Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

kumewata/terraform

Name: terraform
Author: kumewata

config/agents/skills/terraform/SKILL.md

npx skillsauth add kumewata/dotfiles terraform

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Terraform Expert Engineer Skill

This skill provides a comprehensive guide for Terraform development.

1. Terraform CLI Basic Commands

1.1. Initialization and Planning

# Initialize workspace (download providers)
terraform init

# Initialize with backend config
terraform init -backend-config="bucket=my-terraform-state"

# Check execution plan
terraform plan

# Save execution plan to file
terraform plan -out=tfplan

# Plan specific resource only
terraform plan -target=aws_instance.example

1.2. Apply and Destroy

WARNING: These commands modify infrastructure. Always run terraform plan first and ask user permission.

# Apply changes
terraform apply

# Apply saved plan
terraform apply tfplan

# Auto-approve apply (for CI/CD)
terraform apply -auto-approve

# Destroy resources
terraform destroy

# Destroy specific resource only
terraform destroy -target=aws_instance.example

1.3. State Management

# Check state
terraform state list

# Show resource details
terraform state show aws_instance.example

# Move resource (for refactoring)
terraform state mv aws_instance.old aws_instance.new

# Import existing resource
terraform import aws_instance.example i-1234567890abcdef0

# Remove resource from state (keeps actual resource)
terraform state rm aws_instance.example

1.4. Other Useful Commands

# Validate configuration
terraform validate

# Format
terraform fmt

# Format recursively
terraform fmt -recursive

# Check outputs
terraform output

# Output in JSON format
terraform output -json

# Interactive console (for testing expressions)
terraform console

# Lock providers
terraform providers lock -platform=linux_amd64 -platform=darwin_amd64

2. Resource Management

2.1. Basic Resource Block Structure

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  tags = {
    Name = "example-instance"
  }
}

2.2. Meta-arguments

depends_on: Explicit dependencies
count: Resource replication (index-based)
for_each: Resource replication (key-based)
provider: Specify alternate provider
lifecycle: Lifecycle control

2.3. Lifecycle Settings

resource "aws_instance" "example" {
  # ...

  lifecycle {
    create_before_destroy = true  # Create new first on replacement
    prevent_destroy       = true  # Prevent deletion
    ignore_changes        = [tags] # Attributes to ignore changes
    replace_triggered_by  = [null_resource.trigger.id]
  }
}

3. Module Design

3.1. Module Invocation

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.0.0"

  name = "my-vpc"
  cidr = "10.0.0.0/16"
}

3.2. Module Source Types

Local path: ./modules/vpc
Terraform Registry: hashicorp/consul/aws
GitHub: github.com/hashicorp/example
S3: s3::https://s3-eu-west-1.amazonaws.com/bucket/module.zip

3.3. Module Best Practices

Standard file structure: main.tf, variables.tf, outputs.tf
Document with README.md
Set meaningful default values
Validate inputs with validation blocks

4. State Management

4.1. Remote Backend Configuration

terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "prod/terraform.tfstate"
    region         = "ap-northeast-1"
    encrypt        = true
    dynamodb_table = "terraform-locks"
  }
}

4.2. State Management Best Practices

Use remote backend (required for team development)
Enable state locking (prevent concurrent execution)
Enable encryption
Do not directly edit state file (use terraform state commands)
Separate state files per environment

5. Variables and Outputs

5.1. Input Variables

variable "instance_type" {
  type        = string
  description = "EC2 instance type"
  default     = "t2.micro"

  validation {
    condition     = contains(["t2.micro", "t2.small", "t2.medium"], var.instance_type)
    error_message = "Please specify an allowed instance type"
  }
}

5.2. Variable Setting Methods (Priority Order)

Command line -var, -var-file
*.auto.tfvars files
terraform.tfvars.json
terraform.tfvars
Environment variables TF_VAR_*
Default values

5.3. Sensitive Data Handling

variable "db_password" {
  type      = string
  sensitive = true  # Mask in output
}

output "connection_string" {
  value     = "postgres://user:${var.db_password}@host/db"
  sensitive = true  # Output contains sensitive data
}

Note: Sensitive data is stored in plaintext in state files. Remote backend encryption or HCP Terraform recommended.

