home / skills / laurigates / claude-plugins / infrastructure-terraform

infrastructure-terraform skill

safe

/terraform-plugin/skills/infrastructure-terraform

This skill helps you manage Terraform IaC efficiently by guiding plan, apply, and state workflows with modular, secure configurations.

npx playbooks add skill laurigates/claude-plugins --skill infrastructure-terraform

Review the files below or copy the command above to add this skill to your agents.

Files (2)

SKILL.md

5.0 KB

---
model: opus
created: 2025-12-16
modified: 2026-01-20
reviewed: 2025-12-16
name: infrastructure-terraform
description: |
  Infrastructure as Code with Terraform including HCL configuration, state management,
  modular design, and plan-apply workflows. Covers cloud and on-prem resource provisioning,
  remote backends, and Terraform modules.
  Use when user mentions Terraform, HCL, terraform plan, terraform apply, tfstate,
  infrastructure as code, or IaC provisioning.
allowed-tools: Glob, Grep, Read, Bash, Edit, Write, TodoWrite
---

# Infrastructure Terraform

Expert knowledge for Infrastructure as Code using Terraform with focus on declarative HCL, state management, and resilient infrastructure.

## Core Expertise

**Terraform & IaC**
- **Declarative Infrastructure**: Clean, modular, and reusable HCL code
- **State Management**: Protecting and managing Terraform state with remote backends
- **Providers & Modules**: Leveraging community and custom providers/modules
- **Execution Lifecycle**: Mastering the plan -> review -> apply workflow

## Infrastructure Provisioning Process

1. **Plan First**: Always generate `terraform plan` and review carefully before changes
2. **Modularize**: Break down infrastructure into reusable and composable modules
3. **Secure State**: Use remote backends with locking to protect state file
4. **Parameterize**: Use variables and outputs for flexible and configurable infrastructure
5. **Destroy with Caution**: Double-check plan before running `terraform destroy`

## Essential Commands

```bash
# Core workflow
terraform init                   # Initialize working directory
terraform plan                   # Generate execution plan
terraform apply                  # Apply changes
terraform destroy               # Destroy infrastructure

# State management
terraform state list            # List all resources
terraform state show <resource> # Show specific resource
terraform state pull > backup.tfstate  # Backup state

# Validation and formatting
terraform validate              # Validate configuration
terraform fmt -recursive        # Format all files recursively
terraform fmt path/to/dir       # Format specific directory
terraform graph | dot -Tsvg > graph.svg  # Dependency graph

# Working with directories (use -chdir to stay in repo root)
terraform -chdir=gcp fmt        # Format files in gcp/ directory
terraform -chdir=gcp validate   # Validate gcp/ configuration
terraform -chdir=gcp plan       # Plan from specific directory
terraform -chdir=modules/vpc init  # Init module directory

# Debugging
export TF_LOG=DEBUG             # Enable debug logging
terraform plan -out=tfplan      # Save plan for review
terraform show tfplan           # View saved plan
```

## Best Practices

**Module Structure**
```hcl
module "vpc" {
  source  = "./modules/vpc"
  version = "1.0.0"

  vpc_cidr = var.vpc_cidr
  environment = var.environment
}

output "vpc_id" {
  value = module.vpc.vpc_id
}
```

**Variable Configuration**
```hcl
variable "environment" {
  description = "Environment name"
  type        = string
  validation {
    condition     = contains(["dev", "staging", "prod"], var.environment)
    error_message = "Environment must be dev, staging, or prod."
  }
}
```

**Remote State Backend**
```hcl
terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "prod/terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "terraform-locks"
  }
}
```

**Provider Configuration**
```hcl
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
  required_version = ">= 1.5"
}
```

## Key Debugging Techniques

**State Debugging**
```bash
# State inspection
terraform state list
terraform state show aws_instance.web

# State recovery
terraform refresh
terraform plan -refresh-only
terraform import aws_instance.existing i-1234567890
```

**Error Resolution**
```bash
# Provider errors
terraform init -upgrade
terraform init -reconfigure

# Resource conflicts
terraform taint aws_instance.broken
terraform apply -target=aws_instance.web
```

## Agentic Optimizations

| Context | Command |
|---------|---------|
| Format directory | `terraform -chdir=path/to/dir fmt` |
| Check format (CI) | `terraform fmt -check -recursive` |
| Validate config | `terraform -chdir=path/to/dir validate` |
| Compact plan | `terraform plan -compact-warnings` |
| JSON plan output | `terraform plan -out=plan.tfplan && terraform show -json plan.tfplan` |
| List resources | `terraform state list` |

## Quick Reference

| Flag | Description |
|------|-------------|
| `-chdir=DIR` | Change to DIR before running command |
| `-recursive` | Process directories recursively |
| `-check` | Check formatting without changes (CI) |
| `-compact-warnings` | Show warnings in compact form |
| `-json` | Output in JSON format |
| `-out=FILE` | Save plan to file |
| `-target=RESOURCE` | Target specific resource |
| `-refresh-only` | Only refresh state, no changes |

For detailed debugging patterns, advanced module design, CI/CD integration, and troubleshooting strategies, see REFERENCE.md.

Overview

This skill provides practical, expert guidance for managing Infrastructure as Code with Terraform. It focuses on writing clean HCL, modular design, safe state management with remote backends and locking, and reliable plan->review->apply workflows. It helps teams provision cloud and on-prem resources reproducibly and troubleshoot common Terraform issues.

How this skill works

The skill inspects Terraform configuration and workflows, recommends commands and patterns, and explains state operations, module structure, and provider setup. It outlines a repeatable provisioning process: initialize, plan, review, and apply, and shows how to secure state with remote backends and locks. It also provides debugging commands for state recovery, provider errors, and targeted operations.

When to use it

Creating or refactoring Terraform HCL modules
Setting up or migrating remote state backends with locking
Running terraform plan/apply workflows in CI or locally
Debugging state drift, imports, or provider issues
Formatting, validating, and auditing Terraform codebase

Best practices

Always run terraform init then terraform plan and review before apply
Modularize infrastructure into reusable modules with clear inputs/outputs
Store state in a remote backend with server-side locking and encryption
Parameterize environments with validated variables and explicit types
Use terraform fmt and validate in CI to enforce style and correctness
Create and review saved plans (terraform plan -out) before applying in automated pipelines

Example use cases

Implement a remote S3/DynamoDB backend for team state locking and recovery
Refactor monolithic configs into versioned modules for VPCs, clusters, and databases
Create CI jobs that run terraform fmt -check, terraform validate, and terraform plan -compact-warnings
Recover drift by running terraform refresh, importing resources, or tainting and reapplying specific resources
Generate JSON plans for automation: terraform plan -out=plan.tfplan && terraform show -json plan.tfplan

FAQ

How do I protect my terraform state file?

Use a remote backend that supports encryption and locking (for example S3 + DynamoDB lock table, or a managed backend). Restrict access via IAM and avoid storing sensitive values in plaintext state when possible.

When should I use terraform import vs recreate?

Import existing resources into state when you want Terraform to manage them without recreation. Use recreate (or replace actions) when the desired resource must change shape and import cannot represent that change; always plan and review first.