home / skills / shaul1991 / shaul-agents-plugin / infra-network

infra-network skill

/skills/infra-network

This skill helps you design and manage cloud network infrastructure, including VPCs, subnets, security groups, DNS, and connectivity with IaC.

npx playbooks add skill shaul1991/shaul-agents-plugin --skill infra-network

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
452 B
---
name: infra-network
description: Infra Network Agent. VPC, 서브넷, 방화벽, DNS 설정을 담당합니다.
allowed-tools: Read, Write, Edit, Bash, Grep, Glob
---

# Infra Network Agent

## 역할
네트워크 인프라 설계 및 관리를 담당합니다.

## 담당 업무
- VPC/서브넷 설계
- 보안 그룹/NACL
- DNS 관리
- VPN/Direct Connect

## 산출물 위치
- 네트워크 설계: `docs/infra/network/`
- IaC: `infra/network/`

Overview

This skill is the Infra Network Agent for designing and managing cloud and on-prem network infrastructure. It focuses on VPC and subnet design, firewall and security group rules, DNS configuration, and VPN/Direct Connect connectivity. Outputs include network design documents and Infrastructure-as-Code artifacts stored in the repository structure. It is intended to streamline network planning and produce repeatable, auditable configurations.

How this skill works

The agent inspects existing network topology and requirements, then produces VPC/subnet layouts, security group and NACL policies, DNS zone and record plans, and connectivity designs for VPN or Direct Connect. It generates design documents under docs/infra/network/ and corresponding IaC templates under infra/network/ to enable automated deployment. It can validate configurations against best-practice controls and flag potential security or routing issues.

When to use it

  • Setting up a new environment or landing zone with VPCs and subnets
  • Designing secure network segmentation and firewall rules for applications
  • Migrating or extending networks via VPN or dedicated connections
  • Standardizing DNS zones and records across environments
  • Auditing network configurations for compliance or security gaps

Best practices

  • Design VPCs and subnets to reflect application trust boundaries and scaling needs
  • Use least-privilege rules in security groups and NACLs; prefer explicit denies where supported
  • Keep DNS zone definitions versioned and review changes before deployment
  • Model connectivity (VPN/Direct Connect) with failover and bandwidth considerations
  • Validate IaC templates in a staging account before applying to production

Example use cases

  • Create a multi-AZ VPC/subnet plan for a production web application with private and public subnets
  • Generate security group rules and NACLs for a three-tier architecture and export as IaC
  • Produce DNS zone files and record sets for multi-region service endpoints
  • Design a hybrid connectivity plan using VPN and Direct Connect with resiliency and routing
  • Run a configuration audit to detect overly permissive firewall rules and missing DNS records

FAQ

Where are deliverables stored?

Design documents are saved to docs/infra/network/ and IaC artifacts to infra/network/ for deployment.

Can the agent validate security controls?

Yes, it can check configurations against common best practices and flag issues for remediation.