From ce36c8481015772e5926d209f1be2888989dc724 Mon Sep 17 00:00:00 2001
From: Dan <breakid@users.noreply.github.com>
Date: Sun, 27 Jul 2025 23:57:18 +0000
Subject: [PATCH] Added Terraform instructions and updated README (#116)

* Added Terraform instructions and updated README

* Reverted changed to CONTRIBUTING.md

---------

Co-authored-by: Matt Soucoup <masoucou@microsoft.com>
---
 README.md                              |   1 +
 instructions/terraform.instructions.md | 113 +++++++++++++++++++++++++
 2 files changed, 114 insertions(+)
 create mode 100644 instructions/terraform.instructions.md

diff --git a/README.md b/README.md
index 5140b6e..168f777 100644
--- a/README.md
+++ b/README.md
@@ -71,6 +71,7 @@ Team and project-specific instructions to enhance GitHub Copilot's behavior for
 | [SQL Development](instructions/sql-sp-generation.instructions.md) | Guidelines for generating SQL statements and stored procedures | [![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://vscode.dev/redirect?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fsql-sp-generation.instructions.md) [![Install in VS Code](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fsql-sp-generation.instructions.md) |
 | [Taming Copilot](instructions/taming-copilot.instructions.md) | Prevent Copilot from wreaking havoc across your codebase, keeping it under control. | [![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://vscode.dev/redirect?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Ftaming-copilot.instructions.md) [![Install in VS Code](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Ftaming-copilot.instructions.md) |
 | [TanStack Start with Shadcn/ui Development Guide](instructions/tanstack-start-shadcn-tailwind.instructions.md) | Guidelines for building TanStack Start applications | [![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://vscode.dev/redirect?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Ftanstack-start-shadcn-tailwind.instructions.md) [![Install in VS Code](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Ftanstack-start-shadcn-tailwind.instructions.md) |
+| [Terraform Conventions](instructions/terraform.instructions.md) | Convention specific coding standards and best practices | [![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://vscode.dev/redirect?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fterraform.instructions.md) [![Install in VS Code](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fterraform.instructions.md) |
 | [VueJS 3 Development Instructions](instructions/vuejs3.instructions.md) | VueJS 3 development standards and best practices with Composition API and TypeScript | [![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://vscode.dev/redirect?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fvuejs3.instructions.md) [![Install in VS Code](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fvuejs3.instructions.md) |
 
