terraform-aws-annotated-blueprint
npx skills add https://github.com/donngi/agent-skills --skill terraform-aws-annotated-blueprint
Agent 安装分布
Skill 文档
Terraform AWS Annotated Blueprint
è¦æ±ãããæ§æã®Terraformãã³ãã¬ã¼ããå ¨ããããã£ã«è©³ç´°ãªè§£èª¬ä»ãã§çæããã¹ãã«ã
åææ¡ä»¶
以ä¸ã®MCP serverãå¿ é ãå©ç¨ä¸å¯ã®å ´åã¯è¦åã»å©ç¨ãã¦ããAI Agentãã¨ã®è¨å®æ¹æ³ã表示ãä½æ¥ãçµäºããã
å¿ é MCP server:
awslabs.terraform-mcp-server– AWSãããã¤ãã¼ããã¥ã¡ã³ãæ¤ç´¢ã»AWS Well-Architectedã¬ã¤ãã³ã¹ã»ã»ãã¥ãªãã£ã¹ãã£ã³aws-knowledge-mcp-server– AWSå ¬å¼ããã¥ã¡ã³ãåç §ç¨
MCP serverè¨å®ä¾:
{
"aws-knowledge-mcp-server": {
"command": "uvx",
"args": ["fastmcp", "run", "https://knowledge-mcp.global.api.aws"]
},
"awslabs.terraform-mcp-server": {
"command": "uvx",
"args": ["awslabs.terraform-mcp-server@latest"],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR"
}
}
}
MCP serverã®å½¹å²ã»ä½¿ãæ
awslabs.terraform-mcp-server:- AWSãããã¤ãã¼ããã¥ã¡ã³ãã»å®è£ ä¾ã®æ¤ç´¢
- AWS Well-Architectedã¬ã¤ãã³ã¹ã®åç §ï¼è¨è¨å¤æã«æ´»ç¨ï¼
- Checkovã«ããã»ãã¥ãªãã£ã¹ãã£ã³ï¼çæå¾ã®æ¤è¨¼ï¼
aws-knowledge-mcp-server– AWSå ¬å¼ããã¥ã¡ã³ãåç §
éè¦ãªåå
ã¹ãã¼ããä¿¡é ¼ã®æºæ³ï¼Source of Truthï¼
terraform providers schema -json ããåå¾ããã¹ãã¼ããæ£ã¨ãããMCPãµã¼ãã¼ã®ããã¥ã¡ã³ãã¯ã¹ãã¼ãã«å«ã¾ããªãè£è¶³æ
å ±ï¼èª¬ææãè¨å®å¯è½ãªå¤ã®è©³ç´°çï¼ã®åå¾ã«ä½¿ç¨ããã
Webæ¤ç´¢ã®ç¦æ¢
ã¤ã³ã¿ã¼ãããæ¤ç´¢ã¯ä½¿ç¨ããªããæ å ±åå¾ã¯MCPãµã¼ãã¼ã®ã¿ã使ç¨ããã
ã¯ã¼ã¯ããã¼
1. å ¥åã®ç解
ã¦ã¼ã¶ã¼ãã /terraform-aws-annotated-blueprint {æ¦è¦} å½¢å¼ã§å
¥åãåãåããä½æãããTerraformãã³ãã¬ã¼ãã®è¦ä»¶ãææ¡ããã
2. ä½æ¥è¨ç»ã®ä½æ
ãã§ãã¯ããã¯ã¹ä»ãã®è¨ç»æ¸ã {ããã¸ã§ã¯ãã«ã¼ã}/.local/terraform-aws-annotated-blueprint/${provider_version}/ ã«åºåããã
è¨ç»æ¸ã®å¿ é å 容:
- ã¹ãã¼ãåå¾ï¼ãã£ãã·ã¥ããªããã°å®è¡ï¼
- æ§ç¯ãå¿ è¦ãªãªã½ã¼ã¹ä¸è¦§ã®çæ
- åãªã½ã¼ã¹ã®å ¨ããããã£ãã«ãã´ãªå¥ã«annotationä»ãã§è¨è¼
- æãæ¼ãæ¤è¨¼
- awslabs.terraform-mcp-serverãç¨ããCheckovã«ããã»ãã¥ãªãã£ã¹ãã£ã³ ããã³ ææäºé ã®ä¿®æ£
質åã¿ã°ã®ã«ã¼ã«: ç¬èªã®å¤æã¯ãããææ決å®ãå¿ è¦ãªéã¯å¿ ãã¦ã¼ã¶ã¼ã«è³ªåãããã
å¤æãå¿
è¦ãªç®æã¯ãä½æ¥è¨ç»æ¸å
ã« [ð¤Question] ã¿ã°ã§è³ªåã追å ãã[â
Answer] ã¿ã°ã§åçãã£ã¼ã«ããä½æããã
1ã¤ã®ã¿ã°ã«ã¤ã質åã¯1ã¤ãè¤æ°ã®è³ªåã¯ã¿ã°ãåå²ããã
[ð¤Question] ããã«è³ªåãè¨è¼
[â
Answer]
3. è¨ç»æ¸ã®æ´æ°
ã¦ã¼ã¶ã¼ããã®åçãè¸ã¾ãã¦è¨ç»æ¸ãæ´æ°ããã質åã¨åçã®ãã¢ã¯åé¤ããªãã
4. ä½æ¥å®è¡
ã¦ã¼ã¶ã¼ããæ¿èªãå¾ã¦ããä½æ¥ãéå§ãããè¨ç»æ¸ã®ãã§ãã¯ããã¯ã¹ãæ´æ°ããªããé²ããã
ã¹ãã¼ãåå¾æ¹æ³
