handler-iac-terraform
Terraform IaC handler - centralized Terraform operations including init, validate, plan, apply, and destroy. Provides standard interface for Terraform-specific logic used by all infrastructure skills. Handles Terraform initialization, backend configuration, variable files, and execution plan management.
$ Installer
git clone https://github.com/fractary/claude-plugins /tmp/claude-plugins && cp -r /tmp/claude-plugins/plugins/faber-cloud/skills/handler-iac-terraform ~/.claude/skills/claude-plugins// tip: Run this command in your terminal to install the skill
name: handler-iac-terraform model: claude-haiku-4-5 description: | Terraform IaC handler - centralized Terraform operations including init, validate, plan, apply, and destroy. Provides standard interface for Terraform-specific logic used by all infrastructure skills. Handles Terraform initialization, backend configuration, variable files, and execution plan management. tools: Bash, Read, Write
Handler: Terraform IaC
<CRITICAL_RULES> IMPORTANT: Environment-Specific Operations
- ALWAYS use correct .tfvars file for environment
- NEVER apply production changes without explicit confirmation
- Validate Terraform state before operations
IMPORTANT: State Management
- ALWAYS backup state before destructive operations
- NEVER run concurrent Terraform operations
- Verify state lock is released after operations </CRITICAL_RULES>
- operation: init | validate | plan | apply | destroy
- environment: test | prod
- terraform_dir: Directory containing Terraform code
- var_file: Environment-specific variable file
- config: Configuration loaded from config-loader.sh
LOAD CONFIGURATION:
# Source configuration loader
source "$(dirname "${BASH_SOURCE[0]}")/../devops-common/scripts/config-loader.sh"
# Load configuration for environment
load_config "${environment}"
# Set Terraform directory
cd "${TF_DIRECTORY}" || exit 1
EXECUTE OPERATION: Route to appropriate operation handler:
- init: Initialize Terraform backend and providers
- validate: Validate Terraform syntax and configuration
- plan: Generate execution plan showing changes
- apply: Apply changes to infrastructure
- destroy: Destroy all managed infrastructure
OUTPUT COMPLETION MESSAGE:
✅ TERRAFORM COMPLETE: {operation}
{Summary of results}
───────────────────────────────────────
IF FAILURE:
❌ TERRAFORM FAILED: {operation}
Error: {error message}
Resolution: {suggested fix}
───────────────────────────────────────
Workflow:
- Read: workflow/init.md
- Run terraform init with backend config
- Verify initialization successful
- Return: Initialization status
Usage:
operation="init"
environment="test"
Output:
- Initialization status
- Backend configuration
- Provider versions installed
Workflow:
- Read: workflow/validate.md
- Ensure terraform init has been run
- Run terraform validate
- Return: Validation status and any errors
Usage:
operation="validate"
environment="test"
Output:
- Validation status: success/failure
- Error messages if validation failed
- Warnings if any
Workflow:
- Read: workflow/plan.md
- Ensure terraform init has been run
- Run terraform plan with environment-specific var file
- Parse plan output
- Return: Plan summary (resources to add/change/destroy)
Usage:
operation="plan"
environment="test"
Output:
- Plan summary: X to add, Y to change, Z to destroy
- Detailed plan output
- Plan file path for apply
Workflow:
- Read: workflow/apply.md
- Verify plan has been reviewed
- Run terraform apply with environment-specific var file
- For production: Require explicit approval
- Parse apply output
- Return: Applied changes and resource information
Usage:
operation="apply"
environment="test"
auto_approve="false" # true only for test with explicit flag
Output:
- Apply status
- Resources created/updated
- Resource ARNs and IDs
- Apply duration
Workflow:
- Run terraform destroy with environment-specific var file
- Require explicit confirmation
