@opengeni/runtime 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (65) hide show
  1. package/dist/chunk-2PO56VAL.js +3478 -0
  2. package/dist/chunk-2PO56VAL.js.map +1 -0
  3. package/dist/index.d.ts +912 -0
  4. package/dist/index.js +3663 -0
  5. package/dist/index.js.map +1 -0
  6. package/dist/sandbox/index.d.ts +1738 -0
  7. package/dist/sandbox/index.js +187 -0
  8. package/dist/sandbox/index.js.map +1 -0
  9. package/package.json +49 -0
  10. package/src/bundled_hashicorp_terraform_skills/LICENSE +373 -0
  11. package/src/bundled_hashicorp_terraform_skills/README.md +18 -0
  12. package/src/bundled_hashicorp_terraform_skills/UPSTREAM_GIT_SHA +1 -0
  13. package/src/bundled_hashicorp_terraform_skills/azure-verified-modules/SKILL.md +613 -0
  14. package/src/bundled_hashicorp_terraform_skills/checkov/SKILL.md +43 -0
  15. package/src/bundled_hashicorp_terraform_skills/refactor-module/SKILL.md +538 -0
  16. package/src/bundled_hashicorp_terraform_skills/social-media-marketing/SKILL.md +35 -0
  17. package/src/bundled_hashicorp_terraform_skills/terraform-search-import/SKILL.md +372 -0
  18. package/src/bundled_hashicorp_terraform_skills/terraform-search-import/references/MANUAL-IMPORT.md +113 -0
  19. package/src/bundled_hashicorp_terraform_skills/terraform-search-import/scripts/list_resources.sh +38 -0
  20. package/src/bundled_hashicorp_terraform_skills/terraform-stacks/SKILL.md +480 -0
  21. package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/api-monitoring.md +543 -0
  22. package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/component-blocks.md +476 -0
  23. package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/deployment-blocks.md +391 -0
  24. package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/examples.md +1529 -0
  25. package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/linked-stacks.md +187 -0
  26. package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/troubleshooting.md +671 -0
  27. package/src/bundled_hashicorp_terraform_skills/terraform-style-guide/SKILL.md +353 -0
  28. package/src/bundled_hashicorp_terraform_skills/terraform-test/SKILL.md +451 -0
  29. package/src/bundled_hashicorp_terraform_skills/terraform-test/references/CI_CD.md +80 -0
  30. package/src/bundled_hashicorp_terraform_skills/terraform-test/references/EXAMPLES.md +314 -0
  31. package/src/bundled_hashicorp_terraform_skills/terraform-test/references/MOCK_PROVIDERS.md +171 -0
  32. package/src/codex-tool-search.ts +267 -0
  33. package/src/context-compaction.ts +538 -0
  34. package/src/history-sanitizer.ts +719 -0
  35. package/src/index.ts +3299 -0
  36. package/src/sandbox/capabilities.ts +69 -0
  37. package/src/sandbox/channel-a.ts +1031 -0
  38. package/src/sandbox/display-stack.ts +231 -0
  39. package/src/sandbox/errors.ts +34 -0
  40. package/src/sandbox/index.ts +832 -0
  41. package/src/sandbox/providers/blaxel.ts +35 -0
  42. package/src/sandbox/providers/cloudflare.ts +24 -0
  43. package/src/sandbox/providers/daytona.ts +34 -0
  44. package/src/sandbox/providers/docker.ts +17 -0
  45. package/src/sandbox/providers/e2b.ts +36 -0
  46. package/src/sandbox/providers/index.ts +107 -0
  47. package/src/sandbox/providers/local.ts +13 -0
  48. package/src/sandbox/providers/modal.ts +55 -0
  49. package/src/sandbox/providers/none.ts +13 -0
  50. package/src/sandbox/providers/runloop.ts +32 -0
  51. package/src/sandbox/providers/selfhosted.ts +96 -0
  52. package/src/sandbox/providers/types.ts +38 -0
  53. package/src/sandbox/providers/vercel.ts +29 -0
  54. package/src/sandbox/recording.ts +286 -0
  55. package/src/sandbox/routing/backend-resolver.ts +189 -0
  56. package/src/sandbox/routing/routing-session.ts +455 -0
  57. package/src/sandbox/select.ts +371 -0
  58. package/src/sandbox/selfhosted/capabilities.ts +255 -0
  59. package/src/sandbox/selfhosted/control-rpc.ts +351 -0
  60. package/src/sandbox/selfhosted/session.ts +930 -0
  61. package/src/sandbox/selfhosted/testing.ts +230 -0
  62. package/src/sandbox/stream-port.ts +185 -0
  63. package/src/sandbox/stream-token.ts +90 -0
  64. package/src/sandbox/terminal-server.ts +203 -0
  65. package/src/sandbox-computer.ts +835 -0
@@ -0,0 +1,1529 @@
1
+ # Terraform Stacks Complete Examples
2
+
3
+ Complete, working examples for common Terraform Stacks scenarios.
4
+
5
+ ## Table of Contents
6
+
7
+ 1. [Simple Single-Region Stack](#simple-single-region-stack)
8
+ 2. [Stack with Private Registry Modules](#stack-with-private-registry-modules)
9
+ 3. [Multi-Environment Stack](#multi-environment-stack)
10
+ 4. [Multi-Region Stack](#multi-region-stack)
11
+ 5. [Linked Stacks (Cross-Stack Dependencies)](#linked-stacks-cross-stack-dependencies)
12
+ 6. [Multi-Cloud Stack](#multi-cloud-stack)
13
+ 7. [Complete AWS Production Stack](#complete-aws-production-stack)
14
+ 8. [Destroying Deployments](#destroying-deployments)
15
+
16
+ ## Simple Single-Region Stack
17
+
18
+ Basic Stack with a single environment deployment.
