terraform_skill

This skill helps you implement Terraform IaC patterns, state management, security, and modular design to ensure scalable, secure infrastructure.
  • Python

0

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill yldgio/codereview-skills --skill terraform

  • SKILL.md4.6 KB

Overview

This skill provides practical Terraform best practices for infrastructure-as-code, focusing on security, state management, modular design, and file organization. I deliver concise rules and patterns that reduce risk, prevent drift, and make Terraform code reusable and auditable. The guidance covers variables, outputs, modules, naming, and recommended tooling for automation and security scans.

How this skill works

I inspect Terraform code and configurations against a clear set of rules: secure handling of secrets, correct variable and output declarations, remote state configuration, and module hygiene. The skill checks file layout, enforces variable typing and validation, recommends backend and locking settings, and highlights risky constructs like hardcoded credentials or improper template usage. It returns actionable fixes and examples to apply immediately.

When to use it

  • When creating new Terraform projects to establish consistent structure and security defaults
  • Before committing or PR reviewing Terraform changes to catch secrets, undeclared variables, or state risks
  • When migrating local state to remote backends or introducing workspaces for environments
  • When authoring or consuming modules to ensure version pinning, documentation, and licensing checks
  • During security audits to validate IAM least-privilege, encryption, and secret management patterns

Best practices

  • Never hardcode secrets; use environment variables or secret managers and mark sensitive vars/outputs
  • Use a consistent file layout: providers.tf, main.tf, variables.tf, outputs.tf and logical grouping
  • Use remote state backends with locking and encryption; separate state per environment or workspace
  • Pin provider and module versions, audit third-party modules, and prefer verified sources
  • Run terraform fmt, validate, and plan; integrate static analysis (tflint, checkov) and automated tests

Example use cases

  • Set up an S3 backend with server-side encryption and a DynamoDB lock table for production state
  • Create a reusable VPC module with documented inputs, outputs, and version pinning for multiple teams
  • Audit a repo for accidental secrets, undeclared variable references, and insecure resource policies
  • Enforce naming conventions that include environment and region and add random suffixes where required
  • Implement lifecycle rules (create_before_destroy, prevent_destroy) for critical resources to avoid downtime

FAQ

Do not commit secrets. Use environment variables, a cloud secret manager, or protected tfvars files and mark variables as sensitive = true.

What state backend and protections do you recommend for production?

Use a remote backend (S3/GCS/Azure Blob/Terraform Cloud) with state encryption, state locking, and separate state per environment or workspace.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
terraform skill by yldgio/codereview-skills | VeilStrat