabled = true tags = { Environment = "production" } } # Associate WAF with ALB resource "aws_wafv2_web_acl_association" "alb" { resource_arn = module.alb.arn web_acl_arn = module.waf.web_acl_arn } ``` -------------------------------- ### Implement EC2 Auto Scaling with Terraform Source: https://context7.com/afreidah/terraform_design_project/llms.txt This Terraform module provisions EC2 instances within an Auto Scaling Group, configured with encrypted EBS volumes, IMDSv2, and health checks. It integrates with an ALB target group and allows for user data scripts for instance initialization. ```hcl module "ec2_asg" { source = "./modules/ec2" name = "production-app" ami_id = "ami-0c55b159cbfafe1f0" instance_type = "t3.medium" key_name = "production-key" iam_instance_profile = "ec2-instance-profile" security_group_ids = [aws_security_group.app_sg.id] subnet_ids = module.networking.private_app_subnet_ids target_group_arns = [module.alb.target_group_arns["app"]] min_size = 2 max_size = 10 desired_capacity = 3 health_check_type = "ELB" health_check_grace_period = 300 root_volume_size = 50 root_volume_type = "gp3" user_data = <<-EOF #!/bin/bash yum update -y yum install -y docker systemctl start docker systemctl enable docker EOF tags = { Environment = "production" Application = "web-app" } } ``` -------------------------------- ### Terraform ElastiCache Redis Module Source: https://context7.com/afreidah/terraform_design_project/llms.txt Deploys a managed Redis replication group with multi-AZ support, encryption at rest and in transit, and automatic failover. It requires subnet IDs, security group IDs, and optionally a KMS key ARN and SNS topic ARN for alerts. Outputs include the Redis endpoint and port. ```hcl module "elasticache" { source = "./modules/elasticache" cluster_id = "production-redis" engine = "redis" engine_version = "7.0" node_type = "cache.r7g.large" num_cache_nodes = 3 parameter_group_family = "redis7" port = 6379 subnet_ids = module.networking.private_data_subnet_ids security_group_ids = [aws_security_group.redis_sg.id] automatic_failover_enabled = true multi_az_enabled = true at_rest_encryption_enabled = true transit_encryption_enabled = true auth_token_enabled = true auth_token = random_password.redis_token.result kms_key_id = module.kms.key_arn snapshot_retention_limit = 5 snapshot_window = "02:00-03:00" maintenance_window = "sun:03:00-sun:04:00" notification_topic_arn = aws_sns_topic.elasticache_alerts.arn tags = { Environment = "production" } } ``` -------------------------------- ### Terraform Security Group Module for Network Control Source: https://context7.com/afreidah/terraform_design_project/llms.txt Defines a flexible security group with separate ingress and egress rule management. This module provides fine-grained network access control for resources like Application Load Balancers. ```hcl module "security_group_alb" { source = "./modules/security-group" name = "production-alb-sg" description = "Security group for Application Load Balancer" vpc_id = module.networking.vpc_id ingress_rules = [ { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] description = "Allow HTTP from internet" }, { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] description = "Allow HTTPS from internet" } ] egress_rules = [ { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] description = "Allow all outbound traffic" } ] tags = { Environment = "production" } } ``` -------------------------------- ### Terraform KMS Module for Encryption Source: https://context7.com/afreidah/terraform_design_project/llms.txt Configures a customer-managed KMS key with automatic rotation, custom policies, and aliases for encryption services. It ensures data is encrypted using a key managed by the customer, with specific access controls defined. ```hcl module "kms" { source = "./modules/kms" description = "KMS key for production data encryption" deletion_window_in_days = 30 enable_key_rotation = true alias_name = "production-data" policy = jsonencode({ Version = "2012-10-17" Statement = [ { Sid = "Enable IAM User Permissions" Effect = "Allow" Principal = { AWS = "arn:aws:iam::123456789012:root" } Action = "kms:*" Resource = "*" }, { Sid = "Allow RDS to use the key" Effect = "Allow" Principal = { Service = "rds.amazonaws.com" } Action = [ "kms:Decrypt", "kms:GenerateDataKey", "kms:CreateGrant" ] Resource = "*" } ] }) tags = { Environment = "production" } } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.