tf-starter 1.0.0

package/tf_starter/templates/aws/root/variables.tf.j2

@@ -0,0 +1,300 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# ROOT VARIABLES
+# Project: {{ project_name }}
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ----- General -----
+
+variable "region" {
+  description = "AWS region for resource deployment"
+  type        = string
+  default     = "{{ region }}"
+
+  validation {
+    condition     = can(regex("^[a-z]{2}-[a-z]+-[0-9]+$", var.region))
+    error_message = "Region must be a valid AWS region identifier (e.g., us-east-1)."
+  }
+}
+
+variable "environment" {
+  description = "Deployment environment"
+  type        = string
+  default     = "dev"
+
+  validation {
+    condition     = contains({{ environments | tf_list }}, var.environment)
+    error_message = "Environment must be one of: {{ environments | join(', ') }}."
+  }
+}
+
+# ----- Network -----
+
+variable "vpc_cidr" {
+  description = "CIDR block for the VPC"
+  type        = string
+  default     = "10.0.0.0/16"
+
+  validation {
+    condition     = can(cidrhost(var.vpc_cidr, 0))
+    error_message = "Must be a valid CIDR block."
+  }
+}
+
+variable "public_subnet_cidrs" {
+  description = "CIDR blocks for public subnets"
+  type        = list(string)
+  default     = ["10.0.1.0/24", "10.0.2.0/24"]
+}
+
+variable "private_subnet_cidrs" {
+  description = "CIDR blocks for private subnets"
+  type        = list(string)
+  default     = ["10.0.10.0/24", "10.0.11.0/24"]
+}
+
+variable "availability_zones" {
+  description = "Availability zones to use"
+  type        = list(string)
+  default     = ["{{ region }}a", "{{ region }}b"]
+}
+
+{% if "compute" in services %}
+# ----- Compute -----
+
+variable "instance_type" {
+  description = "EC2 instance type for compute nodes"
+  type        = string
+  default     = "t3.medium"
+}
+
+variable "asg_min_size" {
+  description = "Minimum number of instances in the ASG"
+  type        = number
+  default     = 1
+
+  validation {
+    condition     = var.asg_min_size >= 0
+    error_message = "Minimum size must be non-negative."
+  }
+}
+
+variable "asg_max_size" {
+  description = "Maximum number of instances in the ASG"
+  type        = number
+  default     = 4
+}
+
+variable "asg_desired_capacity" {
+  description = "Desired number of instances in the ASG"
+  type        = number
+  default     = 2
+}
+{% endif %}
+
+{% if "lambda" in services %}
+# ----- Lambda -----
+
+variable "lambda_function_name" {
+  description = "Short name for the Lambda function"
+  type        = string
+  default     = "app"
+}
+
+variable "lambda_runtime" {
+  description = "Lambda runtime identifier"
+  type        = string
+  default     = "python3.12"
+}
+
+variable "lambda_handler" {
+  description = "Lambda function handler"
+  type        = string
+  default     = "index.handler"
+}
+
+variable "lambda_timeout" {
+  description = "Lambda function timeout in seconds"
+  type        = number
+  default     = 30
+
+  validation {
+    condition     = var.lambda_timeout >= 1 && var.lambda_timeout <= 900
+    error_message = "Timeout must be between 1 and 900 seconds."
+  }
+}
+
+variable "lambda_memory_size" {
+  description = "Lambda function memory in MB"
+  type        = number
+  default     = 256
+
+  validation {
+    condition     = var.lambda_memory_size >= 128 && var.lambda_memory_size <= 10240
+    error_message = "Memory must be between 128 and 10240 MB."
+  }
+}
+
+variable "lambda_environment_variables" {
+  description = "Additional environment variables for the Lambda function"
+  type        = map(string)
+  default     = {}
+}
+
+variable "lambda_deploy_in_vpc" {
+  description = "Deploy the Lambda function inside the VPC"
