Opentrons monorepo Infra
This repository contains the infrastructure as code for Opentrons using Terraform. The infrastructure is organized into environment-specific configurations located in the aws/env/ directory.
aws/
├── modules/ # Reusable Terraform modules
│ ├── docs-buckets/
│ ├── cloudfront-distribution/
│ ├── cloudfront-function/
│ └── waf-web-acl/
└── env/ # Environment-specific configurations
├── sandbox/ # Development/testing environment
├── staging/ # Pre-production environment
└── production/ # Production environment
Before running Terraform commands, ensure you have:
- Terraform installed (version ~>1.11)
- AWS CLI configured with appropriate credentials
- AWS profile configured for Terraform state management (
terraform-stateprofile) - Access to the S3 backend (
core-infra-tf-statebucket in us-east-2)
Each environment directory (aws/env/sandbox, aws/env/staging, aws/env/production) contains its own Terraform configuration with:
terraform.tf- Backend configuration and provider requirements{environment}.tf- Environment-specific resources.terraform.lock.hcl- Provider lock file
Navigate to the desired environment directory and follow these steps:
# 1. Navigate to the environment directory
cd aws/env/sandbox # or staging, production
# 2. Initialize Terraform (downloads providers and sets up backend)
terraform init
# 3. Plan your changes
terraform plan
# 4. Apply your changes
terraform applycd aws/env/sandbox
terraform init
terraform plan
terraform applycd aws/env/staging
terraform init
terraform plan
terraform applycd aws/env/production
terraform init
terraform plan
terraform applyTo deploy only specific resources or modules:
# Deploy only the docs buckets module
terraform plan -target=module.docs_buckets
terraform apply -target=module.docs_buckets
# Deploy only specific resources
terraform plan -target=aws_s3_bucket.docs
terraform apply -target=aws_s3_bucket.docsThe Terraform state is stored remotely in S3 with the following configuration:
- Backend: S3
- Bucket:
core-infra-tf-state - Region:
us-east-2 - Profile:
terraform-state - Encryption: Enabled
# Check current state
terraform show
# List resources
terraform state list
# Import existing resources
terraform import aws_s3_bucket.docs bucket-name
# Destroy resources (use with caution)
terraform destroy
# Format Terraform files
terraform fmt
# Validate configuration
terraform validate
# Refresh state
terraform refresh- Always run
terraform planbefore applying changes - Review changes carefully before applying to production
- Keep state files secure and never commit them to version control
- Use consistent naming for resources across environments
- Document changes in commit messages
- Backend configuration errors: Ensure AWS credentials are properly configured
- Provider version conflicts: Check
.terraform.lock.hclfor version constraints - State lock issues: Check if another process is holding the state lock
- Permission errors: Verify AWS IAM permissions for the terraform-state profile
- Check the environment-specific README in
aws/env/README.md - Review Terraform logs for detailed error messages
- Ensure all required AWS services are available in your region
- All environments use proper IAM roles and policies
- S3 buckets are configured with appropriate access controls
- State files are encrypted and stored securely
- Follow the principle of least privilege when configuring access
When making changes to infrastructure:
- Test changes in sandbox first
- Use descriptive commit messages
- Update documentation as needed
- Follow the existing naming conventions
- Ensure all Terraform files are properly formatted