Skill

infrastructure-as-code-patterns

Codify infrastructure with Terraform, CloudFormation, or Pulumi. Design IaC architecture, versioning, testing, and drift detection. Use when automating infrastructure or establishing IaC practices.

From infrastructure-design

Install

Run in your terminal

npx claudepluginhub sethdford/claude-skills --plugin architect-infrastructure-design

Tool Access

This skill uses the workspace's default tool permissions.

Skill Content

Similar Skills

ui-ux-pro-max

Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.

ui-ux-pro-max

57.6k

context7-mcp

Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.

context7-plugin

51.4k

market-sizing-analysis

2 files

Calculates TAM/SAM/SOM using top-down, bottom-up, and value theory methodologies for market sizing, revenue estimation, and startup validation.

startup-business-analyst

32.9k

Stats

Parent Repo Stars3

Parent Repo Forks0

Last CommitMar 11, 2026

Actions

View Source View Plugin View on GitHub View README

Domain Context

Based on IaC best practices (Terraform, CloudFormation, Pulumi):

Declarative vs Imperative: Declare desired state (Terraform) vs describe steps (CloudFormation). Declarative is more maintainable.

Modularity: Reusable modules (VPC, database, load balancer); parameterized for different environments

State Management: Terraform state tracks infrastructure; must be versioned and backed up

Testing: Unit tests (validate syntax), integration tests (deploy to staging), policy tests (compliance)

Drift Detection: Find manual changes not in code; reconcile or remediate

Instructions

Choose Tool: Terraform (multi-cloud, popular, large ecosystem). CloudFormation (AWS-native, less learning). Pulumi (programming language, more flexible).

Design Module Structure: Root modules per environment (dev, staging, prod). Shared modules for common patterns (VPC, RDS cluster, service). Versioned modules in registry.

Plan State Management: Store state in remote backend (S3 + DynamoDB for Terraform). Enable versioning and locking. Restrict access (IAM for AWS state). Never commit state to Git.

Implement Testing: Validate syntax (terraform fmt). Unit tests (mock resources). Integration tests (deploy to ephemeral environment, test behavior). Destroy after test.

Detect and Handle Drift: Use terraform plan to detect changes not in code. Use policy as code (Sentinel, OPA) to enforce compliance. Periodically reconcile drift.

Anti-Patterns

One Monolithic Module: All infrastructure in single file. Result: hard to understand, reuse, test. Guard: Break into modules; each module responsible for logical unit.

State Committed to Git: Store state in version control. Result: leaks credentials, creates merge conflicts. Guard: Remote state backend; ignore .tfstate in Git.

No Testing: Deploy to production first time. Result: broken infrastructure. Guard: Test in ephemeral environment; validate before production.

Ignoring State Locking: Multiple people apply changes simultaneously. Result: state corruption. Guard: Use remote backend with locking; enforce plan review before apply.

Domain Context

Based on IaC best practices (Terraform, CloudFormation, Pulumi):

Declarative vs Imperative: Declare desired state (Terraform) vs describe steps (CloudFormation). Declarative is more maintainable.

Modularity: Reusable modules (VPC, database, load balancer); parameterized for different environments

State Management: Terraform state tracks infrastructure; must be versioned and backed up

Testing: Unit tests (validate syntax), integration tests (deploy to staging), policy tests (compliance)

Drift Detection: Find manual changes not in code; reconcile or remediate

Instructions

Choose Tool: Terraform (multi-cloud, popular, large ecosystem). CloudFormation (AWS-native, less learning). Pulumi (programming language, more flexible).

Design Module Structure: Root modules per environment (dev, staging, prod). Shared modules for common patterns (VPC, RDS cluster, service). Versioned modules in registry.

Plan State Management: Store state in remote backend (S3 + DynamoDB for Terraform). Enable versioning and locking. Restrict access (IAM for AWS state). Never commit state to Git.

Implement Testing: Validate syntax (terraform fmt). Unit tests (mock resources). Integration tests (deploy to ephemeral environment, test behavior). Destroy after test.

Detect and Handle Drift: Use terraform plan to detect changes not in code. Use policy as code (Sentinel, OPA) to enforce compliance. Periodically reconcile drift.

Anti-Patterns

One Monolithic Module: All infrastructure in single file. Result: hard to understand, reuse, test. Guard: Break into modules; each module responsible for logical unit.

State Committed to Git: Store state in version control. Result: leaks credentials, creates merge conflicts. Guard: Remote state backend; ignore .tfstate in Git.

No Testing: Deploy to production first time. Result: broken infrastructure. Guard: Test in ephemeral environment; validate before production.

Ignoring State Locking: Multiple people apply changes simultaneously. Result: state corruption. Guard: Use remote backend with locking; enforce plan review before apply.

infrastructure-as-code-patterns

infrastructure-as-code-patterns

Infrastructure-as-Code Patterns

Context

Domain Context

Instructions

Anti-Patterns

Further Reading

Infrastructure-as-Code Patterns

Context

Domain Context

Instructions

Anti-Patterns

Further Reading