Warning
Work in Progress: This page is currently under construction. Content may be incomplete or subject to change. To contribute, see the contribution guide.
Infrastructure as Code (IaC)
All cloud infrastructure at Patria Investments is managed as code. Manual resource creation in Staging and Production is not allowed unless explicitly approved as a temporary exception.
Tooling
| Tool | Used for |
|---|---|
| Terraform | Azure and GCP resource provisioning |
| GitHub Actions | IaC CI/CD pipeline (plan on PR, apply on merge) |
| Azure Key Vault | Stores service principal credentials used by the pipeline |
Repository structure
infra/
├── modules/ # Reusable Terraform modules
│ ├── azure/
│ └── gcp/
├── environments/
│ ├── dev/
│ ├── staging/
│ └── prod/
└── pipelines/ # GitHub Actions workflows
Workflow
flowchart LR PR[Open Pull Request] --> Plan[terraform plan] Plan --> Review[Team Review] Review --> Merge[Merge to main] Merge --> Apply[terraform apply] Apply --> Notify[Notification in Slack]
- Create a branch and edit the relevant Terraform files
- Open a PR — the pipeline runs
terraform planand posts the diff as a comment - Get approval from at least one member of the Infra & Cloud Squad
- Merge to
main— the pipeline runsterraform applyautomatically for Dev/Staging - Production applies require an additional manual approval step in GitHub Actions
Naming conventions
Follow the naming standards defined in Standards — Naming.
General pattern: <resource-type>-<team>-<environment>-<descriptor>
Examples:
rg-patria-tech-docs(resource group)sa-patria-prod-datalake(storage account)
State management
Terraform state is stored remotely:
| Platform | Backend |
|---|---|
| Azure | Azure Blob Storage — container tfstate in sa-patria-infra |
| GCP | Google Cloud Storage — bucket patria-tfstate |
State files are never committed to the repository.
Escalation
Owner: Infra & Cloud Squad — see Contacts