Agent skill

handler-iac-terraform

Terraform IaC handler - centralized Terraform operations including init, validate, plan, apply, and destroy. Provides standard interface for Terraform-specific logic used by all infrastructure skills. Handles Terraform initialization, backend configuration, variable files, and execution plan management.

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/devops/handler-iac-terraform

SKILL.md

Handler: Terraform IaC

<CRITICAL_RULES> IMPORTANT: Environment-Specific Operations

  • ALWAYS use correct .tfvars file for environment
  • NEVER apply production changes without explicit confirmation
  • Validate Terraform state before operations

IMPORTANT: State Management

  • ALWAYS backup state before destructive operations
  • NEVER run concurrent Terraform operations
  • Verify state lock is released after operations </CRITICAL_RULES>
  • operation: init | validate | plan | apply | destroy
  • environment: test | prod
  • terraform_dir: Directory containing Terraform code
  • var_file: Environment-specific variable file
  • config: Configuration loaded from config-loader.sh </INPUTS>

LOAD CONFIGURATION:

bash
# Source configuration loader
source "$(dirname "${BASH_SOURCE[0]}")/../devops-common/scripts/config-loader.sh"

# Load configuration for environment
load_config "${environment}"

# Set Terraform directory
cd "${TF_DIRECTORY}" || exit 1

EXECUTE OPERATION: Route to appropriate operation handler:

  1. init: Initialize Terraform backend and providers
  2. validate: Validate Terraform syntax and configuration
  3. plan: Generate execution plan showing changes
  4. apply: Apply changes to infrastructure
  5. destroy: Destroy all managed infrastructure

OUTPUT COMPLETION MESSAGE:

✅ TERRAFORM COMPLETE: {operation}
{Summary of results}
───────────────────────────────────────

IF FAILURE:

❌ TERRAFORM FAILED: {operation}
Error: {error message}
Resolution: {suggested fix}
───────────────────────────────────────

Workflow:

  1. Read: workflow/init.md
  2. Run terraform init with backend config
  3. Verify initialization successful
  4. Return: Initialization status

Usage:

bash
operation="init"
environment="test"

Output:

  • Initialization status
  • Backend configuration
  • Provider versions installed </INIT>

Workflow:

  1. Read: workflow/validate.md
  2. Ensure terraform init has been run
  3. Run terraform validate
  4. Return: Validation status and any errors

Usage:

bash
operation="validate"
environment="test"

Output:

  • Validation status: success/failure
  • Error messages if validation failed
  • Warnings if any </VALIDATE>

Workflow:

  1. Read: workflow/plan.md
  2. Ensure terraform init has been run
  3. Run terraform plan with environment-specific var file
  4. Parse plan output
  5. Return: Plan summary (resources to add/change/destroy)

Usage:

bash
operation="plan"
environment="test"

Output:

  • Plan summary: X to add, Y to change, Z to destroy
  • Detailed plan output
  • Plan file path for apply </PLAN>

Workflow:

  1. Read: workflow/apply.md
  2. Verify plan has been reviewed
  3. Run terraform apply with environment-specific var file
  4. For production: Require explicit approval
  5. Parse apply output
  6. Return: Applied changes and resource information

Usage:

bash
operation="apply"
environment="test"
auto_approve="false"  # true only for test with explicit flag

Output:

  • Apply status
  • Resources created/updated
  • Resource ARNs and IDs
  • Apply duration </APPLY>

Workflow:

  1. Run terraform destroy with environment-specific var file
  2. Require explicit confirmation
  3. Backup state before destroy
  4. Parse destroy output
  5. Return: Destruction status

Usage:

bash
operation="destroy"
environment="test"
confirm="yes"  # Must be explicitly provided

Output:

  • Destroy status
  • Resources destroyed
  • State backup location </DESTROY>

<COMPLETION_CRITERIA> This skill is complete and successful when ALL verified:

1. Operation Execution

  • Terraform command completed successfully
  • Return code = 0
  • Expected output received

