paseka10jaroslav-coder · Copilot · Feb 1, 2026 · Feb 1, 2026 · Feb 1, 2026 · Feb 1, 2026
diff --git a/terraform-infra/.github/CODEOWNERS b/terraform-infra/.github/CODEOWNERS
@@ -0,0 +1,15 @@
+# Terraform Infrastructure Code Owners
+# These owners will be the default owners for everything in
+# the terraform-infra directory
+
+# Global owners for all terraform files
+*.tf @paseka10jaroslav-coder
+*.tfvars @paseka10jaroslav-coder
+
+# Environment specific owners
+/terraform-infra/environments/prod/ @paseka10jaroslav-coder
+/terraform-infra/environments/staging/ @paseka10jaroslav-coder
+/terraform-infra/environments/dev/ @paseka10jaroslav-coder
+
+# Modules
+/terraform-infra/modules/ @paseka10jaroslav-coder
diff --git a/terraform-infra/.github/pull_request_template.md b/terraform-infra/.github/pull_request_template.md
@@ -0,0 +1,36 @@
+# Terraform Infrastructure Change Request
+
+## Description
+<!-- Provide a brief description of the changes made -->
+
+## Environment
+<!-- Check all that apply -->
+- [ ] Dev
+- [ ] Staging
+- [ ] Production
+
+## Type of Change
+<!-- Check all that apply -->
+- [ ] New resource
+- [ ] Resource modification
+- [ ] Resource deletion
+- [ ] Module update
+- [ ] Configuration change
+- [ ] Bug fix
+
+## Checklist
+- [ ] I have run `terraform fmt` to format my code
+- [ ] I have run `terraform validate` to validate my configuration
+- [ ] I have run `terraform plan` and reviewed the changes
+- [ ] I have tested my changes in a non-production environment
+- [ ] I have updated documentation if necessary
+- [ ] I have followed security best practices
+
+## Terraform Plan Output
+<!-- Paste the relevant terraform plan output here -->
+```
+<paste plan output here>
+```
+
+## Additional Notes
+<!-- Any additional information or context -->
diff --git a/terraform-infra/.github/workflows/terraform.yml b/terraform-infra/.github/workflows/terraform.yml
@@ -0,0 +1,62 @@
+name: Terraform CI/CD
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'terraform-infra/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'terraform-infra/**'
+
+jobs:
+  terraform:
+    name: Terraform Plan and Apply
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # Only dev environment is configured currently
+        # Add staging and prod when those environments are ready
+        environment: [dev]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.5.0
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Terraform Format Check
+        run: terraform fmt -check -recursive
+        working-directory: terraform-infra
+
+      - name: Terraform Init
+        run: terraform init
+        working-directory: terraform-infra/environments/${{ matrix.environment }}
+
+      - name: Terraform Validate
+        run: terraform validate
+        working-directory: terraform-infra/environments/${{ matrix.environment }}
+
+      - name: Terraform Plan
+        run: terraform plan -out=tfplan
+        working-directory: terraform-infra/environments/${{ matrix.environment }}
+        env:
+          TF_VAR_environment: ${{ matrix.environment }}
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform apply -auto-approve tfplan
+        working-directory: terraform-infra/environments/${{ matrix.environment }}
diff --git a/terraform-infra/.gitignore b/terraform-infra/.gitignore
@@ -0,0 +1,40 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+*tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Ignore Mac .DS_Store files
+.DS_Store
+
+# Ignore IDE files
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
diff --git a/terraform-infra/README.md b/terraform-infra/README.md
@@ -0,0 +1,168 @@
+# Terraform Infrastructure
+
+This directory contains the Terraform infrastructure code for the SolVoid project.