${ããã¸ã§ã¯ãã«ã¼ã}/.local/terraform-aws-annotated-blueprint/${provider_version}/schema.json ãæ¢ã«åå¨ããã確èª:
SCHEMA_FILE="${PROJECT_ROOT}/.local/terraform-aws-annotated-blueprint/${provider_version}/schema.json"
if [[ -f "$SCHEMA_FILE" ]]; then
echo "ã¹ãã¼ããã¡ã¤ã«ãåå¨ãã¾ããã¹ããããã¾ãã"
else
echo "ã¹ãã¼ããåå¾ãã¾ã..."
# 以ä¸ã®æé ãå®è¡
fi
ã¹ãã¼ããåå¨ããªãå ´å:
- ãããã¤ãã¼è¨å®ãä½æ:
# ${ããã¸ã§ã¯ãã«ã¼ã}/.local/terraform-aws-annotated-blueprint/${provider_version}/providers.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "{provider_version}"
}
}
}
- ã¹ãã¼ããåå¾:
cd ${ããã¸ã§ã¯ãã«ã¼ã}/.local/terraform-aws-annotated-blueprint/${provider_version}
terraform init
terraform providers schema -json > schema.json
ã¹ãã¼ããããªã½ã¼ã¹æ å ±ãæ½åº:
jq '.provider_schemas["registry.terraform.io/hashicorp/aws"].resource_schemas["{ãªã½ã¼ã¹å}"]' schema.json
ãã³ãã¬ã¼ãçæã«ã¼ã«
å¿ é è¦ä»¶
- ã¹ãã¼ãããåå¾ããå ¥åå¯è½ãªå ¨å±æ§ãè¨è¼
- ãã¹ããããã¯ï¼block_typesï¼ãæ¼ããªãè¨è¼
- åããããã£ã«ã³ã¡ã³ãã§è§£èª¬ãè¨è¼
- AWSå ¬å¼ããã¥ã¡ã³ãã®URLã¯å®å¨ãããã®ã®ã¿è¨è¼
- æ¨æ¸¬ã誤ã£ãæ å ±ã¯çµ¶å¯¾ã«è¨è¼ããªã
- å©ç¨ããªãããããã£ãåé¤ããã«ã³ã¡ã³ãã¨ãã¦æ®ã
ãã¡ã¤ã«ãããã¼
#---------------------------------------------------------------
# {ãªã½ã¼ã¹è¡¨ç¤ºå}
#---------------------------------------------------------------
#
# {ã©ã®ãããªAWSãªã½ã¼ã¹ããããã¸ã§ãã³ã°ãããã®èª¬æ}
#
# AWSå
¬å¼ããã¥ã¡ã³ã:
# - {ããã¥ã¡ã³ãå}: {URL}
#
# Terraform Registry:
# - {URL}
#
# Provider Version: {version}
# Generated: {YYYY-MM-DD}
# NOTE: æ¬ãã³ãã¬ã¼ãã¯çææç¹ã®æ
å ±ã«åºã¥ãAIãçæãã¦ãã¾ãã
# æ
å ±ãå¤ããªã£ã¦ããå¯è½æ§ã誤ããå«ãå¯è½æ§ãããããã
# æ£ç¢ºãªææ°ä»æ§ã¯å
¬å¼ããã¥ã¡ã³ããåç
§ãã¦ãã ããã
#
#---------------------------------------------------------------
å±æ§ã®åé¡
ãã³ãã¬ã¼ãã«å«ããå±æ§ï¼å ¥åå¯è½ï¼:
optional: trueãæã¤å±æ§required: trueãæã¤å±æ§
ãã³ãã¬ã¼ãããé¤å¤ããå±æ§ï¼computed onlyï¼:
computed: trueãã¤optionalããªãå±æ§- ä¾:
arn,id,tags_all
åé¡ç¢ºèªã³ãã³ã:
# å
¥åå¯è½ãªå±æ§ä¸è¦§
jq -r '.block.attributes | to_entries[] | select(.value.optional == true) | .key' <<< "$SCHEMA"
# computed onlyå±æ§ä¸è¦§
jq -r '.block.attributes | to_entries[] | select(.value.computed == true and .value.optional != true) | .key' <<< "$SCHEMA"
ãã©ã¼ããã
ãã³ãã¬ã¼ãã®è©³ç´°ãªãã©ã¼ããã㯠references/template_example.md ãåç §ã ãã¹ããããã¯ãå«ããªã½ã¼ã¹ã¯ references/nested_block_example.md ãåç §ã
