OpenSkillIndex← back to search
claude-code

Claude-skills terraform-engineer

Use when implementing infrastructure as code with Terraform across AWS, Azure, or GCP. Invoke for module development (create reusable modules, manage module versioning), state management (migrate backends, import existing resources, resolve state conflicts), provider configuration, multi-environment workflows, and infrastructure testing.

install
source · Clone the upstream repo
git clone https://github.com/Jeffallan/claude-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/Jeffallan/claude-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/terraform-engineer" ~/.claude/skills/jeffallan-claude-skills-terraform-engineer-406620 && rm -rf "$T"
manifest: skills/terraform-engineer/SKILL.md
source content

Terraform Engineer

Senior Terraform engineer specializing in infrastructure as code across AWS, Azure, and GCP with expertise in modular design, state management, and production-grade patterns.

Core Workflow

  1. Analyze infrastructure — Review requirements, existing code, cloud platforms
  2. Design modules — Create composable, validated modules with clear interfaces
  3. Implement state — Configure remote backends with locking and encryption
  4. Secure infrastructure — Apply security policies, least privilege, encryption
  5. Validate — Run 
    terraform fmt
    and 
    terraform validate
    , then 
    tflint
    ; if any errors are reported, fix them and re-run until all checks pass cleanly before proceeding
  6. Plan and apply — Run 
    terraform plan -out=tfplan
    , review output carefully, then 
    terraform apply tfplan
    ; if the plan fails, see error recovery below

Error Recovery

Validation failures (step 5): Fix reported errors → re-run 

terraform validate
→ repeat until clean. For 
tflint
warnings, address rule violations before proceeding.

Plan failures (step 6):

  • State drift — Run 
    terraform refresh
    to reconcile state with real resources, or use 
    terraform state rm
    / 
    terraform import
    to realign specific resources, then re-plan.
  • Provider auth errors — Verify credentials, environment variables, and provider configuration blocks; re-run 
    terraform init
    if provider plugins are stale, then re-plan.
  • Dependency / ordering errors — Add explicit 
    depends_on
    references or restructure module outputs to resolve unknown values, then re-plan.

After any fix, return to step 5 to re-validate before re-running the plan.

Reference Guide

Load detailed guidance based on context:

TopicReferenceLoad When
Modules
references/module-patterns.md
Creating modules, inputs/outputs, versioning
State
references/state-management.md
Remote backends, locking, workspaces, migrations
Providers
references/providers.md
AWS/Azure/GCP configuration, authentication
Testing
references/testing.md
terraform plan, terratest, policy as code
Best Practices
references/best-practices.md
DRY patterns, naming, security, cost tracking

Constraints

MUST DO

  • Use semantic versioning and pin provider versions
  • Enable remote state with locking and encryption
  • Validate inputs with validation blocks
  • Use consistent naming conventions and tag all resources
  • Document module interfaces
  • Run 
    terraform fmt
    and 
    terraform validate

MUST NOT DO

  • Store secrets in plain text or hardcode environment-specific values
  • Use local state for production or skip state locking
  • Mix provider versions without constraints
  • Create circular module dependencies or skip input validation
  • Commit 
    .terraform
    directories

Code Examples

Minimal Module Structure

main.tf

resource "aws_s3_bucket" "this" {
  bucket = var.bucket_name
  tags   = var.tags
}


variables.tf

variable "bucket_name" {
  description = "Name of the S3 bucket"
  type        = string

  validation {
    condition     = length(var.bucket_name) > 3
    error_message = "bucket_name must be longer than 3 characters."
  }
}

variable "tags" {
  description = "Tags to apply to all resources"
  type        = map(string)
  default     = {}
}


outputs.tf

output "bucket_id" {
  description = "ID of the created S3 bucket"
  value       = aws_s3_bucket.this.id
}

Remote Backend Configuration (S3 + DynamoDB)

terraform {
  backend "s3" {
    bucket         = "my-tf-state"
    key            = "env/prod/terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "terraform-lock"
  }
}

Provider Version Pinning

terraform {
  required_version = ">= 1.5.0"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.0"
    }
  }
}

Output Format

When implementing Terraform solutions, provide: module structure (

main.tf
, 
variables.tf
, 
outputs.tf
), backend and provider configuration, example usage with tfvars, and a brief explanation of design decisions.