Structure OpenTofu environments

README.md

@@ -18,6 +18,21 @@ https://localstack.paulononato.com.br
 - Secrets Manager secret with simulated credentials.
 - Event source mapping SQS -> Lambda.
 
+## Repository Layout
+
+```text
+.
++-- environments
+|   +-- dev
+|   +-- stg
+|   +-- prd
++-- examples
++-- modules
+    +-- quantum
+```
+
+Each environment is an independent OpenTofu root module. The shared infrastructure code lives in `modules/quantum`.
+
 ## Prerequisites
 
 - OpenTofu installed.
@@ -42,6 +57,14 @@ $env:AWS_DEFAULT_REGION="us-east-1"
 
 ## Usage
 
+Choose an environment first:
+
+```bash
+cd environments/dev
+```
+
+Use `environments/stg` or `environments/prd` for the other simulated stages.
+
 Initialize:
 
 ```bash
@@ -79,7 +102,7 @@ Send a message to the Quantum queue:
 ```bash
 aws --endpoint-url https://localstack.paulononato.com.br sqs send-message \
   --queue-url "$(tofu output -raw quantum_queue_url)" \
-  --message-body '{"event":"quantum.order.created","orderId":"QTM-1001"}'
+  --message-body file://../../examples/quantum-message.json
 ```
 
 Read the secret:

environments/dev/main.tf

@@ -0,0 +1,6 @@
+module "quantum" {
+  source = "../../modules/quantum"
+
+  project_name = var.project_name
+  environment  = "dev"
+}

environments/dev/outputs.tf

@@ -0,0 +1,34 @@
+output "localstack_endpoint" {
+  description = "LocalStack endpoint used by the provider."
+  value       = var.localstack_endpoint
+}
+
+output "quantum_bucket_name" {
+  description = "S3 bucket for the Quantum application."
+  value       = module.quantum.quantum_bucket_name
+}
+
+output "quantum_queue_url" {
+  description = "Main SQS queue URL."
+  value       = module.quantum.quantum_queue_url
+}
+
+output "quantum_dlq_url" {
+  description = "DLQ URL."
+  value       = module.quantum.quantum_dlq_url
+}
+
+output "quantum_lambda_name" {
+  description = "Processor Lambda function name."
+  value       = module.quantum.quantum_lambda_name
+}
+
+output "quantum_log_group_name" {
+  description = "CloudWatch Log Group for the Lambda function."
+  value       = module.quantum.quantum_log_group_name
+}
+
+output "quantum_secret_name" {
+  description = "Secrets Manager secret name."
+  value       = module.quantum.quantum_secret_name
+}

environments/dev/variables.tf

@@ -15,9 +15,3 @@ variable "project_name" {
   type        = string
   default     = "quantum"
 }
-
-variable "environment" {
-  description = "Fictional application environment."
-  type        = string
-  default     = "dev"
-}

environments/prd/main.tf

@@ -0,0 +1,6 @@
+module "quantum" {
+  source = "../../modules/quantum"
+
+  project_name = var.project_name
+  environment  = "prd"
+}

environments/prd/outputs.tf

@@ -0,0 +1,34 @@
+output "localstack_endpoint" {
+  description = "LocalStack endpoint used by the provider."
+  value       = var.localstack_endpoint
+}
+
+output "quantum_bucket_name" {
+  description = "S3 bucket for the Quantum application."
+  value       = module.quantum.quantum_bucket_name
+}
+
+output "quantum_queue_url" {
+  description = "Main SQS queue URL."
+  value       = module.quantum.quantum_queue_url
+}
+
+output "quantum_dlq_url" {
+  description = "DLQ URL."
+  value       = module.quantum.quantum_dlq_url
+}
+
+output "quantum_lambda_name" {
+  description = "Processor Lambda function name."
+  value       = module.quantum.quantum_lambda_name
+}
+
+output "quantum_log_group_name" {
+  description = "CloudWatch Log Group for the Lambda function."
+  value       = module.quantum.quantum_log_group_name
+}
+
+output "quantum_secret_name" {
+  description = "Secrets Manager secret name."
+  value       = module.quantum.quantum_secret_name
+}

environments/prd/provider.tf

@@ -0,0 +1,22 @@
+provider "aws" {
+  region                      = var.aws_region
+  access_key                  = "test"
+  secret_key                  = "test"
+  s3_use_path_style           = true
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  skip_requesting_account_id  = true
+
+  endpoints {
+    apigateway     = var.localstack_endpoint
+    cloudformation = var.localstack_endpoint
+    cloudwatch     = var.localstack_endpoint
+    iam            = var.localstack_endpoint
+    lambda         = var.localstack_endpoint
+    logs           = var.localstack_endpoint
+    s3             = var.localstack_endpoint
+    secretsmanager = var.localstack_endpoint
+    sqs            = var.localstack_endpoint
+    sts            = var.localstack_endpoint
+  }
+}

environments/prd/variables.tf

@@ -0,0 +1,17 @@
+variable "aws_region" {
+  description = "Simulated AWS region in LocalStack."
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "localstack_endpoint" {
+  description = "LocalStack HTTPS endpoint."
+  type        = string
+  default     = "https://localstack.paulononato.com.br"
+}
+
+variable "project_name" {
+  description = "Short name of the fictional project."
+  type        = string
+  default     = "quantum"
+}

environments/prd/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.6.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    archive = {
+      source  = "hashicorp/archive"
+      version = "~> 2.4"
+    }
+  }
+}

environments/stg/main.tf

@@ -0,0 +1,6 @@
+module "quantum" {
+  source = "../../modules/quantum"
+
+  project_name = var.project_name
+  environment  = "stg"
+}

environments/stg/outputs.tf

@@ -0,0 +1,34 @@
+output "localstack_endpoint" {
+  description = "LocalStack endpoint used by the provider."
+  value       = var.localstack_endpoint
+}
+
+output "quantum_bucket_name" {
+  description = "S3 bucket for the Quantum application."
+  value       = module.quantum.quantum_bucket_name
+}
+
+output "quantum_queue_url" {
+  description = "Main SQS queue URL."
+  value       = module.quantum.quantum_queue_url
+}
+
+output "quantum_dlq_url" {
+  description = "DLQ URL."
+  value       = module.quantum.quantum_dlq_url
+}
+
+output "quantum_lambda_name" {
+  description = "Processor Lambda function name."
+  value       = module.quantum.quantum_lambda_name
+}
+
+output "quantum_log_group_name" {
+  description = "CloudWatch Log Group for the Lambda function."
+  value       = module.quantum.quantum_log_group_name
+}
+
+output "quantum_secret_name" {
+  description = "Secrets Manager secret name."
+  value       = module.quantum.quantum_secret_name
+}

environments/stg/provider.tf

@@ -0,0 +1,22 @@
+provider "aws" {
+  region                      = var.aws_region
+  access_key                  = "test"
+  secret_key                  = "test"
+  s3_use_path_style           = true
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  skip_requesting_account_id  = true
+
+  endpoints {
+    apigateway     = var.localstack_endpoint
+    cloudformation = var.localstack_endpoint
+    cloudwatch     = var.localstack_endpoint
+    iam            = var.localstack_endpoint
+    lambda         = var.localstack_endpoint
+    logs           = var.localstack_endpoint
+    s3             = var.localstack_endpoint
+    secretsmanager = var.localstack_endpoint
+    sqs            = var.localstack_endpoint
+    sts            = var.localstack_endpoint
+  }
+}

environments/stg/variables.tf

@@ -0,0 +1,17 @@
+variable "aws_region" {
+  description = "Simulated AWS region in LocalStack."
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "localstack_endpoint" {
+  description = "LocalStack HTTPS endpoint."
+  type        = string
+  default     = "https://localstack.paulononato.com.br"
+}
+
+variable "project_name" {
+  description = "Short name of the fictional project."
+  type        = string
+  default     = "quantum"
+}

environments/stg/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.6.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    archive = {
+      source  = "hashicorp/archive"
+      version = "~> 2.4"
+    }
+  }
+}

modules/quantum/main.tf

@@ -34,7 +34,7 @@ resource "aws_s3_bucket_versioning" "quantum_artifacts" {
 
 resource "aws_s3_object" "sample_config" {
   bucket       = aws_s3_bucket.quantum_artifacts.id
-  key          = "config/quantum-dev.json"
+  key          = "config/quantum-${var.environment}.json"
   content_type = "application/json"
 
   content = jsonencode({
@@ -84,9 +84,9 @@ resource "aws_secretsmanager_secret_version" "quantum_app" {
   secret_id = aws_secretsmanager_secret.quantum_app.id
 
   secret_string = jsonencode({
-    databaseUrl = "postgres://quantum_user:fake_password@quantum-db.local:5432/quantum"
-    apiKey      = "qtm_dev_fake_123456"
-    jwtSecret   = "localstack-only-secret"
+    databaseUrl = "postgres://quantum_user:fake_password@quantum-${var.environment}-db.local:5432/quantum"
+    apiKey      = "qtm_${var.environment}_fake_123456"
+    jwtSecret   = "localstack-only-secret-${var.environment}"
   })
 }
 

modules/quantum/outputs.tf

@@ -1,8 +1,3 @@
-output "localstack_endpoint" {
-  description = "LocalStack endpoint used by the provider."
-  value       = var.localstack_endpoint
-}
-
 output "quantum_bucket_name" {
   description = "S3 bucket for the Quantum application."
   value       = aws_s3_bucket.quantum_artifacts.bucket

modules/quantum/variables.tf

@@ -0,0 +1,10 @@
+variable "project_name" {
+  description = "Short name of the fictional project."
+  type        = string
+  default     = "quantum"
+}
+
+variable "environment" {
+  description = "Fictional application environment."
+  type        = string
+}

modules/quantum/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.6.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    archive = {
+      source  = "hashicorp/archive"
+      version = "~> 2.4"
+    }
+  }
+}