19
+
20
+ ### File Structure
21
+ ```
22
+ simple-stack/
23
+ ├── variables.tfcomponent.hcl
24
+ ├── providers.tfcomponent.hcl
25
+ ├── components.tfcomponent.hcl
26
+ ├── deployments.tfdeploy.hcl
27
+ └── modules/
28
+ └── webapp/
29
+ ├── main.tf
30
+ ├── variables.tf
31
+ └── outputs.tf
32
+ ```
33
+
34
+ ### variables.tfcomponent.hcl
35
+ ```hcl
36
+ variable "aws_region" {
37
+ type = string
38
+ default = "us-west-1"
39
+ }
40
+
41
+ variable "identity_token" {
42
+ type = string
43
+ ephemeral = true
44
+ }
45
+
46
+ variable "role_arn" {
47
+ type = string
48
+ }
49
+
50
+ variable "app_name" {
51
+ type = string
52
+ }
53
+ ```
54
+
55
+ ### providers.tfcomponent.hcl
56
+ ```hcl
57
+ required_providers {
58
+ aws = {
59
+ source = "hashicorp/aws"
60
+ version = "~> 5.7.0"
61
+ }
62
+ }
63
+
64
+ provider "aws" "main" {
65
+ config {
66
+ region = var.aws_region
67
+
68
+ assume_role_with_web_identity {
69
+ role_arn = var.role_arn
70
+ web_identity_token = var.identity_token
71
+ }
72
+ }
73
+ }
74
+ ```
75
+
76
+ ### components.tfcomponent.hcl
77
+ ```hcl
78
+ component "webapp" {
79
+ source = "./modules/webapp"
80
+
81
+ inputs = {
82
+ app_name = var.app_name
83
+ region = var.aws_region
84
+ }
85
+
86
+ providers = {
87
+ aws = provider.aws.main
88
+ }
89
+ }
90
+ ```
91
+
92
+ ### deployments.tfdeploy.hcl
93
+ ```hcl
94
+ identity_token "aws" {
95
+ audience = ["aws.workload.identity"]
96
+ }
97
+
98
+ deployment "production" {
99
+ inputs = {
100
+ aws_region = "us-west-1"
101
+ app_name = "my-webapp"
102
+ role_arn = "arn:aws:iam::123456789012:role/terraform-stacks"
103
+ identity_token = identity_token.aws.jwt
104
+ }
105
+ }
106
+
107
+ # Deployment groups
108
+ deployment_group "production" {
109
+ deployments = [deployment.production]
110
+ }
111
+ ```
112
+
113
+ ## Stack with Private Registry Modules
114
+
115
+ Example Stack using modules from a private HCP Terraform registry, combining both private and public registry sources.
116
+
117
+ ### File Structure
118
+ ```
119
+ private-registry-stack/
120
+ ├── variables.tfcomponent.hcl
121
+ ├── providers.tfcomponent.hcl
122
+ ├── components.tfcomponent.hcl
123
+ ├── outputs.tfcomponent.hcl
124
+ └── deployments.tfdeploy.hcl
125
+ ```
126
+
127
+ ### variables.tfcomponent.hcl
128
+ ```hcl
129
+ variable "aws_region" {
130
+ type = string
131
+ default = "us-west-2"
132
+ }
133
+
134
+ variable "environment" {
135
+ type = string
136
+ }
137
+
138
+ variable "identity_token" {
139
+ type = string
140
+ ephemeral = true
141
+ }
142
+
143
+ variable "role_arn" {
144
+ type = string
145
+ }
146
+
147
+ variable "vpc_cidr" {
148
+ type = string
149
+ default = "10.0.0.0/16"
150
+ }
151
+
152
+ variable "app_name" {
153
+ type = string
154
+ }
155
+
156
+ variable "db_password" {
157
+ type = string
158
+ sensitive = true
159
+ }
160
+ ```
161
+
162
+ ### providers.tfcomponent.hcl
163
+ ```hcl
164
+ required_providers {
165
+ aws = {
166
+ source = "hashicorp/aws"
167
+ version = "~> 5.7.0"
168
+ }
169
+ random = {
170
+ source = "hashicorp/random"
171
+ version = "~> 3.5.0"
172
+ }
173
+ }
174
+
175
+ provider "aws" "main" {
176
+ config {
177
+ region = var.aws_region
178
+
179
+ assume_role_with_web_identity {
180
+ role_arn = var.role_arn
181
+ web_identity_token = var.identity_token
182
+ }
183
+
184
+ default_tags {
185
+ tags = {
186
+ Environment = var.environment
187
+ ManagedBy = "Terraform Stacks"
188
+ Application = var.app_name
189
+ }
190
+ }
191
+ }
192
+ }
193
+
194
+ provider "random" "main" {
195
+ config {}
196
+ }
197
+ ```
198
+
199
+ ### components.tfcomponent.hcl
200
+ ```hcl
201
+ locals {
202
+ name_prefix = "${var.app_name}-${var.environment}"
203
+ common_tags = {
204
+ Project = var.app_name
205
+ Environment = var.environment
206
+ }
207
+ }
208
+
209
+ # Using a private registry module for VPC
210
+ component "vpc" {
211
+ source = "app.terraform.io/my-org/vpc/aws"
212
+ version = "2.1.0"
213
+
214
+ inputs = {
215
+ name_prefix = local.name_prefix
216
+ cidr_block = var.vpc_cidr
217
+ availability_zones = ["${var.aws_region}a", "${var.aws_region}b", "${var.aws_region}c"]
218
+ enable_nat_gateway = true
219
+ single_nat_gateway = var.environment != "prod"
220
+ tags = local.common_tags
221
+ }
222
+
223
+ providers = {
224
+ aws = provider.aws.main
225
+ }
226
+ }
227
+
228
+ # Using a private registry module for security groups
229
+ component "security_groups" {
230
+ source = "app.terraform.io/my-org/security-groups/aws"
231
+ version = "1.5.2"
232
+
233
+ inputs = {
234
+ vpc_id = component.vpc.vpc_id
235
+ name_prefix = local.name_prefix
236
+ environment = var.environment
237
+ }
238
+
239
+ providers = {
240
+ aws = provider.aws.main
241
+ }
242
+ }
243
+
244
+ # Using a public registry module for RDS
245
+ component "database" {
246
+ source = "terraform-aws-modules/rds/aws"
247
+ version = "~> 6.0"
248
+
249
+ inputs = {
250
+ identifier = "${local.name_prefix}-db"
251
+ engine = "postgres"
252
+ engine_version = "15.3"
253
+ family = "postgres15"
254
+ major_engine_version = "15"
255
+ instance_class = var.environment == "prod" ? "db.t3.large" : "db.t3.micro"
256
+
257
+ allocated_storage = var.environment == "prod" ? 100 : 20
258
+ db_name = replace(var.app_name, "-", "_")
259
+ username = "dbadmin"
260
+ password = var.db_password
261
+ port = 5432
262
+
263
+ db_subnet_group_name = component.vpc.database_subnet_group_name
264
