- Home
- Skills
- Omer Metin
- Skills For Antigravity
- Infrastructure As Code
infrastructure-as-code_skill
- Python
21
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill omer-metin/skills-for-antigravity --skill infrastructure-as-code- SKILL.md2.2 KB
Overview
This skill provides pragmatic guidance and battle-tested patterns for provisioning and managing cloud infrastructure with Terraform, Pulumi, and CloudFormation. It focuses on preserving state, preventing drift, reducing blast radius, and protecting production environments. Advice is grounded in real operational failures and prescriptive patterns for creation, diagnosis, and validation.
How this skill works
The skill inspects IaC designs, state handling, backend configuration, locking, secret management, and workflow guards. It flags risky patterns (e.g., secrets in state, single-point backends, large-monolith modules) and recommends concrete mitigations such as remote locked backends, modular refactors, and mandatory plan reviews. For diagnostics it emphasizes root-cause analysis of state drift, import needs, and failed applies.
When to use it
- Designing new infrastructure or refactoring existing IaC
- Setting up remote state backends and locking for Terraform/Pulumi
- Performing risk assessments before terraform apply/stack updates
- Investigating production outages tied to state drift or misapplied changes
- Creating CI/CD pipelines that run plan/review/apply workflows
Best practices
- Treat state as sacred: enforce remote backends with backups and locking
- Always run and review an explicit plan before applying changes
- Split infrastructure into small, purpose-driven modules to limit blast radius
- Never store plaintext secrets in state; integrate secret managers or encrypted variables
- Validate changes against strict rulesets and run drift detection regularly
Example use cases
- Configure S3/DynamoDB or equivalent remote backend with state locking for Terraform
- Refactor a large monolithic module into smaller reusable modules to reduce risk during deploys
- Create CI gating that requires human review of terraform plan for production workspaces
- Diagnose and repair state drift by comparing live resources against state and performing controlled imports
- Migrate on-prem IaC to cloud-native providers while preserving state and minimizing downtime
FAQ
Use separate workspaces/projects for prod, require mandatory plan reviews and approvals, enable resource targeting sparingly, and implement policy checks that block destructive changes to critical resources.
What if secrets are already in my state file?
Rotate the exposed secrets immediately, remove them from code and state by using state remove/import or rewrite, and move secrets to a dedicated secret manager with encrypted references.