6. Providers

6.1. Provider Declaration

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = "ap-northeast-1"
}

6.2. Multiple Providers

provider "aws" {
  alias  = "us_east"
  region = "us-east-1"
}

provider "aws" {
  alias  = "ap_northeast"
  region = "ap-northeast-1"
}

resource "aws_instance" "us" {
  provider = aws.us_east
  # ...
}

7. Built-in Functions

7.1. Common Functions

# String operations
join("-", ["foo", "bar"])          # "foo-bar"
split(",", "a,b,c")                # ["a", "b", "c"]
format("Hello, %s!", "World")      # "Hello, World!"

# Collection operations
length(["a", "b", "c"])            # 3
lookup(map, key, default)          # Get value from map
merge(map1, map2)                  # Merge maps
flatten([["a"], ["b", "c"]])       # ["a", "b", "c"]

# Type conversions
tostring(123)                      # "123"
tolist(set)                        # Set to list
tomap(object)                      # Object to map

# Conditional expressions
coalesce("", "default")            # "default" (first non-empty value)
try(expression, fallback)          # Fallback on error

8. HCP Terraform / Terraform Cloud

8.1. Key Features

Remote state management (encryption, versioning)
Team collaboration
Policy enforcement (Sentinel)
Private module registry
VCS integration (GitHub, GitLab, etc.)
Cost estimation

8.2. Workspace Configuration

terraform {
  cloud {
    organization = "my-org"

    workspaces {
      name = "my-workspace"
    }
  }
}

9. Security Best Practices

9.1. Credential Management

Do not hardcode
Use environment variables or auth files
IAM roles / service accounts recommended
HashiCorp Vault integration

9.2. State File Security

Use encrypted backend
Set appropriate access controls
Add .terraform/ to .gitignore
Add *.tfvars to .gitignore (if contains sensitive info)

10. Reference Links

Official docs: https://developer.hashicorp.com/terraform/docs
Language reference: https://developer.hashicorp.com/terraform/language
CLI reference: https://developer.hashicorp.com/terraform/cli
Provider registry: https://registry.terraform.io/
Module registry: https://registry.terraform.io/browse/modules
HCP Terraform: https://developer.hashicorp.com/terraform/cloud-docs

kumewata/terraform

config/agents/skills/terraform/SKILL.md

Terraform Expert Engineer Skill - Comprehensive guide for Infrastructure as Code, resource management, module design, and state management Use when: - Running terraform init, plan, apply, destroy - Managing Terraform state (import, move, rm) - Designing modules or configuring backends - Working with HCP Terraform / Terraform Cloud

development

Updated Apr 15, 2026

$ install --global

skillsauth

npx skillsauth add kumewata/dotfiles terraform

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 15, 2026, 1:11 PM69.1s4 files scanned

SKILL.md

name:: terraform
description:: |

Terraform Expert Engineer Skill

This skill provides a comprehensive guide for Terraform development.

1. Terraform CLI Basic Commands

1.1. Initialization and Planning

# Initialize workspace (download providers)
terraform init

# Initialize with backend config
terraform init -backend-config="bucket=my-terraform-state"

# Check execution plan
terraform plan

# Save execution plan to file
terraform plan -out=tfplan

# Plan specific resource only
terraform plan -target=aws_instance.example

1.2. Apply and Destroy

WARNING: These commands modify infrastructure. Always run terraform plan first and ask user permission.