+ vpc_security_group_ids = [component.security_groups.database_sg_id]
265
+
266
+ backup_retention_period = var.environment == "prod" ? 30 : 7
267
+ skip_final_snapshot = var.environment != "prod"
268
+ deletion_protection = var.environment == "prod"
269
+
270
+ tags = local.common_tags
271
+ }
272
+
273
+ providers = {
274
+ aws = provider.aws.main
275
+ }
276
+ }
277
+
278
+ # Using a private registry module for application infrastructure
279
+ component "application" {
280
+ source = "app.terraform.io/my-org/ecs-application/aws"
281
+ version = "3.2.1"
282
+
283
+ inputs = {
284
+ name_prefix = local.name_prefix
285
+ vpc_id = component.vpc.vpc_id
286
+ private_subnet_ids = component.vpc.private_subnet_ids
287
+ public_subnet_ids = component.vpc.public_subnet_ids
288
+ app_security_group_id = component.security_groups.app_sg_id
289
+
290
+ container_image = "my-org/my-app:latest"
291
+ container_port = 8080
292
+ desired_count = var.environment == "prod" ? 3 : 1
293
+
294
+ environment_variables = {
295
+ ENVIRONMENT = var.environment
296
+ DATABASE_HOST = component.database.db_instance_endpoint
297
+ DATABASE_NAME = component.database.db_instance_name
298
+ }
299
+
300
+ tags = local.common_tags
301
+ }
302
+
303
+ providers = {
304
+ aws = provider.aws.main
305
+ }
306
+ }
307
+ ```
308
+
309
+ ### outputs.tfcomponent.hcl
310
+ ```hcl
311
+ output "vpc_id" {
312
+ type = string
313
+ description = "VPC ID"
314
+ value = component.vpc.vpc_id
315
+ }
316
+
317
+ output "application_url" {
318
+ type = string
319
+ description = "Application load balancer URL"
320
+ value = component.application.load_balancer_dns
321
+ }
322
+
323
+ output "database_endpoint" {
324
+ type = string
325
+ description = "Database endpoint"
326
+ value = component.database.db_instance_endpoint
327
+ sensitive = true
328
+ }
329
+ ```
330
+
331
+ ### deployments.tfdeploy.hcl
332
+ ```hcl
333
+ identity_token "aws" {
334
+ audience = ["aws.workload.identity"]
335
+ }
336
+
337
+ locals {
338
+ role_arn = "arn:aws:iam::123456789012:role/terraform-stacks"
339
+ }
340
+
341
+ deployment "development" {
342
+ inputs = {
343
+ aws_region = "us-west-2"
344
+ environment = "dev"
345
+ app_name = "myapp"
346
+ vpc_cidr = "10.0.0.0/16"
347
+ db_password = "dev-password-change-me"
348
+ role_arn = local.role_arn
349
+ identity_token = identity_token.aws.jwt
350
+ }
351
+ }
352
+
353
+ deployment "production" {
354
+ inputs = {
355
+ aws_region = "us-east-1"
356
+ environment = "prod"
357
+ app_name = "myapp"
358
+ vpc_cidr = "10.1.0.0/16"
359
+ db_password = "prod-password-use-secrets-manager"
360
+ role_arn = local.role_arn
361
+ identity_token = identity_token.aws.jwt
362
+ }
363
+ }
364
+
365
+ # Deployment groups
366
+ deployment_group "development" {
367
+ deployments = [deployment.development]
368
+ }
369
+
370
+ deployment_group "production" {
371
+ deployments = [deployment.production]
372
+ }
373
+ ```
374
+
375
+ ### Key Points
376
+
377
+ - **Private registry modules** use the format `app.terraform.io/<org>/<module>/<provider>`
378
+ - **Version constraints** ensure consistent module versions across environments
379
+ - **Mixed sources**: Combining private registry modules (VPC, security groups, application) with public registry modules (RDS)
380
+ - **Authentication**: HCP Terraform workspaces automatically authenticate to private registries; CLI users need credentials configured
381
+ - **Terraform Enterprise**: Replace `app.terraform.io` with your instance hostname
382
+
383
+ ## Multi-Environment Stack
384
+
385
+ Stack with development, staging, and production deployments.
386
+
387
+ ### variables.tfcomponent.hcl
388
+ ```hcl
389
+ variable "aws_region" {
390
+ type = string
391
+ }
392
+
393
+ variable "environment" {
394
+ type = string
395
+ }
396
+
397
+ variable "instance_count" {
398
+ type = number
399
+ }
400
+
401
+ variable "instance_type" {
402
+ type = string
403
+ }
404
+
405
+ variable "identity_token" {
406
+ type = string
407
+ ephemeral = true
408
+ }
409
+
410
+ variable "role_arn" {
411
+ type = string
412
+ }
413
+ ```
414
+
415
+ ### providers.tfcomponent.hcl
416
+ ```hcl
417
+ required_providers {
418
+ aws = {
419
+ source = "hashicorp/aws"
420
+ version = "~> 5.7.0"
421
+ }
422
+ }
423
+
424
+ provider "aws" "this" {
425
+ config {
426
+ region = var.aws_region
427
+
428
+ assume_role_with_web_identity {
429
+ role_arn = var.role_arn
430
+ web_identity_token = var.identity_token
431
+ }
432
+
433
+ default_tags {
434
+ tags = {
435
+ Environment = var.environment
436
+ ManagedBy = "Terraform Stacks"
437
+ }
438
+ }
439
+ }
440
+ }
441
+ ```
442
+
443
+ ### components.tfcomponent.hcl
444
+ ```hcl
445
+ locals {
446
+ name_prefix = "myapp-${var.environment}"
447
+ }
448
+
449
+ component "vpc" {
450
+ source = "./modules/vpc"
451
+
452
+ inputs = {
453
+ name_prefix = local.name_prefix
454
+ cidr_block = "10.0.0.0/16"
455
+ }
456
+
457
+ providers = {
458
+ aws = provider.aws.this
459
+ }
460
+ }
461
+
462
+ component "compute" {
463
+ source = "./modules/compute"
464
+
465
+ inputs = {
466
+ name_prefix = local.name_prefix
467
+ vpc_id = component.vpc.vpc_id
468
+ subnet_ids = component.vpc.private_subnet_ids
469
+ instance_count = var.instance_count
470
+ instance_type = var.instance_type
471
+ }
472
+
473
+ providers = {
474
+ aws = provider.aws.this
475
+ }
476
+ }
477
+ ```
478
+
479
+ ### outputs.tfcomponent.hcl
480
+ ```hcl
481
+ output "vpc_id" {
