cloud-foundation-principles

Review the current infrastructure code against cloud foundation principles — identifies violations and suggests improvements

Use this agent for comprehensive cloud infrastructure audits of Terraform code, IaC organization, security configuration, or cloud architecture decisions. Examples: <example>Context: User has set up cloud infrastructure and wants it reviewed. user: "Review my Terraform code against cloud best practices" assistant: "I'll use the cloud-foundation-reviewer agent to audit the infrastructure." <commentary>Infrastructure review involves governance, naming, state management, security, networking — the agent audits against all relevant principles.</commentary></example> <example>Context: User is setting up a new cloud project from scratch. user: "Check if my cloud setup follows best practices" assistant: "I'll use the cloud-foundation-reviewer agent to review the cloud foundation." <commentary>New cloud setup touches multi-account, naming, IaC organization, security, secrets — comprehensive audit needed.</commentary></example> <example>Context: User finished configuring CI/CD pipeline for infrastructure. user: "Does my deployment pipeline follow good infrastructure patterns?" assistant: "I'll use the cloud-foundation-reviewer agent to evaluate the deployment pipeline." <commentary>Deployment pipeline touches image tagging, release triggers, credential management — multi-principle audit.</commentary></example>

This skill should be used when the user is making significant infrastructure decisions, documenting architectural choices, creating decision records, tracking exemptions from IaC, establishing decision-making processes, or onboarding new team members to existing infrastructure. Covers ADR format, numbering, status lifecycle, exemption tracking, and decision governance.

This skill should be used when the user is building Docker images, configuring container registries, designing image tagging strategies, setting up registry lifecycle policies, debugging production incidents that require tracing running code, or discussing OCI labels and build metadata. Covers git SHA tagging, the traceability chain from container to source code, registry retention policies, OCI build labels, and why date-based or environment-based tags fail.

This skill should be used when the user is choosing between managed and self-hosted services, deciding whether to run Kubernetes or use managed containers, evaluating self-hosted databases vs managed databases, considering self-hosted monitoring or caches, designing for a small team (under 50 engineers), or justifying a self-hosted exception. Covers the operations tax of self-hosting, managed container orchestration over Kubernetes for small teams, managed workflow engines, managed caches and databases, managed monitoring, and the decision framework for when self-hosting is genuinely justified.

This skill should be used when the user is setting up a new cloud project, designing account or project structure, creating environment isolation, configuring organization units or management groups, implementing landing zones, or deciding how to separate dev and prod workloads. Covers multi-account strategy, blast radius isolation, landing zone setup, and organizational governance.

This skill should be used when the user is designing resource naming conventions, implementing tagging or labeling strategies, building a labels module, setting up cost center attribution, creating naming standards for cloud resources, or reviewing tag compliance. Covers naming patterns, labels modules, cost center validation, tag enforcement, and naming across resource types.

1 hook across 1 event