Terraform-managed envs (legacy)
AI-generated content
This document was generated by an AI assistant. Verify accuracy before relying on the details.
The legacy IaC for ADB lives in adb-charts/ (Terraform + Helm) and adb-infrastructure/ (shell scripts wrapping Atlas + EventBridge). Terraform state is stored in S3 at s3://tf-states.life-connect.fr/envs/<name>/, with 28 distinct env workspaces as of the 2026-05-03 audit. Most of these envs target Azure AKS plus AWS messaging/storage; they are NOT what the new infra/ Pulumi project recreates. The new project is greenfield on AWS — only the messaging plane and the S3 buckets carry over.
At a glance
| Fact | Value | Source |
|---|---|---|
| State backend | S3 tf-states.life-connect.fr/envs/ | AWS audit |
| Active env workspaces | 28 | aws s3 ls s3://tf-states.life-connect.fr/envs/ |
| Terraform consumed by | adb-charts/ | repo layout |
| Atlas / EventBridge IaC | shell scripts in adb-infrastructure/ | repo layout |
| Replacement | infra/ Pulumi project | this site |
Details
Workspace inventory (2026-05-03)
prod prod.bk
stage stage-security stage-extranet-dl
int int-security int.bk
preprod preprod-security
dev development dev-security
dev-ahmed dev-filatov dev-marwan dev-marwan.bk dev-nikita dev-rowan dev-sergey
athena hephaestus achilles odin zeus
extranet-stage-dl test
$ENV ← placeholder workspace
Active envs to plan migrations for:
- prod, stage, int, dev — primary environments
- athena, hephaestus, achilles, odin, zeus — named ephemeral / per-feature envs
- dev-ahmed, dev-filatov, dev-marwan, dev-nikita, dev-rowan, dev-sergey — per-developer envs
*-securityenvs — separate workspaces for IAM resources (mirrors theadb-chartsstructure)extranet-*— separate extranet/customer-facing surface*.bk— Terraform state backups
Migration strategy (rough)
The new infra/ plan is to keep the messaging side as-is (the SQS queues + EventBridge rules in adb-prod AWS) and rebuild compute on ECS. Per-developer envs become per-PR ephemeral envs in the new adb-preview AWS account (/deploy PR comments).
Named envs (athena, hephaestus, …) are not first-class in the new design — they were a workaround for the AKS scaling/cost trade-offs. With ECS Fargate Spot, those workarounds may be unnecessary.
Open questions
- Should
*-securityworkspaces have a 1:1 mapping to the new IAM Identity Center groups, or is the new approach materially different? - The
*.bkbackups are years old — safe to delete once the new infra is live in prod? - What still references
tf-states.life-connect.fr? Any active CI? If yes, those need to flip to Pulumi state before we sunset.