- Home
- Skills
- Nickcrew
- Claude Cortex
- Terraform Best Practices
terraform-best-practices_skill
- Python
9
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill nickcrew/claude-cortex --skill terraform-best-practices- SKILL.md5.6 KB
Overview
This skill provides concise, production-grade Terraform best practices for building scalable and maintainable cloud infrastructure. It focuses on robust module design, secure and locked remote state, automated testing and CI/CD integration, and multi-environment patterns. Use it to standardize Terraform workflows and reduce operational risk.
How this skill works
I inspect common Terraform design areas and prescribe concrete patterns: module structure and composition, backend/state configuration, secret handling, testing, and deployment workflows. The guidance covers tooling (tfsec, Checkov, Terratest), backend choices (S3+DynamoDB or Terraform Cloud), and practical commands for initialization, planning, validation, and apply. Advice is actionable and tailored for team collaboration and enterprise scale.
When to use it
- Creating reusable Terraform modules for teams
- Setting up remote backends and state locking
- Designing multi-environment deployments (dev/staging/prod)
- Implementing CI/CD with validation, scanning, and policy gates
- Refactoring existing Terraform for maintainability and security
Best practices
- Prefer composition: build small reusable child modules rather than monoliths
- Standardize module layout: main.tf, variables.tf, outputs.tf, versions.tf, README
- Use remote backends with encryption and locking (S3+DynamoDB or Terraform Cloud)
- Never hardcode secrets; use Secrets Manager or Vault and mark sensitive variables
- Add automated linting, security scanning and Terratest in CI/CD pipelines
- Save and review terraform plan outputs; pin provider and module versions for stability
Example use cases
- Bootstrapping a new Terraform project with directory-based environments and remote state
- Migrating local state to an S3 backend with DynamoDB locking and KMS encryption
- Implementing pre-commit hooks, tfsec and Checkov in CI for every PR
- Writing Terratest suites for critical networking or IAM modules
- Using Terragrunt to DRY backend and environment configurations across accounts
FAQ
Break functionality into focused child modules, use clear inputs/outputs, validate variable types, and document usage in a README.
What backend and locking setup is recommended for teams?
Use S3 for state storage with KMS encryption and DynamoDB for state locking, or adopt Terraform Cloud for integrated state, locking, and run governance.