Back to Details

terraform-tasks

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese
<!-- Progressive Disclosure References: - references/aws-provider-6.md - AWS Provider 6.0 breaking changes and migration - references/azurerm-4.md - AzureRM 4.x features and migration - references/ephemeral-values.md - Terraform 1.10+ ephemeral values for secrets - references/terraform-stacks.md - Terraform Stacks (GA 2025) reference -->
<!-- 渐进式披露参考资料: - references/aws-provider-6.md - AWS Provider 6.0破坏性变更与迁移指南 - references/azurerm-4.md - AzureRM 4.x特性与迁移指南 - references/ephemeral-values.md - Terraform 1.10+用于密钥的临时值 - references/terraform-stacks.md - Terraform Stacks(2025年正式发布)参考文档 -->

Terraform Tasks Skill

Terraform任务执行技能

🚨 CRITICAL GUIDELINES

🚨 关键准则

Windows File Path Requirements

Windows文件路径要求

MANDATORY: Always Use Backslashes on Windows for File Paths
When using Edit or Write tools on Windows, you MUST use backslashes (
\
) in file paths, NOT forward slashes (
/
).
Examples:
  • ❌ WRONG: 
    D:/repos/project/file.tsx
  • ✅ CORRECT: 
    D:\repos\project\file.tsx
This applies to:
  • Edit tool file_path parameter
  • Write tool file_path parameter
  • All file operations on Windows systems
强制要求:在Windows系统上始终使用反斜杠表示文件路径
在Windows系统上使用编辑或写入工具时,必须在文件路径中使用反斜杠(
\
),而不是正斜杠(
/
)。
示例:
  • ❌ 错误:
    D:/repos/project/file.tsx
  • ✅ 正确:
    D:\repos\project\file.tsx
这适用于:
  • 编辑工具的file_path参数
  • 写入工具的file_path参数
  • Windows系统上的所有文件操作

Documentation Guidelines

文档准则

NEVER create new documentation files unless explicitly requested by the user.
  • Priority: Update existing README.md files rather than creating new documentation
  • Repository cleanliness: Keep repository root clean - only README.md unless user requests otherwise
  • Style: Documentation should be concise, direct, and professional - avoid AI-generated tone
  • User preference: Only create additional .md files when user specifically asks for documentation
This skill enables autonomous execution of complex Terraform tasks with comprehensive provider knowledge and platform awareness.
除非用户明确要求,否则绝不要创建新的文档文件。
  • 优先级:优先更新现有README.md文件,而非创建新文档
  • 仓库整洁性:保持仓库根目录整洁 - 除非用户要求,否则仅保留README.md
  • 风格:文档应简洁、直接、专业 - 避免AI生成式语气
  • 用户偏好:仅在用户明确要求文档时,才创建额外的.md文件
本技能可借助全面的云服务商知识和平台认知,自主执行复杂的Terraform任务。

Capabilities

功能特性

1. Infrastructure Code Generation

1. 基础设施代码生成

Generate complete, production-ready Terraform code for any cloud provider:
Process:
  1. Determine provider and version from user context
  2. Research latest provider documentation if needed
  3. Generate complete configurations with:
    • Provider version constraints
    • Resource configurations
    • Variables with validation
    • Outputs
    • Security best practices
    • Platform-specific considerations
Example Tasks:
  • "Create Azure Storage Account with private endpoints and customer-managed keys"
  • "Generate AWS VPC with 3-tier architecture and NAT gateways"
  • "Build GCP GKE cluster with Workload Identity and node pools"
为任意云服务商生成完整的、可用于生产环境的Terraform代码:
流程:
  1. 根据用户上下文确定云服务商及其版本
  2. 必要时查阅最新的云服务商文档
  3. 生成包含以下内容的完整配置:
    • 云服务商版本约束
    • 资源配置
    • 带验证的变量
    • 输出配置
    • 安全最佳实践
    • 平台特定考量
示例任务:
  • "创建带专用端点和客户管理密钥的Azure存储账户"
  • "生成带三层架构和NAT网关的AWS VPC"
  • "构建带工作负载身份和节点池的GCP GKE集群"

2. Version Management

2. 版本管理

Handle Terraform and provider version upgrades:
Process:
  1. Check current versions
  2. Research changelogs and breaking changes
  3. Propose upgrade path
  4. Generate migration code
  5. Provide testing strategy
Example Tasks:
  • "Upgrade from AzureRM provider 2.x to 3.x"
  • "Migrate Terraform 0.12 code to 1.x"
  • "Update all providers to latest compatible versions"
处理Terraform和云服务商版本升级:
流程:
  1. 检查当前版本
  2. 查阅变更日志和破坏性变更
  3. 提出升级路径
  4. 生成迁移代码
  5. 提供测试策略
示例任务:
  • "将AzureRM服务商从2.x升级到3.x"
  • "将Terraform 0.12代码迁移到1.x"
  • "将所有云服务商更新到最新兼容版本"

