terraform-skill
Terraform 最佳实践指南
此技能帮助开发者编写具备适当结构、测试和安全性的生产就绪 Terraform 代码。它基于企业经验,提供模块设计、CI/CD 集成和基础设施最佳实践的指导。
تنزيل ZIP المهارة
رفع في Claude
اذهب إلى Settings → Capabilities → Skills → Upload skill
فعّل وابدأ الاستخدام
اختبرها
استخدام "terraform-skill". Help me understand when to use count vs for_each in Terraform
النتيجة المتوقعة:
Use count when you have a boolean condition (create or not) or a fixed number of identical resources. Use for_each when items may be reordered, removed, or you need stable addressing by key. For example, use for_each = toset(var.availability_zones) for subnets so removing an AZ doesn't recreate all subsequent subnets.
استخدام "terraform-skill". What is the recommended variable ordering in Terraform?
النتيجة المتوقعة:
Always order variable blocks consistently: description (required), type, default, validation, nullable. This ensures clarity and helps users understand the variable purpose immediately. Always include a description for every variable.
استخدام "terraform-skill". How should I structure my Terraform module?
النتيجة المتوقعة:
A well-structured module includes: main.tf (resources), variables.tf (inputs), outputs.tf (outputs), versions.tf (provider constraints), examples/ (usage examples), and tests/ (test files). Keep modules small and focused on a single responsibility.
التدقيق الأمني
آمنAll static findings are false positives. This is a legitimate Terraform best practices skill providing infrastructure-as-code guidance. The 85 'external_commands' detections are Ruby template syntax in markdown rendering HCL code examples. Network detections are legitimate reference URLs and example CIDR blocks in documentation. Sensitive data and cryptographic algorithm warnings refer to security best practices being taught, not actual vulnerabilities.
مشكلات منخفضة المخاطر (1)
درجة الجودة
ماذا يمكنك بناءه
新基础设施项目设置
DevOps 工程师在启动新的 Terraform 项目时,需要关于目录结构、模块组织和命名约定的指导,以确保从一开始就编写可维护的代码。
测试策略选择
团队希望在其 Terraform 工作流中添加自动化测试,但需要根据其用例和专业知识,帮助在原生测试、Terratest 和静态分析工具之间做出选择。
模块重构
现有的 Terraform 配置需要重构以使用现代模式,如 for_each、moved 块或更好的变量设计,以提高可维护性。
جرّب هذه الموجهات
Help me set up a new Terraform project with proper structure for a multi-environment deployment. I need to understand the recommended directory layout for environments, modules, and examples.
What testing approach should I use for my Terraform modules? I have simple validation logic and some complex resource configurations. Looking for cost-effective testing that balances coverage with maintenance effort.
Review my module structure and suggest improvements. I have a VPC module that creates subnets, security groups, and routing. Should I split this into smaller modules or keep it as one?
Help me create a CI/CD pipeline for Terraform that includes validation, security scanning, planning, and apply stages. I want to optimize for cost and ensure proper approvals for production changes.
أفضل الممارسات
- 为资源使用描述性、有意义的名称(例如 web_server、application_logs),对单例资源使用 'this'
- 始终为变量和输出包含描述,以帮助未来的维护者
- 使用悲观约束(例如 ~> 5.0)锁定提供者版本,以在稳定性和更新之间取得平衡
تجنب
- 避免对非单例资源使用通用名称,如 'main'、'bucket' 或 'instance'
- 不要将机密存储在 Terraform 变量中;应使用机密管理器
- 避免使用默认 VPC 和过于宽松的安全组(0.0.0.0/0)