devops-iac-engineer_skill

This skill guides designing and operating cloud infrastructure with IaC, CI/CD, observability, and SRE practices for reliable deployments.
  • TypeScript

181

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill first-fluke/fullstack-starter --skill devops-iac-engineer

  • SKILL.md2.3 KB

Overview

This skill provides hands-on guidance for designing, implementing, and operating cloud infrastructure using Infrastructure as Code (IaC) and SRE/DevOps best practices. It focuses on practical patterns for Terraform, Kubernetes, CI/CD, observability, and security across cloud providers. Use it to move from ad hoc scripts to reproducible, production-ready infrastructure and pipelines.

How this skill works

The skill inspects your architecture goals and current practices, then recommends declarative IaC patterns, module boundaries, and state isolation strategies. It outlines CI/CD flows that automate plan/apply, security scans, and promotion gates, and it prescribes observability and SRE controls like SLOs, error budgets, and incident processes. It includes concrete implementation advice for Terraform, container orchestration, and secret management.

When to use it

  • Designing or refactoring cloud architecture across AWS, GCP, or Azure
  • Creating reusable Terraform modules and separating state per environment
  • Building CI/CD pipelines that run lint, tests, security scans, and automated deploys
  • Setting up Kubernetes clusters, namespace strategies, and resource policies
  • Implementing centralized logging, metrics, and distributed tracing
  • Operationalizing SRE practices: SLI/SLOs, error budgets, and blameless post-mortems

Best practices

  • Treat Git as the single source of truth and apply changes via PR-driven pipelines (GitOps)
  • Keep infrastructure declarative and idempotent; prefer replacing resources over in-place edits
  • Use modular Terraform with clear boundaries and state separation by env and region
  • Enforce security by scanning IaC, storing secrets in a secret manager, and applying least-privilege IAM
  • Automate observability: collect logs, expose metrics, and instrument traces with OpenTelemetry
  • Define SLOs and track error budgets to guide release cadence and reliability trade-offs

Example use cases

  • Convert ad hoc cloud scripts into modular Terraform with remote state and CI-based plan/apply
  • Design a GitHub Actions pipeline that lints, tests, scans, builds containers, and deploys to Kubernetes
  • Implement cluster onboarding: namespaces, resource quotas, network policies, and RBAC
  • Add end-to-end observability: central logging, Prometheus metrics, Grafana dashboards, and tracing
  • Establish SLOs for critical user journeys and create an incident response runbook with post-mortem templates

FAQ

Choose the tool with the community and provider support you need; both follow declarative patterns and modules. Prefer the ecosystem that matches your organizational requirements and CI integrations.

How do I manage secrets without exposing them in code?

Use a dedicated secret manager or Vault, grant minimal access via IAM roles, and inject secrets at runtime through the CI/CD or orchestration platform.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational