IT AI Skill

Infrastructure Provisioning

Automate infrastructure provisioning using Infrastructure as Code, cloud resource management, environment deployment, and configuration management. Use when provisioning cloud resources, managing IaC templates, automating environment setup, or standardizing...

Infrastructure Provisioning & IaC

Automate infrastructure provisioning and management using Infrastructure as Code principles for consistency and scalability.

Workflow

1. Infrastructure Architecture & Design

Infrastructure blueprint development:

Environment architecture (dev, staging, production, disaster recovery)
Network topology design (VPC/VNet, subnets, security groups, routing)
Compute resource planning (VM sizes, container orchestration, serverless)
Storage architecture (block, object, file, database)
High availability and redundancy design

Infrastructure standards definition:

Naming conventions for all resources
Tagging strategy (owner, environment, cost center, application)
Security baseline (encryption, access controls, monitoring)
Compliance requirements mapping (SOC 2, HIPAA, PCI-DSS)
Cost optimization standards (right-sizing, reserved instances, spot)

Platform and tool selection:

Cloud provider strategy (single, multi-cloud, hybrid)
IaC tool selection (Terraform, CloudFormation, Pulumi, Bicep)
Configuration management (Ansible, Chef, Puppet)
Container orchestration (Kubernetes, ECS, AKS)
Infrastructure state management

2. IaC Development & Management

Module and template development:

Reusable module/library creation
Parameterization and variable management
Input/output definition and documentation
Version control and branching strategy
Module testing and validation

State management and collaboration:

Remote state storage and locking
State file security and access control
State migration and import procedures
Workspace/environment isolation
State backup and recovery

Code review and governance:

IaC code review process (pull request workflow)
Security scanning (Checkov, tfsec, Terrascan)
Cost estimation before deployment
Policy compliance validation (Sentinel, OPA)
Documentation and runbook maintenance

3. Environment Deployment & Orchestration

CI/CD for infrastructure:

Pipeline design for IaC deployment
Automated testing (syntax, security, policy compliance)
Plan/preview before apply
Approval gates for production changes
Rollback procedures and automation

Deployment execution:

Environment provisioning sequence and dependency management
Blue/green and canary deployment for infrastructure
Zero-downtime deployment techniques
Deployment validation and health checks
Post-deployment verification

Configuration drift management:

Drift detection and alerting
Drift remediation (reconcile vs ignore)
Manual change documentation and import
Compliance reporting on drift
Prevention through access controls

4. Cloud Resource Optimization

Cost optimization:

Right-sizing analysis and implementation
Reserved instance and savings plan optimization
Spot instance utilization for fault-tolerant workloads
Auto-scaling configuration and tuning
Resource utilization monitoring and reporting

Performance optimization:

Compute performance tuning
Database performance optimization
Network latency reduction
CDN and caching strategy
Storage tier optimization

Resource lifecycle management:

Automated cleanup of unused resources
Environment teardown for non-production
Resource expiration and scheduling
Decommissioning procedures
Cost allocation and showback/chargeback

5. Security & Compliance Automation

Security by default:

Encryption at rest and in transit (default enabled)
Network segmentation and zero-trust principles
Identity and access management automation
Secret management integration
Security group and firewall rule management

Compliance automation:

Compliance policy as code
Continuous compliance monitoring
Audit trail and logging configuration
Remediation automation for compliance violations
Compliance reporting and evidence collection

Disaster recovery automation:

Automated backup configuration
Cross-region replication setup
DR failover automation
Recovery testing automation
RTO/RPO validation

Templates & Frameworks

Infrastructure Module Template

TERRAFORM MODULE — [Service Name]
===================================

MODULE: modules/[service-name]
  Purpose: [description of what this module provisions]
  Owner: [team/person]
  Last updated: [date]

INPUT VARIABLES:
  environment     (string) — dev, staging, prod
  region          (string) — primary AWS/Azure/GCP region
  instance_type   (string) — compute instance size
  min_instances   (number) — minimum running instances
  max_instances   (number) — maximum auto-scaling instances
  enable_monitoring (bool) — enable CloudWatch/Datadog monitoring
  tags            (map) — resource tagging

OUTPUT VALUES:
  endpoint       — service endpoint URL
  security_group_id — SG ID for resource access
  alb_dns_name   — load balancer DNS name
  rds_endpoint   — database endpoint

PROVISIONED RESOURCES:
  — Auto Scaling Group (min: ${min}, max: ${max})
  — Application Load Balancer (HTTPS, path-based routing)
  — RDS Instance (Multi-AZ, encrypted, automated backups)
  — Security Groups (restricted ingress/egress)
  — CloudWatch Alarms (CPU, memory, error rate)
  — S3 Bucket (logs, encrypted, versioned)
  — IAM Roles (least privilege, assumed by instances)

USAGE EXAMPLE:
  module "web-app" {
    source = "./modules/web-app"
    environment = "production"
    region = "us-east-1"
    instance_type = "t3.medium"
    min_instances = 2
    max_instances = 10
    enable_monitoring = true
    tags = {
      owner = "platform-team"
      cost_center = "engineering"
      application = "web-frontend"
    }
  }

