ai-workspace-infra/iac_modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,583 Commits 3 Branches 2 Tags 21 MiB
main
Commit Graph

1583 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cloudneutral
cca8991a8a Add service guardrails for landing zone 2025-12-07 14:32:01 +08:00
Haitao Pan
3765f0192c feat(iac): add full multi-cloud Terraform HCL frameworks (AliCloud/Azure/GCP/Vultr) 
- Introduce complete terraform-hcl-standard directory for 4 cloud providers
- Add bootstrap (iam/oss/ots/s3), config, envs/dev templates
- Add core modules: vpc, ecs/compute, nlb/alb, redis, rds, object-storage
- Provide initial README for each provider
 2025-11-21 13:33:11 +08:00
Haitao Pan
338090a8f3 refactor: reorganize terraform-standard directory layout 
- Move modules/, envs/, bootstrap-* to new paths
- Update all related GitHub workflows
- No logic changes; relocations only
 2025-11-20 20:15:26 +08:00
Haitao Pan
2a22406685 chore(ci): remove tfsec scanning from Terraform matrix workflows 2025-11-17 22:43:44 +08:00
Haitao Pan
950a68f6eb fix(ci): correct dry_run context in Terraform matrix workflows 2025-11-17 22:33:32 +08:00
Haitao Pan
e6fccac7e8 feat(ci): enhance Terraform IAC pipeline with account/resources matrix workflows 2025-11-17 22:28:56 +08:00
Haitao Pan
d5b70c7572 ci(terraform): add multi-environment matrix pipeline and standard Makefiles 
- Added new workflow: terraform-standard-iac-pipeline-account-matrix.yaml
- Introduced Terraform Standard Makefile templates for:
  • envs/dev-role
  • envs/dev-vpc
 2025-11-17 22:06:51 +08:00
Haitao Pan
703e801752 fix(terraform): add required destroy variables for bootstrap dynamodb and s3 Makefiles 2025-11-17 21:29:12 +08:00
Haitao Pan
f6ebde7b96 fix(terraform): parameterize bootstrap-iam Makefile and remove hardcoded vars 2025-11-17 20:43:02 +08:00
Haitao Pan
9ae1d2bf84 ci(terraform): update bootstrap & landingzone pipelines and add validation/notification scripts 2025-11-17 20:34:11 +08:00
Haitao Pan
64cb67d4ba add workflows: terraform-standard-iac-pipeline-aws-global-bootstrap.yaml 2025-11-17 20:15:17 +08:00
shenlan
4b6f2b50b7
Update XStream description in README.md 
Removed '支持 Reality / Xray-core' from XStream description in both Chinese and English sections.
 2025-11-17 17:57:24 +08:00
shenlan
a5ff701b86
Revise README for improved clarity and organization 
Updated README to enhance clarity and structure, adding sections for core projects, capabilities, and use cases in both Chinese and English.
 2025-11-17 17:56:24 +08:00
Haitao Pan
bbdf79f816 ci(terraform): add Terraform Standard pipeline for AWS LandingZone baseline 2025-11-17 17:42:51 +08:00
Haitao Pan
a3f054e8e8 feat(alb): add Application Load Balancer module and dev-alb environment 2025-11-17 17:34:42 +08:00
Haitao Pan
f2996804ac feat(landingzone): add minimal AWS Landing Zone baseline module 
- Introduce minimal landingzone module with account-level IAM baseline:
  - deny-root.json
  - deny-no-mfa.json (MFA enforced)
  - deny-console-write.json (Console readonly mode)
  - deny-ri-sp.json (deny Reserved Instances / Savings Plans purchases)
 2025-11-17 17:33:41 +08:00
Haitao Pan
f2c9b114cf update: config/resources/dev-rds/rds.yaml 2025-11-17 17:03:07 +08:00
Haitao Pan
6b1e04f5da refactor(msk): adopt new storage_info schema for MSK EBS configuration 2025-11-17 17:03:07 +08:00
Haitao Pan
c05364dfe0 feat(nlb): add Network Load Balancer module and dev-nlb environment 2025-11-17 17:00:34 +08:00
Haitao Pan
245e5d9b89 refactor: rename dev-object s3 config to bucket; update backend paths 2025-11-17 15:46:04 +08:00
Haitao Pan
cbef46792a feat(redis): add basic msk module and dev-kafka environment 2025-11-17 15:43:44 +08:00
Haitao Pan
e3ecb5083e feat(redis): add basic redis module and dev-redis environment 2025-11-17 13:28:52 +08:00
