一键导入
terraform
Terraform best practices for writing modular, secure, and maintainable infrastructure as code - use when creating or reviewing Terraform projects
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Terraform best practices for writing modular, secure, and maintainable infrastructure as code - use when creating or reviewing Terraform projects
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Firecrawl gives AI agents and apps fast, reliable web context with strong search, scraping, and interaction tools. One install command sets up three skill segments: live CLI tools, app-integration build skills, and outcome-focused workflow skills. Route the reader to the right usage path after install.
Generate conventional commit messages - use when creating commits, writing commit messages, or asking for git commit help.
Create a decision history record in the history/ directory. Use before writing any implementation code for a new feature, architecture change, or significant technical decision.
Full development workflow from planning through deployment for AI Agent features. Use when developing new features, making significant architecture changes, or starting work on any non-trivial implementation.
Test execution workflow - run unit tests, linting, and type checking. Use when verifying code quality, running the full test suite, or checking before a commit.
Code review checklist - use for checking Python code quality, bugs, security issues, and best practices. Use when a user asks for a code review, needs to assess whether a change is safe to merge, or needs to review AI-agent code for production risk.
| name | terraform |
| description | Terraform best practices for writing modular, secure, and maintainable infrastructure as code - use when creating or reviewing Terraform projects |
Apply these guidelines when writing, reviewing, or scaffolding Terraform infrastructure code.
Use this skill when:
Every module must contain exactly three files:
main.tf — resource definitionsvariables.tf — input variable declarationsoutputs.tf — output value declarationsPlace new AWS resources inside an existing module if one covers that service. If no suitable module exists, create a new one. Never define resources in the root module directly unless they do not logically belong to any child module.
Never hard-code environment-specific values such as AMI IDs, instance types, CIDR blocks, bucket names, or region strings. Define them as variables.
Use .tfvars files per environment:
environments/
development.tfvars
staging.tfvars
production.tfvars
Never commit .tfvars files that contain sensitive values to version control.
Add them to .gitignore.
variables.tf — what it is and why that value was chosen.aws_ssm_parameter data
sources.backend.tf or versions.tf file.terraform.tfstate or terraform.tfstate.backup files.Example backend configuration:
terraform {
backend "s3" {
bucket = "<state-bucket-name>"
key = "<project>/<environment>/terraform.tfstate"
region = "<aws-region>"
dynamodb_table = "<lock-table-name>"
encrypt = true
}
}
terraform fmt before every commit.terraform validate to catch syntax and reference errors.terraform plan and review output before applying any change.All AWS resource names must follow this format:
${var.project_name}-${var.environment}-<specific-name>
project_name — short identifier for the project (e.g., pod-stylist)environment — deployment tier (e.g., development, staging, production)specific-name — concise, descriptive suffix (e.g., s3-media-bucket, api-repository)Examples:
pod-stylist-development-s3-media-bucketpod-stylist-production-server-sgpod-stylist-staging-ecs-task-roleThree groups, in order of scope:
1. Global flat parameters — shared across all projects and environments:
<PROJECT_PREFIX>_<PARAMETER_NAME>
Example: MYAPP_AWS_REGION, MYAPP_PROJECT_NAME
2. Shared generic parameters — scoped to a project and environment, not a specific app:
/${var.project_name}/${var.environment}/generic/<PARAMETER_NAME>
Example: /<project>/development/generic/PRIMARY_DOMAIN_NAME
3. Application-scoped hierarchical parameters:
/${var.project_name}/${var.environment}/<application>/<group>/<PARAMETER_NAME>
<application> — e.g., api, worker, admin<group> — e.g., database, storage, iam, redis, generic<PARAMETER_NAME> — uppercase, e.g., DB_PASSWORDExample: /<project>/production/api/database/DB_PASSWORD
Every resource must include these four tags:
tags = {
Name = "${var.project_name}-${var.environment}-<specific-name>"
Project = var.project_name
Environment = var.environment
Terraform = var.use_terraform
}
Rules:
tags to every resource, or pass a tags map into submodules.var.use_terraform is a boolean; it renders as "true" or "false" in AWS.Name Terraform variables using the pattern aws_<service>_<attribute> in snake_case:
aws — cloud provider prefix (enables future gcp_, azure_ namespacing)<service> — AWS service name: vpc, ec2, rds, s3, ecr, iam, cloudwatch<attribute> — short, meaningful attribute nameExamples:
aws_s3_bucket_nameaws_ec2_instance_typeaws_rds_max_allocated_storageaws_vpc_public_subnets_cidrREADME.md to every new module describing its purpose, inputs,
outputs, and a usage example.README.md when adding a new module or changing the
overall structure.main.tf, variables.tf, outputs.tf.tfvars files with secrets are excluded from Git${project_name}-${environment}-<specific-name> namingaws_<service>_<attribute> naming conventionterraform fmt applied — no formatting differencesterraform validate passes