7a336e6e/Provisioning Infrastructure
devops/provisioning-infrastructure/SKILL.md
Manage cloud resources using Infrastructure as Code (IaC) with Terraform or Pulumi to ensure reproducibility and prevent configuration drift.
$ install --global
skillsauthnpx skillsauth add 7a336e6e/skills Provisioning InfrastructureInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
4 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
4
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 26, 2026, 1:25 AM141.9s1 file scanned
SKILL.md
- name:
- Provisioning Infrastructure
- description:
- Manage cloud resources using Infrastructure as Code (IaC) with Terraform or Pulumi to ensure reproducibility and prevent configuration drift.
Provisioning Infrastructure
Goal
Define the entire production environment in code, allowing it to be spun up, torn down, or replicated with a single command, ensuring "Environment Parity" between dev, staging, and prod.
When to Use
- Setting up a new project's cloud resources (AWS/GCP/Azure).
- Adding a new service (e.g., Redis, S3 bucket).
- Changing infrastructure configuration (scaling, networking).
Instructions
1. State Management
Never store state locally. Use a remote backend (S3 + DynamoDB for locking).
terraform {
backend "s3" {
bucket = "my-app-terraform-state"
key = "prod/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "terraform-locks"
encrypt = true
}
}
2. Modularity
Don't write one giant main.tf. Split resources into logical modules.
modules/networking(VPC, Subnets)modules/database(RDS, Redis)modules/compute(ECS, Lambda, EC2)
3. Least Privilege (IAM)
Define distinct IAM roles for each service.
- The
web-serverrole should write to S3, but not delete from it. - The
workerrole needs SQS access, but not public internet ingress.
4. Variables & Secrets
- Use
variables.tffor everything that changes between environments (instance size, region). - NEVER commit
terraform.tfvarsif it contains secrets. Use environment variables (TF_VAR_db_password) in CI/CD.
Constraints
✅ Do
- DO: Run
terraform planand have it reviewed before everyterraform apply. - DO: Tag every resource with
Environment,Owner, andService. - DO: Use "snake_case" for resource names.
❌ Don't
- DON'T: Manually change settings in the Cloud Console (ClickOps). It causes drift.
- DON'T: Hardcode secrets or account IDs in
.tffiles. - DON'T: Use the
defaultVPC; always create a custom one.
Output Format
terraform/directory withmain.tf,variables.tf,outputs.tf.terraform planoutput file.
Dependencies
shared/environment-config/SKILL.md
Related Skills
7a336e6e/Test Driven Development
development
VerifiedTrustedCommunity
Implement features using the Red-Green-Refactor cycle to ensure testability and correctness from the start.
1SKILL.mdUpdated Mar 25, 2026
7a336e6e/task-tracking
data-ai
VerifiedTrustedCommunity
Manage the `tasks.md` ledger with strict locking and collision avoidance protocols to allow multiple agents to work in parallel safely.
1SKILL.mdUpdated Mar 25, 2026
7a336e6e/git-workflow
development
VerifiedTrustedCommunity
The git-workflow skill defines branching conventions, commit message formats, and pull request standards that all agents must follow for consistent version control.
1SKILL.mdUpdated Mar 25, 2026
7a336e6e/environment-config
development
VerifiedTrustedCommunity
The environment-config skill standardizes how agents manage environment variables, secrets, and application configuration across local development and deployed environments.
1SKILL.mdUpdated Mar 25, 2026