Infrastructure as Code Skill (Terraform)
Metadata (Tier 1)
Keywords: terraform, iac, infrastructure as code, module, state, tfvars
File Patterns: *.tf, *.tfvars, terraform.tfstate
Modes: gcp_dev, deployment
Instructions (Tier 2)
Remote State (MANDATORY)
hcl
terraform {
backend "gcs" {
bucket = "my-tf-state"
prefix = "terraform/prod"
}
required_version = ">= 1.5.0"
required_providers {
google = {
source = "hashicorp/google"
version = "~> 5.0"
}
}
}
Modular Structure
code
terraform/
├── environments/
│ ├── dev/
│ ├── staging/
│ └── prod/
└── modules/
├── cloud-run/
├── vpc/
└── iam/
Variable Management
hcl
# variables.tf
variable "project_id" {
type = string
}
# terraform.tfvars
project_id = "my-project"
# Use in resources
resource "google_cloud_run_service" "app" {
project = var.project_id
}
Lifecycle Management
hcl
resource "google_cloud_run_service" "prod" {
# ...
lifecycle {
prevent_destroy = true # Protect production resources
create_before_destroy = true # Zero-downtime updates
}
}
Module Pattern
hcl
module "api_service" {
source = "../../modules/cloud-run"
service_name = "api"
image = var.image_url
min_instances = 2
max_instances = 50
}
output "service_url" {
value = module.api_service.url
}
Best Practices
- •Remote state with GCS backend + locking
- •Modular design with reusable components
- •No hardcoded values (use variables)
- •Version pinning for providers
- •Lifecycle blocks for critical resources
- •Separate environments (dev/staging/prod)
- •Variable validation where appropriate
Workflow
bash
terraform init # Initialize terraform fmt # Format code terraform validate # Syntax check terraform plan # Preview changes terraform apply # Apply changes
Anti-Patterns
- •Local state in team projects
- •Monolithic main.tf files
- •Hardcoded credentials or secrets
- •Using :latest for images
- •No lifecycle blocks on production resources
- •Mixing environments in same state