terraform-iac

What This Skill Does

The terraform-iac skill provides a professional-grade framework for managing Infrastructure as Code (IaC) workflows. It focuses on the most critical and complex aspects of Terraform: state management, module design, security, and team-based CI/CD orchestration. Rather than just writing syntax, this skill helps you architect your infrastructure to be modular, reproducible, and resilient to failure. It enforces industry-standard patterns like the 'Live vs. Modules' directory structure, secure state backend configuration, and robust plan-and-apply safety protocols. Whether you are building a greenfield environment or untangling a legacy state file, this skill acts as an infrastructure architect, ensuring that your blast radius is controlled and your team's workflow is automated through policy-as-code and OIDC-based authentication.

Installation

You can install the skill by running the following command in your terminal: clawhub install openclaw/skills/skills/clawkk/terraform-iac

Use Cases

• Greenfield Infrastructure: Setting up a scalable, multi-environment architecture that supports future growth.
• Refactoring Legacy Code: Migrating monolith modules into granular, reusable components without destroying production infrastructure, utilizing moved blocks.
• Incident Response: Diagnosing and resolving state locking issues, fixing resource drift, and recovering from failed apply operations.
• CI/CD Hardening: Implementing secure Plan-on-PR workflows, OPA/Sentinel policy integration, and managing secrets via provider-native solutions like HashiCorp Vault.

Example Prompts

1. "I need to refactor our current monolithic VPC module into smaller, environment-agnostic components. Can you help me plan the directory structure and the necessary moved blocks to avoid downtime?"
2. "We are seeing consistent drift in our S3 bucket configurations across production. How can I audit the existing state and configure a CI pipeline to prevent manual drift in the future?"
3. "Help me design a secure workflow for multi-account AWS deployments where we need to separate state files per environment and use OIDC instead of long-lived access keys."

Tips & Limitations

• Safety First: Always use terraform plan and output it to a file before applying. The skill emphasizes peer reviews for any plan targeting production.
• State Sensitivity: Remember that Terraform state often contains raw secrets. Ensure your backend supports encryption at rest and strict IAM policies.
• Blast Radius: Avoid 'mega-modules' that encompass the entire infrastructure. Smaller, single-responsibility modules are easier to test and version-control.
• Limitation: This skill is an architectural guide and implementation assistant; it requires that you have the appropriate cloud provider permissions configured. It cannot override cloud-provider-level permission errors.