482
+ type = string
483
+ value = component.vpc.vpc_id
484
+ }
485
+
486
+ output "load_balancer_url" {
487
+ type = string
488
+ value = component.compute.load_balancer_url
489
+ }
490
+ ```
491
+
492
+ ### deployments.tfdeploy.hcl
493
+ ```hcl
494
+ identity_token "aws" {
495
+ audience = ["aws.workload.identity"]
496
+ }
497
+
498
+ locals {
499
+ role_arn = "arn:aws:iam::123456789012:role/terraform-stacks"
500
+
501
+ environments = {
502
+ dev = {
503
+ region = "us-east-1"
504
+ instance_count = 1
505
+ instance_type = "t3.micro"
506
+ }
507
+ staging = {
508
+ region = "us-west-1"
509
+ instance_count = 2
510
+ instance_type = "t3.small"
511
+ }
512
+ prod = {
513
+ region = "us-west-1"
514
+ instance_count = 5
515
+ instance_type = "t3.large"
516
+ }
517
+ }
518
+ }
519
+
520
+ deployment "development" {
521
+ inputs = {
522
+ aws_region = local.environments.dev.region
523
+ environment = "dev"
524
+ instance_count = local.environments.dev.instance_count
525
+ instance_type = local.environments.dev.instance_type
526
+ role_arn = local.role_arn
527
+ identity_token = identity_token.aws.jwt
528
+ }
529
+ }
530
+
531
+ deployment "staging" {
532
+ inputs = {
533
+ aws_region = local.environments.staging.region
534
+ environment = "staging"
535
+ instance_count = local.environments.staging.instance_count
536
+ instance_type = local.environments.staging.instance_type
537
+ role_arn = local.role_arn
538
+ identity_token = identity_token.aws.jwt
539
+ }
540
+ }
541
+
542
+ deployment "production" {
543
+ inputs = {
544
+ aws_region = local.environments.prod.region
545
+ environment = "prod"
546
+ instance_count = local.environments.prod.instance_count
547
+ instance_type = local.environments.prod.instance_type
548
+ role_arn = local.role_arn
549
+ identity_token = identity_token.aws.jwt
550
+ }
551
+ }
552
+
553
+ # Deployment groups
554
+ deployment_group "development" {
555
+ deployments = [deployment.development]
556
+ }
557
+
558
+ deployment_group "non_production" {
559
+ deployments = [deployment.staging]
560
+ }
561
+
562
+ deployment_group "production" {
563
+ deployments = [deployment.production]
564
+ }
565
+
566
+ # Auto-approve dev deployments
567
+ deployment_auto_approve "dev_auto" {
568
+ deployment_group = deployment_group.development
569
+
570
+ check {
571
+ condition = context.plan.applyable
572
+ reason = "Development plans must be applyable"
573
+ }
574
+ }
575
+ ```
576
+
577
+ ## Multi-Region Stack
578
+
579
+ Stack that deploys identical infrastructure across multiple AWS regions.
580
+
581
+ ### variables.tfcomponent.hcl
582
+ ```hcl
583
+ variable "regions" {
584
+ type = set(string)
585
+ }
586
+
587
+ variable "identity_token" {
588
+ type = string
589
+ ephemeral = true
590
+ }
591
+
592
+ variable "role_arn" {
593
+ type = string
594
+ }
595
+
596
+ variable "app_name" {
597
+ type = string
598
+ }
599
+ ```
600
+
601
+ ### providers.tfcomponent.hcl
602
+ ```hcl
603
+ required_providers {
604
+ aws = {
605
+ source = "hashicorp/aws"
606
+ version = "~> 5.7.0"
607
+ }
608
+ }
609
+
610
+ provider "aws" "regional" {
611
+ for_each = var.regions
612
+
613
+ config {
614
+ region = each.value
615
+
616
+ assume_role_with_web_identity {
617
+ role_arn = var.role_arn
618
+ web_identity_token = var.identity_token
619
+ }
620
+
621
+ default_tags {
622
+ tags = {
623
+ Region = each.value
624
+ ManagedBy = "Terraform Stacks"
625
+ AppName = var.app_name
626
+ }
627
+ }
628
+ }
629
+ }
630
+ ```
631
+
632
+ ### components.tfcomponent.hcl
633
+ ```hcl
634
+ component "regional_infrastructure" {
635
+ for_each = var.regions
636
+
637
+ source = "./modules/regional-infra"
638
+
639
+ inputs = {
640
+ region = each.value
641
+ app_name = var.app_name
642
+ name_suffix = each.value
643
+ }
644
+
645
+ providers = {
646
+ aws = provider.aws.regional[each.value]
647
+ }
648
+ }
649
+
650
+ component "global_route53" {
651
+ source = "./modules/route53"
652
+
653
+ inputs = {
654
+ app_name = var.app_name
655
+ domain_name = "example.com"
656
+ regional_lbs = {
657
+ for region, comp in component.regional_infrastructure :
658
+ region => comp.load_balancer_dns
659
+ }
660
+ }
661
+
662
+ # Use one region's provider for global resources
663
+ providers = {
664
+ aws = provider.aws.regional["us-west-1"]
665
+ }
666
+ }
667
+ ```
668
+
669
+ ### outputs.tfcomponent.hcl
670
+ ```hcl
671
+ output "regional_endpoints" {
672
+ type = map(string)
673
+ value = {
674
+ for region, comp in component.regional_infrastructure :
675
+ region => comp.load_balancer_url
676
+ }
677
+ }
678
+
679
+ output "global_domain" {
680
+ type = string
681
+ value = component.global_route53.domain_name
682
+ }
683
+ ```
684
+
685
+ ### deployments.tfdeploy.hcl
686
+ ```hcl
687
+ identity_token "aws" {
688
+ audience = ["aws.workload.identity"]
689
+ }
690
+
691
+ locals {
692
+ regions = ["us-west-1", "us-east-1", "eu-west-1"]
693
+ }
694
+
695
+ deployment "multi_region_prod" {
696
+ inputs = {
697
+ regions = toset(local.regions)
698
+ app_name = "my-global-app"
699
+ role_arn = "arn:aws:iam::123456789012:role/terraform-stacks"
700
+ identity_token = identity_token.aws.jwt
701
+ }
702
+ }
703
+
704
+ # Deployment groups
705
+ deployment_group "production" {
706
+ deployments = [deployment.multi_region_prod]
707
+ }
708
+ ```
709
+
710
+ ## Linked Stacks (Cross-Stack Dependencies)
711
+
712
+ Two Stacks where the application Stack depends on the network Stack.
