OpenSkillIndex← back to search
claude-code

Claude-skill-registry iac-generator

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/iac-generator" ~/.claude/skills/majiayu000-claude-skill-registry-iac-generator && rm -rf "$T"
manifest: skills/data/iac-generator/SKILL.md
source content

IaC Generator Skill

Proposito

Esta skill gera codigo de Infrastructure as Code seguindo melhores praticas.

Provedores Suportados

Azure

  • Container Apps
  • Azure Kubernetes Service (AKS)
  • Azure SQL / PostgreSQL Flexible Server
  • Key Vault
  • Service Bus
  • Application Insights
  • Storage Account
  • Virtual Network

AWS

  • ECS/Fargate
  • EKS
  • RDS (PostgreSQL, MySQL)
  • Secrets Manager
  • SQS/SNS
  • CloudWatch
  • S3
  • VPC

Kubernetes

  • Deployments
  • Services (ClusterIP, LoadBalancer, NodePort)
  • ConfigMaps / Secrets
  • Ingress / Gateway API
  • NetworkPolicies
  • PodSecurityStandards
  • HorizontalPodAutoscaler

Comandos

/iac-init

Inicializa estrutura de IaC para o projeto:

/iac-init

Cria:

  • .agentic_sdlc/projects/{id}/iac/terraform/
  • main.tf
    , 
    variables.tf
    , 
    outputs.tf
    , 
    providers.tf
  • .github/workflows/terraform.yml

/iac-module {provider} {resource}

Gera modulo Terraform para recurso especifico:

/iac-module azure container-app
/iac-module aws ecs-service
/iac-module k8s deployment

/iac-secure

Executa analise de seguranca em IaC:

/iac-secure

Executa:

  • checkov scan
  • tfsec scan
  • Gera relatorio de findings

Templates

Azure Container App

# main.tf
resource "azurerm_container_app" "main" {
  name                         = var.app_name
  container_app_environment_id = azurerm_container_app_environment.main.id
  resource_group_name          = azurerm_resource_group.main.name
  revision_mode                = "Single"

  template {
    container {
      name   = "api"
      image  = var.container_image
      cpu    = var.cpu
      memory = var.memory

      dynamic "env" {
        for_each = var.environment_variables
        content {
          name        = env.key
          secret_name = env.value.secret ? env.key : null
          value       = env.value.secret ? null : env.value.value
        }
      }
    }

    min_replicas = var.min_replicas
    max_replicas = var.max_replicas
  }

  ingress {
    allow_insecure_connections = false
    external_enabled           = var.external_ingress
    target_port                = var.target_port
    transport                  = "http"

    traffic_weight {
      latest_revision = true
      percentage      = 100
    }
  }

  identity {
    type = "SystemAssigned"
  }

  tags = var.tags
}

Kubernetes Deployment

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Values.name }}
  labels:
    app: {{ .Values.name }}
spec:
  replicas: {{ .Values.replicas }}
  selector:
    matchLabels:
      app: {{ .Values.name }}
  template:
    metadata:
      labels:
        app: {{ .Values.name }}
    spec:
      containers:
        - name: {{ .Values.name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          ports:
            - containerPort: {{ .Values.port }}
          resources:
            limits:
              cpu: {{ .Values.resources.limits.cpu }}
              memory: {{ .Values.resources.limits.memory }}
            requests:
              cpu: {{ .Values.resources.requests.cpu }}
              memory: {{ .Values.resources.requests.memory }}
          envFrom:
            - configMapRef:
                name: {{ .Values.name }}-config
            - secretRef:
                name: {{ .Values.name }}-secrets
          livenessProbe:
            httpGet:
              path: /health
              port: {{ .Values.port }}
            initialDelaySeconds: 15
            periodSeconds: 20
          readinessProbe:
            httpGet:
              path: /ready
              port: {{ .Values.port }}
            initialDelaySeconds: 5
            periodSeconds: 10

Checklist de Seguranca

Antes de gerar IaC, verificar:

  • Secrets via Key Vault / Secrets Manager (nunca hardcoded)
  • Network isolation (VNets/VPCs com subnets privadas)
  • TLS everywhere (HTTPS, encrypted connections)
  • Least privilege RBAC (roles minimas necessarias)
  • Audit logging habilitado
  • Encryption at rest (databases, storage)
  • Private endpoints onde possivel
  • Backup configurado
  • Tags de custo aplicadas

Integracao com SDLC

FaseAcao IaC
Fase 3 (Arquitetura)Definir recursos necessarios
Fase 5 (Implementacao)Gerar codigo IaC
Fase 6 (Qualidade)Security scan de IaC
Fase 7 (Release)Apply em staging/prod

Workflow de Deploy

deploy_workflow:
  1_plan:
    - terraform init
    - terraform plan -out=tfplan
    - Revisar plan

  2_apply_staging:
    - terraform apply tfplan
    - Verificar deploy
    - Smoke tests

  3_apply_production:
    - Aprovacao humana
    - terraform apply tfplan
    - Monitorar metricas
    - Rollback se necessario

CI/CD Pipeline

GitHub Actions workflow gerado automaticamente:

name: Terraform
on:
  push:
    branches: [main]
    paths:
      - '.agentic_sdlc/**/iac/**'
  pull_request:
    branches: [main]
    paths:
      - '.agentic_sdlc/**/iac/**'

jobs:
  plan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-terraform@v3
      - run: terraform init
      - run: terraform plan -no-color
        continue-on-error: true

  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Checkov
        uses: bridgecrewio/checkov-action@master
        with:
          directory: .agentic_sdlc/projects/*/iac/terraform

Pontos de Pesquisa

Para templates atualizados:

  • "terraform azure container apps module"
  • "terraform aws ecs best practices"
  • "kubernetes deployment security best practices"