ADR-001: Module Naming Convention
kebab-case for module dirs, snake_case for HCL identifiers
13 docs tagged with "accepted"
View all tagsADR-002: Terraform Registry Structure
Monorepo source with thin-wrapper multi-repo Registry publishing pattern
ADR-003: Provider Version Constraints
AWS provider >= 6.28 < 7.0, Terraform >= 1.11.0 across all modules
ADR-004: Three-Tier Testing Strategy
Native .tftest.hcl for Tiers 1-3, Terratest Go for pre-release integration
ADR-005: Example Naming Convention
Three-tier prefix system: mvp-, poc-, production- with kebab-case descriptors
ADR-006: S3 Native State Locking
Use S3 use_lockfile=true for state locking, no DynamoDB required
ADR-007: Upstream Dependency Strategy
Fork aws-ia/terraform-aws-sso, strip AWSCC, rebrand to oceansoft
ADR-020: Break-Glass Emergency Access
Empty-group membership pattern for emergency admin access without Terraform apply
ADR-021: Documentation SSOT Strategy
DevOps-TechDocs is the single source of truth for terraform-aws documentation — no cross-repo CI sync needed
ADR-022: Release Management Automation (release-please + Per-Module Tags)
Adopt release-please for automated semver, CHANGELOG, and git tag creation; adopt module-prefixed tag format for per-module TFC publishing from a monorepo
ADR-023: Derived Module Pattern (Clone + Value-Add)
All modules are cloned from upstream terraform-aws-modules/* and extended with oceansoft value-adds rather than thin-wrapper or custom implementations
ADR-024: Composition Layer Pattern (modules/web)
The web module wires alb + cloudfront + waf + dns into an opinionated secure-by-default composition layer rather than a derived upstream clone
ADR-025: Per-Component Semver via release-please
Each module in the monorepo carries an independent semantic version, driven by conventional commits scoped to that module's path, automated by release-please per-package config