المهارات terraform-skill
📦

terraform-skill

آمن

Terraform 最佳实践指南

此技能帮助开发者编写具备适当结构、测试和安全性的生产就绪 Terraform 代码。它基于企业经验,提供模块设计、CI/CD 集成和基础设施最佳实践的指导。

يدعم: Claude Codex Code(CC)
🥉 73 برونزي
1

تنزيل ZIP المهارة

2

رفع في Claude

اذهب إلى Settings → Capabilities → Skills → Upload skill

3

فعّل وابدأ الاستخدام

اختبرها

استخدام "terraform-skill". Help me understand when to use count vs for_each in Terraform

النتيجة المتوقعة:

Use count when you have a boolean condition (create or not) or a fixed number of identical resources. Use for_each when items may be reordered, removed, or you need stable addressing by key. For example, use for_each = toset(var.availability_zones) for subnets so removing an AZ doesn't recreate all subsequent subnets.

استخدام "terraform-skill". What is the recommended variable ordering in Terraform?

النتيجة المتوقعة:

Always order variable blocks consistently: description (required), type, default, validation, nullable. This ensures clarity and helps users understand the variable purpose immediately. Always include a description for every variable.

استخدام "terraform-skill". How should I structure my Terraform module?

النتيجة المتوقعة:

A well-structured module includes: main.tf (resources), variables.tf (inputs), outputs.tf (outputs), versions.tf (provider constraints), examples/ (usage examples), and tests/ (test files). Keep modules small and focused on a single responsibility.

التدقيق الأمني

آمن
v1 • 2/25/2026

All static findings are false positives. This is a legitimate Terraform best practices skill providing infrastructure-as-code guidance. The 85 'external_commands' detections are Ruby template syntax in markdown rendering HCL code examples. Network detections are legitimate reference URLs and example CIDR blocks in documentation. Sensitive data and cryptographic algorithm warnings refer to security best practices being taught, not actual vulnerabilities.

1
الملفات التي تم فحصها
518
الأسطر التي تم تحليلها
1
النتائج
1
إجمالي عمليات التدقيق
مشكلات منخفضة المخاطر (1)
Documentation Contains Example IP Addresses
The skill contains example CIDR blocks (10.0.0.0/16, 10.1.0.0/24) in Terraform code examples. These are standard documentation practice for showing network configurations and pose no security risk.
تم تدقيقه بواسطة: claude

درجة الجودة

38
الهندسة المعمارية
95
قابلية الصيانة
87
المحتوى
50
المجتمع
100
الأمان
87
الامتثال للمواصفات

ماذا يمكنك بناءه

新基础设施项目设置

DevOps 工程师在启动新的 Terraform 项目时,需要关于目录结构、模块组织和命名约定的指导,以确保从一开始就编写可维护的代码。

测试策略选择

团队希望在其 Terraform 工作流中添加自动化测试,但需要根据其用例和专业知识,帮助在原生测试、Terratest 和静态分析工具之间做出选择。

模块重构

现有的 Terraform 配置需要重构以使用现代模式,如 for_each、moved 块或更好的变量设计,以提高可维护性。

جرّب هذه الموجهات

初始项目结构
Help me set up a new Terraform project with proper structure for a multi-environment deployment. I need to understand the recommended directory layout for environments, modules, and examples.
测试框架选择
What testing approach should I use for my Terraform modules? I have simple validation logic and some complex resource configurations. Looking for cost-effective testing that balances coverage with maintenance effort.
模块设计审查
Review my module structure and suggest improvements. I have a VPC module that creates subnets, security groups, and routing. Should I split this into smaller modules or keep it as one?
CI/CD 流水线设置
Help me create a CI/CD pipeline for Terraform that includes validation, security scanning, planning, and apply stages. I want to optimize for cost and ensure proper approvals for production changes.

أفضل الممارسات

  • 为资源使用描述性、有意义的名称(例如 web_server、application_logs),对单例资源使用 'this'
  • 始终为变量和输出包含描述,以帮助未来的维护者
  • 使用悲观约束(例如 ~> 5.0)锁定提供者版本,以在稳定性和更新之间取得平衡

تجنب

  • 避免对非单例资源使用通用名称,如 'main'、'bucket' 或 'instance'
  • 不要将机密存储在 Terraform 变量中;应使用机密管理器
  • 避免使用默认 VPC 和过于宽松的安全组(0.0.0.0/0)

الأسئلة المتكررة

Does this skill work with OpenTofu as well?
是的,此技能同时支持 Terraform 和 OpenTofu。除非特别说明,所有指导均适用于这两种工具。
Can this skill execute Terraform commands for me?
不,此技能提供指导和最佳实践。您需要在自己的环境中运行 Terraform 命令(init、plan、apply)。
What testing frameworks does this skill cover?
它涵盖 terraform validate、terraform test(原生 1.6+)、Terratest 以及 Trivy 和 Checkov 等安全工具。
Does this skill help with security scanning?
是的,它提供在 CI/CD 流水线中集成 Trivy 和 Checkov 进行基础设施安全扫描的指导。
What Terraform versions are supported?
该技能涵盖 Terraform 1.0+ 至 1.11+,强调每个版本中可用的功能,如原生测试(1.6+)、模拟提供者(1.7+)和仅写入参数(1.11+)。
How does this skill handle cost optimization?
它建议使用模拟进行 PR 验证,仅在 main 分支运行集成测试,实施自动清理,并标记测试资源以跟踪支出。

تفاصيل المطور

المؤلف

Anton Babenko

الترخيص

Apache-2.0

مرجع

main

بنية الملفات

📄 SKILL.md