 > 💡 **Usage**: Copy these instructions to your `.github/copilot-instructions.md` file or create task-specific `.github/.instructions.md` files in your workspace's `.github/instructions` folder.
diff --git a/instructions/terraform.instructions.md b/instructions/terraform.instructions.md
new file mode 100644
index 0000000..681c6b6
--- /dev/null
+++ b/instructions/terraform.instructions.md
@@ -0,0 +1,113 @@
+---
+description: 'Terraform Conventions and Guidelines'
+applyTo: '**/*.tf'
+---
+
+# Terraform Conventions
+
+## General Instructions
+
+- Use Terraform to provision and manage infrastructure.
+- Use version control for your Terraform configurations.
+
+## Security
+
+- Always use the latest stable version of Terraform and its providers.
+  - Regularly update your Terraform configurations to incorporate security patches and improvements.
+- Store sensitive information in a secure manner, such as using AWS Secrets Manager or SSM Parameter Store.
+  - Regularly rotate credentials and secrets.
+  - Automate the rotation of secrets, where possible.
+- Use AWS environment variables to reference values stored in AWS Secrets Manager or SSM Parameter Store.
+  - This keeps sensitive values out of your Terraform state files.
+- Never commit sensitive information such as AWS credentials, API keys, passwords, certificates, or Terraform state to version control.
+  - Use `.gitignore` to exclude files containing sensitive information from version control.
+- Always mark sensitive variables as `sensitive = true` in your Terraform configurations.
+  - This prevents sensitive values from being displayed in the Terraform plan or apply output.
+- Use IAM roles and policies to control access to resources.
+  - Follow the principle of least privilege when assigning permissions.
+- Use security groups and network ACLs to control network access to resources.
+- Deploy resources in private subnets whenever possible.
+  - Use public subnets only for resources that require direct internet access, such as load balancers or NAT gateways.
+- Use encryption for sensitive data at rest and in transit.
+  - Enable encryption for EBS volumes, S3 buckets, and RDS instances.
+  - Use TLS for communication between services.
+- Regularly review and audit your Terraform configurations for security vulnerabilities.
+  - Use tools like `trivy`, `tfsec`, or `checkov` to scan your Terraform configurations for security issues.
+
+## Modularity
+
+- Use separate projects for each major component of the infrastructure; this:
+  - Reduces complexity
+  - Makes it easier to manage and maintain configurations
+  - Speeds up `plan` and `apply` operations
+  - Allows for independent development and deployment of components
+  - Reduces the risk of accidental changes to unrelated resources
+- Use modules to avoid duplication of configurations.
+  - Use modules to encapsulate related resources and configurations.
+  - Use modules to simplify complex configurations and improve readability.
+  - Avoid circular dependencies between modules.
+  - Avoid unnecessary layers of abstraction; use modules only when they add value.
+    - Avoid using modules for single resources; only use them for groups of related resources.
+    - Avoid excessive nesting of modules; keep the module hierarchy shallow.
+- Use `output` blocks to expose important information about your infrastructure.
+  - Use outputs to provide information that is useful for other modules or for users of the configuration.
+  - Avoid exposing sensitive information in outputs; mark outputs as `sensitive = true` if they contain sensitive data.
+
+## Maintainability
+
+- Prioritize readability, clarity, and maintainability.
+- Use comments to explain complex configurations and why certain design decisions were made.
+- Write concise, efficient, and idiomatic configs that are easy to understand.
+- Avoid using hard-coded values; use variables for configuration instead.
+  - Set default values for variables, where appropriate.
+- Use data sources to retrieve information about existing resources instead of requiring manual configuration.
+  - This reduces the risk of errors, ensures that configurations are always up-to-date, and allows configurations to adapt to different environments.
+  - Avoid using data sources for resources that are created within the same configuration; use outputs instead.
+  - Avoid, or remove, unnecessary data sources; they slow down `plan` and `apply` operations.
+- Use `locals` for values that are used multiple times to ensure consistency.
+
+## Style and Formatting
+
+- Follow Terraform best practices for resource naming and organization.
+  - Use descriptive names for resources, variables, and outputs.
+  - Use consistent naming conventions across all configurations.
+- Follow the **Terraform Style Guide** for formatting.
+  - Use consistent indentation (2 spaces for each level).
+- Group related resources together in the same file.
+  - Use a consistent naming convention for resource groups (e.g., `providers.tf`, `variables.tf`, `network.tf`, `ecs.tf`, `mariadb.tf`).
+- Place `depends_on` blocks at the very beginning of resource definitions to make dependency relationships clear.
+  - Use `depends_on` only when necessary to avoid circular dependencies.
+- Place `for_each` and `count` blocks at the beginning of resource definitions to clarify the resource's instantiation logic.
+  - Use `for_each` for collections and `count` for numeric iterations.
+  - Place them after `depends_on` blocks, if they are present.
+- Place `lifecycle` blocks at the end of resource definitions.
+- Alphabetize providers, variables, data sources, resources, and outputs within each file for easier navigation.
+- Group related attributes together within blocks.
+  - Place required attributes before optional ones, and comment each section accordingly.
+  - Separate attribute sections with blank lines to improve readability.
+  - Alphabetize attributes within each section for easier navigation.
+- Use blank lines to separate logical sections of your configurations.
+- Use `terraform fmt` to format your configurations automatically.
+- Use `terraform validate` to check for syntax errors and ensure configurations are valid.
+- Use `tflint` to check for style violations and ensure configurations follow best practices.
+  - Run `tflint` regularly to catch style issues early in the development process.
+
+## Documentation
+
+- Always include `description` and `type` attributes for variables and outputs.
+  - Use clear and concise descriptions to explain the purpose of each variable and output.
+  - Use appropriate types for variables (e.g., `string`, `number`, `bool`, `list`, `map`).
+- Document your Terraform configurations using comments, where appropriate.
+  - Use comments to explain the purpose of resources and variables.
+  - Use comments to explain complex configurations or decisions.
+  - Avoid redundant comments; comments should add value and clarity.
+- Include a `README.md` file in each project to provide an overview of the project and its structure.
+  - Include instructions for setting up and using the configurations.
+- Use `terraform-docs` to generate documentation for your configurations automatically.
+
+## Testing
+
+- Write tests to validate the functionality of your Terraform configurations.
+  - Use the `.tftest.hcl` extension for test files.
+  - Write tests to cover both positive and negative scenarios.
+  - Ensure tests are idempotent and can be run multiple times without side effects.