6.1 ãã©ã¼ãããã«ã¼ã«
以ä¸ã®ã«ã¼ã«ãå³å®ãããã¨ãéåã¯validate_template.shã§èªåæ¤åºãããã
FR-1: å ¨ã³ã¡ã³ãæ¥æ¬èª
# â
OK
# è¨å®å
容: ãã°ã°ã«ã¼ãã®ååãæå®ãã¾ãã
# â NG
# Description: The name of the log group.
FR-2: åºåãç·ã¯ #------- ã®ã¿ï¼==== ç¦æ¢ï¼
# â
OK
#---------------------------------------------------------------
# åºæ¬è¨å®
#---------------------------------------------------------------
# â NG
# ============================================================
# Basic Configuration
# ============================================================
FR-3: ããããã£ã³ã¡ã³ãã« è¨å®å
容:, è¨å®å¯è½ãªå¤:, çç¥æ: ã使ç¨
# â
OK
# name (Optional, Forces new resource)
# è¨å®å
容: ãã°ã°ã«ã¼ãã®ååãæå®ãã¾ãã
# è¨å®å¯è½ãªå¤: 1-512æåã®æåå
# çç¥æ: Terraformãã©ã³ãã ãªä¸æã®ååãçæãã¾ãã
# â NG
# name (Optional, Forces new resource)
# Description: The name of the log group.
# Valid values: 1-512 character string
# Default: Terraform generates a random unique name.
FR-4: æ©è½ã«ãã´ãªå¥ã°ã«ã¼ãã³ã°ï¼Required/Optionalã°ã«ã¼ãã³ã°ç¦æ¢ï¼
# â
OK: æ©è½å¥
#-------------------------------------------------------------
# æå·åè¨å®
#-------------------------------------------------------------
# â NG: Required/Optionalã°ã«ã¼ãã³ã°
# ============================================================
# REQUIRED ARGUMENTS
# ============================================================
FR-5: ãã¹ããããã¯ãããã¼ã #----- çµ±ä¸
ãã¹ããããã¯ã®ã«ãã´ãªåºåãç·ããããã¬ãã«ã¨åã #----- å½¢å¼ã使ç¨ã
FR-6: Attributes Reference 25è¡ä»¥å ã»ã³ã¼ãä¾ç¦æ¢
# â
OK
#---------------------------------------------------------------
# Attributes Reference (èªã¿åãå°ç¨å±æ§)
#---------------------------------------------------------------
# ãã®ãªã½ã¼ã¹ã¯ä»¥ä¸ã®å±æ§ãã¨ã¯ã¹ãã¼ããã¾ã:
#
# - arn: ãã°ã°ã«ã¼ãã®ARN
# - tags_all: ç¶æ¿ã¿ã°ãå«ãå
¨ã¿ã°ããã