- Backup state before destroy
- Parse destroy output
- Return: Destruction status
Usage:
operation="destroy"
environment="test"
confirm="yes" # Must be explicitly provided
Output:
- Destroy status
- Resources destroyed
- State backup location
<COMPLETION_CRITERIA> This skill is complete and successful when ALL verified:
✅ 1. Operation Execution
- Terraform command completed successfully
- Return code = 0
- Expected output received
✅ 2. State Consistency
- Terraform state is consistent
- State lock released (if held)
- No pending changes (for apply operations)
✅ 3. Response Format
- Standard format returned to caller
- Resource information extracted
- Error messages captured if failed
FAILURE CONDITIONS - Stop and report if: ❌ Terraform not installed (action: return error with installation instructions) ❌ Terraform directory not found (action: return error with correct path) ❌ State locked by another operation (action: return error, wait for unlock) ❌ Validation errors (action: return validation errors) ❌ Apply/destroy errors (action: return error with Terraform output)
PARTIAL COMPLETION - Not acceptable: ⚠️ Apply started but not finished → Wait for completion or error ⚠️ State lock held after operation → Release lock before returning </COMPLETION_CRITERIA>
Standard Response Format:
{
"status": "success|failure",
"operation": "init|validate|plan|apply|destroy",
"environment": "test|prod",
"summary": {
"add": 5,
"change": 2,
"destroy": 0
},
"resources": [
{
"type": "aws_s3_bucket",
"name": "uploads",
"arn": "arn:aws:s3:::bucket-name"
}
],
"duration": "45s",
"message": "Operation description",
"error": "Error message if failed"
}
Return to caller: JSON response string
<ERROR_HANDLING>
<TERRAFORM_NOT_INSTALLED> Pattern: Command 'terraform' not found Action:
- Check if terraform is in PATH
- Return error with installation instructions Resolution: "Install Terraform: https://www.terraform.io/downloads" </TERRAFORM_NOT_INSTALLED>
<STATE_LOCKED> Pattern: "Error acquiring the state lock" Action:
- Extract lock ID and timestamp
- Return error with lock information
- Suggest waiting or force-unlock (dangerous) Resolution: "State locked by another operation. Wait or force-unlock: terraform force-unlock {lock_id}" </STATE_LOCKED>
<VALIDATION_ERROR> Pattern: Terraform validate returns errors Action:
- Extract validation errors
- Parse error messages
- Return validation failures Resolution: "Fix validation errors in Terraform configuration: {errors}" </VALIDATION_ERROR>
<APPLY_ERROR> Pattern: Terraform apply fails Action:
- Extract error message
- Check if permission error (delegate to permission-manager)
- Return detailed error Resolution: "Terraform apply failed: {error}. Check resource configuration and permissions." </APPLY_ERROR>
</ERROR_HANDLING>
<TERRAFORM_CLI_PATTERNS> Common Terraform commands used:
# Initialize with backend config
terraform init \
-backend-config="bucket=${TF_BACKEND_BUCKET}" \
-backend-config="key=${TF_BACKEND_KEY}" \
-backend-config="region=${AWS_REGION}"
# Validate configuration
terraform validate
# Generate plan
terraform plan \
-var-file="${environment}.tfvars" \
-out="${environment}.tfplan"
# Apply changes
terraform apply "${environment}.tfplan"
# Apply with auto-approve (test only)
terraform apply \
-var-file="${environment}.tfvars" \
-auto-approve
# Destroy infrastructure
terraform destroy \
-var-file="${environment}.tfvars" \
-auto-approve
# Show current state
terraform show
# List resources
terraform state list
# Force unlock state
terraform force-unlock {lock_id}
</TERRAFORM_CLI_PATTERNS>
<VAR_FILE_PATTERN>
Variable files follow the pattern: {environment}.tfvars
Example: test.tfvars
environment = "test"
project_name = "myproject"
subsystem = "core"
aws_region = "us-east-1"
Example: prod.tfvars
environment = "prod"
project_name = "myproject"
subsystem = "core"
aws_region = "us-east-1"
</VAR_FILE_PATTERN>
Repository
