Name: Infrastructure As Code Specialist
Author: Whaleylaw

Infrastructure As Code Specialist | Skills Pool

infrastructure/
├── main.tf           # Main resources
├── variables.tf      # Input variables
├── outputs.tf        # Output values
├── terraform.tfvars  # Variable values (don't commit secrets)
├── backend.tf        # State backend config
└── versions.tf       # Provider versions

mkdir infrastructure
cd infrastructure

# Create backend.tf for remote state
cat > backend.tf << 'EOF'
terraform {
  backend "gcs" {
    bucket = "my-terraform-state"
    prefix = "prod"
  }
}
EOF

# Initialize
terraform init

# versions.tf
terraform {
  required_version = ">= 1.0"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 5.0"
    }
  }
}

# main.tf
provider "google" {
  project = var.project_id
  region  = var.region
}

# Cloud Run service
resource "google_cloud_run_service" "app" {
  name     = var.service_name
  location = var.region

  template {
    spec {
      containers {
        image = var.container_image

        env {
          name  = "DATABASE_URL"
          value = "postgresql://${google_sql_database_instance.db.connection_name}"
        }

        env {
          name = "API_KEY"
          value_from {
            secret_key_ref {
              name = google_secret_manager_secret_version.api_key.name
              key  = "latest"
            }
          }
        }

        resources {
          limits = {
            cpu    = "1000m"
            memory = "512Mi"
          }
        }
      }
    }

    metadata {
      annotations = {
        "autoscaling.knative.dev/maxScale" = "10"
        "autoscaling.knative.dev/minScale" = "1"
      }
    }
  }

  traffic {
    percent         = 100
    latest_revision = true
  }
}

# Cloud SQL database
resource "google_sql_database_instance" "db" {
  name             = "${var.service_name}-db"
  database_version = "POSTGRES_15"
  region           = var.region

  settings {
    tier = "db-f1-micro"

    backup_configuration {
      enabled = true
      start_time = "03:00"
    }
  }

  deletion_protection = true
}

resource "google_sql_database" "database" {
  name     = var.database_name
  instance = google_sql_database_instance.db.name
}

# Secret Manager
resource "google_secret_manager_secret" "api_key" {
  secret_id = "${var.service_name}-api-key"

  replication {
    automatic = true
  }
}

# Allow public access to Cloud Run
resource "google_cloud_run_service_iam_member" "public" {
  service  = google_cloud_run_service.app.name
  location = google_cloud_run_service.app.location
  role     = "roles/run.invoker"
  member   = "allUsers"
}

variable "project_id" {
  description = "GCP project ID"
  type        = string
}

variable "region" {
  description = "GCP region"
  type        = string
  default     = "us-central1"
}

variable "service_name" {
  description = "Name of the Cloud Run service"
  type        = string
}

variable "container_image" {
  description = "Container image to deploy"
  type        = string
}

variable "database_name" {
  description = "PostgreSQL database name"
  type        = string
  default     = "myapp"
}

output "service_url" {
  description = "URL of the deployed Cloud Run service"
  value       = google_cloud_run_service.app.status[0].url
}

output "database_connection" {
  description = "Database connection name"
  value       = google_sql_database_instance.db.connection_name
  sensitive   = true
}

project_id      = "my-gcp-project"
region          = "us-central1"
service_name    = "myapp"
container_image = "gcr.io/my-gcp-project/myapp:latest"

# Format code
terraform fmt

# Validate configuration
terraform validate

# Plan changes (dry run)
terraform plan -out=tfplan

# Review plan output carefully!
# Look for:
# - Resources being created (+)
# - Resources being modified (~)
# - Resources being destroyed (-)

# Apply changes
terraform apply tfplan

# View outputs
terraform output

# View specific output
terraform output service_url

terraform {
  backend "gcs" {
    bucket  = "my-terraform-state"
    prefix  = "prod/terraform.tfstate"
  }
}

# List resources in state
terraform state list

# Show specific resource
terraform state show google_cloud_run_service.app

# Move resource in state (refactoring)
terraform state mv old_name new_name

# Remove resource from state (careful!)
terraform state rm google_cloud_run_service.app

# Pull remote state
terraform state pull

# Import existing resource
terraform import google_cloud_run_service.app projects/PROJECT/locations/REGION/services/SERVICE

modules/
└── cloud-run-app/
    ├── main.tf
    ├── variables.tf
    └── outputs.tf

resource "google_cloud_run_service" "app" {
  name     = var.name
  location = var.region

  template {
    spec {
      containers {
        image = var.image
      }
    }
  }
}

module "frontend" {
  source = "./modules/cloud-run-app"
  name   = "frontend"
  region = "us-central1"
  image  = "gcr.io/project/frontend:latest"
}

module "backend" {
  source = "./modules/cloud-run-app"
  name   = "backend"
  region = "us-central1"
  image  = "gcr.io/project/backend:latest"
}

# Create workspaces
terraform workspace new dev
terraform workspace new staging
terraform workspace new prod

# Select workspace
terraform workspace select prod

# Apply (uses prod workspace state)
terraform apply

infrastructure/
├── modules/
│   └── app/
├── environments/
│   ├── dev/
│   │   ├── main.tf
│   │   └── terraform.tfvars
│   ├── staging/
│   │   ├── main.tf
│   │   └── terraform.tfvars
│   └── prod/
│       ├── main.tf
│       └── terraform.tfvars

Infrastructure As Code Specialist

When to Use

Process

1. Choose IaC Tool

Infrastructure As Code Specialist

When to Use

Process

1. Choose IaC Tool

2. Initialize Terraform Project

3. Define Infrastructure Resources

4. Plan and Apply Changes

5. Manage State Safely

6. Use Modules for Reusability

7. Implement Environment Separation

8. Automate with CI/CD

Feishu Drive

Nanoclaw Repl

Crosspost

Cloudflare

Mcp Integration

Setup Deploy