← Docs
Recipe

Terraform Patterns

Production-grade infrastructure-as-code recipes for deploying Meridian at scale.

Module Structure

Keep root modules thin. Delegate to child modules for compute, networking, and state backends. Use terraform.tfvars for environment-specific overrides — never hardcode secrets.

State Management

Always configure a remote backend. S3 with DynamoDB locking is the default choice. Enable versioning and server-side encryption. Pin the provider version in versions.tf.

Vercel + Upstash Wiring

Use the Vercel provider to link the Meridian frontend project. Pass Upstash KV endpoint and token as environment variables via vercel_project_environment_variables. Rotate tokens through Terraform lifecycle hooks.

CDN & Edge

Front the auto-update CDN with a CloudFront distribution. Restrict origin access via OAC. Cache signed payloads aggressively — invalidate on new release tags only.

CI/CD Integration

Run terraform plan on every PR. Apply on merge to main. Store the plan artifact so reviewers can inspect drift before approval. Use OIDC for AWS auth — no long-lived keys.

Need the full reference architecture? Browse the docs index for networking diagrams and sample HCL.