713
+
714
+ ### Network Stack
715
+
716
+ #### network-stack/variables.tfcomponent.hcl
717
+ ```hcl
718
+ variable "vpc_cidr" {
719
+ type = string
720
+ }
721
+
722
+ variable "environment" {
723
+ type = string
724
+ }
725
+
726
+ variable "aws_region" {
727
+ type = string
728
+ }
729
+
730
+ variable "identity_token" {
731
+ type = string
732
+ ephemeral = true
733
+ }
734
+
735
+ variable "role_arn" {
736
+ type = string
737
+ }
738
+ ```
739
+
740
+ #### network-stack/providers.tfcomponent.hcl
741
+ ```hcl
742
+ required_providers {
743
+ aws = {
744
+ source = "hashicorp/aws"
745
+ version = "~> 5.7.0"
746
+ }
747
+ }
748
+
749
+ provider "aws" "this" {
750
+ config {
751
+ region = var.aws_region
752
+
753
+ assume_role_with_web_identity {
754
+ role_arn = var.role_arn
755
+ web_identity_token = var.identity_token
756
+ }
757
+ }
758
+ }
759
+ ```
760
+
761
+ #### network-stack/components.tfcomponent.hcl
762
+ ```hcl
763
+ component "vpc" {
764
+ source = "./modules/vpc"
765
+
766
+ inputs = {
767
+ cidr_block = var.vpc_cidr
768
+ environment = var.environment
769
+ }
770
+
771
+ providers = {
772
+ aws = provider.aws.this
773
+ }
774
+ }
775
+
776
+ component "security_groups" {
777
+ source = "./modules/security-groups"
778
+
779
+ inputs = {
780
+ vpc_id = component.vpc.vpc_id
781
+ environment = var.environment
782
+ }
783
+
784
+ providers = {
785
+ aws = provider.aws.this
786
+ }
787
+ }
788
+ ```
789
+
790
+ #### network-stack/outputs.tfcomponent.hcl
791
+ ```hcl
792
+ output "vpc_id" {
793
+ type = string
794
+ value = component.vpc.vpc_id
795
+ }
796
+
797
+ output "private_subnet_ids" {
798
+ type = list(string)
799
+ value = component.vpc.private_subnet_ids
800
+ }
801
+
802
+ output "public_subnet_ids" {
803
+ type = list(string)
804
+ value = component.vpc.public_subnet_ids
805
+ }
806
+
807
+ output "app_security_group_id" {
808
+ type = string
809
+ value = component.security_groups.app_sg_id
810
+ }
811
+ ```
812
+
813
+ #### network-stack/deployments.tfdeploy.hcl
814
+ ```hcl
815
+ identity_token "aws" {
816
+ audience = ["aws.workload.identity"]
817
+ }
818
+
819
+ locals {
820
+ role_arn = "arn:aws:iam::123456789012:role/terraform-stacks"
821
+ }
822
+
823
+ deployment "network" {
824
+ inputs = {
825
+ aws_region = "us-west-1"
826
+ environment = "production"
827
+ vpc_cidr = "10.0.0.0/16"
828
+ role_arn = local.role_arn
829
+ identity_token = identity_token.aws.jwt
830
+ }
831
+ }
832
+
833
+ # Publish outputs for other stacks
834
+ publish_output "vpc_id_network" {
835
+ type = string
836
+ value = deployment.network.vpc_id
837
+ }
838
+
839
+ publish_output "private_subnet_ids" {
840
+ type = list(string)
841
+ value = deployment.network.private_subnet_ids
842
+ }
843
+
844
+ publish_output "public_subnet_ids" {
845
+ type = list(string)
846
+ value = deployment.network.public_subnet_ids
847
+ }
848
+
849
+ publish_output "app_security_group_id" {
850
+ type = string
851
+ value = deployment.network.app_security_group_id
852
+ }
853
+
854
+ # Deployment groups
855
+ deployment_group "network" {
856
+ deployments = [deployment.network]
857
+ }
858
+ ```
859
+
860
+ ### Application Stack
861
+
862
+ #### application-stack/variables.tfcomponent.hcl
863
+ ```hcl
864
+ variable "vpc_id" {
865
+ type = string
866
+ }
867
+
868
+ variable "subnet_ids" {
869
+ type = list(string)
870
+ }
871
+
872
+ variable "security_group_id" {
873
+ type = string
874
+ }
875
+
876
+ variable "instance_count" {
877
+ type = number
878
+ }
879
+
880
+ variable "aws_region" {
881
+ type = string
882
+ }
883
+
884
+ variable "identity_token" {
885
+ type = string
886
+ ephemeral = true
887
+ }
888
+
889
+ variable "role_arn" {
890
+ type = string
891
+ }
892
+ ```
893
+
894
+ #### application-stack/providers.tfcomponent.hcl
895
+ ```hcl
896
+ required_providers {
897
+ aws = {
898
+ source = "hashicorp/aws"
899
+ version = "~> 5.7.0"
900
+ }
901
+ }
902
+
903
+ provider "aws" "this" {
904
+ config {
905
+ region = var.aws_region
906
+
907
+ assume_role_with_web_identity {
908
+ role_arn = var.role_arn
909
+ web_identity_token = var.identity_token
910
+ }
911
+ }
912
+ }
913
+ ```
914
+
915
+ #### application-stack/components.tfcomponent.hcl
916
+ ```hcl
917
+ component "application" {
918
+ source = "./modules/app"
919
+
920
+ inputs = {
921
+ vpc_id = var.vpc_id
922
+ subnet_ids = var.subnet_ids
923
+ security_group_id = var.security_group_id
924
+ instance_count = var.instance_count
925
+ }
926
+
927
+ providers = {
928
+ aws = provider.aws.this
929
+ }
930
+ }
931
+ ```
932
+
933
+ #### application-stack/deployments.tfdeploy.hcl
934
+ ```hcl
935
+ identity_token "aws" {
936
+ audience = ["aws.workload.identity"]
937
+ }
938
+
939
+ # Reference the network stack
940
+ upstream_input "network" {
941
+ type = "stack"
942
+ source = "app.terraform.io/my-org/my-project/network-stack"
943
+ }
944
+
945
+ deployment "application" {
946
+ inputs = {
947
+ aws_region = "us-west-1"
948
+ vpc_id = upstream_input.network.vpc_id_network
949
+ subnet_ids = upstream_input.network.private_subnet_ids
950
+ security_group_id = upstream_input.network.app_security_group_id
951
+ instance_count = 3
952
+ role_arn = "arn:aws:iam::123456789012:role/terraform-stacks"
953
+ identity_token = identity_token.aws.jwt
954
+ }
955
+ }
956
+
957
+ # Deployment groups
958
+ deployment_group "application" {
959
+ deployments = [deployment.application]
960
+ }
961
+ ```
962
+
963
+ ## Multi-Cloud Stack
964
+
965
+ Stack that deploys to both AWS and Azure.
