249 lines
5.5 KiB
ReStructuredText
249 lines
5.5 KiB
ReStructuredText
#################
|
||
Terraform Profile
|
||
#################
|
||
|
||
Concept → Terraform Mapping
|
||
===========================
|
||
|
||
.. list-table::
|
||
:header-rows: 1
|
||
|
||
* - ABC Concept
|
||
- Meaning
|
||
- Terraform Mapping
|
||
* - ABC‑C0
|
||
- Construct
|
||
- Terraform module
|
||
* - ABC‑C1
|
||
- Application Stack
|
||
- Root Terraform module
|
||
* - ABC‑C2
|
||
- Logical Unit
|
||
- Child module representing a domain
|
||
* - ABC‑C3
|
||
- Resource Group
|
||
- Submodule representing a cohesive resource cluster
|
||
* - ABC‑C4
|
||
- Input Contract
|
||
- variables.tf in a module
|
||
* - ABC‑C5
|
||
- Output Contract
|
||
- outputs.tf in a module
|
||
* - ABC‑C6
|
||
- Instantiation Interface
|
||
- ``module "" { ... }`` block
|
||
* - ABC‑C7
|
||
- Capturing Down
|
||
- Passing variables from parent to child module
|
||
* - ABC‑C8
|
||
- Bubbling Up
|
||
- Exposing outputs from child modules to parent
|
||
|
||
Proile Rules
|
||
============
|
||
|
||
Terraform profile rules follow the canonical identifier format:
|
||
|
||
.. code-block::
|
||
|
||
ABC-PROFILE-TF-R#
|
||
|
||
These rules are profile‑specific, not core ABC rules.
|
||
|
||
ABC-PROFILE-TF-R1 (SHOULD)
|
||
--------------------------
|
||
|
||
Each ABC construct SHOULD be implemented as a Terraform module.
|
||
|
||
ABC-PROFILE-TF-R2 (SHOULD)
|
||
--------------------------
|
||
|
||
The directory structure SHOULD reflect the ABC hierarchy:
|
||
|
||
.. code-block::
|
||
|
||
root/
|
||
main.tf
|
||
data/
|
||
main.tf
|
||
storage/
|
||
main.tf
|
||
database/
|
||
main.tf
|
||
logic/
|
||
main.tf
|
||
presentation/
|
||
main.tf
|
||
|
||
ABC-PROFILE-TF-R3 (SHOULD)
|
||
--------------------------
|
||
|
||
Each module SHOULD contain:
|
||
|
||
* main.tf
|
||
* variables.tf (InputContract)
|
||
* outputs.tf (OutputContract)
|
||
|
||
ABC-PROFILE-TF-R4 (MUST)
|
||
------------------------
|
||
|
||
Module inputs MUST be declared exclusively in variables.tf.
|
||
|
||
ABC-PROFILE-TF-R5 (MUST)
|
||
------------------------
|
||
|
||
Module outputs MUST be declared exclusively in outputs.tf.
|
||
|
||
ABC-PROFILE-TF-R6 (MUST)
|
||
------------------------
|
||
|
||
Modules MUST NOT reference parent or sibling modules directly; all data MUST
|
||
flow through variables and outputs.
|
||
|
||
(This enforces ABC‑R22, ABC‑R40, ABC‑R42.)
|
||
|
||
ABC-PROFILE-TF-R7 (MUST)
|
||
------------------------
|
||
|
||
Modules MUST be instantiated using a module "<name>" { ... } block with explicit
|
||
variable assignments.
|
||
|
||
ABC-PROFILE-TF-R8 (MUST)
|
||
------------------------
|
||
|
||
Modules MUST NOT read Terraform state from other modules except via outputs.
|
||
|
||
ABC-PROFILE-TF-R9 (MUST)
|
||
------------------------
|
||
|
||
Capturing Down MUST be implemented by passing parent variables or outputs into
|
||
child module inputs.
