II.
StackProfile overview
Reference · livestack-profile:terraform-landing-zone
Terraform Landing Zone (Terraform, HCL, Vault, Go, OPA) overview
An enterprise cloud landing zone provisioned entirely through Terraform, using HCL modules to define account structures, networking, IAM policies, and security guardrails across AWS or GCP. HashiCorp Vault manages secrets and dynamic credentials, while OPA enforces policy-as-code constraints before any plan is applied. Custom Go-based Terraform providers extend the platform for internal services. Deployed via Terraform Cloud for remote state management and team collaboration. The tradeoff is steep learning curve and long plan/apply cycles for large-scale refactors.
Attributes
displayName
Terraform Landing Zone (Terraform, HCL, Vault, Go, OPA)
description
An enterprise cloud landing zone provisioned entirely through Terraform,
using HCL modules to define account structures, networking, IAM policies,
and security guardrails across AWS or GCP. HashiCorp Vault manages secrets
and dynamic credentials, while OPA enforces policy-as-code constraints
before any plan is applied. Custom Go-based Terraform providers extend
the platform for internal services. Deployed via Terraform Cloud for
remote state management and team collaboration. The tradeoff is steep
learning curve and long plan/apply cycles for large-scale refactors.
composes
Outgoing edges
applies_to2
- domain:cloud-infra·DomainCloud Infrastructure
- domain:infrastructure·DomainInfrastructure
composed_of8
- tool:terraform·ToolTerraform
- language:hcl·LanguageHCL
- tool:vault·ToolHashiCorp Vault
- tool:opa·ToolOpen Policy Agent
- language:go·LanguageGo
- tool:terraform-cloud·ToolTerraform Cloud
- tool:checkov·ToolCheckov
- tool:sops·ToolSOPS
follows_workflow2
- workflow:terraform-drift-remediation·WorkflowTerraform Drift Remediation
- workflow:iac-security-scanning·WorkflowIaC Security Scanning
requires_skill_area5
- skill-area:terraform-infrastructure·SkillAreaTerraform Infrastructure as Code
- skill-area:iac-security·SkillAreaIaC Security
- skill-area:secrets-rotation·SkillAreaSecrets Rotation
- skill-area:policy-enforcement·SkillAreaPolicy Enforcement
- skill-area:cloud-infrastructure·SkillAreaCloud Infrastructure
used_by_role3
- role:platform-engineer·Role
- role:cloud-architect·Role
- role:security-engineer·RoleSecurity Engineer
Incoming edges
None.