Senior-Level IaC Auditing for Terraform and OpenTofu

Infrastructure as Code (IaC) is the backbone of modern cloud deployments, but a single misconfigured S3 bucket or unencrypted database can lead to catastrophic data breaches. This skill transforms your AI agent into a senior-level infrastructure architect that audits HCL configurations for security, cost efficiency, and operational stability across AWS, Azure, and GCP.

What it does

The Terraform IaC Reviewer scans your workspace to build a complete resource graph of modules, providers, and variables. Performance is categorized into three key pillars:

• Security Audit: Detects public exposure, unencrypted volumes, overly permissive IAM wildcards, and hardcoded secrets.
• Cost Optimization: Identifies over-provisioned instances, orphaned resources like unattached Elastic IPs, and missing lifecycle policies.
• State & Drift Management: Ensures safe remote backend configurations, state locking to prevent corruption, and versioning for disaster recovery.

Why use this skill

While standard AI prompts can catch basic syntax errors, this skill follows a structured multi-step workflow. It doesn't just look at files in isolation; it analyzes provider pinning, module boundaries, and variable validation blocks. It provides specific "Critical," "Warning," and "Suggestion" tiers with drop-in HCL fixes, ensuring your infrastructure is production-grade before you ever run terraform apply.

Supported Platforms

• AWS: S3 Bucket Policies, IMDSv2, VPC Flow Logs, and RDS Deletion Protection.
• Azure: Key Vault Soft Delete, NSG Flow Logs, and Storage Account Secure Transfer.
• GCP: Uniform Bucket-Level Access, Shielded VMs, and KMS Rotation.