Updated readme, pipeline and makefile

Author: robertnovac1

azure/templates/post-deploy.yml

@@ -41,8 +41,6 @@ steps:
       set -e
       if ! [[ $APIGEE_ENVIRONMENT =~ .*-*sandbox ]]; then
         export AWS_PROFILE=apim-dev
-        aws_account_no="$(aws sts get-caller-identity --query Account --output text)"
-
         service_name=$(FULLY_QUALIFIED_SERVICE_NAME)
 
         pr_no=$(echo $service_name | { grep -oE '[0-9]+$' || true; })
@@ -58,11 +56,11 @@ steps:
         echo Apigee environment: $APIGEE_ENVIRONMENT
         echo pr_no: $pr_no
 
-          cd terraform
+        cd terraform
 
         make init
-        make plan aws_account_no=${aws_account_no} environment=$workspace
-        # make apply aws_account_no=${aws_account_no} environment=$workspace
+        make plan environment=${{ parameters.aws_account_type }} sub_environment=$workspace
+        # make apply environment=${{ parameters.aws_account_type }} sub_environment=$workspace
 
         AWS_DOMAIN_NAME=$(make -s output name=service_domain_name)
         IMMS_DELTA_TABLE_NAME=$(make -s output name=imms_delta_table_name)

terraform/Makefile

@@ -1,18 +1,26 @@
 -include .env
 
+environment        ?= $(ENVIRONMENT)
+sub_environment    ?= $(SUB_ENVIRONMENT)
+sub_environment_dir := $(if $(findstring pr-,$(sub_environment)),pr,$(sub_environment))
+
 tf_cmd = AWS_PROFILE=$(AWS_PROFILE) terraform
-tf_state= -backend-config="bucket=$(STATE_BUCKET_NAME)"
 
-sub_env_folder := $(if $(findstring pr-,$(SUB_ENVIRONMENT)),pr,$(SUB_ENVIRONMENT))
-tf_vars= -var="sub_environment=$(SUB_ENVIRONMENT)" -var-file="./environments/$(ENVIRONMENT)/$(sub_env_folder)/variables.tfvars"
+bucket_name = $(if $(filter dev,$(environment)),immunisation-$(sub_environment),immunisation-$(environment))-terraform-state-files
+
+tf_state = -backend-config="bucket=$(bucket_name)"
+
+tf_vars = \
+  -var="sub_environment=$(sub_environment)" \
+  -var-file="./environments/$(environment)/$(sub_environment_dir)/variables.tfvars"
 
 lock-provider:
 	# Run this only when you install a new terraform provider. This will generate sha code in lock file for all platform
 	echo "This may take a while. Be patient!"
 	$(tf_cmd) providers lock -platform=darwin_arm64 -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64
 
 workspace:
-	$(tf_cmd) workspace new $(SUB_ENVIRONMENT) || $(tf_cmd) workspace select $(SUB_ENVIRONMENT) && echo "Switched to workspace/environment: $(SUB_ENVIRONMENT)"
+	$(tf_cmd) workspace new $(sub_environment) || $(tf_cmd) workspace select $(sub_environment) && echo "Switched to workspace/environment: $(sub_environment)"
 
 init:
 	$(tf_cmd) init $(tf_state) -upgrade  $(tf_vars)
@@ -35,7 +43,7 @@ clean:
 destroy: workspace
 	$(tf_cmd) destroy $(tf_vars) -auto-approve
 	$(tf_cmd) workspace select default
-	$(tf_cmd) workspace delete $(SUB_ENVIRONMENT)
+	$(tf_cmd) workspace delete $(sub_environment)
 
 output:
 	$(tf_cmd) output -raw $(name)

terraform/README.md

@@ -1,17 +1,31 @@
-# immunisation-fhir-api Terraform
+# About
+The terraform from this folder runs in each PR and sets up lambdas associated with the PR. Once the PR is merged, it will be used by the release pipeline to deploy to INT and REF. This is also run by the prod release pipeline to deploy the lambdas to the prod blue and green sub environments.
 
-## Setup for local dev
+## Environments Structure
 
-Add your workspace name to the env file. This is usually your shortcode.
+Terraform is executed via a `Makefile`.
+The environment-specific configuration is structured as follows:
 
-```shell
-echo environment=your-shortcode >> .env
-make init
-make workspace
-make apply
+    environments/
+    └── <ENVIRONMENT>/ # e.g. dev, int, prod (AWS account name)
+        └── <SUB_ENVIRONMENT_DIR> / # e.g. pr, internal-dev
+            └── variables.tfvars
+
+The `Makefile` automatically reads the `.env` file to determine the correct `variables.tfvars` file to use, allowing customization of infrastructure for each sub-environment.
+
+## Run locally
+1. Create a `.env` file with the following values:
+```dotenv
+ENVIRONMENT=dev # Target AWS account (e.g., dev, int, prod)
+SUB_ENVIRONMENT=pr-123 # Sub-environment (e.g., pr-57, internal-dev)
+AWS_REGION=eu-west-2
+AWS_PROFILE=your-aws-profile
 ```
+2. Run `make init` to download provisioners and dependencies
+3. Run `make plan` to output plan with the changes that terraform will perform
+4. **WARNING**: Run `make apply` only after thoroughly reviewing the plan as this might destroy or modify existing infrastructure
 
-See the Makefile for other commands.
+Note: If you switch environment configuration in .env ensure that you run `make init-reconfigure` to reconfigure the backend to prevent migrating the existing state to the new backend.
 
-If you want to apply Terraform to a workspace created by a PR you can set the above environment to the PR number.
+If you want to apply Terraform to a workspace created by a PR you can set the above SUB_ENVIRONMENT to the `PR-number` and ENVIRONMENT set to `dev`.
 E.g. `pr-57`. You can use this to test out changes when tests fail in CI.

terraform/main.tf

@@ -18,7 +18,6 @@ terraform {
 
 provider "aws" {
   region = var.aws_region
-  #profile = "apim-dev"
   default_tags {
     tags = {
       Project     = var.project_name