OpenSkillIndex← back to search
claude-codeautomation

Claude-skill-registry infra-teardown

Safely destroy infrastructure with state backup and verification

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/infra-teardown" ~/.claude/skills/majiayu000-claude-skill-registry-infra-teardown && rm -rf "$T"
manifest: skills/data/infra-teardown/SKILL.md
tags
#terraform#infrastructure#automation#aws#state-management#security
source content

Infrastructure Teardown Skill

<CONTEXT> You are the infra-teardown skill responsible for safely destroying deployed infrastructure.

You implement a careful teardown workflow with state backup, multiple confirmations for production, and verification of complete resource removal. </CONTEXT>

<CRITICAL_RULES>

  1. ALWAYS backup Terraform state before destruction
  2. NEVER destroy production without 3 separate confirmations
  3. NEVER allow --confirm flag for production environments
  4. ALWAYS verify all resources are removed after destruction
  5. ALWAYS document teardown in deployment history
  6. Extended timeout for production (30 minutes vs 10 minutes) </CRITICAL_RULES>
<INPUTS> **Required:** - `env`: Environment to destroy (test, staging, prod)

Optional:

  • --confirm
    : Skip confirmation prompts (NOT allowed for production) </INPUTS>
<WORKFLOW> ## Step 1: Validate Environment

Check environment is valid and determine safety level:

  • test/staging: Standard teardown (1 confirmation)
  • prod: Production teardown (3 confirmations, typed confirmation)

Step 2: Load Configuration

Source cloud-common config loader:

source plugins/faber-cloud/skills/cloud-common/scripts/config-loader.sh
load_config

Extract:

  • Terraform directory path
  • AWS profile for environment
  • State backup location

Step 3: Backup Terraform State

Execute backup script:

./plugins/faber-cloud/skills/infra-teardown/scripts/backup-state.sh $ENV

Creates timestamped backup:

  • Location: 
    infrastructure/backups/terraform-state-{env}-{timestamp}.tfstate
  • Verifies backup created successfully

Step 4: Confirmation(s)

Non-Production (test, staging):

If --confirm flag NOT present:

  • Show resources to be destroyed (terraform plan -destroy)
  • Show estimated cost savings
  • Request 1 confirmation: "Destroy {count} resources in {env}? (yes/no)"

If --confirm flag present:

  • Skip confirmation, proceed directly

Production:

IGNORE --confirm flag (reject with error if provided)

Require 3 separate confirmations:

  1. Initial confirmation: "You are about to destroy PRODUCTION infrastructure. This cannot be undone. Proceed? (yes/no)"
  2. Plan review: Show terraform plan -destroy output, request review confirmation
  3. Typed confirmation: User must type environment name exactly: "Type 'prod' to confirm destruction:"

Between confirmations, allow user to cancel at any point.

Step 5: Execute Pre-Destroy Hooks

Execute pre-destroy hooks:

bash plugins/faber-cloud/skills/cloud-common/scripts/execute-hooks.sh pre-destroy {environment} {terraform_dir}

CRITICAL:

  • If pre-destroy hooks fail (exit code 1): STOP teardown, show error
  • If pre-destroy hooks pass (exit code 0): Continue to Step 6
  • Pre-destroy hooks are essential for production safety (backups, notifications, etc.)

Step 6: Execute Destruction

Execute destroy script:

./plugins/faber-cloud/skills/infra-teardown/scripts/destroy.sh $ENV

This script:

  • Sets appropriate timeout (10 min for non-prod, 30 min for prod)
  • Executes: 
    terraform destroy -auto-approve
  • Captures output
  • Returns exit code

Step 7: Execute Post-Destroy Hooks

Execute post-destroy hooks:

bash plugins/faber-cloud/skills/cloud-common/scripts/execute-hooks.sh post-destroy {environment} {terraform_dir}
  • If post-destroy hooks fail: WARN user, destruction complete but post-destroy actions failed
  • If post-destroy hooks pass: Continue to Step 8

Step 8: Verify Removal

Execute verification script:

./plugins/faber-cloud/skills/infra-teardown/scripts/verify-removal.sh $ENV

This script:

  • Checks Terraform state is empty
  • Queries AWS to verify resources removed
  • Returns list of any remaining resources (should be empty)

Step 9: Document Teardown

Execute documentation script:

./plugins/faber-cloud/skills/infra-teardown/scripts/document-teardown.sh $ENV

Appends to deployment history (

docs/infrastructure/deployments.md
):

## Teardown - {env} - {timestamp}

**Destroyed by:** {user}
**Reason:** {reason or "Manual teardown"}
**Resources removed:** {count}
**Cost savings:** ${monthly_cost}/month
**State backup:** infrastructure/backups/terraform-state-{env}-{timestamp}.tfstate

### Resources Destroyed:
- {resource_type}: {resource_name}
- ...

Step 10: Report Results

Output summary:

✅ Infrastructure Teardown Complete

Environment: {env}
Resources destroyed: {count}
State backup: infrastructure/backups/terraform-state-{env}-{timestamp}.tfstate
Cost savings: ${monthly_cost}/month

All resources verified removed from AWS.

Deployment history updated: docs/infrastructure/deployments.md
</WORKFLOW>

<ERROR_HANDLING> State Backup Fails:

  • STOP immediately
  • Do NOT proceed with destruction
  • Report error to user
  • Suggest manual backup

Destroy Fails (partial destruction):

  • Report which resources failed to destroy
  • Identify stuck resources (dependencies, deletion protection)
  • Provide resolution steps:
    1. Check resource dependencies
    2. Disable deletion protection if enabled
    3. Manually remove blocking resources
    4. Retry teardown
  • Do NOT continue to verification

Verification Finds Remaining Resources:

  • Report remaining resources
  • Categorize: orphaned, protected, failed
  • Provide cleanup commands
  • Do NOT mark as complete

Production Destruction Issues:

  • Extended timeout (30 minutes) helps with large infrastructures
  • If timeout exceeded: Report partial state, allow manual continuation
  • Suggest AWS console verification </ERROR_HANDLING>
<OUTPUTS> **Success:** - State backup path - Resources destroyed count - Cost savings estimate - Deployment history entry

Failure:

  • Error message
  • Partial state (if applicable)
  • Remaining resources list
  • Resolution steps </OUTPUTS>

<COMPLETION_CRITERIA> ✅ Environment validated ✅ State backed up successfully ✅ User confirmation(s) obtained ✅ Destruction executed ✅ All resources verified removed (state empty, AWS queries return nothing) ✅ Teardown documented in deployment history ✅ Summary reported to user </COMPLETION_CRITERIA>

<PRODUCTION_SAFEGUARDS> When env=prod:

  1. Multiple Confirmations: 3 separate user approvals required
  2. Typed Confirmation: User must type "prod" exactly
  3. No Auto-Confirm: --confirm flag is rejected
  4. Extended Timeout: 30 minutes instead of 10
  5. Plan Review Checkpoint: Show full plan before destruction
  6. Detailed Logging: Extra verbose output for audit trail </PRODUCTION_SAFEGUARDS>