3. Debugging and Troubleshooting

3. 调试与故障排除

Diagnose and fix Terraform issues:
Process:
  1. Gather diagnostic information
  2. Analyze error messages and logs
  3. Identify root cause
  4. Provide platform-specific solution
  5. Suggest preventive measures
Example Tasks:
  • "Debug state lock timeout on Windows"
  • "Fix provider authentication failure in Azure DevOps pipeline"
  • "Resolve circular dependency in module structure"
诊断并修复Terraform问题:
流程:
  1. 收集诊断信息
  2. 分析错误消息和日志
  3. 确定根本原因
  4. 提供平台特定解决方案
  5. 建议预防措施
示例任务:
  • "调试Windows系统上的状态锁超时问题"
  • "修复Azure DevOps流水线中的服务商认证失败问题"
  • "解决模块结构中的循环依赖问题"

4. Security Scanning and Remediation

4. 安全扫描与修复

Scan and fix security issues:
Process:
  1. Run security scanners (tfsec, Checkov)
  2. Analyze findings
  3. Prioritize issues
  4. Generate fixes
  5. Explain security implications
Example Tasks:
  • "Run tfsec and fix all HIGH severity issues"
  • "Ensure all S3 buckets have encryption enabled"
  • "Implement Azure storage account with all security best practices"
扫描并修复安全问题:
流程:
  1. 运行安全扫描工具(tfsec、Checkov)
  2. 分析扫描结果
  3. 对问题进行优先级排序
  4. 修复代码
  5. 解释安全影响
示例任务:
  • "运行tfsec并修复所有高严重性问题"
  • "确保所有S3存储桶已启用加密"
  • "实现符合所有安全最佳实践的Azure存储账户"

5. Architecture Review

5. 架构评审

Review and improve Terraform architecture:
Process:
  1. Analyze current structure
  2. Identify anti-patterns
  3. Propose improvements
  4. Generate refactoring plan
  5. Document decisions (ADRs)
Example Tasks:
  • "Review state management strategy for 500+ resources"
  • "Design multi-region architecture for high availability"
  • "Refactor monolithic state into layered approach"
评审并优化Terraform架构:
流程:
  1. 分析当前架构
  2. 识别反模式
  3. 提出改进方案
  4. 生成重构计划
  5. 记录决策(架构决策记录ADRs)
示例任务:
  • "评审包含500+资源的状态管理策略"
  • "设计用于高可用性的多区域架构"
  • "将单体状态重构为分层架构"

6. CI/CD Pipeline Generation

6. CI/CD流水线生成

Create complete CI/CD pipelines:
Process:
  1. Determine CI/CD platform
  2. Understand environment strategy
  3. Generate pipeline configuration
  4. Include security scanning
  5. Add approval gates
  6. Implement drift detection
Example Tasks:
  • "Create Azure DevOps pipeline with multi-stage deployment"
  • "Generate GitHub Actions workflow with OIDC authentication"
  • "Build GitLab CI pipeline with Terraform Cloud backend"
创建完整的CI/CD流水线:
流程:
  1. 确定CI/CD平台
  2. 理解环境策略
  3. 生成流水线配置
  4. 包含安全扫描步骤
  5. 添加审批闸门
  6. 实现漂移检测
示例任务:
  • "创建带多阶段部署的Azure DevOps流水线"
  • "生成带OIDC认证的GitHub Actions工作流"
  • "构建带Terraform Cloud后端的GitLab CI流水线"

7. Module Development

7. 模块开发

Create reusable Terraform modules:
Process:
  1. Design module interface
  2. Implement with best practices
  3. Add variable validation
  4. Generate documentation
  5. Create examples
  6. Set up testing
Example Tasks:
  • "Create Azure networking module with hub-spoke pattern"
  • "Build AWS ECS module with auto-scaling and ALB"
  • "Develop GCP Cloud Run module with custom domains"
创建可复用的Terraform模块:
流程:
  1. 设计模块接口
  2. 遵循最佳实践实现
  3. 添加变量验证
  4. 生成文档
  5. 创建示例
  6. 设置测试
示例任务:
  • "创建带中心辐射型模式的Azure网络模块"
  • "构建带自动扩缩容和ALB的AWS ECS模块"
  • "开发带自定义域名的GCP Cloud Run模块"

