Cloud Infrastructure

Comprehensive cloud infrastructure skill covering multi-cloud architecture, Infrastructure as Code, cost optimization, and production deployment patterns.

When to Use This Skill

• Designing cloud architecture for new applications
• Implementing Infrastructure as Code (Terraform, CloudFormation, Pulumi)
• Cost optimization and resource right-sizing
• Multi-region and high-availability deployments
• Cloud migration planning
• Security and compliance implementation
• Auto-scaling and performance optimization

Cloud Architecture Patterns

Compute Patterns

Storage Patterns

Database Patterns

Infrastructure as Code

Terraform Best Practices

Project Structure:

infrastructure/
├── modules/
│   ├── networking/
│   ├── compute/
│   └── database/
├── environments/
│   ├── dev/
│   ├── staging/
│   └── prod/
├── main.tf
├── variables.tf
├── outputs.tf
└── versions.tf

State Management:

• Use remote state (S3, Azure Blob, GCS)
• Enable state locking (DynamoDB, Blob lease)
• Separate state per environment
• Never commit state files

Module Design:

• Single responsibility per module
• Expose minimal required variables
• Document inputs/outputs
• Version modules with git tags

Cost Optimization

Compute Savings:

• Reserved Instances (1-3 year commitment): 30-60% savings
• Spot/Preemptible instances: 60-90% savings for interruptible workloads
• Right-sizing: Match instance size to actual usage
• Auto-scaling: Scale down during low usage

Storage Savings:

• Lifecycle policies: Auto-transition to cheaper tiers
• Compression: Reduce storage footprint
• Deduplication: Eliminate redundant data
• Delete unused resources: Orphaned volumes, snapshots

Network Savings:

• Use CDN for static content
• Optimize data transfer paths
• Use private endpoints
• Compress API responses

High Availability Patterns

Multi-AZ Deployment

• Deploy across 2-3 availability zones
• Use load balancers for distribution
• Database replication across AZs
• Automatic failover configuration

Multi-Region Deployment

• Active-active or active-passive
• DNS-based routing (Route53, Traffic Manager)
• Data replication strategy
• Disaster recovery procedures

Resilience Patterns

• Circuit breakers for external dependencies
• Retry with exponential backoff
• Bulkhead isolation
• Graceful degradation

Security Best Practices

Identity & Access

• Principle of least privilege
• Use IAM roles, not long-term credentials
• Enable MFA for privileged accounts
• Regular access reviews

Network Security

• VPC/VNet isolation
• Security groups as firewalls
• Private subnets for backend services
• VPN/Direct Connect for hybrid

Data Protection

• Encryption at rest (KMS)
• Encryption in transit (TLS)
• Key rotation policies
• Backup and recovery testing

Monitoring & Observability

Key Metrics

• CPU, Memory, Disk utilization
• Network throughput and latency
• Error rates and types
• Cost per service/team

Alerting Strategy

• Set thresholds based on baselines
• Alert on symptoms, not causes
• Runbooks for each alert
• Escalation paths defined

Reference Files

• references/terraform_patterns.md - IaC patterns and examples
• references/cost_optimization.md - Detailed cost reduction strategies

Integration with Other Skills

• security-engineering - For security architecture
• network-engineering - For network design
• performance - For optimization strategies
• devops-runbooks - For operational procedures