966
+
967
+ ### variables.tfcomponent.hcl
968
+ ```hcl
969
+ variable "aws_region" {
970
+ type = string
971
+ }
972
+
973
+ variable "azure_location" {
974
+ type = string
975
+ }
976
+
977
+ variable "aws_identity_token" {
978
+ type = string
979
+ ephemeral = true
980
+ }
981
+
982
+ variable "aws_role_arn" {
983
+ type = string
984
+ }
985
+
986
+ variable "azure_identity_token" {
987
+ type = string
988
+ ephemeral = true
989
+ }
990
+
991
+ variable "azure_subscription_id" {
992
+ type = string
993
+ }
994
+
995
+ variable "azure_tenant_id" {
996
+ type = string
997
+ }
998
+
999
+ variable "azure_client_id" {
1000
+ type = string
1001
+ }
1002
+
1003
+ variable "app_name" {
1004
+ type = string
1005
+ }
1006
+ ```
1007
+
1008
+ ### providers.tfcomponent.hcl
1009
+ ```hcl
1010
+ required_providers {
1011
+ aws = {
1012
+ source = "hashicorp/aws"
1013
+ version = "~> 5.7.0"
1014
+ }
1015
+ azurerm = {
1016
+ source = "hashicorp/azurerm"
1017
+ version = "~> 3.0"
1018
+ }
1019
+ }
1020
+
1021
+ provider "aws" "this" {
1022
+ config {
1023
+ region = var.aws_region
1024
+
1025
+ assume_role_with_web_identity {
1026
+ role_arn = var.aws_role_arn
1027
+ web_identity_token = var.aws_identity_token
1028
+ }
1029
+ }
1030
+ }
1031
+
1032
+ provider "azurerm" "this" {
1033
+ config {
1034
+ features {}
1035
+
1036
+ subscription_id = var.azure_subscription_id
1037
+ tenant_id = var.azure_tenant_id
1038
+ client_id = var.azure_client_id
1039
+
1040
+ use_oidc = true
1041
+ oidc_token = var.azure_identity_token
1042
+ }
1043
+ }
1044
+ ```
1045
+
1046
+ ### components.tfcomponent.hcl
1047
+ ```hcl
1048
+ component "aws_infrastructure" {
1049
+ source = "./modules/aws-infra"
1050
+
1051
+ inputs = {
1052
+ region = var.aws_region
1053
+ app_name = var.app_name
1054
+ }
1055
+
1056
+ providers = {
1057
+ aws = provider.aws.this
1058
+ }
1059
+ }
1060
+
1061
+ component "azure_infrastructure" {
1062
+ source = "./modules/azure-infra"
1063
+
1064
+ inputs = {
1065
+ location = var.azure_location
1066
+ app_name = var.app_name
1067
+ }
1068
+
1069
+ providers = {
1070
+ azurerm = provider.azurerm.this
1071
+ }
1072
+ }
1073
+ ```
1074
+
1075
+ ### deployments.tfdeploy.hcl
1076
+ ```hcl
1077
+ identity_token "aws" {
1078
+ audience = ["aws.workload.identity"]
1079
+ }
1080
+
1081
+ identity_token "azure" {
1082
+ audience = ["api://AzureADTokenExchange"]
1083
+ }
1084
+
1085
+ deployment "multi_cloud" {
1086
+ inputs = {
1087
+ aws_region = "us-west-1"
1088
+ azure_location = "westus2"
1089
+ app_name = "my-multi-cloud-app"
1090
+ aws_role_arn = "arn:aws:iam::123456789012:role/terraform-stacks"
1091
+ aws_identity_token = identity_token.aws.jwt
1092
+ azure_subscription_id = "12345678-1234-1234-1234-123456789012"
1093
+ azure_tenant_id = "87654321-4321-4321-4321-210987654321"
1094
+ azure_client_id = "11111111-1111-1111-1111-111111111111"
1095
+ azure_identity_token = identity_token.azure.jwt
1096
+ }
1097
+ }
1098
+
1099
+ # Deployment groups
1100
+ deployment_group "multi_cloud" {
1101
+ deployments = [deployment.multi_cloud]
1102
+ }
1103
+ ```
1104
+
1105
+ ## Complete AWS Production Stack
1106
+
1107
+ Full production-grade Stack with VPC, RDS, ECS, and monitoring.
1108
+
1109
+ ### variables.tfcomponent.hcl
1110
+ ```hcl
1111
+ variable "aws_region" {
1112
+ type = string
1113
+ description = "AWS region"
1114
+ }
1115
+
1116
+ variable "environment" {
1117
+ type = string
1118
+ description = "Environment name"
1119
+ }
1120
+
1121
+ variable "vpc_cidr" {
1122
+ type = string
1123
+ description = "VPC CIDR block"
1124
+ }
1125
+
1126
+ variable "app_name" {
1127
+ type = string
1128
+ description = "Application name"
1129
+ }
1130
+
1131
+ variable "db_instance_class" {
1132
+ type = string
1133
+ description = "RDS instance class"
1134
+ }
1135
+
1136
+ variable "ecs_desired_count" {
1137
+ type = number
1138
+ description = "Desired ECS task count"
1139
+ }
1140
+
1141
+ variable "identity_token" {
1142
+ type = string
1143
+ ephemeral = true
1144
+ }
1145
+
1146
+ variable "role_arn" {
1147
+ type = string
1148
+ }
1149
+ ```
1150
+
1151
+ ### providers.tfcomponent.hcl
1152
+ ```hcl
1153
+ required_providers {
1154
+ aws = {
1155
+ source = "hashicorp/aws"
1156
+ version = "~> 5.7.0"
1157
+ }
1158
+ random = {
1159
+ source = "hashicorp/random"
1160
+ version = "~> 3.5.0"
1161
+ }
1162
+ }
1163
+
1164
+ provider "aws" "this" {
1165
+ config {
1166
+ region = var.aws_region
1167
+
1168
+ assume_role_with_web_identity {
1169
+ role_arn = var.role_arn
1170
+ web_identity_token = var.identity_token
1171
+ }
1172
+
1173
+ default_tags {
1174
+ tags = {
1175
+ Environment = var.environment
1176
+ Application = var.app_name
1177
+ ManagedBy = "Terraform Stacks"
1178
+ }
1179
+ }
1180
+ }
1181
+ }
1182
+
1183
+ provider "random" "this" {
1184
+ config {}
1185
+ }
1186
+ ```
1187
+
1188
+ ### components.tfcomponent.hcl
1189
+ ```hcl
1190
+ locals {
1191
+ name_prefix = "${var.app_name}-${var.environment}"
1192
+ }
1193
+
1194
+ component "vpc" {
1195
+ source = "./modules/vpc"
1196
+
1197
+ inputs = {
1198
+ name_prefix = local.name_prefix
1199
+ cidr_block = var.vpc_cidr
1200
+ azs_count = 3
1201
+ }
1202
+
1203
+ providers = {
1204
+ aws = provider.aws.this
1205
+ }
1206
+ }
1207
+
1208
+ component "security_groups" {
1209
+ source = "./modules/security-groups"
1210
+
1211
+ inputs = {
1212
+ name_prefix = local.name_prefix
1213
+ vpc_id = component.vpc.vpc_id
1214
+ }
1215
+
1216
+ providers = {
1217
+ aws = provider.aws.this
1218
+ }
1219
+ }
1220
+
1221
+ component "rds" {
1222
+ source = "./modules/rds"
1223
+
1224
+ inputs = {
1225
+ name_prefix = local.name_prefix
1226
+ instance_class = var.db_instance_class
1227
+ subnet_ids = component.vpc.private_subnet_ids
1228
+ security_group_ids = [component.security_groups.database_sg_id]
1229
+ }
1230
+
1231
+ providers = {
1232
+ aws = provider.aws.this
1233
+ random = provider.random.this
1234
+ }
1235
+ }
1236
+
1237
+ component "ecs_cluster" {
1238
+ source = "./modules/ecs-cluster"
1239
+
1240
+ inputs = {
1241
+ name_prefix = local.name_prefix
1242
+ }
1243
+
1244
+ providers = {
1245
+ aws = provider.aws.this
1246
+ }
1247
+ }
1248
+
1249
+ component "ecs_service" {
1250
+ source = "./modules/ecs-service"
1251
+
1252
+ inputs = {
1253
+ name_prefix = local.name_prefix
1254
+ cluster_id = component.ecs_cluster.cluster_id
1255
+ desired_count = var.ecs_desired_count
1256
+ subnet_ids = component.vpc.private_subnet_ids
1257
+ security_group_id = component.security_groups.app_sg_id
1258
+ database_endpoint = component.rds.endpoint
1259
+ }
1260
+
1261
+ providers = {
1262
+ aws = provider.aws.this
1263
+ }
1264
+ }
1265
+
1266
+ component "alb" {
1267
+ source = "./modules/alb"
1268
+
1269
+ inputs = {
1270
+ name_prefix = local.name_prefix
1271
+ vpc_id = component.vpc.vpc_id
1272
+ subnet_ids = component.vpc.public_subnet_ids
1273
+ security_group_id = component.security_groups.alb_sg_id
1274
+ target_group_arn = component.ecs_service.target_group_arn
1275
+ }
1276
+
1277
+ providers = {
1278
+ aws = provider.aws.this
1279
+ }
1280
+ }
1281
+
1282
+ component "cloudwatch" {
1283
+ source = "./modules/cloudwatch"
1284
+
1285
+ inputs = {
1286
+ name_prefix = local.name_prefix
1287
+ cluster_name = component.ecs_cluster.cluster_name
1288
+ service_name = component.ecs_service.service_name
1289
+ }
1290
+
1291
+ providers = {
1292
+ aws = provider.aws.this
1293
+ }
1294
+ }
1295
+ ```
1296
+
1297
+ ### outputs.tfcomponent.hcl
1298
+ ```hcl
1299
+ output "load_balancer_url" {
1300
+ type = string
1301
+ description = "Application load balancer URL"
1302
+ value = component.alb.dns_name
1303
+ }
1304
+
1305
+ output "database_endpoint" {
1306
+ type = string
1307
+ description = "RDS endpoint"
1308
+ value = component.rds.endpoint
1309
+ sensitive = true
1310
+ }
1311
+
1312
+ output "vpc_id" {
1313
+ type = string
1314
+ value = component.vpc.vpc_id
1315
+ }
1316
+
1317
+ output "ecs_cluster_name" {
1318
+ type = string
1319
+ value = component.ecs_cluster.cluster_name
1320
+ }
1321
+ ```
1322
+
1323
+ ### deployments.tfdeploy.hcl
1324
+ ```hcl
1325
+ identity_token "aws" {
1326
+ audience = ["aws.workload.identity"]
1327
+ }
1328
+
1329
+ locals {
1330
+ role_arn = "arn:aws:iam::123456789012:role/terraform-stacks"
1331
+ }
1332
+
1333
+ deployment "staging" {
1334
+ inputs = {
1335
+ aws_region = "us-west-1"
1336
+ environment = "staging"
1337
+ app_name = "myapp"
1338
+ vpc_cidr = "10.1.0.0/16"
1339
+ db_instance_class = "db.t3.small"
1340
+ ecs_desired_count = 2
1341
+ role_arn = local.role_arn