+  type        = bool
+  default     = false
+}
+{% endif %}
+
+{% if "apigateway" in services %}
+# ----- API Gateway -----
+
+variable "apigw_endpoint_type" {
+  description = "API Gateway endpoint type"
+  type        = string
+  default     = "REGIONAL"
+
+  validation {
+    condition     = contains(["REGIONAL", "EDGE", "PRIVATE"], var.apigw_endpoint_type)
+    error_message = "Must be REGIONAL, EDGE, or PRIVATE."
+  }
+}
+
+variable "apigw_authorization_type" {
+  description = "Default authorization type for API methods"
+  type        = string
+  default     = "NONE"
+}
+
+variable "apigw_throttle_burst_limit" {
+  description = "API Gateway throttle burst limit"
+  type        = number
+  default     = 100
+}
+
+variable "apigw_throttle_rate_limit" {
+  description = "API Gateway throttle rate limit (req/sec)"
+  type        = number
+  default     = 50
+}
+
+variable "apigw_enable_cors" {
+  description = "Enable CORS support on the API"
+  type        = bool
+  default     = true
+}
+{% endif %}
+
+{% if "database" in services %}
+# ----- Database -----
+
+variable "db_instance_class" {
+  description = "RDS instance class"
+  type        = string
+  default     = "db.t3.medium"
+}
+
+variable "db_allocated_storage" {
+  description = "Allocated storage in GB"
+  type        = number
+  default     = 20
+
+  validation {
+    condition     = var.db_allocated_storage >= 20 && var.db_allocated_storage <= 65536
+    error_message = "Allocated storage must be between 20 and 65536 GB."
+  }
+}
+
+variable "db_name" {
+  description = "Name of the database"
+  type        = string
+  default     = "{{ project_name | replace('-', '_') }}_db"
+}
+
+variable "db_username" {
+  description = "Master username for the database"
+  type        = string
+  default     = "dbadmin"
+  sensitive   = true
+}
+{% endif %}
+
+{% if "kubernetes" in services %}
+# ----- Kubernetes (EKS) -----
+
+variable "eks_cluster_version" {
+  description = "Kubernetes version for the EKS cluster"
+  type        = string
+  default     = "1.29"
+}
+
+variable "eks_node_instance_type" {
+  description = "Instance type for EKS worker nodes"
+  type        = string
+  default     = "t3.large"
+}
+
+variable "eks_node_desired_size" {
+  description = "Desired number of EKS worker nodes"
+  type        = number
+  default     = 2
+}
+
+variable "eks_node_min_size" {
+  description = "Minimum number of EKS worker nodes"
+  type        = number
+  default     = 1
+}
+
+variable "eks_node_max_size" {
+  description = "Maximum number of EKS worker nodes"
+  type        = number
+  default     = 5
+}
+{% endif %}
+
+{% if "monitoring" in services %}
+# ----- Monitoring -----
+
+variable "alarm_email" {
+  description = "Email address for CloudWatch alarm notifications"
+  type        = string
+  default     = ""
+
+  ### MUST EDIT THIS ###
+  # Set to a valid email for alarm notifications
+}
+{% endif %}
+
+{% if "messaging" in services %}
+# ----- Messaging (SQS) -----
+
+variable "sqs_message_retention" {
+  description = "Message retention period in seconds"
+  type        = number
+  default     = 345600  # 4 days
+
+  validation {
+    condition     = var.sqs_message_retention >= 60 && var.sqs_message_retention <= 1209600
+    error_message = "Retention must be between 60 and 1209600 seconds."
+  }
+}
+
+variable "sqs_visibility_timeout" {
+  description = "Visibility timeout in seconds"
+  type        = number
+  default     = 30
+}
+{% endif %}
+
+{% if "storage" in services %}
+# ----- Storage (S3) -----
+
+variable "s3_enable_versioning" {
+  description = "Enable S3 bucket versioning"
+  type        = bool
+  default     = true
+}
+{% endif %}

