Claude-code-plugins-plus-skills adk-infra-expert
install
source · Clone the upstream repo
git clone https://github.com/jeremylongshore/claude-code-plugins-plus-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/jeremylongshore/claude-code-plugins-plus-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/backups/skills-batch-20251204-000554/plugins/devops/jeremy-adk-terraform/skills/adk-infra-expert" ~/.claude/skills/jeremylongshore-claude-code-plugins-plus-skills-adk-infra-expert && rm -rf "$T"
manifest:
backups/skills-batch-20251204-000554/plugins/devops/jeremy-adk-terraform/skills/adk-infra-expert/SKILL.mdsource content
What This Skill Does
Expert in provisioning production Vertex AI ADK infrastructure with Agent Engine, Code Execution Sandbox (14-day state), Memory Bank, VPC Service Controls, and enterprise security.
When This Skill Activates
Triggers: "adk terraform deployment", "agent engine infrastructure", "provision adk agent", "vertex ai agent terraform", "code execution sandbox terraform"
Core Terraform Modules
Agent Engine Deployment
resource "google_vertex_ai_agent_runtime" "adk_agent" { project = var.project_id location = var.region display_name = "adk-production-agent" agent_config { model = "gemini-2.5-flash" code_execution { enabled = true state_ttl_days = 14 sandbox_type = "SECURE_ISOLATED" } memory_bank { enabled = true } tools = [ { code_execution = {} }, { memory_bank = {} } ] } vpc_config { vpc_network = google_compute_network.agent_vpc.id private_service_connect { enabled = true } } }
VPC Service Controls
resource "google_access_context_manager_service_perimeter" "adk_perimeter" { parent = "accessPolicies/${var.access_policy_id}" name = "accessPolicies/${var.access_policy_id}/servicePerimeters/adk_perimeter" title = "ADK Agent Engine Perimeter" status { restricted_services = [ "aiplatform.googleapis.com", "run.googleapis.com" ] vpc_accessible_services { enable_restriction = true allowed_services = [ "aiplatform.googleapis.com" ] } } }
IAM for Native Agent Identity
resource "google_project_iam_member" "agent_identity" { project = var.project_id role = "roles/aiplatform.agentUser" member = "serviceAccount:${google_service_account.adk_agent.email}" } resource "google_service_account" "adk_agent" { account_id = "adk-agent-sa" display_name = "ADK Agent Service Account" } # Least privilege for Code Execution resource "google_project_iam_member" "code_exec_permissions" { for_each = toset([ "roles/compute.viewer", "roles/container.viewer", "roles/run.viewer" ]) project = var.project_id role = each.key member = "serviceAccount:${google_service_account.adk_agent.email}" }
Tool Permissions
Read, Write, Edit, Grep, Glob, Bash - Enterprise infrastructure provisioning