|
||
|
||
ABC-PROFILE-TF-R10 (MUST)
|
||
-------------------------
|
||
|
||
Bubbling Up MUST be implemented by exposing child module outputs and re‑exposing
|
||
them in the parent module if needed.
|
||
|
||
ABC-PROFILE-TF-R11 (MUST)
|
||
-------------------------
|
||
|
||
Resource definitions MUST reside only in Resource Group modules (ABC‑C3).
|
||
|
||
ABC-PROFILE-TF-R12 (MUST)
|
||
-------------------------
|
||
|
||
Logical Units MUST NOT contain Terraform resources directly.
|
||
|
||
ABC-PROFILE-TF-R13 (SHOULD)
|
||
---------------------------
|
||
|
||
Logical Units SHOULD only orchestrate child modules and expose aggregated
|
||
outputs.
|
||
|
||
Canonical Example
|
||
=================
|
||
|
||
A minimal 3‑tier ABC architecture in Terraform.
|
||
|
||
Application Stack
|
||
-----------------
|
||
|
||
.. code-block:: hcl
|
||
:caption: main.tf
|
||
|
||
module "data" {
|
||
source = "./data"
|
||
environment = var.environment
|
||
region = var.region
|
||
}
|
||
|
||
module "logic" {
|
||
source = "./logic"
|
||
environment = var.environment
|
||
region = var.region
|
||
database_endpoint = module.data.database_endpoint
|
||
}
|
||
|
||
module "presentation" {
|
||
source = "./presentation"
|
||
environment = var.environment
|
||
region = var.region
|
||
frontend_assets_bucket = module.data.storage_bucket_name
|
||
api_endpoint = module.logic.api_endpoint
|
||
}
|
||
|
||
output "frontend_url" {
|
||
value = module.presentation.frontend_url
|
||
}
|
||
|
||
output "api_endpoint" {
|
||
value = module.logic.api_endpoint
|
||
}
|
||
|
||
.. code-block:: hcl
|
||
:caption: variables.tf
|
||
|
||
variable "environment" { type = string }
|
||
variable "region" { type = string }
|
||
|
||
Data Logical Unit
|
||
-----------------
|
||
|
||
.. code-block::
|
||
:caption: data/main.tf
|
||
|
||
module "storage" {
|
||
source = "./storage"
|
||
environment = var.environment
|
||
region = var.region
|
||
storage_class = var.storage_class
|
||
}
|
||
|
||
module "database" {
|
||
source = "./database"
|
||
environment = var.environment
|
||
db_engine = var.db_engine
|
||
db_instance_size = var.db_instance_size
|
||
}
|
||
|
||
output "storage_bucket_name" {
|
||
value = module.storage.bucket_name
|
||
}
|
||
|
||
output "database_endpoint" {
|
||
value = module.database.endpoint
|
||
}
|
||
|
||
.. code-block::
|
||
:caption: data/variables.tf
|
||
|
||
variable "environment" { type = string }
|
||
variable "region" { type = string }
|
||
variable "storage_class" { type = string }
|
||
variable "db_engine" { type = string }
|
||
variable "db_instance_size" { type = string }
|
||
|
||
Storage Resource Group
|
||
^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
.. code-block:: hcl
|
||
:caption: data/storage/main.tf
|
||
|
||
resource "aws_s3_bucket" "bucket" {
|
||
bucket = "${var.environment}-storage"
|
||
}
|
||
|
||
.. code-block:: hcl
|
||
:caption: data/storage/variables.tf
|
||
|
||
variable "environment" { type = string }
|
||
variable "region" { type = string }
|
||
variable "storage_class" { type = string }
|
||
|
||
.. code-block:: hcl
|
||
:caption: data/storage/outputs.tf
|
||
|
||
output "bucket_name" {
|
||
value = aws_s3_bucket.bucket.bucket
|
||
}
|