#---------------------------------------------------------------
# â NG: ã³ã¼ãä¾ãå«ã
# output "log_group_arn" {
# value = aws_cloudwatch_log_group.example.arn
# }
FR-7: 使ç¨ä¾ã»ãã¹ããã©ã¯ãã£ã¹çã®ä½åãªã»ã¯ã·ã§ã³ç¦æ¢ ãã³ãã¬ã¼ãã«ã¯ãªã½ã¼ã¹å®ç¾©ã¨Attributes Referenceã®ã¿ãè¨è¼ã使ç¨ä¾ããã¹ããã©ã¯ãã£ã¹ãoutputä¾çã¯è¨è¼ããªãã
æãæ¼ãæ¤è¨¼
åãªã½ã¼ã¹ã®ãã³ãã¬ã¼ãçæå¾ãæ¤è¨¼ã¹ã¯ãªãããå®è¡:
bash "${PROJECT_ROOT}/.claude/skills/terraform-aws-annotated-blueprint/lib/validate_template.sh" \
"${OUTPUT_FILE}" \
"${RESOURCE_NAME}" \
"${SCHEMA_FILE}"
FAILã1ã¤ã§ãããã°ã該å½ç®æãä¿®æ£ãã¦å度æ¤è¨¼ãå®è¡ãããå ¨é ç®PASSã«ãªãã¾ã§ç¹°ãè¿ãã
ãã¡ã¤ã«åå²ã«ã¼ã«
以ä¸ã®å 容ã¯å¥ãã¡ã¤ã«ã«åå²ããï¼
- variables.tf: å ¥åå¤æ°ï¼variableï¼
- locals.tf: ãã¼ã«ã«å¤æ°ï¼localsï¼
- data.tf: ãã¼ã¿ã½ã¼ã¹ï¼dataï¼
- versions.tf: Terraformãã¼ã¸ã§ã³å¶ç´ã¨required_providersï¼terraformãããã¯ï¼
- providers.tf: ãããã¤ãã¼è¨å®ï¼providerãããã¯ï¼
ãã¡ã¤ã«çæåä½
åºæ¬ã¯1ãªã½ã¼ã¹ã«ã¤ã1ãã¡ã¤ã«ããã ã以ä¸ã¯1ãã¡ã¤ã«ã«ã¾ã¨ããï¼
- IAM roleå®ç¾©ï¼aws_iam_role, aws_iam_policy, aws_iam_role_policy_attachmentï¼
- Security groupã¨ãã®egress/ingress rule
- Route tableã¨ãã®ã«ã¼ã«
- Target groupã¨ãã®attachmentï¼aws_lb_target_group, aws_lb_target_group_attachmentï¼
ãã¡ã¤ã«å½åè¦å:
- ãã¡ã¤ã«åã«
awsã¯å«ããªã - åä¸ãªã½ã¼ã¹:
lambda.tf - è¤æ°ã®åä¸ãªã½ã¼ã¹:
lambda_parser.tf,lambda_archiver.tf
ä¾åé¢ä¿ã®æ±ã
- ãªã½ã¼ã¹åç §ã«ããæé»çãªä¾åé¢ä¿ãæ´»ç¨ãã
- æ示çãª
depends_onã¯ãæé»çãªä¾åé¢ä¿ã§ã¯è¡¨ç¾ã§ããªãå ´åã«ã®ã¿ä½¿ç¨ - ä¸è¦ãª
depends_onã¯ã³ã¼ãã®å¯èªæ§ãä¸ããããé¿ãã
ãã®ä»ã«ã¼ã«
- IAM policyã®å®ç¾©ã¯data resourceã使ããããªã½ã¼ã¹ã«ç´æ¥jsonencodeããããªã·ã¼ãè¨è¼ãã
Providerææ°ãã¼ã¸ã§ã³åå¾
versionæå®ããªãå ´åã¯ä»¥ä¸ã§Terraform Registry APIããææ°ãã¼ã¸ã§ã³ãåå¾ï¼
curl -s "https://registry.terraform.io/v1/providers/hashicorp/aws" | jq -r '.version'