infra-as-code
A full Infrastructure as Code design and implementation pipeline. An agent team collaborates to perform Terraform/Pulumi-based infrastructure design, security policies, cost optimization, and drift detection. Use this skill for requests like 'design IaC', 'write Terraform code', 'create infrastructure code', 'Pulumi project design', 'cloud infrastructure design', 'infrastructure security design', 'infrastructure cost optimization', 'drift detection setup', and other IaC tasks. Also supports codifying existing infrastructure (import). Note: actual terraform apply execution, cloud console operations, and production deployment are outside the scope of this skill.
Best use case
infra-as-code is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
A full Infrastructure as Code design and implementation pipeline. An agent team collaborates to perform Terraform/Pulumi-based infrastructure design, security policies, cost optimization, and drift detection. Use this skill for requests like 'design IaC', 'write Terraform code', 'create infrastructure code', 'Pulumi project design', 'cloud infrastructure design', 'infrastructure security design', 'infrastructure cost optimization', 'drift detection setup', and other IaC tasks. Also supports codifying existing infrastructure (import). Note: actual terraform apply execution, cloud console operations, and production deployment are outside the scope of this skill.
Teams using infra-as-code should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/infra-as-code/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How infra-as-code Compares
| Feature / Agent | infra-as-code | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
A full Infrastructure as Code design and implementation pipeline. An agent team collaborates to perform Terraform/Pulumi-based infrastructure design, security policies, cost optimization, and drift detection. Use this skill for requests like 'design IaC', 'write Terraform code', 'create infrastructure code', 'Pulumi project design', 'cloud infrastructure design', 'infrastructure security design', 'infrastructure cost optimization', 'drift detection setup', and other IaC tasks. Also supports codifying existing infrastructure (import). Note: actual terraform apply execution, cloud console operations, and production deployment are outside the scope of this skill.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
SKILL.md Source
# Infra as Code — IaC Design Pipeline
An agent team collaborates to perform Terraform/Pulumi-based infrastructure design -> security -> cost optimization -> drift detection.
## Execution Mode
**Agent Team** — 5 members communicate directly via SendMessage and cross-validate each other.
## Agent Composition
| Agent | File | Role | Type |
|-------|------|------|------|
| infra-architect | `.claude/agents/infra-architect.md` | Architecture, module structure, environment separation | general-purpose |
| security-engineer | `.claude/agents/security-engineer.md` | IAM, networking, encryption, compliance | general-purpose |
| cost-optimizer | `.claude/agents/cost-optimizer.md` | Resource sizing, reservations, FinOps | general-purpose |
| drift-detector | `.claude/agents/drift-detector.md` | State verification, policy compliance, auto-remediation | general-purpose |
| iac-reviewer | `.claude/agents/iac-reviewer.md` | Cross-validation, IaC best practices | general-purpose |
## Workflow
### Phase 1: Preparation (Performed directly by Orchestrator)
1. Extract from user input:
- **Infrastructure Requirements**: What service the infrastructure is for
- **Cloud Provider** (optional): AWS / GCP / Azure
- **IaC Tool** (optional): Terraform / Pulumi / OpenTofu
- **Constraints** (optional): Budget, compliance, existing infrastructure
- **Existing Code** (optional): Existing IaC code, architecture documents
2. Create `_workspace/` directory at the project root
3. Organize input and save to `_workspace/00_input.md`
4. If existing files are available, copy them to `_workspace/` and skip the corresponding Phase
5. Determine **execution mode** based on the scope of the request (see "Modes by Task Scale" below)
### Phase 2: Team Assembly and Execution
| Order | Task | Assignee | Dependencies | Deliverable |
|-------|------|----------|-------------|-------------|
| 1 | Infrastructure Design | architect | None | `_workspace/01_infra_design.md` |
| 2a | Security Design | security | Task 1 | `_workspace/02_security_design.md` |
| 2b | Cost Analysis | cost | Task 1 | `_workspace/03_cost_analysis.md` |
| 3 | Drift Policy | drift | Tasks 1, 2a | `_workspace/04_drift_policy.md` |
| 4 | Final Review | reviewer | Tasks 1-3 | `_workspace/05_review_report.md` |
Tasks 2a (security) and 2b (cost) can be **executed in parallel**.
