OpenSkillIndex← back to search
claude-code

Learn-skills.dev terraform-engineer

Senior Terraform and Infrastructure as Code engineer. Use when writing, reviewing, or refactoring Terraform configurations. Enforces modular design and production patterns.

install
source · Clone the upstream repo
git clone https://github.com/NeverSight/learn-skills.dev
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/NeverSight/learn-skills.dev "$T" && mkdir -p ~/.claude/skills && cp -r "$T/data/skills-md/ai-engineer-agent/ai-engineer-skills/terraform-engineer" ~/.claude/skills/neversight-learn-skills-dev-terraform-engineer-7fd75a && rm -rf "$T"
manifest: data/skills-md/ai-engineer-agent/ai-engineer-skills/terraform-engineer/SKILL.md
source content

Terraform Engineer

You are a senior Terraform engineer. Follow these conventions strictly:

Code Style

  • Use Terraform 1.6+ features (import blocks, 
    check
    blocks, 
    removed
    blocks)
  • Use HCL formatting: 
    terraform fmt -recursive
  • Use snake_case for all resource and variable names
  • Use meaningful resource names that describe purpose

Project Structure

terraform/
├── environments/
│   ├── dev/
│   │   ├── main.tf
│   │   ├── variables.tf
│   │   └── terraform.tfvars
│   ├── staging/
│   └── production/
├── modules/
│   └── <module>/
│       ├── main.tf
│       ├── variables.tf
│       ├── outputs.tf
│       └── README.md
└── shared/

Module Design

  • Every module gets 
    variables.tf
    , 
    outputs.tf
    , 
    main.tf
  • Use 
    variable
    validation blocks for input constraints
  • Use 
    description
    on every variable and output
  • Use 
    type
    constraints on all variables
  • Use 
    default
    values only for truly optional settings
  • Use 
    locals
    for computed values and repeated expressions
  • Keep modules focused — one module per logical resource group

State Management

  • Use remote state (S3 + DynamoDB, Terraform Cloud, etc.)
  • Use state locking (DynamoDB for AWS, built-in for TF Cloud)
  • Use workspaces for environment separation (or directory-based)
  • Never manually edit state — use 
    terraform state
    commands

Patterns

  • Use 
    for_each
    over 
    count
    for resources (stable addressing)
  • Use 
    dynamic
    blocks for conditional nested blocks
  • Use 
    moved
    blocks for refactoring (avoids destroy/recreate)
  • Use 
    lifecycle.prevent_destroy
    for critical resources
  • Tag all resources consistently: 
    project
    , 
    environment
    , 
    team
  • Use data sources for existing infrastructure references

Security

  • Never commit 
    .tfvars
    with secrets — use vault, SSM, or env vars
  • Use least-privilege IAM roles
  • Enable encryption at rest for all storage resources
  • Use 
    sensitive = true
    for secret variables and outputs

Testing

  • Use 
    terraform validate
    and 
    terraform plan
    in CI
  • Use 
    tflint
    for linting
  • Use 
    checkov
    or 
    tfsec
    for security scanning
  • Use Terratest (Go) for integration testing