diff --git a/.gitignore b/.gitignore index f92e45a..0b19c9c 100644 --- a/.gitignore +++ b/.gitignore @@ -22,4 +22,10 @@ yarn-error.log* # Dependency directories package-lock.json pnpm-lock.yaml -yarn.lock \ No newline at end of file +yarn.lock + +# Terraform +.terraform/ +*.tfstate +*.tfstate.backup +.terraform.lock.hcl \ No newline at end of file diff --git a/iac/terraform/environments/dev/backend.tf b/iac/terraform/deployments/dev/backend.tf similarity index 100% rename from iac/terraform/environments/dev/backend.tf rename to iac/terraform/deployments/dev/backend.tf diff --git a/iac/terraform/dns/main.tf b/iac/terraform/deployments/dev/main.tf similarity index 100% rename from iac/terraform/dns/main.tf rename to iac/terraform/deployments/dev/main.tf diff --git a/iac/terraform/environments/dev/outputs.tf b/iac/terraform/deployments/dev/outputs.tf similarity index 100% rename from iac/terraform/environments/dev/outputs.tf rename to iac/terraform/deployments/dev/outputs.tf diff --git a/iac/terraform/environments/dev/terraform.tfvars b/iac/terraform/deployments/dev/terraform.tfvars similarity index 100% rename from iac/terraform/environments/dev/terraform.tfvars rename to iac/terraform/deployments/dev/terraform.tfvars diff --git a/iac/terraform/environments/dev/variables.tf b/iac/terraform/deployments/dev/variables.tf similarity index 100% rename from iac/terraform/environments/dev/variables.tf rename to iac/terraform/deployments/dev/variables.tf diff --git a/iac/terraform/deployments/shared/backend.tf b/iac/terraform/deployments/shared/backend.tf new file mode 100644 index 0000000..021f471 --- /dev/null +++ b/iac/terraform/deployments/shared/backend.tf @@ -0,0 +1,8 @@ +terraform { + backend "azurerm" { + resource_group_name = "rg-tfstate" + storage_account_name = "stscryingtfstate" + container_name = "shared" + key = "terraform.tfstate" + } +} diff --git a/iac/terraform/deployments/shared/providers.tf b/iac/terraform/deployments/shared/providers.tf new file mode 100644 index 0000000..b1b64bb --- /dev/null +++ b/iac/terraform/deployments/shared/providers.tf @@ -0,0 +1,15 @@ +terraform { + required_version = ">= 1.0.0" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>3.0.0" + } + } +} + +provider "azurerm" { + features {} + subscription_id = "6f889e85-5bc7-4b1e-a897-17aa4d0794a1" +} diff --git a/iac/terraform/deployments/shared/tfstate.tf b/iac/terraform/deployments/shared/tfstate.tf new file mode 100644 index 0000000..3d26135 --- /dev/null +++ b/iac/terraform/deployments/shared/tfstate.tf @@ -0,0 +1,30 @@ +resource "azurerm_resource_group" "tfstate" { + name = "rg-tfstate" + location = "East US" +} + +resource "azurerm_storage_account" "tfstate" { + name = "stscryingtfstate" + resource_group_name = azurerm_resource_group.tfstate.name + location = azurerm_resource_group.tfstate.location + account_tier = "Standard" + account_replication_type = "LRS" +} + +resource "azurerm_storage_container" "tfstate" { + name = "shared" + storage_account_name = azurerm_storage_account.tfstate.name +} + +# Admin-only access to shared state +# resource "azurerm_role_assignment" "tfstate_admins" { +# scope = azurerm_storage_account.tfstate.id +# role_definition_name = "Storage Blob Data Owner" +# principal_id = var.admin_group_id # Only Admins can modify +# } + +# resource "azurerm_role_assignment" "tfstate_read_only" { +# scope = azurerm_storage_account.tfstate.id +# role_definition_name = "Storage Blob Data Reader" +# principal_id = var.developer_group_id # Devs can only read +# } diff --git a/iac/terraform/environments/dev/main.tf b/iac/terraform/environments/dev/main.tf deleted file mode 100644 index e69de29..0000000