Skip to main content

Terraform roots

Atlas keeps reusable infrastructure logic in shared modules and instantiates that logic from two environment roots.

Root inventory

Root file	Purpose
`backend.tf`	S3 backend and DynamoDB locking configuration
`providers.tf`	AWS provider configuration
`versions.tf`	Terraform and provider version constraints
`data.tf`	environment-level data sources such as availability zones
`locals.tf`	name prefixes, common tags, and secret templates
`variables.tf`	root inputs and validation
`main.tf`	module wiring and any root-level listener rules
`monitoring.tf`	SNS topic, alarms, and budget notifications
`outputs.tf`	operator-facing outputs and integration values

What both roots instantiate

events_ecr
dashboard_ecr
vpc
events_secret
dashboard_secret
msk
optional sink buckets and msk_s3_sink
alb
events_service
dashboard_backend
dashboard_db
kafka_ui

Why the roots exist separately

separate state files and lock scopes
separate backend resources and keys
the same module graph with environment-specific values
a clear migration path from the current staging deployment to a harder production posture

Read order for operators

Confirm the correct state backend, hostnames, ACM certificate, and access settings for the target root.
Read main.tf to verify which modules and listener rules are active in the root.
Inspect outputs.tf after apply to locate hostnames, repository URLs, secret names, and database connection details.

Root inventory
What both roots instantiate
Why the roots exist separately
Read order for operators