8. Migration Tasks

8. 迁移任务

Migrate infrastructure to Terraform:
Process:
  1. Inventory existing resources
  2. Generate import commands
  3. Create matching Terraform code
  4. Validate configurations
  5. Test import process
  6. Plan cutover strategy
Example Tasks:
  • "Import existing Azure resources into Terraform"
  • "Migrate from CloudFormation to Terraform"
  • "Convert ARM templates to Terraform HCL"
将基础设施迁移到Terraform:
流程:
  1. 盘点现有资源
  2. 生成导入命令
  3. 创建匹配的Terraform代码
  4. 验证配置
  5. 测试导入流程
  6. 规划切换策略
示例任务:
  • "将现有Azure资源导入Terraform"
  • "从CloudFormation迁移到Terraform"
  • "将ARM模板转换为Terraform HCL"

Autonomous Behavior

自主运行行为

This skill operates autonomously with minimal user intervention:
本技能可在极少用户干预的情况下自主运行:

Information Gathering

信息收集

  • Automatically detect Terraform and provider versions
  • Identify platform (Windows/Linux/macOS)
  • Detect CI/CD environment
  • Check for existing configurations
  • 自动检测Terraform和云服务商版本
  • 识别平台(Windows/Linux/macOS)
  • 检测CI/CD环境
  • 检查现有配置

Research

调研

  • Use WebSearch to find current documentation
  • Check provider changelogs for breaking changes
  • Research best practices
  • Find platform-specific solutions
  • 使用WebSearch查找当前文档
  • 查阅云服务商变更日志中的破坏性变更
  • 调研最佳实践
  • 查找平台特定解决方案

Code Generation

代码生成

  • Generate complete, working code
  • Include all necessary files (main.tf, variables.tf, outputs.tf, etc.)
  • Add comprehensive comments
  • Follow naming conventions
  • Apply security best practices
  • 生成完整、可运行的代码
  • 包含所有必要文件(main.tf、variables.tf、outputs.tf等)
  • 添加全面的注释
  • 遵循命名规范
  • 应用安全最佳实践

Validation

验证

  • Run terraform fmt on generated code
  • Validate syntax
  • Check for security issues
  • Test configurations when possible
  • 对生成的代码运行terraform fmt
  • 验证语法
  • 检查安全问题
  • 尽可能测试配置

Documentation

文档

  • Explain architectural decisions
  • Document usage examples
  • Note version compatibility
  • Include troubleshooting tips
  • 解释架构决策
  • 记录使用示例
  • 标注版本兼容性
  • 包含故障排除提示

Error Handling

错误处理

When encountering issues:
  1. Gather Context: Collect all relevant information
  2. Research: Look up error messages and solutions
  3. Platform Awareness: Consider OS-specific issues
  4. Multiple Solutions: Provide alternatives when available
  5. Prevention: Suggest how to avoid similar issues
遇到问题时:
  1. 收集上下文:收集所有相关信息
  2. 调研:查找错误消息和解决方案
  3. 平台认知:考虑操作系统特定问题
  4. 多方案备选:提供可用的替代方案
  5. 预防建议:建议如何避免类似问题

Platform-Specific Considerations

平台特定考量

Windows

Windows

  • PowerShell syntax for commands
  • Path handling (backslashes)
  • Line ending considerations
  • Execution policy issues
  • Credential management
  • 命令使用PowerShell语法
  • 路径处理(反斜杠)
  • 行尾符考量
  • 执行策略问题
  • 凭据管理

Linux/macOS

Linux/macOS

  • Bash syntax for commands
  • File permissions
  • Package managers
  • Environment variables
  • 命令使用Bash语法
  • 文件权限
  • 包管理器
  • 环境变量

CI/CD Environments

CI/CD环境

  • Pipeline-specific syntax
  • Agent capabilities
  • Authentication methods
  • Artifact handling
  • 流水线特定语法
  • Agent能力
  • 认证方法
  • 制品处理

Quality Standards

质量标准

All generated Terraform code must:
  • Be properly formatted (terraform fmt)
  • Pass validation (terraform validate)
  • Include security best practices
  • Have comprehensive variable validation
  • Include meaningful descriptions
  • Follow naming conventions
  • Be version-compatible
  • Include usage examples
  • Have proper output definitions
所有生成的Terraform代码必须:
  • 格式规范(已运行terraform fmt)
  • 通过验证(已运行terraform validate)
  • 包含安全最佳实践
  • 具备全面的变量验证
  • 包含有意义的描述
  • 遵循命名规范
  • 版本兼容
  • 包含使用示例
  • 具备正确的输出定义

Provider Expertise

云服务商专业能力

Azure (AzureRM)

