terraform-skill
Terraform 最佳实践指南
此技能帮助开发者编写具备适当结构、测试和安全性的生产就绪 Terraform 代码。它基于企业经验,提供模块设计、CI/CD 集成和基础设施最佳实践的指导。
下载技能 ZIP
在 Claude 中上传
前往 设置 → 功能 → 技能 → 上传技能
开启并开始使用
测试它
正在使用“terraform-skill”。 Help me understand when to use count vs for_each in Terraform
预期结果:
Use count when you have a boolean condition (create or not) or a fixed number of identical resources. Use for_each when items may be reordered, removed, or you need stable addressing by key. For example, use for_each = toset(var.availability_zones) for subnets so removing an AZ doesn't recreate all subsequent subnets.
正在使用“terraform-skill”。 What is the recommended variable ordering in Terraform?
预期结果:
Always order variable blocks consistently: description (required), type, default, validation, nullable. This ensures clarity and helps users understand the variable purpose immediately. Always include a description for every variable.
正在使用“terraform-skill”。 How should I structure my Terraform module?
预期结果:
A well-structured module includes: main.tf (resources), variables.tf (inputs), outputs.tf (outputs), versions.tf (provider constraints), examples/ (usage examples), and tests/ (test files). Keep modules small and focused on a single responsibility.
安全审计
安全All static findings are false positives. This is a legitimate Terraform best practices skill providing infrastructure-as-code guidance. The 85 'external_commands' detections are Ruby template syntax in markdown rendering HCL code examples. Network detections are legitimate reference URLs and example CIDR blocks in documentation. Sensitive data and cryptographic algorithm warnings refer to security best practices being taught, not actual vulnerabilities.
低风险问题 (1)
质量评分
你能构建什么
新基础设施项目设置
DevOps 工程师在启动新的 Terraform 项目时,需要关于目录结构、模块组织和命名约定的指导,以确保从一开始就编写可维护的代码。
测试策略选择
团队希望在其 Terraform 工作流中添加自动化测试,但需要根据其用例和专业知识,帮助在原生测试、Terratest 和静态分析工具之间做出选择。
模块重构
现有的 Terraform 配置需要重构以使用现代模式,如 for_each、moved 块或更好的变量设计,以提高可维护性。
试试这些提示
Help me set up a new Terraform project with proper structure for a multi-environment deployment. I need to understand the recommended directory layout for environments, modules, and examples.
What testing approach should I use for my Terraform modules? I have simple validation logic and some complex resource configurations. Looking for cost-effective testing that balances coverage with maintenance effort.
Review my module structure and suggest improvements. I have a VPC module that creates subnets, security groups, and routing. Should I split this into smaller modules or keep it as one?
Help me create a CI/CD pipeline for Terraform that includes validation, security scanning, planning, and apply stages. I want to optimize for cost and ensure proper approvals for production changes.
最佳实践
- 为资源使用描述性、有意义的名称(例如 web_server、application_logs),对单例资源使用 'this'
- 始终为变量和输出包含描述,以帮助未来的维护者
- 使用悲观约束(例如 ~> 5.0)锁定提供者版本,以在稳定性和更新之间取得平衡
避免
- 避免对非单例资源使用通用名称,如 'main'、'bucket' 或 'instance'
- 不要将机密存储在 Terraform 变量中;应使用机密管理器
- 避免使用默认 VPC 和过于宽松的安全组(0.0.0.0/0)