Haitao Pan
00a315ea4c feat(rds): add basic rds module and dev-rds environment 2025-11-17 13:22:58 +08:00
Haitao Pan
4420416bf1 feat(s3): add basic S3 module and dev-object environment 2025-11-17 13:17:19 +08:00
Haitao Pan
7c57c839ef feat(iac): modularize EC2 env + add dynamic AMI lookup 
- new envs/dev-ec2 environment
- add ami_lookup module (Ubuntu/Rocky/AmazonLinux auto-resolve)
- add keypair, sg, ec2 modules
- remove VPC remote_state dependency
- fix SG duplicate rules
- unify module variables/outputs
 2025-11-17 13:06:05 +08:00
Haitao Pan
a75754a2ee feat(vpc): add dev-vpc environment and vpc module 2025-11-17 11:49:49 +08:00
Haitao Pan
6f12e33f28 refactor: update IAM bootstrap and rename envs/dev to envs/dev-role 2025-11-17 11:27:26 +08:00
Haitao Pan
ab64194aec refactor(makefile): standardize bootstrap Makefiles across DynamoDB, IAM, and S3 2025-11-17 10:28:23 +08:00
Haitao Pan
bcb09baede Add top-level Makefile for unified bootstrap workflow 2025-11-17 09:58:31 +08:00
Haitao Pan
9984f19f97 refactor(iam): convert IAM module to reusable universal role module 2025-11-17 00:12:26 +08:00
Haitao Pan
0b2050c886 feat: add bootstrap IAM workflow and environment-scoped Terraform structure 2025-11-16 23:54:43 +08:00
Haitao Pan
f7960153fe feat(terraform-standard): add S3 and DynamoDB bootstrap modules with backend setup 2025-11-16 21:59:42 +08:00
shenlan
4b7789265c
Merge pull request #143 from svc-design/codex/fix-pulumi-login-timeout-error-62jb2j 
Improve Pulumi login resilience
 2025-10-05 10:44:28 +08:00
shenlan
fc88e5e075
Merge pull request #142 from svc-design/codex/fix-pulumi-login-timeout-error 
Improve Pulumi login resilience
 2025-10-05 10:44:20 +08:00
shenlan
d75cfef536 Improve Pulumi login resilience 2025-10-05 10:43:17 +08:00
shenlan
7d9fe99659 Improve Pulumi login resilience 2025-10-05 10:43:03 +08:00
shenlan
68b30f511f
Merge pull request #141 from svc-design/codex/analyze-unresponsive-cli-command 
Handle missing Pulumi passphrase during CLI init
 2025-10-05 09:49:32 +08:00
shenlan
44627e622f Ensure Pulumi CLI requires passphrase before login 2025-10-05 09:44:20 +08:00
shenlan
a33c20b7f0
Merge pull request #140 from svc-design/codex/fix-invalid-workflow-file-reference 
Quote reusable workflow references in infrastructure pipeline
 2025-10-03 23:40:53 +08:00
shenlan
e391d3c789 Fix workflow references with explicit version 2025-10-03 23:40:36 +08:00
shenlan
8dd0249ff0
Merge pull request #139 from svc-design/codex/refactor-multi-cloud-preview-to-use-matrix-jobs 
Update multi-cloud preview to Pulumi matrix job
 2025-10-03 23:17:48 +08:00
shenlan
55cb00448b Refactor preview stage to use matrix jobs 2025-10-03 22:52:36 +08:00
shenlan
3788e3bd28
Merge pull request #138 from svc-design/codex/fix-syntax-in-iac-pipeline-workflow 
Fix multi-cloud baseline workflow preview jobs
 2025-10-03 22:42:29 +08:00
shenlan
3ff090a5cf Fix multi-cloud workflow preview fan-out 2025-10-03 22:41:53 +08:00
Haitao Pan
aa0f186341 ci: refactor multi-cloud baseline to matrix preview jobs 2025-10-03 22:28:50 +08:00
shenlan
93bbbe1adb
Merge pull request #137 from svc-design/codex/fix-unrecognized-named-value-in-workflow-1zb578 
Fix multi-cloud baseline workflow preview jobs
 2025-10-03 22:23:58 +08:00
shenlan
ad025c304e Fix reusable preview job configuration 2025-10-03 22:23:40 +08:00
shenlan
cc24e8ac80
Merge pull request #136 from svc-design/codex/refactor-workflow-to-use-matrix-strategy 
Refactor multi-cloud landing zone workflow stages
 2025-10-03 22:20:19 +08:00
shenlan
a59664aa5d Refactor multi-cloud landing zone workflow stages 2025-10-03 22:19:00 +08:00
shenlan
8e5053e8b4
Merge pull request #135 from svc-design/codex/fix-workflow-calls-in-yaml-files 
Fix reusable workflow references in pipeline workflows
 2025-10-03 20:37:32 +08:00