package/tf_starter/templates/aws/root/versions.tf.j2

@@ -0,0 +1,26 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# TERRAFORM AND PROVIDER VERSION CONSTRAINTS
+# Project: {{ project_name }}
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+terraform {
+  required_version = ">= 1.6.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.40"
+    }
+    {% if "kubernetes" in services %}
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.27"
+    }
+    {% endif %}
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.6"
+    }
+  }
+}

package/tf_starter/templates/azure/environments/backend.tf.j2

@@ -0,0 +1,11 @@
+# REMOTE BACKEND — {{ environment | upper }} (Azure Storage)
+
+terraform {
+  backend "azurerm" {
+    ### MUST EDIT THIS ###
+    resource_group_name  = "{{ project_name }}-tfstate-rg"
+    storage_account_name = "{{ project_name | replace('-', '') }}tfstate"
+    container_name       = "tfstate"
+    key                  = "{{ project_name }}/{{ environment }}/terraform.tfstate"
+  }
+}

package/tf_starter/templates/azure/environments/main.tf.j2

@@ -0,0 +1,57 @@
+# ENVIRONMENT: {{ environment | upper }} — Azure
+# Generated by tf-starter
+
+module "{{ project_name | replace('-', '_') }}" {
+  source = "../../"
+
+  environment = "{{ environment }}"
+  location    = "{{ region }}"
+
+  vnet_address_space  = var.vnet_address_space
+  public_subnet_cidr  = var.public_subnet_cidr
+  private_subnet_cidr = var.private_subnet_cidr
+
+  {% if "compute" in services %}
+  {% if environment == "prod" %}
+  vm_size             = "Standard_D4s_v3"
+  vmss_instance_count = 4
+  {% else %}
+  vm_size             = "Standard_B2s"
+  vmss_instance_count = 1
+  {% endif %}
+  {% endif %}
+
+  {% if "database" in services %}
+  {% if environment == "prod" %}
+  db_sku_name   = "GP_Standard_D4s_v3"
+  db_storage_mb = 65536
+  {% else %}
+  db_sku_name   = "B_Standard_B1ms"
+  db_storage_mb = 32768
+  {% endif %}
+  db_name        = "{{ project_name | replace('-', '_') }}_{{ environment }}"
+  db_admin_login = var.db_admin_login
+  {% endif %}
+
+  {% if "kubernetes" in services %}
+  {% if environment == "prod" %}
+  aks_node_vm_size  = "Standard_D8s_v3"
+  aks_node_count    = 3
+  aks_node_min_count = 2
+  aks_node_max_count = 10
+  {% else %}
+  aks_node_vm_size  = "Standard_D4s_v3"
+  aks_node_count    = 2
+  aks_node_min_count = 1
+  aks_node_max_count = 5
+  {% endif %}
+  {% endif %}
+
+  {% if "monitoring" in services %}
+  alert_email = var.alert_email
+  {% endif %}
+
+  {% if "storage" in services %}
+  storage_enable_versioning = {{ (environment == "prod") | tf_bool }}
+  {% endif %}
+}

package/tf_starter/templates/azure/environments/terraform.tfvars.j2

@@ -0,0 +1,14 @@
+# ENVIRONMENT TFVARS: {{ environment | upper }} — Azure
+# ### MUST EDIT THIS ###
+
+vnet_address_space  = ["10.0.0.0/16"]
+public_subnet_cidr  = "10.0.1.0/24"
+private_subnet_cidr = "10.0.10.0/24"
+
+{% if "database" in services %}
+db_admin_login = "dbadmin"
+{% endif %}
+
+{% if "monitoring" in services %}
+alert_email = "alerts@example.com"
+{% endif %}

package/tf_starter/templates/azure/environments/variables.tf.j2

@@ -0,0 +1,30 @@
+# ENVIRONMENT VARIABLES: {{ environment | upper }} — Azure
+
+variable "vnet_address_space" {
+  type    = list(string)
+  default = ["10.0.0.0/16"]
+}
+
+variable "public_subnet_cidr" {
+  type    = string
+  default = "10.0.1.0/24"
+}
+
+variable "private_subnet_cidr" {
+  type    = string
+  default = "10.0.10.0/24"
+}
+
+{% if "database" in services %}
+variable "db_admin_login" {
+  type      = string
+  sensitive = true
+}
+{% endif %}
+
+{% if "monitoring" in services %}
+variable "alert_email" {
+  type    = string
+  default = ""
+}
+{% endif %}

