- Home
- Skills
- Yldgio
- Codereview Skills
- Terraform
terraform_skill
- Python
0
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill yldgio/codereview-skills --skill terraform- SKILL.md4.6 KB
Overview
This skill provides practical Terraform best practices for infrastructure-as-code, focusing on security, state management, modular design, and file organization. I deliver concise rules and patterns that reduce risk, prevent drift, and make Terraform code reusable and auditable. The guidance covers variables, outputs, modules, naming, and recommended tooling for automation and security scans.
How this skill works
I inspect Terraform code and configurations against a clear set of rules: secure handling of secrets, correct variable and output declarations, remote state configuration, and module hygiene. The skill checks file layout, enforces variable typing and validation, recommends backend and locking settings, and highlights risky constructs like hardcoded credentials or improper template usage. It returns actionable fixes and examples to apply immediately.
When to use it
- When creating new Terraform projects to establish consistent structure and security defaults
- Before committing or PR reviewing Terraform changes to catch secrets, undeclared variables, or state risks
- When migrating local state to remote backends or introducing workspaces for environments
- When authoring or consuming modules to ensure version pinning, documentation, and licensing checks
- During security audits to validate IAM least-privilege, encryption, and secret management patterns
Best practices
- Never hardcode secrets; use environment variables or secret managers and mark sensitive vars/outputs
- Use a consistent file layout: providers.tf, main.tf, variables.tf, outputs.tf and logical grouping
- Use remote state backends with locking and encryption; separate state per environment or workspace
- Pin provider and module versions, audit third-party modules, and prefer verified sources
- Run terraform fmt, validate, and plan; integrate static analysis (tflint, checkov) and automated tests
Example use cases
- Set up an S3 backend with server-side encryption and a DynamoDB lock table for production state
- Create a reusable VPC module with documented inputs, outputs, and version pinning for multiple teams
- Audit a repo for accidental secrets, undeclared variable references, and insecure resource policies
- Enforce naming conventions that include environment and region and add random suffixes where required
- Implement lifecycle rules (create_before_destroy, prevent_destroy) for critical resources to avoid downtime
FAQ
Do not commit secrets. Use environment variables, a cloud secret manager, or protected tfvars files and mark variables as sensitive = true.
What state backend and protections do you recommend for production?
Use a remote backend (S3/GCS/Azure Blob/Terraform Cloud) with state encryption, state locking, and separate state per environment or workspace.