Marketplace
self-service-infrastructure
Use when designing infrastructure self-service portals, IaC templates, or automated provisioning systems. Covers Terraform modules, Pulumi, environment provisioning, and infrastructure guardrails.
allowed_tools: Read, Glob, Grep
$ Installer
git clone https://github.com/melodic-software/claude-code-plugins /tmp/claude-code-plugins && cp -r /tmp/claude-code-plugins/plugins/systems-design/skills/self-service-infrastructure ~/.claude/skills/claude-code-plugins// tip: Run this command in your terminal to install the skill
SKILL.md
name: self-service-infrastructure description: Use when designing infrastructure self-service portals, IaC templates, or automated provisioning systems. Covers Terraform modules, Pulumi, environment provisioning, and infrastructure guardrails. allowed-tools: Read, Glob, Grep
Self-Service Infrastructure
Patterns for enabling developers to provision infrastructure without tickets, while maintaining governance and control.
When to Use This Skill
- Designing infrastructure self-service capabilities
- Creating reusable Terraform/Pulumi modules
- Building environment provisioning systems
- Implementing infrastructure guardrails
- Reducing infrastructure request bottlenecks
- Balancing developer autonomy with governance
Self-Service Fundamentals
What is Self-Service Infrastructure?
Self-Service Infrastructure:
Enabling developers to provision and manage infrastructure
directly, without filing tickets or waiting for ops teams.
Traditional Model:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Developer โ Ticket โ Ops Review โ Manual Provision โ Done โ
โ โ
โ Timeline: Days to weeks โ
โ Bottleneck: Ops team capacity โ
โ Result: Shadow IT, workarounds, frustration โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Self-Service Model:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Developer โ Portal/API โ Automatic Provision โ Done โ
โ โ
โ Timeline: Minutes to hours โ
โ Bottleneck: None (automated) โ
โ Result: Speed, consistency, compliance โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Self-Service Spectrum:
โโโ Fully Managed: Click a button, get a database
โโโ Template-Based: Customize from approved templates
โโโ Policy-Constrained: Write IaC within guardrails
โโโ Full Freedom: Any infrastructure (risky)
Sweet Spot: Template-Based with Policy Guardrails
Key Benefits
Self-Service Benefits:
For Developers:
โโโ Speed: Minutes instead of days
โโโ Autonomy: Provision when needed
โโโ Consistency: Same infrastructure every time
โโโ Learning: Understand infrastructure better
โโโ Ownership: More responsibility, more control
For Operations:
โโโ Scale: Handle more requests without more people
โโโ Consistency: Enforce standards automatically
โโโ Focus: Work on platform, not tickets
โโโ Audit: Clear trail of who provisioned what
โโโ Compliance: Built-in policy enforcement
For Organization:
โโโ Velocity: Faster time to market
โโโ Cost: Reduced ops overhead
โโโ Governance: Better compliance posture
โโโ Security: Consistent security controls
โโโ Efficiency: Resources provisioned when needed
Self-Service Architecture
Component Architecture
Self-Service Infrastructure Architecture:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ USER INTERFACE โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ Portal โ โ CLI โ โ API โ โ
โ โ (Web UI) โ โ (Terraform) โ โ (REST/gRPC)โ โ
โ โโโโโโโโฌโโโโโโโ โโโโโโโโฌโโโโโโโ โโโโโโโโฌโโโโโโโ โ
โ โโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโ โ
โ โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โผ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ ORCHESTRATION LAYER โ โ
โ โ โโโ Request validation โ โ
โ โ โโโ Policy evaluation (OPA/Sentinel) โ โ
โ โ โโโ Cost estimation โ โ
โ โ โโโ Approval workflow (if needed) โ โ
โ โ โโโ Execution orchestration โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โผ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ TEMPLATE LIBRARY โ โ
โ โ โโโ Database modules (RDS, Cloud SQL) โ โ
โ โ โโโ Compute modules (EKS, GKE, VMs) โ โ
โ โ โโโ Storage modules (S3, GCS) โ โ
โ โ โโโ Network modules (VPC, subnets) โ โ
โ โ โโโ Composite modules (full environments) โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โผ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ EXECUTION ENGINE โ โ
โ โ โโโ Terraform Cloud/Enterprise โ โ
โ โ โโโ Pulumi Service โ โ
โ โ โโโ Crossplane โ โ
โ โ โโโ Cloud-native (CDK, ARM, Deployment Manager) โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โผ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ CLOUD PROVIDERS โ โ