package/tf_starter/templates/azure/github/terraform.yml.j2

@@ -0,0 +1,133 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# GitHub Actions — Terraform CI/CD
+# Project: {{ project_name }}
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+name: "Terraform"
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  pull-requests: write
+
+env:
+  TF_LOG: INFO
+  {% if provider == "aws" %}
+  AWS_REGION: {{ region }}
+  {% elif provider == "gcp" %}
+  GCP_REGION: {{ region }}
+  {% elif provider == "azure" %}
+  ARM_LOCATION: {{ region }}
+  {% endif %}
+
+jobs:
+  terraform-fmt:
+    name: "Terraform Format"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.6.0"
+
+      - name: Terraform Format Check
+        run: terraform fmt -check -recursive -diff
+
+  terraform-validate:
+    name: "Terraform Validate"
+    runs-on: ubuntu-latest
+    needs: terraform-fmt
+    strategy:
+      matrix:
+        environment: {{ environments | tf_list }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.6.0"
+
+      - name: Terraform Init
+        working-directory: environments/${{ '{{' }} matrix.environment {{ '}}' }}
+        run: terraform init -backend=false
+
+      - name: Terraform Validate
+        working-directory: environments/${{ '{{' }} matrix.environment {{ '}}' }}
+        run: terraform validate
+
+  terraform-lint:
+    name: "TFLint"
+    runs-on: ubuntu-latest
+    needs: terraform-fmt
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: latest
+
+      - name: Init TFLint
+        run: tflint --init
+
+      - name: Run TFLint
+        run: tflint --recursive --format compact
+
+  terraform-plan:
+    name: "Terraform Plan"
+    runs-on: ubuntu-latest
+    needs: [terraform-validate, terraform-lint]
+    if: github.event_name == 'pull_request'
+    strategy:
+      matrix:
+        environment: {{ environments | tf_list }}
+    {% if provider == "aws" %}
+    env:
+      ### MUST EDIT THIS ###
+      # Configure AWS credentials via GitHub Secrets
+      AWS_ACCESS_KEY_ID: ${{ '{{' }} secrets.AWS_ACCESS_KEY_ID {{ '}}' }}
+      AWS_SECRET_ACCESS_KEY: ${{ '{{' }} secrets.AWS_SECRET_ACCESS_KEY {{ '}}' }}
+    {% elif provider == "gcp" %}
+    env:
+      ### MUST EDIT THIS ###
+      GOOGLE_CREDENTIALS: ${{ '{{' }} secrets.GCP_CREDENTIALS {{ '}}' }}
+    {% elif provider == "azure" %}
+    env:
+      ### MUST EDIT THIS ###
+      ARM_CLIENT_ID: ${{ '{{' }} secrets.ARM_CLIENT_ID {{ '}}' }}
+      ARM_CLIENT_SECRET: ${{ '{{' }} secrets.ARM_CLIENT_SECRET {{ '}}' }}
+      ARM_SUBSCRIPTION_ID: ${{ '{{' }} secrets.ARM_SUBSCRIPTION_ID {{ '}}' }}
+      ARM_TENANT_ID: ${{ '{{' }} secrets.ARM_TENANT_ID {{ '}}' }}
+    {% endif %}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.6.0"
+
+      - name: Terraform Init
+        working-directory: environments/${{ '{{' }} matrix.environment {{ '}}' }}
+        run: terraform init
+
+      - name: Terraform Plan
+        working-directory: environments/${{ '{{' }} matrix.environment {{ '}}' }}
+        run: terraform plan -var-file=terraform.tfvars -no-color
+        continue-on-error: true

package/tf_starter/templates/azure/misc/Makefile.j2

@@ -0,0 +1,60 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# Makefile for {{ project_name }}
+# Provider: {{ provider | upper }}
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+.PHONY: init plan apply destroy validate fmt clean help
+
+ENV ?= dev
+TF_DIR = environments/$(ENV)
+
+help: ## Show this help
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | \
+		awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-15s\033[0m %s\n", $$1, $$2}'
+
+init: ## Initialize Terraform (ENV=dev|staging|prod)
+	@echo "Initializing Terraform for environment: $(ENV)"
+	cd $(TF_DIR) && terraform init
+
+plan: ## Show execution plan (ENV=dev|staging|prod)
+	@echo "Planning Terraform for environment: $(ENV)"
+	cd $(TF_DIR) && terraform plan -var-file=terraform.tfvars
+
+apply: ## Apply infrastructure changes (ENV=dev|staging|prod)
+	@echo "Applying Terraform for environment: $(ENV)"
+	cd $(TF_DIR) && terraform apply -var-file=terraform.tfvars
+
+destroy: ## Destroy infrastructure (ENV=dev|staging|prod)
+	@echo "WARNING: Destroying infrastructure for environment: $(ENV)"
+	cd $(TF_DIR) && terraform destroy -var-file=terraform.tfvars
+
+validate: ## Validate Terraform configuration
+	@echo "Validating Terraform configuration..."
+	terraform fmt -check -recursive
+	@for dir in environments/*/; do \
+		echo "Validating $$dir..."; \
+		cd $$dir && terraform init -backend=false > /dev/null 2>&1 && terraform validate && cd ../..; \
+	done
+	@echo "All configurations valid."
+
+fmt: ## Format Terraform files
+	@echo "Formatting Terraform files..."
+	terraform fmt -recursive
+	@echo "Done."
+
+clean: ## Remove .terraform directories and lock files
+	@echo "Cleaning Terraform cache..."
+	find . -type d -name ".terraform" -exec rm -rf {} + 2>/dev/null || true
+	find . -name ".terraform.lock.hcl" -delete 2>/dev/null || true
+	@echo "Done."
+
+output: ## Show Terraform outputs (ENV=dev|staging|prod)
+	cd $(TF_DIR) && terraform output
+
+state-list: ## List resources in state (ENV=dev|staging|prod)
+	cd $(TF_DIR) && terraform state list
+
+cost: ## Estimate cost using infracost (requires infracost CLI)
+	@command -v infracost >/dev/null 2>&1 || { echo "infracost not installed"; exit 1; }
+	cd $(TF_DIR) && infracost breakdown --path .