NewFlame, an assistant that learns and improves. Available on

iac-generator

arbgjr/iac-generator

DevOps

About

SKILL.md

iac-generator

arbgjr/iac-generator

DevOps

About

Gera codigo de infraestrutura baseado em arquitetura definida. Suporta Terraform, Bicep, e Kubernetes manifests. Use quando: criar infraestrutura, gerar IaC, configurar deploy.

SKILL.md

IaC Generator Skill

Proposito

Esta skill gera codigo de Infrastructure as Code seguindo melhores praticas.

Provedores Suportados

Azure

Container Apps
Azure Kubernetes Service (AKS)
Azure SQL / PostgreSQL Flexible Server
Key Vault
Service Bus
Application Insights
Storage Account
Virtual Network

AWS

ECS/Fargate
EKS
RDS (PostgreSQL, MySQL)
Secrets Manager
SQS/SNS
CloudWatch
S3
VPC

Kubernetes

Deployments
Services (ClusterIP, LoadBalancer, NodePort)
ConfigMaps / Secrets
Ingress / Gateway API
NetworkPolicies
PodSecurityStandards
HorizontalPodAutoscaler

Comandos

/iac-init

Inicializa estrutura de IaC para o projeto:

/iac-init

Cria:

.agentic_sdlc/projects/{id}/iac/terraform/
main.tf, variables.tf, outputs.tf, providers.tf
.github/workflows/terraform.yml

/iac-module {provider} {resource}

Gera modulo Terraform para recurso especifico:

/iac-module azure container-app
/iac-module aws ecs-service
/iac-module k8s deployment

/iac-secure

Executa analise de seguranca em IaC:

/iac-secure

Executa:

checkov scan
tfsec scan
Gera relatorio de findings

Templates

Azure Container App

# main.tf
resource "azurerm_container_app" "main" {
  name                         = var.app_name
  container_app_environment_id = azurerm_container_app_environment.main.id
  resource_group_name          = azurerm_resource_group.main.name
  revision_mode                = "Single"

  template {
    container {
      name   = "api"
      image  = var.container_image
      cpu    = var.cpu
      memory = var.memory

      dynamic "env" {
        for_each = var.environment_variables
        content {
          name        = env.key
          secret_name = env.value.secret ? env.key : null
          value       = env.value.secret ? null : env.value.value
        }
      }
    }

    min_replicas = var.min_replicas
    max_replicas = var.max_replicas
  }

  ingress {
    allow_insecure_connections = false
    external_enabled           = var.external_ingress
    target_port                = var.target_port
    transport                  = "http"

    traffic_weight {
      latest_revision = true
      percentage      = 100
    }
  }

  identity {
    type = "SystemAssigned"
  }

  tags = var.tags
}

Kubernetes Deployment

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Values.name }}
  labels:
    app: {{ .Values.name }}
spec:
  replicas: {{ .Values.replicas }}
  selector:
    matchLabels:
      app: {{ .Values.name }}
  template:
    metadata:
      labels:
        app: {{ .Values.name }}
    spec:
      containers:
        - name: {{ .Values.name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          ports:
            - containerPort: {{ .Values.port }}
          resources:
            limits:
              cpu: {{ .Values.resources.limits.cpu }}
              memory: {{ .Values.resources.limits.memory }}
            requests:
              cpu: {{ .Values.resources.requests.cpu }}
              memory: {{ .Values.resources.requests.memory }}
          envFrom:
            - configMapRef:
                name: {{ .Values.name }}-config
            - secretRef:
                name: {{ .Values.name }}-secrets
          livenessProbe:
            httpGet:
              path: /health
              port: {{ .Values.port }}
            initialDelaySeconds: 15
            periodSeconds: 20
          readinessProbe:
            httpGet:
              path: /ready
              port: {{ .Values.port }}
            initialDelaySeconds: 5
            periodSeconds: 10

Checklist de Seguranca

Antes de gerar IaC, verificar:

Secrets via Key Vault / Secrets Manager (nunca hardcoded)
Network isolation (VNets/VPCs com subnets privadas)
TLS everywhere (HTTPS, encrypted connections)
Least privilege RBAC (roles minimas necessarias)
Audit logging habilitado
Encryption at rest (databases, storage)
Private endpoints onde possivel
Backup configurado
Tags de custo aplicadas

Integracao com SDLC

Fase	Acao IaC
Fase 3 (Arquitetura)	Definir recursos necessarios
Fase 5 (Implementacao)	Gerar codigo IaC
Fase 6 (Qualidade)	Security scan de IaC
Fase 7 (Release)	Apply em staging/prod

Workflow de Deploy

deploy_workflow:
  1_plan:
    - terraform init
    - terraform plan -out=tfplan
    - Revisar plan

  2_apply_staging:
    - terraform apply tfplan
    - Verificar deploy
    - Smoke tests

  3_apply_production:
    - Aprovacao humana
    - terraform apply tfplan
    - Monitorar metricas
    - Rollback se necessario

CI/CD Pipeline

GitHub Actions workflow gerado automaticamente:

name: Terraform
on:
  push:
    branches: [main]
    paths:
      - '.agentic_sdlc/**/iac/**'
  pull_request:
    branches: [main]
    paths:
      - '.agentic_sdlc/**/iac/**'

jobs:
  plan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-terraform@v3
      - run: terraform init
      - run: terraform plan -no-color
        continue-on-error: true

  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Checkov
        uses: bridgecrewio/checkov-action@master
        with:
          directory: .agentic_sdlc/projects/*/iac/terraform

Pontos de Pesquisa

Para templates atualizados:

"terraform azure container apps module"
"terraform aws ecs best practices"
"kubernetes deployment security best practices"

About

SKILL.md

About

Gera codigo de infraestrutura baseado em arquitetura definida. Suporta Terraform, Bicep, e Kubernetes manifests. Use quando: criar infraestrutura, gerar IaC, configurar deploy.