1342
+ identity_token = identity_token.aws.jwt
1343
+ }
1344
+ }
1345
+
1346
+ deployment "production" {
1347
+ inputs = {
1348
+ aws_region = "us-west-1"
1349
+ environment = "production"
1350
+ app_name = "myapp"
1351
+ vpc_cidr = "10.0.0.0/16"
1352
+ db_instance_class = "db.r5.large"
1353
+ ecs_desired_count = 5
1354
+ role_arn = local.role_arn
1355
+ identity_token = identity_token.aws.jwt
1356
+ }
1357
+ }
1358
+
1359
+ # Deployment groups
1360
+ deployment_group "staging" {
1361
+ deployments = [deployment.staging]
1362
+ }
1363
+
1364
+ deployment_group "production" {
1365
+ deployments = [deployment.production]
1366
+ }
1367
+
1368
+ # Auto-approve staging with safety checks
1369
+ deployment_auto_approve "staging_safe" {
1370
+ deployment_group = deployment_group.staging
1371
+
1372
+ check {
1373
+ condition = context.plan.changes.remove == 0
1374
+ reason = "Cannot auto-approve deletions in staging"
1375
+ }
1376
+
1377
+ check {
1378
+ condition = context.plan.applyable
1379
+ reason = "Plan must be applyable"
1380
+ }
1381
+ }
1382
+ ```
1383
+
1384
+ ## Testing Configurations
1385
+
1386
+ ### Validate Stack Configuration
1387
+ ```bash
1388
+ terraform stacks providers lock
1389
+ terraform stacks validate
1390
+ ```
1391
+
1392
+ ### Plan Specific Deployment
1393
+ ```bash
1394
+ terraform stacks plan --deployment=development
1395
+ terraform stacks plan --deployment=production
1396
+ ```
1397
+
1398
+ ### Apply Deployment
1399
+ ```bash
1400
+ terraform stacks apply --deployment=staging
1401
+ ```
1402
+
1403
+ ## Destroying Deployments
1404
+
1405
+ Example of safely removing a deployment from your Stack.
1406
+
1407
+ ### Scenario
1408
+
1409
+ You want to decommission the "development" deployment while keeping staging and production active.
1410
+
1411
+ ### Step 1: Mark Deployment for Destruction
1412
+
1413
+ Update your `deployments.tfdeploy.hcl` file to set `destroy = true`:
1414
+
1415
+ ```hcl
1416
+ identity_token "aws" {
1417
+ audience = ["aws.workload.identity"]
1418
+ }
1419
+
1420
+ locals {
1421
+ role_arn = "arn:aws:iam::123456789012:role/terraform-stacks"
1422
+ }
1423
+
1424
+ # Mark this deployment for destruction
1425
+ deployment "development" {
1426
+ inputs = {
1427
+ aws_region = "us-east-1"
1428
+ environment = "dev"
1429
+ instance_count = 1
1430
+ role_arn = local.role_arn
1431
+ identity_token = identity_token.aws.jwt
1432
+ }
1433
+ destroy = true # This tells HCP Terraform to destroy all resources
1434
+ }
1435
+
1436
+ # Keep these deployments active
1437
+ deployment "staging" {
1438
+ inputs = {
1439
+ aws_region = "us-west-1"
1440
+ environment = "staging"
1441
+ instance_count = 2
1442
+ role_arn = local.role_arn
1443
+ identity_token = identity_token.aws.jwt
1444
+ }
1445
+ }
1446
+
1447
+ deployment "production" {
1448
+ inputs = {
1449
+ aws_region = "us-west-1"
1450
+ environment = "prod"
1451
+ instance_count = 5
1452
+ role_arn = local.role_arn
1453
+ identity_token = identity_token.aws.jwt
1454
+ }
1455
+ }
1456
+
1457
+ # Deployment groups
1458
+ deployment_group "staging" {
1459
+ deployments = [deployment.staging]
1460
+ }
1461
+
1462
+ deployment_group "production" {
1463
+ deployments = [deployment.production]
1464
+ }
1465
+ ```
1466
+
1467
+ ### Step 2: Plan and Apply
1468
+
1469
+ ```bash
1470
+ # Review the destruction plan
1471
+ terraform stacks plan --deployment=development
1472
+
1473
+ # Apply the destruction
1474
+ terraform stacks apply --deployment=development
1475
+ ```
1476
+
1477
+ HCP Terraform will destroy all resources in the development deployment.
1478
+
1479
+ ### Step 3: Remove the Deployment Block
1480
+
1481
+ After the deployment is successfully destroyed, remove the entire deployment block from your configuration:
1482
+
1483
+ ```hcl
1484
+ identity_token "aws" {
1485
+ audience = ["aws.workload.identity"]
1486
+ }
1487
+
1488
+ locals {
1489
+ role_arn = "arn:aws:iam::123456789012:role/terraform-stacks"
1490
+ }
1491
+
1492
+ # deployment "development" block has been removed
1493
+
1494
+ deployment "staging" {
1495
+ inputs = {
1496
+ aws_region = "us-west-1"
1497
+ environment = "staging"
1498
+ instance_count = 2
1499
+ role_arn = local.role_arn
1500
+ identity_token = identity_token.aws.jwt
1501
+ }
1502
+ }
1503
+
1504
+ deployment "production" {
1505
+ inputs = {
1506
+ aws_region = "us-west-1"
1507
+ environment = "prod"
1508
+ instance_count = 5
1509
+ role_arn = local.role_arn
1510
+ identity_token = identity_token.aws.jwt
1511
+ }
1512
+ }
1513
+
1514
+ # Deployment groups
1515
+ deployment_group "staging" {
1516
+ deployments = [deployment.staging]
1517
+ }
1518
+
1519
+ deployment_group "production" {
1520
+ deployments = [deployment.production]
1521
+ }
1522
+ ```
1523
+
1524
+ ### Important Notes
1525
+
1526
+ - **Provider Authentication**: The `destroy` argument ensures your configuration retains the provider authentication needed to destroy resources
1527
+ - **Do Not Remove Immediately**: Don't remove the deployment block until after the destruction is complete
1528
+ - **Verify Before Removing**: Check HCP Terraform UI to confirm all resources are destroyed before removing the block
1529
+ - **Alternative**: You could manually destroy resources through HCP Terraform UI, but using `destroy = true` is the recommended approach for maintaining infrastructure-as-code practices