Infrastructure-as-Code (IaC) for deploying and managing the AI Interviewer platform on Google Cloud, using Terragrunt and Terraform for modular, scalable, and secure cloud resource provisioning.
| Path | Description |
|---|---|
modules.hcl |
Module sources and versions for infrastructure |
project.hcl |
GCP project-level variables |
terragrunt.hcl |
Root Terragrunt remote state config (GCS) |
.gitignore |
VCS ignore rules for Terraform/Terragrunt |
dev/ |
Development environment configs |
dev/env.hcl |
Environment name/shortname |
dev/global.hcl |
Global variables for the dev environment |
dev/us-east1/ |
Region-specific configs (us-east1) |
dev/us-east1/region.hcl |
GCP region variable |
dev/us-east1/services.hcl |
Service account/role definitions |
dev/us-east1/cloudrun/ |
Cloud Run deployment config |
dev/us-east1/artifact-repo/ |
Artifact Registry config |
dev/us-east1/service-accounts/ |
Service Account config |
_envcommons/ |
Shared config for artifact registry, cloud run |
- Modular IaC: Uses Terragrunt to manage reusable, versioned modules.
- GCP Native: Provisions resources on Google Cloud (Cloud Run, Artifact Registry, IAM).
- Environment & Region Support: Easily extendable for multiple environments/regions.
- Secrets Management: Supports encrypted secrets via SOPS.
- Service Accounts: Fine-grained IAM roles for least-privilege access.
- CI/CD Ready: Designed for integration with automated pipelines.
- Centralizes source URLs and versions for:
- Artifact Registry
- Cloud Run
- Service Accounts
- Uses GCS for remote Terraform state.
- State bucket and prefix are auto-configured per environment/region.
dev/for development; add more for staging/prod.us-east1/for region-specific resources.
- Deploys frontend and backend services as containers.
- Configures probes, scaling, IAM bindings, and secrets injection.
- Creates Docker repositories for each service.
- Provisions and assigns roles to service accounts for platform and API Gateway.
| Path | Description |
|---|---|
_envcommons/artifact-registry.hcl |
Shared Artifact Registry config |
_envcommons/cloudrun.hcl |
Shared Cloud Run config |
dev/us-east1/cloudrun/secrets/ |
Encrypted secrets (SOPS) for services |
- Terragrunt: Infrastructure orchestration
- Terraform: Resource provisioning
- Google Cloud SDK: For authentication and deployment
- SOPS: For managing encrypted secrets
- Terragrunt
- Terraform
- Google Cloud SDK
- SOPS (for secrets)
# Authenticate with GCP
gcloud auth application-default login
# Initialize and apply infrastructure (example: Cloud Run)
cd dev/us-east1/cloudrun
terragrunt init
terragrunt apply- Place SOPS-encrypted YAML files in
dev/us-east1/cloudrun/secrets/. - Example:
frontend.enc.yaml,typescript.enc.yaml
- Designed for use with CI/CD pipelines (e.g., GitHub Actions, Cloud Build).
- Automate
terragrunt applyfor infrastructure changes.
- Ignores Terraform/Terragrunt state, cache, and sensitive files.
- Add new environments in
dev/ - Add new regions as subfolders (e.g.,
dev/europe-west1/) - Add new modules in
modules.hcland reference in configs
- Service accounts follow least-privilege principle.
- Secrets are encrypted at rest using SOPS.