# Terraform Configuration for DeFi Oracle Meta Mainnet

## Overview

This directory contains Terraform configurations for deploying the DeFi Oracle Meta Mainnet (ChainID 138) on Azure.

## Deployment Options

### 1. Legacy Single Resource Group Deployment

The default configuration uses a single resource group for all resources. This is suitable for development and testing.

**Configuration**: `terraform/main.tf`

**Usage**:
```bash
cd terraform
terraform init
terraform plan -var-file=terraform.tfvars
terraform apply -var-file=terraform.tfvars
```

### 2. Well-Architected Framework Deployment (Recommended for Production)

The Well-Architected Framework deployment uses multiple resource groups organized by purpose and lifecycle. This is recommended for production deployments.

**Configuration**: `terraform/well-architected/main.tf`

**Usage**:
```bash
cd terraform/well-architected
terraform init
terraform plan -var-file=terraform.tfvars
terraform apply -var-file=terraform.tfvars
```

**Benefits**:
- Separate resource groups by purpose (network, compute, storage, security, monitoring)
- Better cost allocation and tracking
- Improved security boundaries
- Easier resource management
- Compliance with Azure Well-Architected Framework

## Modules

### Core Modules

- **networking**: Virtual networks, subnets, NSGs, Application Gateway
- **kubernetes**: AKS cluster, node pools, Log Analytics
- **storage**: Storage accounts, containers, file shares
- **secrets**: Key Vault (legacy with access policies)

### Well-Architected Modules

- **management-groups**: Management Groups hierarchy
- **resource-groups**: Resource groups organized by purpose
- **keyvault-enhanced**: Enhanced Key Vault with RBAC and Private Endpoints
- **budget**: Consumption budgets with alerts

## Configuration Files

### Legacy Deployment

- `terraform/main.tf`: Main Terraform configuration
- `terraform/variables.tf`: Variable definitions
- `terraform/outputs.tf`: Output definitions
- `terraform/terraform.tfvars.example`: Example variables

### Well-Architected Deployment

- `terraform/well-architected/main.tf`: Main Well-Architected configuration
- `terraform/well-architected/variables.tf`: Variable definitions
- `terraform/well-architected/outputs.tf`: Output definitions
- `terraform/well-architected/terraform.tfvars.example`: Example variables

## Variables

### Common Variables

- `environment`: Environment (prod, dev, test, staging)
- `location`: Azure region
- `cluster_name`: AKS cluster name
- `kubernetes_version`: Kubernetes version
- `node_count`: Number of nodes per node pool
- `vm_size`: VM size for node pools
- `tags`: Tags to apply to resources

### Legacy Deployment Variables

- `resource_group_name`: Single resource group name
- `key_vault_name`: Key Vault name

### Well-Architected Deployment Variables

- `use_well_architected`: Enable Well-Architected Framework structure
- `network_resource_group_name`: Network resource group name
- `compute_resource_group_name`: Compute resource group name
- `storage_resource_group_name`: Storage resource group name
- `security_resource_group_name`: Security resource group name
- `key_vault_allowed_subnet_ids`: Subnet IDs allowed to access Key Vault
- `key_vault_allowed_ip_ranges`: IP ranges allowed to access Key Vault
- `budget_amount`: Monthly budget amount
- `budget_contact_emails`: Email addresses for budget notifications

## Migration

To migrate from legacy to Well-Architected Framework deployment, see [Migration Guide](../docs/MIGRATION_TO_WELL_ARCHITECTED.md).

## Documentation

- [Well-Architected Framework Review](../docs/AZURE_WELL_ARCHITECTED_REVIEW.md)
- [Well-Architected Implementation](../docs/AZURE_WELL_ARCHITECTED_IMPLEMENTATION.md)
- [Well-Architected Quick Start](../docs/AZURE_WELL_ARCHITECTED_QUICK_START.md)
- [Migration Guide](../docs/MIGRATION_TO_WELL_ARCHITECTED.md)
- [Deployment Guide](../docs/DEPLOYMENT.md)
- [Quick Start Guide](../docs/QUICKSTART.md)

## Best Practices

1. **Use Well-Architected Framework for Production**: Use the Well-Architected Framework structure for production deployments
2. **Environment Separation**: Use separate deployments for dev, test, and prod environments
3. **Resource Naming**: Follow Azure naming conventions
4. **Tagging**: Apply comprehensive tags for cost allocation and management
5. **Security**: Use RBAC for Key Vault, enable Private Endpoints, restrict network access
6. **Cost Management**: Set up budget alerts, use reserved instances, monitor costs
7. **Backup**: Enable backups for Key Vault and storage accounts
8. **Monitoring**: Set up comprehensive monitoring and alerting

## Troubleshooting

### Issue: Resource Group Already Exists

**Solution**: Use existing resource groups or rename new ones

### Issue: Key Vault Network Restrictions Too Strict

**Solution**: Temporarily allow management IP, then refine network rules

### Issue: Resources Can't Be Moved

**Solution**: Some resources can't be moved between resource groups. Recreate them in the new resource group.

## References

- [Azure Well-Architected Framework](https://docs.microsoft.com/azure/architecture/framework/)
- [Terraform Azure Provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs)
- [Azure Naming Conventions](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)