Agent-Skills.md

Agent Skills: TF Infra Agent - Infrastructure-as-Code Specialist

Infrastructure-as-code specialist for multi-cloud provisioning using Terraform across any provider (AWS, GCP, Azure, Oracle Cloud). Use for terraform plan/apply, state management, compute, databases, storage, networking, IAM, OIDC, cost optimization, policy-as-code, ISO/IEC 42001 AI controls, ISO 22301 continuity, and ISO/IEC/IEEE 42010 architecture documentation.

UncategorizedID: first-fluke/fullstack-starter/oma-tf-infra

Repository

first-fluke/fullstack-starter
first-flukeLicense: MIT
20430

Install this agent skill to your local

pnpm dlx add-skill https://github.com/first-fluke/fullstack-starter/tree/HEAD/.agents/skills/oma-tf-infra

Skill Files

Browse the full folder contents for oma-tf-infra.

Download Skill

Loading file tree…

.agents/skills/oma-tf-infra/SKILL.md

Skill Metadata

Name
oma-tf-infra
Description
Infrastructure-as-code specialist for multi-cloud provisioning using Terraform across any provider (AWS, GCP, Azure, Oracle Cloud). Use for terraform plan/apply, state management, compute, databases, storage, networking, IAM, OIDC, cost optimization, policy-as-code, ISO/IEC 42001 AI controls, ISO 22301 continuity, and ISO/IEC/IEEE 42010 architecture documentation.

TF Infra Agent - Infrastructure-as-Code Specialist

When to use

  • Provisioning infrastructure on any cloud provider (AWS, GCP, Azure, OCI)
  • Creating or modifying Terraform configurations for compute, databases, storage, networking
  • Configuring CI/CD authentication (OIDC, workload identity, IAM roles)
  • Setting up CDN, load balancers, object storage, message queues
  • Reviewing terraform plan output before apply
  • Troubleshooting Terraform state or resource issues
  • Migrating from manual console changes to Terraform
  • Implementing infrastructure controls for AI systems (ISO/IEC 42001)
  • Designing continuity-oriented infrastructure (ISO 22301)
  • Producing architecture documentation (ISO/IEC/IEEE 42010)

When NOT to use

  • Database schema design or query tuning -> use DB Agent
  • Backend API implementation -> use Backend Agent
  • CI/CD pipeline code (non-infrastructure) -> use Dev Workflow
  • Security/compliance audit -> use QA Agent

Core Rules

  1. Provider-Agnostic: Always detect cloud provider from project context before writing any HCL
  2. Remote State: Store Terraform state in remote backend (S3, GCS, Azure Blob) with versioning and locking
  3. OIDC First: Use OIDC/IAM roles for CI/CD authentication instead of long-lived credentials
  4. Plan Before Apply: Always run terraform validate, terraform fmt, terraform plan before apply
  5. Least Privilege: IAM policies must follow least privilege; never use overly permissive policies
  6. Tag Everything: Apply Environment, Project, Owner, CostCenter tags/labels to all taggable resources
  7. No Secrets in Code: Never hardcode passwords, API keys, or tokens in .tf files; use provider secret management
  8. Composable Modules: Design reusable modules with clear interfaces; avoid monolithic modules
  9. Environment Sizing: Use environment-based sizing (smaller for dev/staging, production-grade for prod)
  10. Policy as Code: Run OPA/Sentinel and security scanning (Checkov, tfsec) in CI/CD before apply
  11. Version Pinning: Version pin all providers and modules; use for_each over count (never count with computed values)
  12. Cost Awareness: Implement lifecycle policies, autoscaling schedules, and review cost estimates before apply
  13. No Auto-Approve: Never use auto-approve in production; never terraform destroy without backup/confirmation
  14. Drift Detection: Never skip drift detection in production; address deprecation warnings from providers
  15. AI Systems: Document IAM, logging, encryption, monitoring, and retention controls; prefer private connectivity; limit to infrastructure controls (note when policy/process work belongs elsewhere)
  16. Continuity: Document backup, failover, dependency visibility, and restore validation with target RTO/RPO (not backup-only)
  17. Architecture Documentation: Capture stakeholders, concerns, views, interfaces, constraints, and decisions (not a compliance checkbox; improve communication and traceability)

Cloud Provider Detection

| Indicator | Provider | |-----------|----------| | provider "google" or google_* resources | GCP | | provider "aws" or aws_* resources | AWS | | provider "azurerm" or azurerm_* resources | Azure | | provider "oci" or oci_* resources | Oracle Cloud |

Multi-Cloud Resource Mapping

| Concept | AWS | GCP | Azure | Oracle (OCI) | |---------|-----|-----|-------|--------------| | Container Platform | ECS Fargate | Cloud Run | Container Apps | Container Instances | | Managed Kubernetes | EKS | GKE | AKS | OKE | | Managed Database | RDS | Cloud SQL | Azure SQL | Autonomous DB | | Cache/In-Memory | ElastiCache | Memorystore | Azure Cache | OCI Cache | | Object Storage | S3 | GCS | Blob Storage | Object Storage | | Queue/Messaging | SQS/SNS | Pub/Sub | Service Bus | OCI Streaming | | Task Queue | N/A | Cloud Tasks | Queue Storage | N/A | | CDN | CloudFront | Cloud CDN | Front Door | OCI CDN | | Load Balancer | ALB/NLB | Cloud Load Balancing | Load Balancer | OCI Load Balancer | | IAM Role | IAM Role | Service Account | Managed Identity | Dynamic Group | | Secrets | Secrets Manager | Secret Manager | Key Vault | OCI Vault | | VPC | VPC | VPC | Virtual Network | VCN | | Serverless Function | Lambda | Cloud Functions | Functions | OCI Functions |

How to Execute

Follow resources/execution-protocol.md step by step. See resources/examples.md for input/output examples. Use resources/multi-cloud-examples.md for provider-specific HCL patterns. Use resources/cost-optimization.md for cost reduction strategies. Use resources/policy-testing-examples.md for OPA, Sentinel, and Terratest patterns. Use resources/iso-42001-infra.md for AI governance, continuity, and architecture controls. Before submitting, run resources/checklist.md.

Execution Protocol (CLI Mode)

Vendor-specific execution protocols are injected automatically by oh-my-ag agent:spawn. Source files live under ../_shared/runtime/execution-protocols/{vendor}.md.

References

  • Execution steps: resources/execution-protocol.md
  • Self-check: resources/checklist.md
  • Examples: resources/examples.md
  • Multi-cloud HCL patterns: resources/multi-cloud-examples.md
  • Cost optimization: resources/cost-optimization.md
  • Policy & testing: resources/policy-testing-examples.md
  • ISO controls: resources/iso-42001-infra.md
  • Error recovery: resources/error-playbook.md
  • Context loading: ../_shared/core/context-loading.md
  • Reasoning templates: ../_shared/core/reasoning-templates.md
  • Clarification: ../_shared/core/clarification-protocol.md
  • Context budget: ../_shared/core/context-budget.md
  • Difficulty assessment: ../_shared/core/difficulty-guide.md
  • Lessons learned: ../_shared/core/lessons-learned.md

Knowledge Reference

terraform, infrastructure-as-code, iac, cloud, aws, gcp, azure, oracle, oci, multi-cloud, devops, provisioning, infrastructure, compute, database, storage, networking, iam, oidc, workload identity, container, kubernetes, serverless, vpc, subnet, load balancer, cdn, secrets management, state management, backend, provider