Life ConnectLife Connect
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
  • Cross-cutting concepts

    • EventBridge fanout
    • Atlas Triggers
    • ECS Fargate deploy lifecycle
    • Keycloak hosting
    • Cloudflare Pages auto-deploy
    • Bitbucket Pipelines (legacy)
    • Terraform-managed envs (legacy)
  • Accounting model

    • Accounting model
    • Events catalog
    • Accounting journals
    • Plan of accounts (PCG)
    • Auxiliary accounts
    • FEC fields (Fichier des Écritures Comptables)
    • pieceReference numbering
    • Tenant matrix (payable / receivable)
    • Owner matrix (payable / receivable)
    • Take-over UI display rules
Last updated 2026-05-03

Terraform-managed envs (legacy)

AI-generated content

This document was generated by an AI assistant. Verify accuracy before relying on the details.

The legacy IaC for ADB lives in adb-charts/ (Terraform + Helm) and adb-infrastructure/ (shell scripts wrapping Atlas + EventBridge). Terraform state is stored in S3 at s3://tf-states.life-connect.fr/envs/<name>/, with 28 distinct env workspaces as of the 2026-05-03 audit. Most of these envs target Azure AKS plus AWS messaging/storage; they are NOT what the new infra/ Pulumi project recreates. The new project is greenfield on AWS — only the messaging plane and the S3 buckets carry over.

At a glance

FactValueSource
State backendS3 tf-states.life-connect.fr/envs/AWS audit
Active env workspaces28aws s3 ls s3://tf-states.life-connect.fr/envs/
Terraform consumed byadb-charts/repo layout
Atlas / EventBridge IaCshell scripts in adb-infrastructure/repo layout
Replacementinfra/ Pulumi projectthis site

Details

Workspace inventory (2026-05-03)

prod  prod.bk
stage stage-security stage-extranet-dl
int   int-security   int.bk
preprod preprod-security
dev development dev-security
dev-ahmed dev-filatov dev-marwan dev-marwan.bk dev-nikita dev-rowan dev-sergey
athena hephaestus achilles odin zeus
extranet-stage-dl test
$ENV   ← placeholder workspace

Active envs to plan migrations for:

  • prod, stage, int, dev — primary environments
  • athena, hephaestus, achilles, odin, zeus — named ephemeral / per-feature envs
  • dev-ahmed, dev-filatov, dev-marwan, dev-nikita, dev-rowan, dev-sergey — per-developer envs
  • *-security envs — separate workspaces for IAM resources (mirrors the adb-charts structure)
  • extranet-* — separate extranet/customer-facing surface
  • *.bk — Terraform state backups

Migration strategy (rough)

The new infra/ plan is to keep the messaging side as-is (the SQS queues + EventBridge rules in adb-prod AWS) and rebuild compute on ECS. Per-developer envs become per-PR ephemeral envs in the new adb-preview AWS account (/deploy PR comments).

Named envs (athena, hephaestus, …) are not first-class in the new design — they were a workaround for the AKS scaling/cost trade-offs. With ECS Fargate Spot, those workarounds may be unnecessary.

Open questions

  • Should *-security workspaces have a 1:1 mapping to the new IAM Identity Center groups, or is the new approach materially different?
  • The *.bk backups are years old — safe to delete once the new infra is live in prod?
  • What still references tf-states.life-connect.fr? Any active CI? If yes, those need to flip to Pulumi state before we sunset.
Edit this page
Last Updated:
Contributors: Yevhenii Khudolii
Prev
Bitbucket Pipelines (legacy)