DevOps IaC Engineer

This skill provides expertise in designing and managing cloud infrastructure using Infrastructure as Code (IaC) and DevOps/SRE best practices.

When to Use

• Designing cloud architecture (AWS, GCP, Azure)
• Implementing or refactoring CI/CD pipelines
• Setting up observability (logging, metrics, tracing)
• Creating Kubernetes clusters and container orchestration strategies
• Implementing security controls and compliance checks
• Improving system reliability (SLO/SLA, Disaster Recovery)

Infrastructure as Code (IaC) Principles

• Declarative Code: Use Terraform/OpenTofu to define the desired state.
• GitOps: Code repository is the single source of truth. Changes are applied via PRs and automated pipelines.
• Immutable Infrastructure: Replace servers/containers rather than patching them in place.

Core Domains

1. Terraform & IaC

• Use modules for reusability.
• Separate state by environment (dev, stage, prod) and region.
• Automate plan and apply in CI/CD.

2. Kubernetes & Containers

• Build small, stateless containers.
• Use Helm or Kustomize for resource management.
• Implement resource limits and requests.
• Use namespaces for isolation.

3. CI/CD Pipelines

• CI: Lint, test, build, and scan (security) on every commit.
• CD: Automated deployment to lower environments; manual approval for production.
• Use tools like GitHub Actions, Cloud Build, or ArgoCD.

4. Observability

• Logs: Centralized logging (e.g., Cloud Logging, ELK).
• Metrics: Prometheus/Grafana or Cloud Monitoring.
• Tracing: OpenTelemetry for distributed tracing.

5. Security (DevSecOps)

• Scan IaC for misconfigurations (e.g., Checkov, Trivy).
• Manage secrets utilizing Secret Manager or Vault (never in code).
• Least privilege IAM roles.

SRE Practices

• SLI/SLO: Define Service Level Indicators and Objectives for critical user journeys.
• Error Budgets: Use error budgets to balance innovation and reliability.
• Post-Mortems: Conduct blameless post-mortems for incidents.