--- name: scaffold-terraform description: Generate the full Terraform module directory structure and empty files for the Book Review App per CLAUDE.md spec --- Generate the complete Terraform project scaffold for the Book Review App as defined in CLAUDE.md. Create every directory and file in this exact structure (create empty files where content is not yet known): ``` terraform/ ├── main.tf ├── variables.tf ├── outputs.tf ├── providers.tf ├── backend.tf ├── locals.tf ├── data.tf ├── terraform.tfvars ├── modules/ │ ├── networking/ │ │ ├── main.tf │ │ ├── variables.tf │ │ └── outputs.tf │ ├── security/ │ │ ├── main.tf │ │ ├── variables.tf │ │ └── outputs.tf │ ├── compute/ │ │ ├── main.tf │ │ ├── variables.tf │ │ ├── outputs.tf │ │ └── scripts/ │ │ ├── web_userdata.sh │ │ └── app_userdata.sh │ ├── loadbalancing/ │ │ ├── main.tf │ │ ├── variables.tf │ │ └── outputs.tf │ └── database/ │ ├── main.tf │ ├── variables.tf │ └── outputs.tf └── environments/ ├── dev.tfvars └── prod.tfvars scripts/ ├── validate.sh └── destroy.sh architecture-diagram.md ``` For each file, populate a meaningful stub — not just empty — following these rules: **terraform/providers.tf**: Include the `terraform { required_providers { aws = ... } }` block with `required_version = ">= 1.5"` and the AWS provider block with `region = var.aws_region`. **terraform/backend.tf**: Add a commented-out S3 + DynamoDB backend template with a comment saying "Uncomment and configure before first apply in shared environments." **terraform/locals.tf**: Define a `locals` block with a `name_prefix = "${var.project}-${var.environment}"` pattern and a `common_tags` map with `Project`, `Environment`, `ManagedBy = "terraform"`. **terraform/variables.tf**: Define at minimum: `project`, `environment`, `aws_region` (default `us-east-1`), `vpc_cidr` (default `10.0.0.0/16`), `db_password` (sensitive = true), `db_username`. **terraform/outputs.tf**: Stub outputs for `vpc_id`, `public_alb_dns`, `internal_alb_dns`, `rds_endpoint`, `rds_read_replica_endpoint`, `web_instance_ids`, `app_instance_ids`. **terraform/terraform.tfvars**: Populate safe defaults (project name, environment, region). Add a comment that `db_password` must be set and must NOT be committed. **terraform/main.tf**: Add module blocks that call each child module in dependency order (networking → security → database → compute → loadbalancing), passing outputs between them as inputs. Use placeholder values where actual outputs aren't known yet. **Each module's variables.tf**: Define the input variables that module will need based on CLAUDE.md architecture spec. **scripts/validate.sh**: Write a script that runs `terraform fmt -check -recursive` then `terraform validate` from the `terraform/` directory, exits non-zero on any failure, and prints a clear pass/fail summary. **scripts/destroy.sh**: Write a script that prints a prominent warning ("THIS WILL DESTROY ALL INFRASTRUCTURE"), prompts `Are you sure? (yes/no):`, and only proceeds with `terraform destroy -var-file=terraform.tfvars` if the user types `yes`. **architecture-diagram.md**: Insert the Mermaid diagram from CLAUDE.md verbatim. After creating all files, print a summary of what was created and remind the user to: 1. Set `db_password` in `terraform.tfvars` (and add `terraform.tfvars` to `.gitignore`) 2. Configure the S3 backend in `backend.tf` before working in a team 3. Run `/tf-validate` next to confirm the scaffold is syntactically valid