terraform/README.md

# Terraform Configuration for DeFi Oracle Meta Mainnet

## Overview

This directory contains Terraform configurations for deploying the DeFi Oracle Meta Mainnet (ChainID 138) on Azure.

## Deployment Options

### 1. Legacy Single Resource Group Deployment

The default configuration uses a single resource group for all resources. This is suitable for development and testing.

**Configuration**: `terraform/main.tf`

**Usage**:
```bash
cd terraform
terraform init
terraform plan -var-file=terraform.tfvars
terraform apply -var-file=terraform.tfvars
```

### 2. Well-Architected Framework Deployment (Recommended for Production)

The Well-Architected Framework deployment uses multiple resource groups organized by purpose and lifecycle. This is recommended for production deployments.

**Configuration**: `terraform/well-architected/main.tf`

**Usage**:
```bash
cd terraform/well-architected
terraform init
terraform plan -var-file=terraform.tfvars
terraform apply -var-file=terraform.tfvars
```

**Benefits**:
- Separate resource groups by purpose (network, compute, storage, security, monitoring)
- Better cost allocation and tracking
- Improved security boundaries
- Easier resource management
- Compliance with Azure Well-Architected Framework

## Modules

### Core Modules

- **networking**: Virtual networks, subnets, NSGs, Application Gateway
- **kubernetes**: AKS cluster, node pools, Log Analytics
- **storage**: Storage accounts, containers, file shares
- **secrets**: Key Vault (legacy with access policies)

### Well-Architected Modules

- **management-groups**: Management Groups hierarchy
- **resource-groups**: Resource groups organized by purpose
- **keyvault-enhanced**: Enhanced Key Vault with RBAC and Private Endpoints
- **budget**: Consumption budgets with alerts

## Configuration Files

### Legacy Deployment

- `terraform/main.tf`: Main Terraform configuration
- `terraform/variables.tf`: Variable definitions
- `terraform/outputs.tf`: Output definitions
- `terraform/terraform.tfvars.example`: Example variables

### Well-Architected Deployment

- `terraform/well-architected/main.tf`: Main Well-Architected configuration
- `terraform/well-architected/variables.tf`: Variable definitions
- `terraform/well-architected/outputs.tf`: Output definitions
- `terraform/well-architected/terraform.tfvars.example`: Example variables

## Variables

### Common Variables

- `environment`: Environment (prod, dev, test, staging)
- `location`: Azure region
- `cluster_name`: AKS cluster name
- `kubernetes_version`: Kubernetes version
- `node_count`: Number of nodes per node pool
- `vm_size`: VM size for node pools
- `tags`: Tags to apply to resources

### Legacy Deployment Variables

- `resource_group_name`: Single resource group name
- `key_vault_name`: Key Vault name

### Well-Architected Deployment Variables

- `use_well_architected`: Enable Well-Architected Framework structure
- `network_resource_group_name`: Network resource group name
- `compute_resource_group_name`: Compute resource group name
- `storage_resource_group_name`: Storage resource group name
- `security_resource_group_name`: Security resource group name
- `key_vault_allowed_subnet_ids`: Subnet IDs allowed to access Key Vault
- `key_vault_allowed_ip_ranges`: IP ranges allowed to access Key Vault
- `budget_amount`: Monthly budget amount
- `budget_contact_emails`: Email addresses for budget notifications

## Migration

To migrate from legacy to Well-Architected Framework deployment, see [Migration Guide](../docs/MIGRATION_TO_WELL_ARCHITECTED.md).

## Documentation

- [Well-Architected Framework Review](../docs/AZURE_WELL_ARCHITECTED_REVIEW.md)
- [Well-Architected Implementation](../docs/AZURE_WELL_ARCHITECTED_IMPLEMENTATION.md)
- [Well-Architected Quick Start](../docs/AZURE_WELL_ARCHITECTED_QUICK_START.md)
- [Migration Guide](../docs/MIGRATION_TO_WELL_ARCHITECTED.md)
- [Deployment Guide](../docs/DEPLOYMENT.md)
- [Quick Start Guide](../docs/QUICKSTART.md)

## Best Practices

1. **Use Well-Architected Framework for Production**: Use the Well-Architected Framework structure for production deployments
2. **Environment Separation**: Use separate deployments for dev, test, and prod environments
3. **Resource Naming**: Follow Azure naming conventions
4. **Tagging**: Apply comprehensive tags for cost allocation and management
5. **Security**: Use RBAC for Key Vault, enable Private Endpoints, restrict network access
6. **Cost Management**: Set up budget alerts, use reserved instances, monitor costs
7. **Backup**: Enable backups for Key Vault and storage accounts
8. **Monitoring**: Set up comprehensive monitoring and alerting

## Troubleshooting

### Issue: Resource Group Already Exists

**Solution**: Use existing resource groups or rename new ones

### Issue: Key Vault Network Restrictions Too Strict

**Solution**: Temporarily allow management IP, then refine network rules

### Issue: Resources Can't Be Moved

**Solution**: Some resources can't be moved between resource groups. Recreate them in the new resource group.

## References

- [Azure Well-Architected Framework](https://docs.microsoft.com/azure/architecture/framework/)
- [Terraform Azure Provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs)
- [Azure Naming Conventions](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
Add Oracle Aggregator and CCIP Integration - Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts. 2025-12-12 14:57:48 -08:00			`# Terraform Configuration for DeFi Oracle Meta Mainnet`

			`## Overview`

			`This directory contains Terraform configurations for deploying the DeFi Oracle Meta Mainnet (ChainID 138) on Azure.`