โ โ AWS โ GCP โ Azure โ Kubernetes โ Others โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Request Flow
Self-Service Request Flow:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 1. REQUEST โ
โ Developer: "I need a PostgreSQL database for staging" โ
โ โโโ Via portal, CLI, or API โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 2. VALIDATION โ
โ โโโ User has permission? โ Team member โ
โ โโโ Request well-formed? โ Valid config โ
โ โโโ Within quotas? โ Under team limit โ
โ โโโ Meets policy? โ Allowed instance typeโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 3. ENRICHMENT โ
โ โโโ Apply defaults db.t3.medium โ
โ โโโ Generate names myapp-staging-db โ
โ โโโ Assign network staging-vpc โ
โ โโโ Configure monitoring Datadog integration โ
โ โโโ Estimate cost ~$50/month โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 4. APPROVAL (if required) โ
โ โโโ Auto-approve: staging, dev โ Auto-approved โ
โ โโโ Manual approve: production (Would need approval) โ
โ โโโ Cost threshold: >$500/month (Would need approval) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 5. EXECUTION โ
โ โโโ Generate Terraform Based on template โ
โ โโโ Plan Preview changes โ
โ โโโ Apply Create resources โ
โ โโโ Verify Health checks โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 6. DELIVERY โ
โ โโโ Connection string โ Vault โ
โ โโโ Notification โ Slack/email โ
โ โโโ Documentation โ Auto-generated โ
โ โโโ Registration โ Service catalog โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
IaC Module Design
Terraform Module Patterns
Terraform Module Structure:
Organization-Wide Module Library:
terraform-modules/
โโโ databases/
โ โโโ rds-postgres/
โ โ โโโ main.tf
โ โ โโโ variables.tf
โ โ โโโ outputs.tf
โ โ โโโ versions.tf
โ โ โโโ README.md
โ โ โโโ examples/
โ โ โโโ simple/
โ โ โโโ production/
โ โโโ elasticache-redis/
โโโ compute/
โ โโโ eks-cluster/
โ โโโ ecs-service/
โโโ storage/
โ โโโ s3-bucket/
โโโ network/
โโโ vpc/
Module Design Principles:
1. Opinionated Defaults
# variables.tf
variable "instance_class" {
type = string
default = "db.t3.medium" # Sensible default
description = "RDS instance type"
validation {
condition = can(regex("^db\\.(t3|r5|m5)", var.instance_class))
error_message = "Only approved instance families allowed."
}
}
2. Minimal Required Inputs
# Only require what can't be defaulted
variable "name" {
type = string
description = "Database identifier"
}
variable "environment" {
type = string
description = "Environment (dev, staging, prod)"
}
3. Complete Outputs
# outputs.tf
output "endpoint" {
description = "Database connection endpoint"
value = aws_db_instance.main.endpoint
}
output "connection_secret_arn" {
description = "ARN of secret with credentials"
value = aws_secretsmanager_secret.db_credentials.arn
}
4. Built-in Best Practices
# Security hardened by default
resource "aws_db_instance" "main" {
# Encryption always on
storage_encrypted = true
# No public access
publicly_accessible = false
# Automated backups
backup_retention_period = var.environment == "prod" ? 30 : 7
# Enhanced monitoring
monitoring_interval = 60
}
Module Versioning
Module Versioning Strategy:
Semantic Versioning:
โโโ MAJOR: Breaking changes (new required inputs, removed outputs)
โโโ MINOR: New features (new optional inputs, new outputs)
โโโ PATCH: Bug fixes (no interface changes)
Version Constraints:
# Allow patch updates automatically
module "database" {
source = "terraform.company.com/modules/rds-postgres"
version = "~> 2.1.0" # >=2.1.0, <2.2.0
}
# Pin to exact version (production)
module "database" {
source = "terraform.company.com/modules/rds-postgres"
version = "= 2.1.3"
}
Deprecation Policy:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Module Version Lifecycle โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Current (v2.x): Supported, new features โ
โ Previous (v1.x): Supported, security fixes only โ
โ Deprecated (v0.x): Warning on use, no support โ
โ Removed: Will not work โ
โ โ
โ Notification: โ
โ โโโ Slack announcement when version deprecated โ
โ โโโ Warning in terraform plan output โ
โ โโโ Dashboard showing deprecated module usage โ
โ โโโ Migration guide provided โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Policy and Guardrails
Policy as Code
Policy as Code Options:
1. HashiCorp Sentinel (Terraform Enterprise)
# Require encryption for all storage
import "tfplan/v2" as tfplan
s3_buckets = filter tfplan.resource_changes as _, rc {
rc.type is "aws_s3_bucket" and
rc.mode is "managed" and
(rc.change.actions contains "create" or
rc.change.actions contains "update")
}
encryption_enabled = rule {
all s3_buckets as _, bucket {
bucket.change.after.server_side_encryption_configuration
is not null
}
}
main = rule { encryption_enabled }
2. Open Policy Agent (OPA)
# Rego policy for Kubernetes
package kubernetes.admission
deny[msg] {
input.request.kind.kind == "Pod"
container := input.request.object.spec.containers[_]
not container.securityContext.runAsNonRoot
msg := "Containers must run as non-root"
}
3. Cloud-Native Policies
# AWS Service Control Policy
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "RequireEncryption",
"Effect": "Deny",
"Action": ["s3:CreateBucket"],
"Resource": "*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}]
}
Guardrail Categories
Infrastructure Guardrails:
1. Security Guardrails
โโโ Encryption required (at-rest, in-transit)
โโโ No public access by default
โโโ Required security groups
โโโ IAM role requirements
โโโ Vulnerability scanning
2. Cost Guardrails
โโโ Instance type restrictions
โโโ Storage size limits
โโโ Required cost tags
โโโ Budget thresholds
โโโ Approval for large resources
3. Compliance Guardrails
โโโ Allowed regions (data residency)
โโโ Required logging
โโโ Backup requirements
โโโ Retention policies
โโโ Audit trail requirements
4. Operational Guardrails
โโโ Naming conventions
โโโ Required tags (owner, cost-center)
โโโ Resource quotas per team
โโโ Monitoring requirements
โโโ Deletion protection
Guardrail Implementation:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Guardrail Timing โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ Pre-Plan (fastest feedback): โ
โ โโโ Validate terraform files โ
โ โโโ Static analysis (tfsec, checkov) โ
โ โโโ Module version checks โ
โ โ
โ Post-Plan (resource-aware): โ
โ โโโ OPA/Sentinel policy evaluation โ
โ โโโ Cost estimation โ
โ โโโ Blast radius assessment โ
โ โ
โ Post-Apply (verification): โ
โ โโโ Configuration validation โ
โ โโโ Security scanning โ
โ โโโ Compliance audit โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Environment Provisioning
Environment Templates
Environment Provisioning:
Environment Types:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Development Environment โ
โ โโโ Purpose: Individual developer testing โ
โ โโโ Lifetime: Hours to days โ
โ โโโ Resources: Minimal (smallest instances) โ
โ โโโ Data: Synthetic or anonymized โ
โ โโโ Approval: None (within quota) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Staging Environment โ
โ โโโ Purpose: Integration testing, QA โ
โ โโโ Lifetime: Persistent per service โ
โ โโโ Resources: Production-like (scaled down) โ
โ โโโ Data: Sanitized production subset โ
โ โโโ Approval: None (within quota) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Production Environment โ
โ โโโ Purpose: Live customer traffic โ
โ โโโ Lifetime: Permanent โ
โ โโโ Resources: Full capacity โ
โ โโโ Data: Real customer data โ
โ โโโ Approval: Required (security review) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Environment Template:
# environment/main.tf
module "network" {
source = "../modules/vpc"
environment = var.environment
cidr_block = var.network_cidr
}
module "kubernetes" {
source = "../modules/eks"
environment = var.environment
vpc_id = module.network.vpc_id
node_count = var.environment == "prod" ? 5 : 2
}
module "database" {
source = "../modules/rds"
environment = var.environment
vpc_id = module.network.vpc_id
instance_class = var.environment == "prod" ? "db.r5.xlarge" : "db.t3.medium"
multi_az = var.environment == "prod"
}
module "cache" {
source = "../modules/elasticache"
environment = var.environment
vpc_id = module.network.vpc_id
node_type = var.environment == "prod" ? "cache.r5.large" : "cache.t3.micro"
}
Ephemeral Environments
Ephemeral/Preview Environments:
Use Cases:
โโโ PR preview environments
โโโ Feature branch testing
โโโ Demo environments
โโโ Load testing environments
โโโ Incident reproduction
Lifecycle:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ
โ PR Created โโโบ Environment Created โโโบ Tests Run โ
โ โ โ โ โ
โ โ โผ โผ โ
โ โ Preview URL PR Updated โ
โ โ Posted to PR โ โ
โ โ โ โ
โ โผ โผ โ
โ PR Merged โโโโโโโโโโโโโโโโโโโโโโโโบ Environment Destroyed โ
โ โ
โ Timeout: Auto-destroy after 7 days of inactivity โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Implementation:
# .github/workflows/preview.yml
name: Preview Environment
on:
pull_request:
types: [opened, synchronize]
jobs:
deploy-preview:
runs-on: ubuntu-latest
steps:
- name: Create/Update Environment
run: |
