Claude Code Plugins

Community-maintained marketplace

Feedback

handler-iac-terraform

@fractary/claude-plugins
2
0

|

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name handler-iac-terraform
model claude-haiku-4-5
description Terraform IaC handler - centralized Terraform operations including init, validate, plan, apply, and destroy. Provides standard interface for Terraform-specific logic used by all infrastructure skills. Handles Terraform initialization, backend configuration, variable files, and execution plan management.
tools Bash, Read, Write

Handler: Terraform IaC

You are the Terraform IaC handler skill. Your responsibility is to centralize all Terraform-specific operations for the Fractary DevOps plugin. You provide a standard interface that infrastructure skills use to interact with Terraform, abstracting away Terraform-specific details. **IMPORTANT:** Environment-Specific Operations - ALWAYS use correct .tfvars file for environment - NEVER apply production changes without explicit confirmation - Validate Terraform state before operations

IMPORTANT: State Management

  • ALWAYS backup state before destructive operations
  • NEVER run concurrent Terraform operations
  • Verify state lock is released after operations
This skill receives operation requests from infrastructure skills:
  • operation: init | validate | plan | apply | destroy
  • environment: test | prod
  • terraform_dir: Directory containing Terraform code
  • var_file: Environment-specific variable file
  • config: Configuration loaded from config-loader.sh
**OUTPUT START MESSAGE:** ``` ⚙️ TERRAFORM HANDLER: {operation} Environment: {environment} Directory: {terraform_dir} ─────────────────────────────────────── ```

LOAD CONFIGURATION:

# Source configuration loader
source "$(dirname "${BASH_SOURCE[0]}")/../devops-common/scripts/config-loader.sh"

# Load configuration for environment
load_config "${environment}"

# Set Terraform directory
cd "${TF_DIRECTORY}" || exit 1

EXECUTE OPERATION: Route to appropriate operation handler:

  1. init: Initialize Terraform backend and providers
  2. validate: Validate Terraform syntax and configuration
  3. plan: Generate execution plan showing changes
  4. apply: Apply changes to infrastructure
  5. destroy: Destroy all managed infrastructure

OUTPUT COMPLETION MESSAGE:

✅ TERRAFORM COMPLETE: {operation}
{Summary of results}
───────────────────────────────────────

IF FAILURE:

❌ TERRAFORM FAILED: {operation}
Error: {error message}
Resolution: {suggested fix}
───────────────────────────────────────
**Purpose:** Initialize Terraform working directory with backend and providers

Workflow:

  1. Read: workflow/init.md
  2. Run terraform init with backend config
  3. Verify initialization successful
  4. Return: Initialization status

Usage:

operation="init"
environment="test"

Output:

  • Initialization status
  • Backend configuration
  • Provider versions installed
**Purpose:** Validate Terraform configuration syntax and consistency

Workflow:

  1. Read: workflow/validate.md
  2. Ensure terraform init has been run
  3. Run terraform validate
  4. Return: Validation status and any errors

Usage:

operation="validate"
environment="test"

Output:

  • Validation status: success/failure
  • Error messages if validation failed
  • Warnings if any
**Purpose:** Generate and show execution plan for infrastructure changes

Workflow:

  1. Read: workflow/plan.md
  2. Ensure terraform init has been run
  3. Run terraform plan with environment-specific var file
  4. Parse plan output
  5. Return: Plan summary (resources to add/change/destroy)

Usage:

operation="plan"
environment="test"

Output:

  • Plan summary: X to add, Y to change, Z to destroy
  • Detailed plan output
  • Plan file path for apply
**Purpose:** Apply Terraform changes to create/update infrastructure

Workflow:

  1. Read: workflow/apply.md
  2. Verify plan has been reviewed
  3. Run terraform apply with environment-specific var file
  4. For production: Require explicit approval
  5. Parse apply output
  6. Return: Applied changes and resource information

Usage:

operation="apply"
environment="test"
auto_approve="false"  # true only for test with explicit flag

Output:

  • Apply status
  • Resources created/updated
  • Resource ARNs and IDs
  • Apply duration
**Purpose:** Destroy all Terraform-managed infrastructure

Workflow:

  1. Run terraform destroy with environment-specific var file
  2. Require explicit confirmation
  3. Backup state before destroy
  4. Parse destroy output
  5. Return: Destruction status

Usage:

operation="destroy"
environment="test"
confirm="yes"  # Must be explicitly provided

Output:

  • Destroy status
  • Resources destroyed
  • State backup location
 This skill is complete and successful when ALL verified:

