tfvars Generation

In the monorepo model, foundry generate tfvars produces an OpenTofu variable file per enabled environment at ci/iac/{env}/{env}.auto.tfvars. It combines the manifest with infrastructure config from AWS so the IaC stack has everything it needs.

Data sources

Source	Provides
`foundry.json` (committed)	Service names, stacks, strategies, deploy config
Secrets Manager `{prefix}-{env}/iac/config`	The full infrastructure config (services, lambdas, domain, bastion, …)
AWS CLI at runtime	Account ID (STS) and hosted zone id (Route 53)

Template variables

Values in the IaC config can reference these, resolved at generation time:

{prefix}        e.g. aap
{env}           e.g. prod
{name_prefix}   {prefix}-{env}
{account_id}    from STS
{region}        AWS region
{iac_name}      IaC service key (e.g. platform-microlith-service)
{manifest_name} manifest service key (e.g. platform-microlith)

Output

The generated tfvars carries the platform block, the services map (ECS services keyed by IaC name), static sites, lambdas, EventBridge rules, bastion, and domain configuration — the inputs the monorepo IaC stack consumes.

Renaming a service changes its IaC key. Before applying, migrate the OpenTofu state — the command prints the exact tofu state mv to run. This tfvars path is the monorepo model; multi-repo services use their own per-repo app-edge stacks instead.