# Apply changes
terraform apply

# Apply saved plan
terraform apply tfplan

# Auto-approve apply (for CI/CD)
terraform apply -auto-approve

# Destroy resources
terraform destroy

# Destroy specific resource only
terraform destroy -target=aws_instance.example

1.3. State Management

# Check state
terraform state list

# Show resource details
terraform state show aws_instance.example

# Move resource (for refactoring)
terraform state mv aws_instance.old aws_instance.new

# Import existing resource
terraform import aws_instance.example i-1234567890abcdef0

# Remove resource from state (keeps actual resource)
terraform state rm aws_instance.example

1.4. Other Useful Commands

# Validate configuration
terraform validate

# Format
terraform fmt

# Format recursively
terraform fmt -recursive

# Check outputs
terraform output

# Output in JSON format
terraform output -json

# Interactive console (for testing expressions)
terraform console

# Lock providers
terraform providers lock -platform=linux_amd64 -platform=darwin_amd64

2. Resource Management

2.1. Basic Resource Block Structure

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  tags = {
    Name = "example-instance"
  }
}

2.2. Meta-arguments

depends_on: Explicit dependencies
count: Resource replication (index-based)
for_each: Resource replication (key-based)
provider: Specify alternate provider
lifecycle: Lifecycle control

2.3. Lifecycle Settings

resource "aws_instance" "example" {
  # ...

  lifecycle {
    create_before_destroy = true  # Create new first on replacement
    prevent_destroy       = true  # Prevent deletion
    ignore_changes        = [tags] # Attributes to ignore changes
    replace_triggered_by  = [null_resource.trigger.id]
  }
}

3. Module Design

3.1. Module Invocation

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.0.0"

  name = "my-vpc"
  cidr = "10.0.0.0/16"
}

3.2. Module Source Types

Local path: ./modules/vpc
Terraform Registry: hashicorp/consul/aws
GitHub: github.com/hashicorp/example
S3: s3::https://s3-eu-west-1.amazonaws.com/bucket/module.zip

3.3. Module Best Practices

Standard file structure: main.tf, variables.tf, outputs.tf
Document with README.md
Set meaningful default values
Validate inputs with validation blocks

4. State Management

4.1. Remote Backend Configuration

terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "prod/terraform.tfstate"
    region         = "ap-northeast-1"
    encrypt        = true
    dynamodb_table = "terraform-locks"
  }
}

4.2. State Management Best Practices

Use remote backend (required for team development)
Enable state locking (prevent concurrent execution)
Enable encryption
Do not directly edit state file (use terraform state commands)
Separate state files per environment

5. Variables and Outputs

5.1. Input Variables

variable "instance_type" {
  type        = string
  description = "EC2 instance type"
  default     = "t2.micro"

  validation {
    condition     = contains(["t2.micro", "t2.small", "t2.medium"], var.instance_type)
    error_message = "Please specify an allowed instance type"
  }
}

5.2. Variable Setting Methods (Priority Order)

Command line -var, -var-file
*.auto.tfvars files
terraform.tfvars.json
terraform.tfvars
Environment variables TF_VAR_*
Default values

5.3. Sensitive Data Handling

variable "db_password" {
  type      = string
  sensitive = true  # Mask in output
}

output "connection_string" {
  value     = "postgres://user:${var.db_password}@host/db"
  sensitive = true  # Output contains sensitive data
}

Note: Sensitive data is stored in plaintext in state files. Remote backend encryption or HCP Terraform recommended.

6. Providers

6.1. Provider Declaration

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = "ap-northeast-1"
}

6.2. Multiple Providers

provider "aws" {
  alias  = "us_east"
  region = "us-east-1"
}

provider "aws" {
  alias  = "ap_northeast"
  region = "ap-northeast-1"
}

resource "aws_instance" "us" {
  provider = aws.us_east
  # ...
}

7. Built-in Functions

7.1. Common Functions

# String operations
join("-", ["foo", "bar"])          # "foo-bar"
split(",", "a,b,c")                # ["a", "b", "c"]
format("Hello, %s!", "World")      # "Hello, World!"

