Terraform Overview
The MATIH platform uses Terraform for cloud infrastructure provisioning across Azure, AWS, and GCP. Modules are organized by cloud provider and concern, with environment-specific configurations for dev, staging, and production deployments.
Directory Structure
infrastructure/terraform/
modules/
azure/ -- Azure-specific modules
aws/ -- AWS-specific modules
gcp/ -- GCP-specific modules
platform/ -- Cloud-agnostic platform modules
tenant/ -- Per-tenant infrastructure modules
environments/
azure-matihlabs/ -- Azure dev environmentSub-Pages
| Page | Description |
|---|---|
| Azure Modules | AKS, PostgreSQL, Key Vault, networking, storage |
| AWS Modules | EKS, RDS, S3, Bedrock, networking |
| GCP Modules | GKE, CloudSQL, GCS, Vertex AI, networking |
| Environments | Environment-specific configurations |
| Tenant Modules | Per-tenant cloud AI and infrastructure provisioning |
Terraform Workflow
Stage 00 (cd-new.sh)
|
v
terraform init ──> terraform plan ──> terraform apply
|
v
terraform output -json > .terraform_outputs.json
|
v
Subsequent stages read via tf_get_output()Output Caching
Terraform outputs are cached to logs/deployment/.terraform_outputs.json after Stage 00 runs. All subsequent stages read from this file via tf_get_output() in scripts/lib/core/config.sh.
Security Rules
| Rule | Enforcement |
|---|---|
No secrets in .tf files | Passwords generated with random_password and stored in Key Vault |
No secrets in tfvars | Use variable references and data sources |
| State storage | Remote backend (Azure Storage, S3, GCS) |
| State encryption | Encrypted at rest in cloud storage |