Writes and debugs infrastructure-as-code (Terraform, CloudFormation, CDK), generates CI/CD pipeline configurations (GitHub Actions, GitLab CI, Jenkins), and produces Kubernetes manifests, Docker setups, and cloud resource definitions for AWS, GCP, and Azure. Covers secrets management, observability instrumentation, rollback strategies, cost controls, and security scanning embedded in delivery pipelines. Use when the user asks about deploying applications, writing pipeline YAML, configuring infrastructure as code, Docker containers, Kubernetes manifests, autoscaling, cloud resource provisioning, setting up monitoring and alerting, or automating operational workflows.
terraform plan / dry-run equivalents and review the diff before applying anything.# modules/service/main.tf
terraform {
required_providers {
aws = { source = "hashicorp/aws", version = "~> 5.0" }
}
}
variable "name" { type = string }
variable "image" { type = string }
variable "cpu" { default = 256 }
variable "memory" { default = 512 }
variable "desired" { default = 2 }
resource "aws_ecs_task_definition" "this" {
family = var.name
cpu = var.cpu
memory = var.memory
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
container_definitions = jsonencode([{
name = var.name
image = var.image
essential = true
portMappings = [{ containerPort = 8080 }]
logConfiguration = {
logDriver = "awslogs"
options = {
"awslogs-group" = "/ecs/${var.name}"
"awslogs-region" = "us-east-1"
"awslogs-stream-prefix" = "ecs"
}
}
}])
}
Validation step: terraform init && terraform plan -out=tfplan → review before terraform apply tfplan.
# .github/workflows/deploy.yml