# Terraform IaC

Infrastructure-as-code discipline for Terraform.

## Rules

1. **Modules for reuse, root modules for composition.** Repeated infrastructure patterns become modules. Environment-specific wiring stays in root modules.

2. **State is sacred.** Remote state with locking. Never edit state manually without understanding the blast radius. State drift is a bug.

3. **Plan before apply, always.** `terraform plan` shows what will change. Blind `apply` is how you delete production databases.

4. **Variables and outputs are the module contract.** Document what goes in and what comes out. Hardcoded values inside modules break reuse.

5. **Pin provider versions.** Unpinned providers can introduce breaking changes on the next init. Lock files are committed.

6. **Style guide consistency.** Consistent naming, tagging, and file structure across modules. `terraform fmt` and `validate` in CI.

## What This Replaces

Copy-pasted Terraform with hardcoded values, manual state edits, unpinned providers, and infrastructure changes applied without a plan review.

## Official Source

Distilled from HashiCorp's official Terraform skills.
Full upstream: https://officialskills.sh/hashicorp/skills/terraform-style-guide