2. State Consistency

  • Terraform state is consistent
  • State lock released (if held)
  • No pending changes (for apply operations)

3. Response Format

  • Standard format returned to caller
  • Resource information extracted
  • Error messages captured if failed

FAILURE CONDITIONS - Stop and report if: ❌ Terraform not installed (action: return error with installation instructions) ❌ Terraform directory not found (action: return error with correct path) ❌ State locked by another operation (action: return error, wait for unlock) ❌ Validation errors (action: return validation errors) ❌ Apply/destroy errors (action: return error with Terraform output)

PARTIAL COMPLETION - Not acceptable: ⚠️ Apply started but not finished → Wait for completion or error ⚠️ State lock held after operation → Release lock before returning </COMPLETION_CRITERIA>

Standard Response Format:

json
{
  "status": "success|failure",
  "operation": "init|validate|plan|apply|destroy",
  "environment": "test|prod",
  "summary": {
    "add": 5,
    "change": 2,
    "destroy": 0
  },
  "resources": [
    {
      "type": "aws_s3_bucket",
      "name": "uploads",
      "arn": "arn:aws:s3:::bucket-name"
    }
  ],
  "duration": "45s",
  "message": "Operation description",
  "error": "Error message if failed"
}

Return to caller: JSON response string </OUTPUTS>

<ERROR_HANDLING>

<TERRAFORM_NOT_INSTALLED> Pattern: Command 'terraform' not found Action:

  1. Check if terraform is in PATH
  2. Return error with installation instructions Resolution: "Install Terraform: https://www.terraform.io/downloads" </TERRAFORM_NOT_INSTALLED>

<STATE_LOCKED> Pattern: "Error acquiring the state lock" Action:

  1. Extract lock ID and timestamp
  2. Return error with lock information
  3. Suggest waiting or force-unlock (dangerous) Resolution: "State locked by another operation. Wait or force-unlock: terraform force-unlock {lock_id}" </STATE_LOCKED>

<VALIDATION_ERROR> Pattern: Terraform validate returns errors Action:

  1. Extract validation errors
  2. Parse error messages
  3. Return validation failures Resolution: "Fix validation errors in Terraform configuration: {errors}" </VALIDATION_ERROR>

<APPLY_ERROR> Pattern: Terraform apply fails Action:

  1. Extract error message
  2. Check if permission error (delegate to permission-manager)
  3. Return detailed error Resolution: "Terraform apply failed: {error}. Check resource configuration and permissions." </APPLY_ERROR>

</ERROR_HANDLING>

<TERRAFORM_CLI_PATTERNS> Common Terraform commands used:

bash
# Initialize with backend config
terraform init \
  -backend-config="bucket=${TF_BACKEND_BUCKET}" \
  -backend-config="key=${TF_BACKEND_KEY}" \
  -backend-config="region=${AWS_REGION}"

# Validate configuration
terraform validate

# Generate plan
terraform plan \
  -var-file="${environment}.tfvars" \
  -out="${environment}.tfplan"

# Apply changes
terraform apply "${environment}.tfplan"

# Apply with auto-approve (test only)
terraform apply \
  -var-file="${environment}.tfvars" \
  -auto-approve

# Destroy infrastructure
terraform destroy \
  -var-file="${environment}.tfvars" \
  -auto-approve

# Show current state
terraform show

# List resources
terraform state list

# Force unlock state
terraform force-unlock {lock_id}

</TERRAFORM_CLI_PATTERNS>

<VAR_FILE_PATTERN> Variable files follow the pattern: {environment}.tfvars

Example: test.tfvars

hcl
environment = "test"
project_name = "myproject"
subsystem = "core"
aws_region = "us-east-1"

Example: prod.tfvars

hcl
environment = "prod"
project_name = "myproject"
subsystem = "core"
aws_region = "us-east-1"

</VAR_FILE_PATTERN>

Didn't find tool you were looking for?

Be as detailed as possible for better results