veylant/deploy/terraform/README.md

Infrastructure — Terraform / OpenTofu

Sprint 1 note: Infrastructure provisioning is skipped in Sprint 1 (OpenTofu not yet installed locally). See docs/adr/001-terraform-vs-pulumi.md for the tooling decision.

Prerequisites

brew install opentofu

Structure (to be implemented in Sprint 4+)

deploy/terraform/
├── main.tf          # Root module, providers, backend (S3 + DynamoDB lock)
├── variables.tf     # Input variables
├── outputs.tf       # VPC, cluster endpoint, kubeconfig
├── versions.tf      # Pinned provider versions
├── vpc/             # VPC, subnets, NAT gateway
├── eks/             # EKS cluster, node groups (terraform-aws-eks v20.x)
└── monitoring/      # CloudWatch, alerts

Before first apply

Create the state backend manually:

aws s3 mb s3://veylant-terraform-state-eu-west-3 --region eu-west-3
aws dynamodb create-table \
  --table-name veylant-terraform-lock \
  --attribute-definitions AttributeName=LockID,AttributeType=S \
  --key-schema AttributeName=LockID,KeyType=HASH \
  --billing-mode PAY_PER_REQUEST \
  --region eu-west-3