[FEAT] Add Terraform infrastructure templates for Azure, AWS, and GCP deployments

[colbytimm]

Summary

Add Terraform configurations to each generated cookiecutter project that provision the required cloud resources (serverless function + database). This gives users a one-command path from generated project to deployed API. Each cloud variant includes a terraform/ directory with the necessary resources, variables, and outputs. A shared pattern keeps the Terraform structure consistent across clouds.

Category: infrastructure, terraform

Acceptance Criteria

• Each generated project includes a terraform/ directory with:
  • main.tf — Provider config and resource definitions
  • variables.tf — Input variables (region, project name, etc.)
  • outputs.tf — Endpoint URL, database connection info
  • terraform.tfvars.example — Example variable values
• Azure resources: Resource Group, Function App (Consumption plan), Cosmos DB account + database + container, Storage Account
• GCP resources: Cloud Function (2nd gen), Firestore database, IAM service account
• AWS resources: Lambda function, API Gateway (HTTP API), DynamoDB table, IAM role + policy
• Terraform validates (terraform validate) in CI for each cloud variant
• README in terraform/ documents the terraform init → plan → apply workflow
• .gitignore in terraform dir excludes .terraform/, *.tfstate, *.tfstate.backup, *.tfvars (but not .tfvars.example)

Implementation Notes

Template Structure

Each generated project gets:

terraform/
├── main.tf                  # Provider + resources
├── variables.tf             # Input variables
├── outputs.tf               # Useful outputs (endpoint URL, etc.)
├── terraform.tfvars.example # Example values for the user to copy
├── .gitignore               # Terraform-specific ignores
└── README.md                # Setup and usage instructions

The terraform/ directory contents are cloud-specific, controlled by Jinja2 conditionals in the template.

Azure Resources (main.tf)

azurerm_resource_group
azurerm_storage_account
azurerm_cosmosdb_account + azurerm_cosmosdb_sql_database + azurerm_cosmosdb_sql_container
azurerm_service_plan (Consumption)
azurerm_linux_function_app

GCP Resources (main.tf)

google_cloudfunctions2_function
google_firestore_database
google_service_account + google_project_iam_member
google_storage_bucket (for function source)

AWS Resources (main.tf)

aws_lambda_function
aws_apigatewayv2_api + aws_apigatewayv2_stage + aws_apigatewayv2_integration
aws_dynamodb_table
aws_iam_role + aws_iam_role_policy_attachment

CI Validation

Add a step to each build pipeline that runs terraform validate (but not plan or apply):

- name: Validate Terraform
  run: |
    cd terraform
    terraform init -backend=false
    terraform validate

Note: AWS Terraform is dependent on AWS Lambda template work (#49-#52).