# Collection operations
length(["a", "b", "c"])            # 3
lookup(map, key, default)          # Get value from map
merge(map1, map2)                  # Merge maps
flatten([["a"], ["b", "c"]])       # ["a", "b", "c"]

# Type conversions
tostring(123)                      # "123"
tolist(set)                        # Set to list
tomap(object)                      # Object to map

# Conditional expressions
coalesce("", "default")            # "default" (first non-empty value)
try(expression, fallback)          # Fallback on error

8. HCP Terraform / Terraform Cloud

8.1. Key Features

Remote state management (encryption, versioning)
Team collaboration
Policy enforcement (Sentinel)
Private module registry
VCS integration (GitHub, GitLab, etc.)
Cost estimation

8.2. Workspace Configuration

terraform {
  cloud {
    organization = "my-org"

    workspaces {
      name = "my-workspace"
    }
  }
}

9. Security Best Practices

9.1. Credential Management

Do not hardcode
Use environment variables or auth files
IAM roles / service accounts recommended
HashiCorp Vault integration

9.2. State File Security

Use encrypted backend
Set appropriate access controls
Add .terraform/ to .gitignore
Add *.tfvars to .gitignore (if contains sensitive info)

10. Reference Links

Official docs: https://developer.hashicorp.com/terraform/docs
Language reference: https://developer.hashicorp.com/terraform/language
CLI reference: https://developer.hashicorp.com/terraform/cli
Provider registry: https://registry.terraform.io/
Module registry: https://registry.terraform.io/browse/modules
HCP Terraform: https://developer.hashicorp.com/terraform/cloud-docs

Related Skills

kumewata/waza-eval

tools

VerifiedTrustedCommunity

Use when creating a new skill or making a substantial change to an existing skill and you also need to design, update, or review Waza-based executable evaluations. This includes deciding whether Waza is warranted, mapping `evals.json` cases into Waza tasks, choosing fixtures and graders, selecting a valid model with `waza models --json`, and running a local-first `waza run` workflow. Do NOT use for installing the Waza CLI itself or for general skill-authoring advice that does not involve Waza; use `skill-creator` for skill design and this skill for the Waza execution layer. Trigger especially when the user mentions Waza, `waza run`, `waza models`, executable evals, compare, graders, fixtures, or wants to validate a skill change with model-backed evaluation.

SKILL.mdUpdated Jun 3, 2026

kumewata/cc-delegate

tools

VerifiedTrustedCommunity

Use when the user wants Codex to ask Claude Code for a second opinion or review on code, docs, diffs, PR changes, or design notes without modifying files. This delegates bounded review-only analysis through the Claude Code CLI (`claude -p`). Do NOT use for implementation or file edits; keep this skill review-only. Trigger especially when the user says ask Claude, ask Claude Code, cc-delegate, Claude review, second opinion from Claude, compare Codex and Claude, or review this diff/document with Claude Code.

SKILL.mdUpdated May 29, 2026

kumewata/airflow

tools

VerifiedTrustedCommunity

Airflow DAG development skill for writing, reviewing, testing, and debugging Apache Airflow workflows. Use whenever the user mentions Airflow, DAGs, tasks, operators, sensors, schedules, retries, catchup, DAG import errors, DAG parse performance, or workflow orchestration in Python. Also use for Amazon MWAA / Managed Workflows for Apache Airflow work, including MWAA DAG deployment, requirements.txt, plugins.zip, aws-mwaa-docker-images, S3 DAG folders, CloudWatch logs, and MWAA-specific dependency or IAM issues.

SKILL.mdUpdated May 17, 2026

kumewata/tone

development

VerifiedTrustedCommunity

Use when the user asks for help drafting a GitHub PR description, a PR review comment, or a Slack post in their own tone (i.e., their personal writing voice). The skill detects the context (formal for PR / review, casual for Slack) and target_type (pr_description, pr_review, slack), drafts the body with an explicit reflection step that avoids verbose, mechanical phrasing, and stages the draft to `~/.local/state/tone/drafts/` via `tone-stage-draft.sh`. The user later runs `/tone-capture <url>` after posting, which pairs the staged draft with the final body to build a corpus for future tone tuning. Trigger especially when the user mentions PR description, PR review comment, Slack post, または「文を書いて」「文面を作って」「自分らしく」「トーン」「tone」.

SKILL.mdUpdated May 1, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/kumewata/dotfiles.git

# Copy into Claude Code skills folder (global)
cp -r dotfiles/config/agents/skills/terraform ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

kumewata/dotfiles

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT