Cloud Architect
Terraform Your Entire AWS Infrastructure β From Zero to Production
Key Takeaway
The Terraform skill generates complete Infrastructure as Code configurations β VPC, subnets, security groups, ECS/EKS clusters, RDS, S3, CloudFront, IAM β from a plain-text architecture description. Stop clicking through the AWS console. Declare your infrastructure and let Terraform build it.
The Problem
You need to set up production infrastructure on AWS. The console approach:
- Create VPC. Configure CIDR blocks.
- Create subnets (public, private, at least 2 AZs).
- Create internet gateway. Attach to VPC.
- Create NAT gateway (one per AZ for HA). Elastic IPs.
- Route tables. Associate subnets.
- Security groups. Inbound/outbound rules.
- RDS instance. Subnet group. Parameter group.
- ECS cluster. Task definitions. Services. Load balancer.
- S3 buckets. Policies. CORS.
- CloudFront distribution.
- IAM roles. Policies. Instance profiles.
- SSL certificates via ACM.
That's 50+ clicks, 20+ resources, and zero reproducibility. Tear it down and rebuild? Do it all again. Second environment? Again. Disaster recovery? Hope you documented every click.
The Solution
The Terraform skill generates complete IaC configurations from architecture descriptions. Every resource, every dependency, every security configuration β version-controlled, reproducible, and reviewable.
The Process
View details
You: Create Terraform for a production web app on AWS:
- VPC with public/private subnets across 2 AZs
- ECS Fargate cluster running a containerized API
- RDS PostgreSQL (multi-AZ)
- S3 for static assets + CloudFront CDN
- ALB with SSL termination
- All security best practices
The agent generates a modular Terraform configuration:
hclShow code
# === main.tf ===
terraform {
required_version = ">= 1.5"
required_providers {
aws = { source = "hashicorp/aws", version = "~> 5.0" }
}
backend "s3" {
bucket = "myapp-terraform-state"
key = "prod/terraform.tfstate"
region = "eu-west-1"
dynamodb_table = "terraform-locks"
encrypt = true
}
}
provider "aws" {
region = var.aws_region
default_tags {
tags = {
Environment = var.environment
ManagedBy = "terraform"
Project = var.project_name
}
}
}
# === networking.tf ===
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"
name = "${var.project_name}-${var.environment}"
cidr = "10.0.0.0/16"
azs = ["${var.aws_region}a", "${var.aws_region}b"]
public_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
private_subnets = ["10.0.10.0/24", "10.0.11.0/24"]
enable_nat_gateway = true
single_nat_gateway = false # HA: one per AZ
enable_dns_hostnames = true
enable_dns_support = true
public_subnet_tags = {
"kubernetes.io/role/elb" = 1
}
private_subnet_tags = {
"kubernetes.io/role/internal-elb" = 1
}
}
# === ecs.tf ===
resource "aws_ecs_cluster" "main" {
name = "${var.project_name}-${var.environment}"
setting {
name = "containerInsights"
value = "enabled"
}
}
resource "aws_ecs_task_definition" "api" {
family = "${var.project_name}-api"
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
cpu = 512
memory = 1024
execution_role_arn = aws_iam_role.ecs_execution.arn
task_role_arn = aws_iam_role.ecs_task.arn
container_definitions = jsonencode([{
name = "api"
image = "${aws_ecr_repository.api.repository_url}:latest"
portMappings = [{ containerPort = 3000 }]
environment = [
{ name = "NODE_ENV", value = "production" },
{ name = "PORT", value = "3000" }
]
secrets = [
{ name = "DATABASE_URL", valueFrom = aws_ssm_parameter.db_url.arn }
]
logConfiguration = {
logDriver = "awslogs"
options = {
"awslogs-group" = aws_cloudwatch_log_group.api.name
"awslogs-region" = var.aws_region
"awslogs-stream-prefix" = "api"
}
}
healthCheck = {
command = ["CMD-SHELL", "wget -qO- http://localhost:3000/health || exit 1"]
interval = 30
timeout = 5
retries = 3
startPeriod = 60
}
}])
}
# ... (ALB, RDS, S3, CloudFront, IAM β all included)
The agent produces 8-10 files: main.tf, networking.tf, ecs.tf, rds.tf, s3.tf, cloudfront.tf, iam.tf, variables.tf, outputs.tf. Each resource properly linked with dependencies, security groups, and IAM policies.
The Results
| Metric | AWS Console | Terraform via AI Agent |
|---|---|---|
| Setup time | 4-8 hours | 20 minutes |
| Reproducibility | Zero (manual) | 100% (IaC) |
| Second environment | 4-8 hours again | terraform workspace new staging |
| Disaster recovery | Hope and prayer | terraform apply |
| Security review | Audit console settings | Review code in PR |
| Cost visibility | After the bill | infracost before apply |
Setup on MrChief
yamlShow code
skills:
- terraform
- aws
Related case studies
Cloud Architect
Cloud Migration Roadmap β From On-Prem to AWS Without Losing Your Mind
The Cloud Migration skill creates comprehensive migration plans β application assessment, dependency mapping, migration strategy per workload (rehost/refactor/rebuild/replace), timeline, risk mitigation, and cost projection. Stop migrating blind.
SRE
Ansible Playbook for 50 Servers β Configure Everything in One Run
The Ansible skill generates complete playbooks for server configuration, application deployment, and infrastructure management. Describe what you need across your fleet, get idempotent, tested playbooks that configure 50 servers as easily as 1.
Backend Developer
API Design That Developers Actually Love β RESTful Done Right
The API Design skill generates complete RESTful API specifications β OpenAPI 3.1 schemas, endpoint design, authentication flows, pagination strategies, error handling, rate limiting, and versioning. Your agent designs APIs that follow industry best practices so your consumers don't hate you.
Want results like these?
Start free with your own AI team. No credit card required.