SKILL.md

IaC Generator Skill

Proposito

Esta skill gera codigo de Infrastructure as Code seguindo melhores praticas.

Provedores Suportados

Azure

Container Apps
Azure Kubernetes Service (AKS)
Azure SQL / PostgreSQL Flexible Server
Key Vault
Service Bus
Application Insights
Storage Account
Virtual Network

AWS

ECS/Fargate
EKS
RDS (PostgreSQL, MySQL)
Secrets Manager
SQS/SNS
CloudWatch
S3
VPC

Kubernetes

Deployments
Services (ClusterIP, LoadBalancer, NodePort)
ConfigMaps / Secrets
Ingress / Gateway API
NetworkPolicies
PodSecurityStandards
HorizontalPodAutoscaler

Comandos

/iac-init

Inicializa estrutura de IaC para o projeto:

/iac-init

Cria:

.agentic_sdlc/projects/{id}/iac/terraform/
main.tf, variables.tf, outputs.tf, providers.tf
.github/workflows/terraform.yml

/iac-module {provider} {resource}

Gera modulo Terraform para recurso especifico:

/iac-module azure container-app
/iac-module aws ecs-service
/iac-module k8s deployment

/iac-secure

Executa analise de seguranca em IaC:

/iac-secure

Executa:

checkov scan
tfsec scan
Gera relatorio de findings

Templates

Azure Container App

# main.tf
resource "azurerm_container_app" "main" {
  name                         = var.app_name
  container_app_environment_id = azurerm_container_app_environment.main.id
  resource_group_name          = azurerm_resource_group.main.name
  revision_mode                = "Single"

  template {
    container {
      name   = "api"
      image  = var.container_image
      cpu    = var.cpu
      memory = var.memory

      dynamic "env" {
        for_each = var.environment_variables
        content {
          name        = env.key
          secret_name = env.value.secret ? env.key : null
          value       = env.value.secret ? null : env.value.value
        }
      }
    }

    min_replicas = var.min_replicas
    max_replicas = var.max_replicas
  }

  ingress {
    allow_insecure_connections = false
    external_enabled           = var.external_ingress
    target_port                = var.target_port
    transport                  = "http"

    traffic_weight {
      latest_revision = true
      percentage      = 100
    }
  }

  identity {
    type = "SystemAssigned"
  }

  tags = var.tags
}

Kubernetes Deployment

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Values.name }}
  labels:
    app: {{ .Values.name }}
spec:
  replicas: {{ .Values.replicas }}
  selector:
    matchLabels:
      app: {{ .Values.name }}
  template:
    metadata:
      labels:
        app: {{ .Values.name }}
    spec:
      containers:
        - name: {{ .Values.name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          ports:
            - containerPort: {{ .Values.port }}
          resources:
            limits:
              cpu: {{ .Values.resources.limits.cpu }}
              memory: {{ .Values.resources.limits.memory }}
            requests:
              cpu: {{ .Values.resources.requests.cpu }}
              memory: {{ .Values.resources.requests.memory }}
          envFrom:
            - configMapRef:
                name: {{ .Values.name }}-config
            - secretRef:
                name: {{ .Values.name }}-secrets
          livenessProbe:
            httpGet:
              path: /health
              port: {{ .Values.port }}
            initialDelaySeconds: 15
            periodSeconds: 20
          readinessProbe:
            httpGet:
              path: /ready
              port: {{ .Values.port }}
            initialDelaySeconds: 5
            periodSeconds: 10

Checklist de Seguranca

Antes de gerar IaC, verificar:

Secrets via Key Vault / Secrets Manager (nunca hardcoded)
Network isolation (VNets/VPCs com subnets privadas)
TLS everywhere (HTTPS, encrypted connections)
Least privilege RBAC (roles minimas necessarias)
Audit logging habilitado
Encryption at rest (databases, storage)
Private endpoints onde possivel
Backup configurado
Tags de custo aplicadas

Integracao com SDLC

Fase	Acao IaC
Fase 3 (Arquitetura)	Definir recursos necessarios
Fase 5 (Implementacao)	Gerar codigo IaC
Fase 6 (Qualidade)	Security scan de IaC
Fase 7 (Release)	Apply em staging/prod

Workflow de Deploy

deploy_workflow:
  1_plan:
    - terraform init
    - terraform plan -out=tfplan
    - Revisar plan

  2_apply_staging:
    - terraform apply tfplan
    - Verificar deploy
    - Smoke tests

  3_apply_production:
    - Aprovacao humana
    - terraform apply tfplan
    - Monitorar metricas
    - Rollback se necessario

CI/CD Pipeline

GitHub Actions workflow gerado automaticamente:

name: Terraform
on:
  push:
    branches: [main]
    paths:
      - '.agentic_sdlc/**/iac/**'
  pull_request:
    branches: [main]
    paths:
      - '.agentic_sdlc/**/iac/**'

jobs:
  plan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-terraform@v3
      - run: terraform init
      - run: terraform plan -no-color
        continue-on-error: true

  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Checkov
        uses: bridgecrewio/checkov-action@master
        with:
          directory: .agentic_sdlc/projects/*/iac/terraform

Pontos de Pesquisa

Para templates atualizados:

"terraform azure container apps module"
"terraform aws ecs best practices"
"kubernetes deployment security best practices"