🔗 Repo: github.com/Push/terraform-aws-labs/day06

🎯 Goal: Move from monolithic main.tf → organized, maintainable, team-ready project layout.

🧠 Why Structure Matters

💡 Terraform merges all .tf files into one config — but how you organize them determines:

• ✅ Readability (Can a new engineer understand it in 5 mins?)
• ✅ Maintainability (Can you update VPC without touching S3?)
• ✅ Collaboration (Can two people work on networking/ and compute/ safely?)
• ✅ Git hygiene (No accidental state/secret commits!)

❌ Bad: One main.tf with 2,000 lines

✅ Good: Logical, consistent, documented structure

📁 Production-Grade File Structure (Recommended)

🔹 Core Layout (/day06/)

day06/
├── backend.tf           # 🔐 Remote state config (S3 + locking)
├── provider.tf          # 🌐 AWS provider + default tags
├── variables.tf         # 📥 Input variables (with validation!)
├── locals.tf            # 🧮 Computed values (DRY logic)
├── main.tf              # 🏗️ *Only* top-level resources (or empty!)
├── vpc.tf               # 🌐 Networking (VPC, subnets, IGW)
├── storage.tf           # 🪣 S3, EBS, EFS
├── outputs.tf           # 📤 Exposed values (VPC ID, bucket ARN)
├── terraform.tfvars     # 🎛️ Default values (dev)
├── .gitignore           # 🚫 Block sensitive files
└── README.md            # 📝 Project docs

✅ Key Principle:

“Separation of Concerns” — group by function, not just resource type.

✏️ Step-by-Step: Refactor Day 5 → Day 6

1️⃣ backend.tf — Remote State (Isolated & Secure)

# 🔐 backend.tf
terraform {
  required_version = ">= 1.5.0"
  required_providers {
    aws = { source = "hashicorp/aws", version = "~> 6.7.0" }
  }

  # ✅ S3 backend (encrypted + locked)
  backend "s3" {
    bucket         = "tech-tutorials-push-terraform-state-2025"
    key            = "dev/terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    use_lock_file  = true  # 🔒 Native S3 locking (no DynamoDB!)
  }
}

✅ Why separate?

• Backend config must be in terraform {} block
• Changes here require terraform init -reconfigure