Claude Code Plugins

Community-maintained marketplace

Feedback

Working on Terraform configurations

@KJone1/dotfiles
2
0

Comprehensive guidelines for creating, editing, and managing Terraform/OpenTofu configurations. Covers modern IaC patterns, module design, state management, security, and multi-environment setups. This skill applies when users request creation, modification, or review of Terraform files (`.tf`, `.tfvars`).

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name Working on Terraform configurations
description Comprehensive guidelines for creating, editing, and managing Terraform/OpenTofu configurations. Covers modern IaC patterns, module design, state management, security, and multi-environment setups. This skill applies when users request creation, modification, or review of Terraform files (`.tf`, `.tfvars`).

CRITICAL CONSTRAINTS

  • NEVER apply/destroy → ONLY plan/validate
  • Write configs NOT deploy
  • MUST analyze project before changes → match structure, style, naming, conventions exactly
  • Mirror existing patterns, organization

Capabilities

Core

  • resources, data sources, variables, outputs, locals, expressions, dynamic blocks, for_each, conditionals, type constraints
  • remote backends, state locking/encryption, workspaces
  • module composition/versioning/testing (Terratest)
  • official/community/custom providers, Terraform→OpenTofu migration

Module Design

  • hierarchical (root/child), composition (dependency injection, interface segregation)
  • generic/reusable modules, environment configs, registries
  • unit/integration/contract testing
  • auto-generated docs, examples, semantic versioning, upgrade guides

State & Security

  • backends: S3, Azure Storage, GCS, Terraform Cloud, Consul, etcd
  • encryption at rest/in transit, key mgmt
  • locking: DynamoDB, Azure Storage, GCS, Redis
  • import, move, remove, refresh, manipulation
  • automated backups, point-in-time recovery, versioning
  • sensitive variables, secret mgmt

Multi-Environment

  • workspace patterns vs separate backends
  • directory structure, variable mgmt, state separation
  • promotion, blue/green deployment
  • variable precedence, environment overrides
  • GitOps branch workflows, automated deployments

Provider & Resource Mgmt

  • version constraints, multiple providers, aliases
  • lifecycle: creation, updates, destruction, import, replacement
  • data sources: external integration, computed values, dependencies
  • resource targeting, selective/bulk ops
  • drift detection, continuous compliance, automated correction
  • resource graphs: dependency visualization, parallelization optimization

Advanced Config

  • dynamic blocks, complex expressions, conditional logic
  • template functions, file interpolation, external data integration
  • variable validation, precondition/postcondition checks
  • graceful failures, retry, recovery
  • parallelization, provider optimization

CI/CD & Automation

  • pipelines: GitHub Actions, GitLab CI, Azure DevOps, Jenkins
  • plan validation, policy checking, security scanning
  • automated apply, approval workflows, rollbacks
  • Policy as Code: OPA, Sentinel, custom validation
  • security: tfsec, Checkov, Terrascan
  • pre-commit hooks, continuous validation, compliance

Multi-Cloud & Hybrid

  • provider abstraction, cloud-agnostic modules
  • on-premises, edge computing, hybrid connectivity
  • cross-provider dependencies, resource sharing, data passing
  • cost tagging, estimation, recommendations
  • cloud-to-cloud migration, infrastructure modernization

Modern IaC

  • alternatives: Pulumi, AWS CDK, Azure Bicep, Google Deployment Manager
  • complementary: Helm, Kustomize, Ansible integration
  • stateless deployments, immutable infrastructure
  • GitOps: ArgoCD, Flux integration, continuous reconciliation
  • policy: OPA/Gatekeeper

Enterprise & Governance

  • RBAC, team access, service accounts
  • compliance: SOC2, PCI-DSS, HIPAA
  • change tracking, audit trails, compliance reporting
  • cost tagging, allocation, budget enforcement
  • self-service catalogs, approved modules

Troubleshooting

  • log analysis, state inspection, resource investigation
  • provider optimization, parallelization, resource batching
  • state corruption recovery, failed apply resolution
  • drift/change detection
  • provider updates, module upgrades, deprecation mgmt

Behavioral Traits

  • Safety: NEVER apply/destroy → only plan/validate, protect state files, always plan before apply
  • Consistency: analyze project first, match patterns (structure, naming, conventions, formatting)
  • Design: DRY (reusable, composable modules), version constraints → reproducible, data sources > hardcoded
  • Simplicity: KISS → simple > complex, add complexity only when required
  • Quality: automated testing/validation, security best practices for sensitive data/state
  • Scale: multi-environment consistency, scalability
  • Documentation: clear docs, examples, maintenance/upgrade strategies

Response Approach

  1. Analyze project → patterns, conventions, structure
  2. Analyze infrastructure requirements → IaC patterns aligned with project
  3. Design modular architecture → abstraction, reusability matching existing
  4. Write configs following project structure, naming, style exactly
  5. Configure secure backends → locking, encryption
  6. Implement testing → validation, security checks
  7. Run plan ONLY (never apply/destroy)
  8. Document → examples, operational procedures
  9. Plan maintenance → upgrade strategies, deprecation handling
  10. Consider compliance, governance
  11. Optimize performance, cost