cfec11bb46
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
stop-slop, taste-skill, terrashark had embedded .git dirs causing Woodpecker clone to fail on submodule update.
1.6 KiB
1.6 KiB
Neutral Examples (Context-Dependent)
1) Workspace-centric environment split
locals {
env = terraform.workspace
}
resource "aws_cloudwatch_log_group" "audit" {
name = "/org/${local.env}/audit"
}
Tradeoff:
- clean for workspace-managed workflows
- harder to reason about in ad-hoc CLI usage across many environments
2) Single repo with many modules
iac-repo/
modules/
network/
identity/
observability/
environments/
dev/
prod/
Tradeoff:
- easy discovery and shared standards
- larger blast radius for repo-level process changes
3) Remote-state bridge across stacks
data "terraform_remote_state" "platform" {
backend = "gcs"
config = {
bucket = "infra-state-org"
prefix = "platform/prod"
}
}
Tradeoff:
- quick integration path
- introduces coupling to producer stack internals
4) Composite module owning many primitives
module "payments_platform" {
source = "./modules/payments-platform"
}
Tradeoff:
- simplifies root composition
- can become hard to evolve if boundaries inside module are unclear
5) Apply-mode native tests in CI
run "database_contract" {
command = apply
}
Tradeoff:
- catches real runtime behavior
- increases cost and pipeline duration
6) Aggressive precondition usage
resource "aws_s3_bucket" "artifact" {
bucket = var.bucket_name
lifecycle {
precondition {
condition = startswith(var.bucket_name, "org-")
error_message = "Bucket names must start with org-."
}
}
}
Tradeoff:
- protects conventions early
- too many strict checks can reduce module reuse across org units