			`## Deployment Options`

			`### 1. Legacy Single Resource Group Deployment`

			`The default configuration uses a single resource group for all resources. This is suitable for development and testing.`

			Configuration: `terraform/main.tf`

			`Usage:`
			```bash
			`cd terraform`
			`terraform init`
			`terraform plan -var-file=terraform.tfvars`
			`terraform apply -var-file=terraform.tfvars`
			```

			`### 2. Well-Architected Framework Deployment (Recommended for Production)`

			`The Well-Architected Framework deployment uses multiple resource groups organized by purpose and lifecycle. This is recommended for production deployments.`

			Configuration: `terraform/well-architected/main.tf`

			`Usage:`
			```bash
			`cd terraform/well-architected`
			`terraform init`
			`terraform plan -var-file=terraform.tfvars`
			`terraform apply -var-file=terraform.tfvars`
			```

			`Benefits:`
			`- Separate resource groups by purpose (network, compute, storage, security, monitoring)`
			`- Better cost allocation and tracking`
			`- Improved security boundaries`
			`- Easier resource management`
			`- Compliance with Azure Well-Architected Framework`

			`## Modules`

			`### Core Modules`

			`- networking: Virtual networks, subnets, NSGs, Application Gateway`
			`- kubernetes: AKS cluster, node pools, Log Analytics`
			`- storage: Storage accounts, containers, file shares`
			`- secrets: Key Vault (legacy with access policies)`

			`### Well-Architected Modules`

			`- management-groups: Management Groups hierarchy`
			`- resource-groups: Resource groups organized by purpose`
			`- keyvault-enhanced: Enhanced Key Vault with RBAC and Private Endpoints`
			`- budget: Consumption budgets with alerts`

			`## Configuration Files`

			`### Legacy Deployment`

			- `terraform/main.tf`: Main Terraform configuration
			- `terraform/variables.tf`: Variable definitions
			- `terraform/outputs.tf`: Output definitions
			- `terraform/terraform.tfvars.example`: Example variables

			`### Well-Architected Deployment`

			- `terraform/well-architected/main.tf`: Main Well-Architected configuration
			- `terraform/well-architected/variables.tf`: Variable definitions
			- `terraform/well-architected/outputs.tf`: Output definitions
			- `terraform/well-architected/terraform.tfvars.example`: Example variables

			`## Variables`

			`### Common Variables`

			- `environment`: Environment (prod, dev, test, staging)
			- `location`: Azure region
			- `cluster_name`: AKS cluster name
			- `kubernetes_version`: Kubernetes version
			- `node_count`: Number of nodes per node pool
			- `vm_size`: VM size for node pools
			- `tags`: Tags to apply to resources

			`### Legacy Deployment Variables`

			- `resource_group_name`: Single resource group name
			- `key_vault_name`: Key Vault name

			`### Well-Architected Deployment Variables`

			- `use_well_architected`: Enable Well-Architected Framework structure
			- `network_resource_group_name`: Network resource group name
			- `compute_resource_group_name`: Compute resource group name
			- `storage_resource_group_name`: Storage resource group name
			- `security_resource_group_name`: Security resource group name
			- `key_vault_allowed_subnet_ids`: Subnet IDs allowed to access Key Vault
			- `key_vault_allowed_ip_ranges`: IP ranges allowed to access Key Vault
			- `budget_amount`: Monthly budget amount
			- `budget_contact_emails`: Email addresses for budget notifications

			`## Migration`

			`To migrate from legacy to Well-Architected Framework deployment, see [Migration Guide](../docs/MIGRATION_TO_WELL_ARCHITECTED.md).`

			`## Documentation`

			`- [Well-Architected Framework Review](../docs/AZURE_WELL_ARCHITECTED_REVIEW.md)`
			`- [Well-Architected Implementation](../docs/AZURE_WELL_ARCHITECTED_IMPLEMENTATION.md)`
			`- [Well-Architected Quick Start](../docs/AZURE_WELL_ARCHITECTED_QUICK_START.md)`
			`- [Migration Guide](../docs/MIGRATION_TO_WELL_ARCHITECTED.md)`
			`- [Deployment Guide](../docs/DEPLOYMENT.md)`
			`- [Quick Start Guide](../docs/QUICKSTART.md)`

			`## Best Practices`

			`1. Use Well-Architected Framework for Production: Use the Well-Architected Framework structure for production deployments`
			`2. Environment Separation: Use separate deployments for dev, test, and prod environments`
			`3. Resource Naming: Follow Azure naming conventions`
			`4. Tagging: Apply comprehensive tags for cost allocation and management`
			`5. Security: Use RBAC for Key Vault, enable Private Endpoints, restrict network access`
			`6. Cost Management: Set up budget alerts, use reserved instances, monitor costs`
			`7. Backup: Enable backups for Key Vault and storage accounts`
			`8. Monitoring: Set up comprehensive monitoring and alerting`

			`## Troubleshooting`

			`### Issue: Resource Group Already Exists`

			`Solution: Use existing resource groups or rename new ones`

			`### Issue: Key Vault Network Restrictions Too Strict`

			`Solution: Temporarily allow management IP, then refine network rules`

			`### Issue: Resources Can't Be Moved`

			`Solution: Some resources can't be moved between resource groups. Recreate them in the new resource group.`

			`## References`

			`- [Azure Well-Architected Framework](https://docs.microsoft.com/azure/architecture/framework/)`
			`- [Terraform Azure Provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs)`
			`- [Azure Naming Conventions](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)`