terraform workspace select pr-${{ github.event.pull_request.number }} || \
terraform workspace new pr-${{ github.event.pull_request.number }}
terraform apply -auto-approve
- name: Comment Preview URL
uses: actions/github-script@v6
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
body: '๐ Preview: https://pr-${{ github.event.pull_request.number }}.preview.company.com'
})
Technology Options
Self-Service Platforms
Platform Comparison:
1. Terraform Cloud/Enterprise
โโโ Native Terraform experience
โโโ Policy as Code (Sentinel)
โโโ Private module registry
โโโ Cost estimation
โโโ Enterprise features (SSO, audit)
2. Pulumi
โโโ Real programming languages
โโโ Strong typing and IDE support
โโโ Policy as Code (CrossGuard)
โโโ Automation API
3. Crossplane
โโโ Kubernetes-native
โโโ GitOps workflow
โโโ Composition for modules
โโโ Multi-cloud abstraction
4. Backstage + Terraform
โโโ Unified developer portal
โโโ Software templates
โโโ Plugin ecosystem
โโโ Service catalog integration
5. Port/Cortex/OpsLevel
โโโ Commercial developer portals
โโโ Quick to implement
โโโ Built-in integrations
โโโ Self-service workflows
Selection Criteria:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Factor โ Best Fit โ
โโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Existing Terraform โ Terraform Cloud/Enterprise โ
โ Kubernetes-first โ Crossplane โ
โ Developer portal โ Backstage or commercial โ
โ Programming language โ Pulumi โ
โ Quick start โ Commercial (Port, OpsLevel) โ
โ Maximum control โ Build custom โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Cost Management
Cost Controls
Cost Management in Self-Service:
1. Cost Visibility
โโโ Estimated cost shown before provisioning
โโโ Cost tags automatically applied
โโโ Per-team/project dashboards
โโโ Anomaly detection and alerts
2. Cost Guardrails
โโโ Instance type restrictions
โโโ Budget thresholds by team
โโโ Approval required above threshold
โโโ Auto-shutdown of unused resources
3. Cost Optimization
โโโ Right-sizing recommendations
โโโ Reserved instance suggestions
โโโ Spot instance for non-production
โโโ Scheduled scaling
Cost Estimation Flow:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Request: PostgreSQL database for staging โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ Cost Estimate: โ
โ โโโ Compute (db.t3.medium): $30/month โ
โ โโโ Storage (100GB gp3): $10/month โ
โ โโโ Backup storage: ~$5/month โ
โ โโโ Data transfer: ~$5/month โ
โ โโโโโโโโโ โ
โ Estimated Total: ~$50/month โ
โ โ
โ โ Within team budget ($500/month quota) โ
โ โ No approval required โ
โ โ
โ [Proceed] [Modify] [Cancel] โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Best Practices
Self-Service Infrastructure Best Practices:
1. Start Small, Expand Gradually
โโโ Begin with 2-3 common resources
โโโ Add based on demand
โโโ Iterate on feedback
โโโ Don't try to cover everything day 1
2. Balance Autonomy and Governance
โโโ Guardrails not gates
โโโ Automate approvals where safe
โโโ Clear escalation paths
โโโ Trust but verify
3. Optimize for Developer Experience
โโโ Minimal required inputs
โโโ Sensible defaults
โโโ Clear error messages
โโโ Fast feedback loops
4. Maintain Module Quality
โโโ Automated testing
โโโ Documentation requirements
โโโ Versioning strategy
โโโ Deprecation process
5. Monitor and Improve
โโโ Track provisioning success rate
โโโ Measure time to provision
โโโ Gather user feedback
โโโ Identify automation opportunities
6. Handle Edge Cases
โโโ What if provisioning fails?
โโโ How to handle orphaned resources?
โโโ What about existing resources?
โโโ How to migrate between versions?
Anti-Patterns
Self-Service Anti-Patterns:
1. "Self-Service Everything"
โ Every possible configuration option
โ Curated set of approved patterns
2. "Security Theater"
โ Manual approvals that don't add value
โ Automated policy enforcement
3. "Configuration Explosion"
โ 50 parameters per resource
โ Sensible defaults with few overrides
4. "Ignore Cost"
โ No visibility into provisioned cost
โ Cost estimation and budgets
5. "Build vs Buy Wrong"
โ Building everything from scratch
โ Use existing tools where appropriate
6. "No Escape Hatch"
โ Blocking legitimate exceptions
โ Process for justified deviations
Related Skills
internal-developer-platform- Platform engineering overviewgolden-paths- Standardized workflowscontainer-orchestration- Kubernetes infrastructureserverless-patterns- Serverless infrastructure
Repository
melodic-software
Author
melodic-software/claude-code-plugins/plugins/systems-design/skills/self-service-infrastructure
3
Stars
0
Forks
Updated1d ago
Added6d ago