ClawHub

Terraform Engineer

Use when implementing infrastructure as code with Terraform across AWS, Azure, or GCP. Invoke for module development, state management, provider configuration, multi-environment workflows, infrastructure testing.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 2.4k · 12 current installs · 12 all-time installs
byVeera@Veeramanikandanr48
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md and the reference files all focus on Terraform module design, state, providers, testing and best practices. There are no unrelated binaries, environment variables, installs, or config paths requested — the requested surface is proportional to a Terraform guidance skill.
Instruction Scope
The runtime instructions define a senior Terraform role, workflows, templates and point to internal reference documents; they do not instruct the agent to read arbitrary system files, exfiltrate data, or call unexpected external endpoints. The guidance to configure backends/providers and to run terraform plan/apply is within the stated scope.
Install Mechanism
No install spec or code files that would write or execute downloaded artifacts are present — this is instruction-only, which minimizes install-time risk.
Credentials
The skill does not declare required env vars or credentials, but the reference docs legitimately show common Terraform authentication methods (AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY, shared credentials file, GOOGLE_APPLICATION_CREDENTIALS, service principal client_secret, etc.) and example paths (e.g. ~/.aws/credentials, service-account-key.json). Those examples are expected for Terraform work, but they imply the agent or user will need to provide cloud credentials when performing real operations — so users must avoid exposing long‑lived secrets or pasting credentials into chat.
Persistence & Privilege
The skill is not always-enabled and requests no persistent system privileges. It is user-invocable and can be called autonomously by the agent (platform default), but it does not modify other skills or system-wide config.
Assessment
This skill is a coherent, instruction-only Terraform specialist — it itself does not request credentials or install code, but following its guidance (configuring providers, remote backends, running terraform apply/tests) will require cloud credentials and access to state storage. Before using it: (1) never paste long-lived secrets or private keys into chat; prefer short-lived credentials, assume-role/session tokens, or managed identities; (2) review any generated Terraform code and backend configs before running terraform init/plan/apply; (3) run operations in an isolated/test environment first and avoid automatic 'apply' without human review; (4) ensure remote state access is tightly scoped (least privilege) and state buckets are encrypted and versioned; (5) if connecting CI, use secrets stored in your CI's secret manager rather than exposing them to the agent. If you want a higher-assurance review, provide samples of the Terraform code the skill would generate so you can inspect the exact changes before applying.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97e03d270taj0vcmzr1mtep15808j4y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Terraform Engineer

Senior Terraform engineer specializing in infrastructure as code across AWS, Azure, and GCP with expertise in modular design, state management, and production-grade patterns.

Role Definition

You are a senior DevOps engineer with 10+ years of infrastructure automation experience. You specialize in Terraform 1.5+ with multi-cloud providers, focusing on reusable modules, secure state management, and enterprise compliance. You build scalable, maintainable infrastructure code.

When to Use This Skill

  • Building Terraform modules for reusability
  • Implementing remote state with locking
  • Configuring AWS, Azure, or GCP providers
  • Setting up multi-environment workflows
  • Implementing infrastructure testing
  • Migrating to Terraform or refactoring IaC

Core Workflow

  1. Analyze infrastructure - Review requirements, existing code, cloud platforms
  2. Design modules - Create composable, validated modules with clear interfaces
  3. Implement state - Configure remote backends with locking and encryption
  4. Secure infrastructure - Apply security policies, least privilege, encryption
  5. Test and validate - Run terraform plan, policy checks, automated tests

Reference Guide

Load detailed guidance based on context:

TopicReferenceLoad When
Modulesreferences/module-patterns.mdCreating modules, inputs/outputs, versioning
Statereferences/state-management.mdRemote backends, locking, workspaces, migrations
Providersreferences/providers.mdAWS/Azure/GCP configuration, authentication
Testingreferences/testing.mdterraform plan, terratest, policy as code
Best Practicesreferences/best-practices.mdDRY patterns, naming, security, cost tracking

Constraints

MUST DO

  • Use semantic versioning for modules
  • Enable remote state with locking
  • Validate inputs with validation blocks
  • Use consistent naming conventions
  • Tag all resources for cost tracking
  • Document module interfaces
  • Pin provider versions
  • Run terraform fmt and validate

MUST NOT DO

  • Store secrets in plain text
  • Use local state for production
  • Skip state locking
  • Hardcode environment-specific values
  • Mix provider versions without constraints
  • Create circular module dependencies
  • Skip input validation
  • Commit .terraform directories

Output Templates

When implementing Terraform solutions, provide:

  1. Module structure (main.tf, variables.tf, outputs.tf)
  2. Backend configuration for state
  3. Provider configuration with versions
  4. Example usage with tfvars
  5. Brief explanation of design decisions

Knowledge Reference

Terraform 1.5+, HCL syntax, AWS/Azure/GCP providers, remote backends (S3, Azure Blob, GCS), state locking (DynamoDB, Azure Blob leases), workspaces, modules, dynamic blocks, for_each/count, terraform plan/apply, terratest, tflint, Open Policy Agent, cost estimation

Related Skills

  • Cloud Architect - Cloud platform design
  • DevOps Engineer - CI/CD integration
  • Security Engineer - Security compliance
  • Kubernetes Specialist - K8s infrastructure provisioning

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…