feat: add iGenomes Pulumi infrastructure project

Add comprehensive Pulumi project for managing iGenomes S3 infrastructure with proper import workflow and 1Password integration.

## Features

- S3 bucket import for ngi-igenomes (AWS Open Data Registry)
- Secure credential management via 1Password
- Modular architecture (config, providers, infrastructure, utils)
- Comprehensive documentation (README, CLAUDE.md, Context7 guide)
- Protected resources with read-only tracking approach
- Rich metadata exports for integration with nf-core ecosystem

## Project Structure

- `__main__.py`: Main Pulumi program with S3 import logic
- `src/`: Modular source code organization
  - `config/`: Environment variable loading and validation
  - `providers/`: AWS provider configuration
  - `infrastructure/`: S3 bucket import implementation
  - `utils/`: Centralized constants
- Documentation:
  - `README.md`: Comprehensive user documentation (320+ lines)
  - `CLAUDE.md`: AI assistant context (360+ lines)
  - `CONTEXT7.md`: AWS SDK documentation guide
  - `SETUP_VERIFICATION.md`: Verification and testing guide
- `test_setup.sh`: Automated setup verification script
- `.envrc`: 1Password credential loading configuration

## Security

- All credentials from 1Password (never in git)
- Protected resources prevent accidental deletion
- Read-only tracking for AWS Open Data bucket
- Extensive ignore_changes for properties we can't manage

## Integration

- Follows AWSMegatests project patterns
- Uses shared S3 backend (nf-core-pulumi-state)
- Consistent 1Password integration approach
- Ready for nf-core infrastructure ecosystem

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: edmundmiller

pulumi/igenomes/.envrc

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+# Environment configuration for iGenomes Pulumi project
+# This file loads AWS credentials from 1Password
+
+# Set 1Password account
+export OP_ACCOUNT="nf-core"
+
+# AWS Configuration
+export AWS_DEFAULT_REGION="eu-west-1"  # iGenomes bucket is in Ireland
+
+# Load AWS credentials from 1Password
+# Secret: "AWS - Phil - iGenomes" in Shared vault
+export AWS_ACCESS_KEY_ID=$(op item get "AWS - Phil - iGenomes" --vault "Shared" --fields "Access Key" 2>/dev/null || echo "")
+export AWS_SECRET_ACCESS_KEY=$(op item get "AWS - Phil - iGenomes" --vault "Shared" --fields "Secret Key" 2>/dev/null || echo "")
+
+# Pulumi Configuration
+export PULUMI_BACKEND_URL="s3://nf-core-pulumi-state?region=eu-north-1&awssdk=v2"
+
+# Verify credentials are loaded
+if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
+    echo "⚠️  Warning: Failed to load AWS credentials from 1Password"
+    echo "   Make sure you're authenticated: eval \$(op signin)"
+    echo "   And that the secret 'AWS - Phil - iGenomes' exists in the 'Shared' vault"
+else
+    echo "✅ AWS credentials loaded from 1Password"
+    echo "   Region: $AWS_DEFAULT_REGION"
+fi

pulumi/igenomes/.gitignore

@@ -0,0 +1,33 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+.venv/
+venv/
+ENV/
+env/
+
+# Pulumi
+.pulumi/
+*.pyc
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Environment
+.env
+.envrc.local
+
+# Secrets
+secrets/
+*.pem
+*.key