Infrastructure as Code with Terraform for AWS/Hetzner

Create infrastructure as code with Terraform for [PROJECT NAME], deployed on [AWS/HETZNER/GCP].\\\\\\\\n\\\\\\\\n**Target Architecture:**\\\\\\\\n- Compute: [EC2/ECS/HETZNER CLOUD] — [NUMBER] instances\\\\\\\\n- Database: [RDS POSTGRESQL/HETZNER + DOCKER]\\\\\\\\n- Cache: [ELASTICACHE REDIS/SELF-HOSTED]\\\\\\\\n- Storage: [S3/HETZNER STORAGE BOX]\\\\\\\\n- CDN: [CLOUDFRONT/CLOUDFLARE]\\\\\\\\n- DNS: [ROUTE53/CLOUDFLARE]\\\\\\\\n- Network: VPC with public and private subnets\\\\\\\\n\\\\\\\\n**1) Terraform Project Structure:**\\\\\\\\n\\\\\\\\\\\\\\\\\\\\\\\`\\\\\\\\\\\\\\\\\\\\\\\`\\\\\\\\\\\\\\\\\\\\\\\`\\\\\\\\nterraform/\\\\\\\\n├── environments/\\\\\\\\n│   ├── staging/\\\\\\\\n│   │   ├── main.tf\\\\\\\\n│   │   ├── variables.tf\\\\\\\\n│   │   └── terraform.tfvars\\\\\\\\n│   └── production/\\\\\\\\n├── modules/\\\\\\\\n│   ├── networking/\\\\\\\\n│   ├── compute/\\\\\\\\n│   ├── database/\\\\\\\\n│   ├── cache/\\\\\\\\n│   └── monitoring/\\\\\\\\n└── global/\\\\\\\\n    ├── iam/\\\\\\\\n    └── dns/\\\\\\\\n\\\\\\\\\\\\\\\\\\\\\\\`\\\\\\\\\\\\\\\\\\\\\\\`\\\\\\\\\\\\\\\\\\\\\\\`\\\\\\\\n\\\\\\\\n**2) Reusable Modules:**\\\\\\\\nFor each module, define: variables, resources, outputs, README\\\\\\\\n\\\\\\\\n- **networking**: VPC, subnets (public/private), NAT Gateway, security groups\\\\\\\\n- **compute**: instances/containers, auto-scaling, load balancer, target groups\\\\\\\\n- **database**: RDS/PostgreSQL with read replica, automated backups, parameter group\\\\\\\\n- **cache**: Redis cluster with failover\\\\\\\\n- **monitoring**: CloudWatch alarms, SNS topics, dashboards\\\\\\\\n\\\\\\\\n**3) State Management:**\\\\\\\\n- Remote state in S3 + DynamoDB lock (AWS) or Terraform Cloud\\\\\\\\n- State per environment (staging/production)\\\\\\\\n- Import existing resources (\\\\\\\\\\\\\\\\\\\\\\\`terraform import\\\\\\\\\\\\\\\\\\\\\\\`)\\\\\\\\n- Safe state manipulation (move, remove)\\\\\\\\n\\\\\\\\n**4) Security:**\\\\\\\\n- IAM roles with least privilege\\\\\\\\n- Restrictive security groups\\\\\\\\n- Encryption at rest (KMS)\\\\\\\\n- Secrets in AWS Secrets Manager (not in terraform.tfvars)\\\\\\\\n- VPC endpoints for AWS services\\\\\\\\n\\\\\\\\n**5) CI/CD for Terraform:**\\\\\\\\n- GitHub Action: \\\\\\\\\\\\\\\\\\\\\\\`plan\\\\\\\\\\\\\\\\\\\\\\\` on PR, \\\\\\\\\\\\\\\\\\\\\\\`apply\\\\\\\\\\\\\\\\\\\\\\\` on merge to main\\\\\\\\n- Validation: \\\\\\\\\\\\\\\\\\\\\\\`terraform fmt\\\\\\\\\\\\\\\\\\\\\\\`, \\\\\\\\\\\\\\\\\\\\\\\`terraform validate\\\\\\\\\\\\\\\\\\\\\\\`, \\\\\\\\\\\\\\\\\\\\\\\`tflint\\\\\\\\\\\\\\\\\\\\\\\`\\\\\\\\n- Cost estimation with Infracost\\\\\\\\n- Manual approval before apply in production\\\\\\\\n\\\\\\\\n**6) Cost Estimate:**\\\\\\\\n- Monthly cost per resource\\\\\\\\n- Optimizations: Reserved Instances, Spot for workers, S3 lifecycle\\\\\\\\n- Comparison: AWS vs. Hetzner for this workload\\\\\\\\n\\\\\\\\nProvide complete \\\\\\\\\\\\\\\\\\\\\\\`.tf\\\\\\\\\\\\\\\\\\\\\\\` files for the [PRODUCTION/STAGING] environment.