**Inter-team Communication Flow:**
- architect completes -> delivers network, IAM, data stores to security; delivers resource specs and scaling to cost; delivers module structure and core resources to drift
- security completes -> delivers security policies and compliance checks to drift; delivers security cost items to cost
- cost completes -> delivers cost anomaly detection criteria to drift
- reviewer cross-validates all deliverables. Requests fixes for RED Must Fix items (up to 2 times)
### Phase 3: Integration and Final Deliverables
1. Check all files in `_workspace/`
2. Verify all RED Must Fix items have been addressed
3. Report the final summary to the user
## Modes by Task Scale
| User Request Pattern | Execution Mode | Deployed Agents |
|---------------------|----------------|-----------------|
| "Design infrastructure code", "Full IaC" | **Full Pipeline** | All 5 agents |
| "Design infrastructure architecture only" | **Design Mode** | architect + reviewer |
| "Review infrastructure security" | **Security Mode** | security + reviewer |
| "Analyze infrastructure costs" | **Cost Mode** | cost + reviewer |
| "Set up drift detection" | **Drift Mode** | drift + reviewer |
| "Codify existing infrastructure" | **Import Mode** | architect + drift + reviewer |
**Leveraging Existing Files**: If the user provides existing IaC code, architecture documents, etc., copy the files to the appropriate location in `_workspace/` and skip the corresponding agent's step.
## Data Transfer Protocol
| Strategy | Method | Purpose |
|----------|--------|---------|
| File-based | `_workspace/` directory | Store and share main deliverables |
| Message-based | SendMessage | Real-time delivery of key information, fix requests |
| Task-based | TaskCreate/TaskUpdate | Progress tracking, dependency management |
## Error Handling
| Error Type | Strategy |
|-----------|----------|
| Provider undecided | Design with AWS as default, note multi-cloud considerations |
| Scale unestimable | Start small + Auto Scaling for elastic response |
| Agent failure | Retry once -> if fails, proceed without that deliverable, note omission in review |
| RED found in review | Request fix from relevant agent -> rework -> re-verify (up to 2 times) |
| Existing infrastructure conflict | Include terraform import strategy, establish gradual migration plan |
## Test Scenarios
### Normal Flow
**Prompt**: "Design Terraform infrastructure on AWS for running a NestJS API server. Use ECS Fargate + RDS PostgreSQL + ElastiCache Redis, with dev/staging/prod environment separation."
**Expected Result**:
- Design: VPC/subnet design, ECS/RDS/ElastiCache configuration, 3-environment module structure
- Security: Security group matrix, IAM roles, KMS encryption, Checkov policies
- Cost: Per-environment monthly cost estimates, Savings Plan suggestions, dev environment scheduling
- Drift: Security group/IAM immediate remediation, config drift alerts
- Review: Full consistency verification across all items
### Existing Infrastructure Codification Flow
**Prompt**: "I want to convert infrastructure currently managed manually in the AWS console to Terraform"
**Expected Result**:
- Import mode: Establish terraform import strategy
- Resource inventory, import command generation, state verification plan
- Include gradual migration roadmap
### Error Flow
**Prompt**: "Create simple web server infrastructure" (no detailed requirements)
**Expected Result**:
- Start design with basic configuration (VPC + EC2/ECS + ALB + RDS)
- Ask additional requirement questions (scale, DB, domain, etc.)
- Provide minimum configuration + expansion guide
## Agent Extension Skills
| Skill | Path | Enhanced Agent | Role |
|-------|------|---------------|------|
| terraform-module-patterns | `.claude/skills/terraform-module-patterns/skill.md` | infra-architect, drift-detector | Module structure, state management, environment separation, tagging strategy |
| cloud-cost-models | `.claude/skills/cloud-cost-models/skill.md` | cost-optimizer | AWS/GCP cost models, sizing, Savings Plan, FinOps maturity |Related Skills
sustainability-audit
Full audit pipeline for ESG/sustainability where an agent team collaborates to generate environmental, social, and governance assessments along with an integrated report and improvement plan. Use this skill for requests such as 'run an ESG audit', 'write a sustainability report', 'ESG assessment', 'carbon emissions calculation', 'ESG rating diagnosis', 'governance review', 'social responsibility assessment', 'GRI report', 'TCFD disclosure', 'ESG improvement plan', and other ESG/sustainability tasks. Also supports assessment of specific pillars (E/S/G) only or improving existing reports. However, actual on-site audit execution, third-party verification certificate issuance, ESG rating agency score changes, and carbon credit trading are outside the scope of this skill.
materiality-assessment
ESG materiality assessment matrix. Referenced by the esg-reporter and improvement-planner agents when evaluating ESG issue materiality and setting priorities. Use for 'materiality assessment', 'importance analysis', or 'Materiality Matrix' requests. Stakeholder surveys and external certification are out of scope.
ghg-protocol
GHG Protocol detailed guide. Referenced by the environmental-analyst agent when calculating and reporting greenhouse gas emissions. Use for 'GHG Protocol', 'carbon emissions', 'Scope 1/2/3', or 'carbon footprint' requests. Carbon credit trading and CDM project execution are out of scope.
citation-standards
Academic citation and reference standards guide. Referenced by the paper-writer and submission-preparer agents when composing citations and references. Use for 'citation format', 'APA', or 'references' requests. Original paper retrieval and professional database access are out of scope.
academic-paper
Full research pipeline for academic paper writing where an agent team collaborates to generate research design, experiment protocols, analysis, manuscript writing, and submission preparation. Use this skill for requests such as 'write an academic paper', 'research paper writing', 'help me write a paper', 'design a study', 'run statistical analysis', 'prepare journal submission', 'manuscript writing', 'research methodology design', 'hypothesis testing', 'academic writing', and other academic research paper tasks. Also supports analysis, rewriting, and submission preparation when existing data or drafts are available. However, actual data collection execution, official IRB submission, journal system login and upload, and running actual statistical software are outside the scope of this skill.
product-copy-formulas
Product copy formula library. Referenced by the detail-page-writer and marketing-manager agents when writing purchase-driving copy. Use for 'product copy', 'marketing copy', or 'ad copy' requests. Ad placement and design mockup creation are out of scope.
ecommerce-launcher
Full launch pipeline for e-commerce products where an agent team collaborates to generate product planning, detail pages, pricing strategy, marketing, and CS setup all at once. Use this skill for requests such as 'launch an e-commerce product', 'prepare a product launch', 'register a product on Naver Smart Store', 'launch on Coupang', 'create a detail page', 'develop a pricing strategy', 'create a marketing plan', 'launch prep', 'product planning brief', 'e-commerce CS manual', and other e-commerce product launch tasks. Also supports supplementing pricing/marketing/CS even when existing briefs or detail pages are provided. However, actual platform API integration (automated product registration), payment system development, logistics system integration, and real-time order management are outside the scope of this skill.
conversion-optimization
Purchase conversion optimization framework. Referenced by the detail-page-writer and pricing-strategist agents when designing detail pages and pricing with a conversion focus. Use for 'conversion rate optimization', 'CRO', or 'purchase psychology' requests. A/B testing tool setup and funnel automation are out of scope.
real-estate-analyst
Real estate investment analysis pipeline. An agent team collaborates to produce market research, location analysis, profitability analysis, risk assessment, and investment reports. Use this skill for requests such as 'analyze this real estate', 'apartment investment analysis', 'studio apartment yield', 'real estate market research', 'location analysis', 'real estate investment report', 'buy vs lease', 'reconstruction investment analysis', 'commercial property yield analysis', and other general real estate investment analysis tasks. Actual purchase contracts, brokerage services, interior design, and property management are outside the scope of this skill.
location-scoring
Location scoring scorecard. Referenced by the location-analyst agent for systematic real estate location evaluation. Use for requests involving 'location analysis', 'location assessment', or 'commercial area analysis'. On-site inspections and surveying are out of scope.
cap-rate-calculator
Real estate yield calculator. Reference formulas and models used by the profitability-analyst agent for quantitative investment return analysis. Use for requests involving 'Cap Rate', 'yield analysis', 'DCF', or 'cash flow analysis'. Tax advisory and loan underwriting are out of scope.
vendor-scoring
Vendor evaluation scorecard framework. Referenced by vendor-comparator and evaluation-designer agents when systematically comparing and evaluating vendors. Used for 'vendor evaluation', 'supplier comparison', 'bid evaluation' requests. Note: posting bid announcements and executing contracts are out of scope.