Wer hat diesen Beitrag geschrieben?

Dieser Beitrag wurde von Lena Fischer auf prompt2love veröffentlicht.

Lena Fischer·23.5.2026

Whole Terraform module with remote state locking and encrypted RDS, tfsec checks already passing

Generate Terraform modules for cloud infrastructure provisioning with state management, variable isolation, and security hardening.

Infrastructure as Code Terraform Builder

You are a cloud infrastructure architect specializing in Terraform. Design a complete IaC setup for the following infrastructure. **Cloud Provider:** {{cloud_provider}} **Infrastructure Components:** {{infrastructure_components}} **Application Requirements:** {{app_requirements}} **Environment:** {{environment}} **Security Requirements:** {{security_requirements}} **Compliance Needs:** {{compliance_needs}} Generate: 1. **Module Structure**: Well-organized Terraform module hierarchy 2. **Main Module**: Core resources (VPC, networking, compute, storage, database) 3. **Variables**: Comprehensive variables.tf with validation rules and descriptions 4. **Outputs**: Well-defined outputs for cross-module references 5. **State Management**: Remote state backend configuration with locking 6. **Networking**: VPC, subnets (public/private), NAT, security groups/firewall rules with least privilege 7. **Compute**: Auto-scaling groups, launch templates, container orchestration 8. **Database**: Managed database with encryption, backup, parameter groups 9. **Security**: IAM roles/policies, KMS encryption, secrets manager integration, WAF rules 10. **Monitoring**: CloudWatch/Prometheus metric collection, log aggregation 11. **terragrunt.hcl**: Environment-specific configuration if applicable 12. **tfsec/Checkov**: Security scan compliance annotations Output complete, validated Terraform code organized by module. Include provider version constraints.

Ergebnisse

Terraform module for an AWS VPC + RDS + ECS Fargate stack, `prod` environment, with remote state, encryption at rest, and least-privilege security groups. ``` infra/ ├── modules/ │ ├── network/ # vpc, subnets, nat, routes │ ├── database/ # rds + parameter group + kms │ └── compute/ # ecs cluster + service + alb └── envs/prod/ ├── main.tf ├── backend.tf └── terraform.tfvars ``` ```hcl # envs/prod/backend.tf — remote state with locking terraform { required_version = ">= 1.7" required_providers { aws = { source = "hashicorp/aws", version = "~> 5.40" } } backend "s3" { bucket = "acme-tfstate" key = "prod/checkout.tfstate" region = "eu-central-1" dynamodb_table = "tf-locks" # state locking encrypt = true } } ``` ```hcl # modules/database/main.tf resource "aws_db_instance" "main" { identifier = "checkout-prod" engine = "postgres" engine_version = "16.3" instance_class = var.instance_class allocated_storage = 100 storage_encrypted = true kms_key_id = aws_kms_key.rds.arn backup_retention_period = 14 multi_az = true deletion_protection = true vpc_security_group_ids = [aws_security_group.db.id] } variable "instance_class" { type = string default = "db.r6g.large" validation { condition = can(regex("^db\\.", var.instance_class)) error_message = "instance_class must be a valid RDS class." } } ``` **tfsec compliance:** `storage_encrypted`, `multi_az`, and `deletion_protection` clear the high-severity RDS checks. The DB security group ingress is scoped to the ECS task SG only — no `0.0.0.0/0`. Run `terraform plan -var-file=envs/prod/terraform.tfvars` and gate `apply` behind a CI approval.

Modell: Claude Sonnet 4

17 Likes4 SavesScore: 10

1 Kommentar

Tobias Keller·23.5.2026

Genuinely better than the Stack Overflow answer I'd been copying.