+
+## Directory Structure
+
+```
+terraform-infra/
+├── .github/
+│   ├── workflows/
+│   │   └── terraform.yml          # CI/CD workflow for Terraform
+│   ├── CODEOWNERS                 # Code ownership configuration
+│   └── pull_request_template.md   # PR template for infrastructure changes
+├── environments/
+│   ├── dev/                       # Development environment
+│   │   ├── main.tf               # Main Terraform configuration
+│   │   ├── variables.tf          # Variable definitions
+│   │   ├── outputs.tf            # Output definitions
+│   │   └── backend.tf            # Backend configuration
+│   ├── staging/                   # Staging environment (to be configured)
+│   └── prod/                      # Production environment (to be configured)
+├── modules/
+│   └── vpc/                       # VPC module
+│       ├── main.tf               # VPC resources
+│       ├── variables.tf          # VPC variables
+│       └── outputs.tf            # VPC outputs
+├── .gitignore                     # Terraform-specific gitignore
+└── README.md                      # This file
+```
+
+## Prerequisites
+
+- [Terraform](https://www.terraform.io/downloads.html) >= 1.5.0
+- AWS CLI configured with appropriate credentials
+- S3 bucket for Terraform state (configured in backend.tf)
+- DynamoDB table for state locking
+
+### Backend Setup
+
+Before running `terraform init`, you need to create the backend resources manually:
+
+1. **Create S3 Bucket for State Storage:**
+   ```bash
+   aws s3api create-bucket --bucket solvoid-terraform-state-dev --region us-east-1
+   aws s3api put-bucket-versioning --bucket solvoid-terraform-state-dev --versioning-configuration Status=Enabled
+   aws s3api put-bucket-encryption --bucket solvoid-terraform-state-dev --server-side-encryption-configuration '{
+     "Rules": [{
+       "ApplyServerSideEncryptionByDefault": {
+         "SSEAlgorithm": "AES256"
+       }
+     }]
+   }'
+   ```
+
+2. **Create DynamoDB Table for State Locking:**
+   ```bash
+   aws dynamodb create-table \
+     --table-name solvoid-terraform-locks-dev \
+     --attribute-definitions AttributeName=LockID,AttributeType=S \
+     --key-schema AttributeName=LockID,KeyType=HASH \
+     --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1 \
+     --region us-east-1
+   ```
+
+## Getting Started
+
+### 1. Initialize Terraform
+
+Navigate to the desired environment directory and initialize Terraform:
+
+```bash
+cd terraform-infra/environments/dev
+terraform init
+```
+
+### 2. Review the Plan
+
+Review the planned changes before applying:
+
+```bash
+terraform plan
+```
+
+### 3. Apply Changes
+
+Apply the Terraform configuration:
+
+```bash
+terraform apply
+```
+
+## Environments
+
+### Development (dev)
+- **Region**: us-east-1
+- **VPC CIDR**: 10.0.0.0/16
+- **Purpose**: Development and testing
+
+### Staging
+- To be configured
+- Similar structure to dev environment
+
+### Production (prod)
+- To be configured
+- Enhanced security and compliance measures
+
+## Modules
+
+### VPC Module
+Creates a VPC with:
+- Public and private subnets across multiple availability zones
+- Internet Gateway for public internet access
+- NAT Gateways for private subnet internet access
+- Route tables and associations
+
+## CI/CD
+
+The GitHub Actions workflow (`.github/workflows/terraform.yml`) automatically:
+- Validates Terraform formatting
+- Runs `terraform init`
+- Runs `terraform validate`
+- Runs `terraform plan` on pull requests
+- Runs `terraform apply` on merges to main branch
+
+### GitHub Actions Setup
+
+Before the workflow can run, you need to configure the following secrets in your GitHub repository:
+
+1. **AWS_ACCESS_KEY_ID**: AWS access key with permissions to manage infrastructure
+2. **AWS_SECRET_ACCESS_KEY**: AWS secret access key
+
+To add these secrets:
+1. Go to your repository on GitHub
+2. Navigate to Settings > Secrets and variables > Actions
+3. Click "New repository secret"
+4. Add both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
+
+Alternatively, you can configure OIDC authentication with AWS IAM for a more secure, keyless approach.
+
+## Best Practices
+
+1. **State Management**: Always use remote state (S3 backend) with state locking (DynamoDB)
+2. **Code Review**: All infrastructure changes must go through pull request review
+3. **Testing**: Test changes in dev environment before applying to staging/prod
+4. **Documentation**: Update documentation when adding new modules or resources
+5. **Security**: Never commit sensitive data or credentials to version control
+6. **Formatting**: Run `terraform fmt` before committing changes
+
+## Security Considerations
+
+- All resources are tagged with environment and managed-by metadata
+- State files are encrypted at rest in S3
+- State locking prevents concurrent modifications
+- CODEOWNERS ensures proper review of infrastructure changes
+
+## Contributing
+
+1. Create a new branch for your changes
+2. Make changes in the appropriate environment or module
+3. Run `terraform fmt` to format your code
+4. Run `terraform validate` to validate your configuration
+5. Create a pull request with a detailed description
+6. Ensure CI/CD checks pass
+7. Request review from code owners
+
+## Support
+
+For questions or issues, please open an issue in the repository or contact the infrastructure team.
diff --git a/terraform-infra/environments/dev/.terraform.lock.hcl b/terraform-infra/environments/dev/.terraform.lock.hcl
diff --git a/terraform-infra/environments/dev/backend.tf b/terraform-infra/environments/dev/backend.tf
@@ -0,0 +1,14 @@
+# Backend configuration for storing Terraform state in S3
+# Prerequisites:
+# 1. Create S3 bucket: solvoid-terraform-state-dev (with versioning enabled)
+# 2. Create DynamoDB table: solvoid-terraform-locks-dev (with LockID as primary key)
+# These resources should be created manually or through a separate bootstrap process
+terraform {
+  backend "s3" {
+    bucket         = "solvoid-terraform-state-dev"
+    key            = "dev/terraform.tfstate"
+    region         = "us-east-1"
+    encrypt        = true
+    dynamodb_table = "solvoid-terraform-locks-dev"
+  }
+}