Azure (AzureRM)

  • All resource types
  • AzAPI for preview features
  • Service endpoints and private endpoints
  • Managed identities
  • RBAC and policies
  • 所有资源类型
  • 用于预览特性的AzAPI
  • 服务端点和专用端点
  • 托管身份
  • RBAC和策略

AWS

AWS

  • All services
  • IAM roles and policies
  • VPC networking
  • S3 backend configuration
  • Cross-account deployments
  • 所有服务
  • IAM角色和策略
  • VPC网络
  • S3后端配置
  • 跨账户部署

Google Cloud

Google Cloud

  • All GCP services
  • IAM and service accounts
  • VPC and networking
  • GCS backend configuration
  • Organization and folder policies
  • 所有GCP服务
  • IAM和服务账户
  • VPC和网络
  • GCS后端配置
  • 组织和文件夹策略

Community Providers

社区服务商

  • Kubernetes and Helm
  • Datadog, PagerDuty
  • GitHub, GitLab
  • HashiCorp Vault
  • And more...
  • Kubernetes和Helm
  • Datadog、PagerDuty
  • GitHub、GitLab
  • HashiCorp Vault
  • 以及更多...

Examples

示例

Example 1: Generate Azure Storage Account

示例1:生成Azure存储账户

User Request: "Create an Azure Storage Account with all security best practices"
Skill Actions:
  1. Detect/ask for AzureRM provider version
  2. Research latest security requirements
  3. Generate complete configuration:
    • Storage account with secure settings
    • Private endpoint
    • Diagnostic settings
    • Customer-managed encryption keys
    • Network rules
    • Variables with validation
    • Outputs
  4. Include usage examples
  5. Add security scanner ignore comments where appropriate with explanations
用户请求:"创建符合所有安全最佳实践的Azure存储账户"
技能操作:
  1. 检测/询问AzureRM服务商版本
  2. 调研最新安全要求
  3. 生成完整配置:
    • 带安全设置的存储账户
    • 专用端点
    • 诊断设置
    • 客户管理的加密密钥
    • 网络规则
    • 带验证的变量
    • 输出配置
  4. 包含使用示例
  5. 在适当位置添加安全扫描工具忽略注释并附上解释

Example 2: Debug Plan Failure

示例2:调试计划失败问题

User Request: "My terraform plan is failing with authentication error on Windows"
Skill Actions:
  1. Ask for error details
  2. Identify it's Azure CLI authentication
  3. Provide Windows-specific solution:
    • PowerShell commands to check authentication
    • How to refresh credentials
    • Environment variable configuration
    • Alternative authentication methods
  4. Explain root cause
  5. Suggest prevention
用户请求:"我的terraform plan在Windows系统上因认证错误失败"
技能操作:
  1. 询问错误详情
  2. 确定是Azure CLI认证问题
  3. 提供Windows特定解决方案:
    • 用于检查认证的PowerShell命令
    • 如何刷新凭据
    • 环境变量配置
    • 替代认证方法
  4. 解释根本原因
  5. 建议预防措施

Example 3: Architecture Review

示例3:架构评审

User Request: "Review my Terraform structure, I have 1000+ resources in one state file"
Skill Actions:
  1. Analyze current structure
  2. Identify issues:
    • Large state file
    • Slow operations
    • Large blast radius
  3. Propose layered architecture:
    • Split into foundation/platform/apps
    • Separate state files
    • Remote state data sources
  4. Generate migration plan
  5. Create ADR documenting decision
  6. Provide implementation steps
用户请求:"评审我的Terraform架构,我的单个状态文件中有1000+资源"
技能操作:
  1. 分析当前架构
  2. 识别问题:
    • 状态文件过大
    • 操作缓慢
    • 影响范围广
  3. 提出分层架构方案:
    • 拆分为基础层/平台层/应用层
    • 分离状态文件
    • 远程状态数据源
  4. 生成迁移计划
  5. 创建记录决策的ADR
  6. 提供实施步骤

Integration with terraform-expert Agent

与terraform-expert Agent的集成

This skill works in tandem with the terraform-expert agent:
  • Agent provides strategic guidance
  • Skill executes tactical tasks
  • Agent validates skill outputs
  • Skill reports back to agent
Use this skill when you need to autonomously execute Terraform tasks with comprehensive provider knowledge and platform awareness.
本技能与terraform-expert Agent协同工作:
  • Agent提供战略指导
  • Skill执行战术任务
  • Agent验证Skill输出
  • Skill向Agent反馈结果
当你需要借助全面的云服务商知识和平台认知自主执行Terraform任务时,可使用本技能。