Infrastructure as Code

Provides comprehensive guidance on infrastructure as code strategies, patterns, and best practices for managing cloud infrastructure declaratively. Covers tool selection (Terraform, Pulumi, CloudFormation, CDK), repository organization, module design, state management, environment promotion, testing approaches, drift detection, and team collaboration workflows for infrastructure at any scale.

Usage

Describe your infrastructure scope, team size, cloud providers, and current pain points. Specify whether you are starting fresh or migrating existing infrastructure to IaC. The skill provides architectural guidance, repository structures, workflow designs, and implementation patterns tailored to your situation.

Examples

• "Design an IaC repository structure for a multi-account AWS organization with shared modules"
• "Create a strategy for migrating 50 manually-created EC2 instances into Terraform management"
• "Build a testing pipeline for IaC that includes static analysis, plan review, and integration tests"
• "Design a GitOps workflow where infrastructure changes require PR approval and plan output review"

Guidelines

• Separate infrastructure into layers: networking, compute, data, application — each with independent state
• Use remote state with locking (S3+DynamoDB, GCS, Azure Blob) to prevent concurrent modifications
• Implement a module registry or monorepo with versioned modules consumed by environment-specific configs
• Never store secrets in IaC code or state; use vault references, SSM parameters, or sealed secrets
• Run terraform plan / pulumi preview in CI and post the output as a PR comment for review
• Use policy-as-code tools (OPA, Sentinel, Checkov) to enforce security and compliance guardrails
• Implement drift detection on a schedule to catch manual changes made outside the IaC workflow
• Tag all resources with ownership, environment, cost center, and IaC-managed metadata for governance