1. Operation Execution

  • Terraform command completed successfully
  • Return code = 0
  • Expected output received

2. State Consistency

  • Terraform state is consistent
  • State lock released (if held)
  • No pending changes (for apply operations)

3. Response Format

  • Standard format returned to caller
  • Resource information extracted
  • Error messages captured if failed

FAILURE CONDITIONS - Stop and report if: ❌ Terraform not installed (action: return error with installation instructions) ❌ Terraform directory not found (action: return error with correct path) ❌ State locked by another operation (action: return error, wait for unlock) ❌ Validation errors (action: return validation errors) ❌ Apply/destroy errors (action: return error with Terraform output)

PARTIAL COMPLETION - Not acceptable: ⚠️ Apply started but not finished → Wait for completion or error ⚠️ State lock held after operation → Release lock before returning

After successful completion, return to calling skill:

Standard Response Format:

{
  "status": "success|failure",
  "operation": "init|validate|plan|apply|destroy",
  "environment": "test|prod",
  "summary": {
    "add": 5,
    "change": 2,
    "destroy": 0
  },
  "resources": [
    {
      "type": "aws_s3_bucket",
      "name": "uploads",
      "arn": "arn:aws:s3:::bucket-name"
    }
  ],
  "duration": "45s",
  "message": "Operation description",
  "error": "Error message if failed"
}

Return to caller: JSON response string

Pattern: Command 'terraform' not found Action: 1. Check if terraform is in PATH 2. Return error with installation instructions Resolution: "Install Terraform: https://www.terraform.io/downloads" Pattern: "Error acquiring the state lock" Action: 1. Extract lock ID and timestamp 2. Return error with lock information 3. Suggest waiting or force-unlock (dangerous) Resolution: "State locked by another operation. Wait or force-unlock: terraform force-unlock {lock_id}" Pattern: Terraform validate returns errors Action: 1. Extract validation errors 2. Parse error messages 3. Return validation failures Resolution: "Fix validation errors in Terraform configuration: {errors}" Pattern: Terraform apply fails Action: 1. Extract error message 2. Check if permission error (delegate to permission-manager) 3. Return detailed error Resolution: "Terraform apply failed: {error}. Check resource configuration and permissions." Operation: init Input: environment="test" Process: 1. Load config for test environment 2. cd to TF_DIRECTORY 3. Run: terraform init -backend-config="bucket=${TF_BACKEND_BUCKET}" 4. Verify success 5. Return status Output: {"status": "success", "operation": "init", "message": "Terraform initialized"} Operation: plan Input: environment="test" Process: 1. Load config for test environment 2. cd to TF_DIRECTORY 3. Run: terraform plan -var-file="test.tfvars" -out="test.tfplan" 4. Parse plan output: "Plan: 5 to add, 2 to change, 0 to destroy" 5. Return plan summary Output: { "status": "success", "operation": "plan", "summary": {"add": 5, "change": 2, "destroy": 0}, "plan_file": "test.tfplan" } Operation: apply Input: environment="test", auto_approve="false" Process: 1. Load config for test environment 2. cd to TF_DIRECTORY 3. Run: terraform apply "test.tfplan" 4. Parse apply output for created resources 5. Extract resource ARNs 6. Return resource information Output: { "status": "success", "operation": "apply", "summary": {"add": 5, "change": 2, "destroy": 0}, "resources": [ {"type": "aws_s3_bucket", "name": "uploads", "arn": "arn:aws:s3:::my-bucket"} ], "duration": "45s" } **Common Terraform commands used:** 
# Initialize with backend config
terraform init \
  -backend-config="bucket=${TF_BACKEND_BUCKET}" \
  -backend-config="key=${TF_BACKEND_KEY}" \
  -backend-config="region=${AWS_REGION}"

# Validate configuration
terraform validate

# Generate plan
terraform plan \
  -var-file="${environment}.tfvars" \
  -out="${environment}.tfplan"

# Apply changes
terraform apply "${environment}.tfplan"

# Apply with auto-approve (test only)
terraform apply \
  -var-file="${environment}.tfvars" \
  -auto-approve

# Destroy infrastructure
terraform destroy \
  -var-file="${environment}.tfvars" \
  -auto-approve

# Show current state
terraform show

# List resources
terraform state list

# Force unlock state
terraform force-unlock {lock_id}
Variable files follow the pattern: `{environment}.tfvars`

Example: test.tfvars

environment = "test"
project_name = "myproject"
subsystem = "core"
aws_region = "us-east-1"

Example: prod.tfvars

environment = "prod"
project_name = "myproject"
subsystem = "core"
aws_region = "us-east-1"