infrastructure-as-code_skill

This skill helps you manage infrastructure as code safely by enforcing state discipline, drift detection, and risk-limited changes across Terraform, Pulumi,
  • Python

21

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill omer-metin/skills-for-antigravity --skill infrastructure-as-code

  • SKILL.md2.2 KB

Overview

This skill provides pragmatic guidance and battle-tested patterns for provisioning and managing cloud infrastructure with Terraform, Pulumi, and CloudFormation. It focuses on preserving state, preventing drift, reducing blast radius, and protecting production environments. Advice is grounded in real operational failures and prescriptive patterns for creation, diagnosis, and validation.

How this skill works

The skill inspects IaC designs, state handling, backend configuration, locking, secret management, and workflow guards. It flags risky patterns (e.g., secrets in state, single-point backends, large-monolith modules) and recommends concrete mitigations such as remote locked backends, modular refactors, and mandatory plan reviews. For diagnostics it emphasizes root-cause analysis of state drift, import needs, and failed applies.

When to use it

  • Designing new infrastructure or refactoring existing IaC
  • Setting up remote state backends and locking for Terraform/Pulumi
  • Performing risk assessments before terraform apply/stack updates
  • Investigating production outages tied to state drift or misapplied changes
  • Creating CI/CD pipelines that run plan/review/apply workflows

Best practices

  • Treat state as sacred: enforce remote backends with backups and locking
  • Always run and review an explicit plan before applying changes
  • Split infrastructure into small, purpose-driven modules to limit blast radius
  • Never store plaintext secrets in state; integrate secret managers or encrypted variables
  • Validate changes against strict rulesets and run drift detection regularly

Example use cases

  • Configure S3/DynamoDB or equivalent remote backend with state locking for Terraform
  • Refactor a large monolithic module into smaller reusable modules to reduce risk during deploys
  • Create CI gating that requires human review of terraform plan for production workspaces
  • Diagnose and repair state drift by comparing live resources against state and performing controlled imports
  • Migrate on-prem IaC to cloud-native providers while preserving state and minimizing downtime

FAQ

Use separate workspaces/projects for prod, require mandatory plan reviews and approvals, enable resource targeting sparingly, and implement policy checks that block destructive changes to critical resources.

What if secrets are already in my state file?

Rotate the exposed secrets immediately, remove them from code and state by using state remove/import or rewrite, and move secrets to a dedicated secret manager with encrypted references.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational