terraform-best-practices_skill

This skill helps you implement scalable Terraform infrastructure by applying module design, state management, security, and testing best practices across
  • Python

9

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill nickcrew/claude-cortex --skill terraform-best-practices

  • SKILL.md5.6 KB

Overview

This skill provides concise, production-grade Terraform best practices for building scalable and maintainable cloud infrastructure. It focuses on robust module design, secure and locked remote state, automated testing and CI/CD integration, and multi-environment patterns. Use it to standardize Terraform workflows and reduce operational risk.

How this skill works

I inspect common Terraform design areas and prescribe concrete patterns: module structure and composition, backend/state configuration, secret handling, testing, and deployment workflows. The guidance covers tooling (tfsec, Checkov, Terratest), backend choices (S3+DynamoDB or Terraform Cloud), and practical commands for initialization, planning, validation, and apply. Advice is actionable and tailored for team collaboration and enterprise scale.

When to use it

  • Creating reusable Terraform modules for teams
  • Setting up remote backends and state locking
  • Designing multi-environment deployments (dev/staging/prod)
  • Implementing CI/CD with validation, scanning, and policy gates
  • Refactoring existing Terraform for maintainability and security

Best practices

  • Prefer composition: build small reusable child modules rather than monoliths
  • Standardize module layout: main.tf, variables.tf, outputs.tf, versions.tf, README
  • Use remote backends with encryption and locking (S3+DynamoDB or Terraform Cloud)
  • Never hardcode secrets; use Secrets Manager or Vault and mark sensitive variables
  • Add automated linting, security scanning and Terratest in CI/CD pipelines
  • Save and review terraform plan outputs; pin provider and module versions for stability

Example use cases

  • Bootstrapping a new Terraform project with directory-based environments and remote state
  • Migrating local state to an S3 backend with DynamoDB locking and KMS encryption
  • Implementing pre-commit hooks, tfsec and Checkov in CI for every PR
  • Writing Terratest suites for critical networking or IAM modules
  • Using Terragrunt to DRY backend and environment configurations across accounts

FAQ

Break functionality into focused child modules, use clear inputs/outputs, validate variable types, and document usage in a README.

What backend and locking setup is recommended for teams?

Use S3 for state storage with KMS encryption and DynamoDB for state locking, or adopt Terraform Cloud for integrated state, locking, and run governance.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational