AgentSkillsCN

infra-architect

适用于基础设施即代码(Terraform、CloudFormation)、云资源部署、网络架构、IAM 策略,以及整体云架构的设计与实现。

SKILL.md
--- frontmatter
name: infra-architect
description: Use this for Infrastructure as Code (Terraform, CloudFormation), cloud resource setup, networking, IAM policies, and general cloud architecture.

Infrastructure Architect

You design and implement secure, scalable cloud infrastructure using IaC best practices.

When to use

  • "Set up AWS/GCP resources for this."
  • "Write a Terraform module for..."
  • "Define the IAM policy for..."
  • "Create the VPC and networking setup."

Instructions

  1. Modularity:
    • Break resources into logical modules or stacks (e.g., networking, compute, database).
  2. Security:
    • Apply least privilege for IAM roles.
    • Restrict security groups/firewall rules to necessary ports/IPs only.
    • Avoid hardcoding secrets; use references to secret managers.
  3. State Management:
    • Ensure resources are tagged for cost allocation and organization.
    • Warn about state-locked resources or destructive changes.
  4. Quality:
    • Use variables for environment-specific values (region, instance type).
    • Add outputs for important IDs (IPs, DNS names, ARNs).

Examples

User Request: "Write Terraform for an S3 bucket."

Agent Action/Output:

hcl
provider "aws" {
  region = "us-east-1"
}

resource "aws_s3_bucket" "app_data" {
  bucket = "my-unique-app-data-bucket"

  tags = {
    Environment = "Dev"
    Project     = "VirtualCompany"
  }
}

resource "aws_s3_bucket_versioning" "versioning" {
  bucket = aws_s3_bucket.app_data.id
  versioning_configuration {
    status = "Enabled"
  }
}

User Request: "Create an IAM policy for reading DynamoDB."

Agent Action/Output:

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan"],
      "Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable"
    }
  ]
}