DEPLOYMENT NOTES:
  — Estimated monthly cost: ~$450 (dev), ~$2,100 (prod)
  — RTO: 15 minutes (auto-scaling + ALB)
  — RPO: 5 minutes (RDS automated backups)
  — Requires: VPC module, DNS module

Infrastructure Deployment Pipeline

INFRASTRUCTURE CI/CD PIPELINE
===============================

STAGE 1: VALIDATION
  — Terraform fmt (code formatting)
  — Terraform validate (syntax check)
  — Checkov/tfsec (security scanning)
  — Cost estimation (infracost)
  — Policy compliance check (Sentinel/OPA)

STAGE 2: PLAN
  — Terraform plan (preview changes)
  — Diff review and annotation
  — Cost impact assessment
  — Stakeholder notification (if production)

STAGE 3: APPROVAL
  — Development: auto-approve
  — Staging: team lead approval
  — Production: 2-person approval + change manager

STAGE 4: APPLY
  — Terraform apply (execute changes)
  — State update and backup
  — Deployment log capture

STAGE 5: VALIDATION
  — Health check execution
  — Smoke test execution
  — Monitoring alert verification
  — Performance baseline comparison
  — Compliance scan post-deployment

STAGE 6: DOCUMENTATION
  — Change log update
  — Runbook update (if needed)
  — Stakeholder notification
  — Rollback procedure verification

ROLLBACK TRIGGER:
  — Health check failure > 3 consecutive
  — Error rate > 5% for 5 minutes
  — Latency p95 > 2x baseline
  — Manual trigger by on-call engineer

Integration Points

Cloud platforms (AWS, Azure, GCP): Infrastructure resources
IaC tools (Terraform, CloudFormation, Pulumi): Infrastructure definition
CI/CD platforms (GitHub Actions, GitLab CI, Jenkins, CircleCI): Pipeline execution
Security scanning (Checkov, tfsec, Terrascan): Code security validation
Policy engines (Sentinel, OPA): Governance enforcement
State management (Terraform Cloud, S3+DynamoDB): State storage and locking
Cost management (CloudHealth, Cloudability, native tools): Cost tracking
Configuration management (Ansible, Chef): Post-provisioning configuration
Monitoring (Datadog, Prometheus, CloudWatch): Resource monitoring

Edge Cases

Multi-cloud infrastructure: Consistent IaC abstraction layer; provider-specific module management; cross-cloud networking; unified monitoring; cost comparison
Legacy on-premises integration: Hybrid connectivity setup; configuration management for physical servers; gradual migration planning; coexistence architecture
Frequent infrastructure changes: Automated testing suite; rapid deployment pipeline; feature flag infrastructure; canary deployment for infrastructure
Strict compliance environments: Enhanced approval workflow; change window enforcement; audit trail completeness; evidence automation; compliance pre-check
State file corruption or loss: State backup and recovery procedure; state import for manual changes; state migration planning; disaster recovery for state

Output

Infrastructure Provisioning Dashboard

INFRASTRUCTURE STATUS — April 2025
===================================

ENVIRONMENT INVENTORY:
  Development: 12 environments (47 resources)
  Staging: 3 environments (134 resources)
  Production: 2 environments (387 resources)
  DR: 1 environment (387 resources — synchronized)

PROVISIONING METRICS:
  IaC coverage: 94% (target: >95% ⚠)
  Manual changes detected: 7 (remediation in progress)
  Configuration drift: 2.3% (target: <1% ⚠)
  Deployments this month: 47 (34 successful, 1 rollback, 12 pending)

CLOUD RESOURCE COST:
  Monthly spend: $127,400 (↓ 4.2% from last month ✓)
  Reserved instance coverage: 78%
  Spot instance utilization: 23% (batch workloads)
  Right-sizing savings identified: $8,400/month
  Unused resources flagged: 12 ($2,300/month waste)

SECURITY POSTURE:
  Encryption at rest: 99.2% resources ✓
  Security group compliance: 97.8% ✓
  IAM policy compliance: 95.4% ✓
  Security scan issues (critical): 0 ✓
  Open vulnerabilities (medium): 4 (patching scheduled)

COMPLIANCE STATUS:
  SOC 2 compliance: 98.7% ✓
  HIPAA compliance: 99.1% ✓
  PCI-DSS scope: 3 systems (all compliant ✓)
  Audit evidence automated: 94%
  Last compliance scan: April 14 (passed)

DEPLOYMENT PERFORMANCE:
  Avg deployment time: 8.4 minutes
  Deployment success rate: 97.9% ✓
  Mean time to rollback: 3.2 minutes
  Zero-downtime deployments: 92%

AUTOMATION METRICS:
  Auto-scaling events: 234 this month
  Automated remediation: 67 actions
  Scheduled maintenance: 4 completed (0 issues)
  Backup success rate: 99.7% ✓

Trigger Phrases

"infrastructure as code", "IaC", "cloud provisioning", "Terraform", "environment deployment", "configuration management", "auto-scaling", "resource tagging", "infrastructure template", "CI/CD infrastructure", "drift detection", "right-sizing", "multi-cloud", "infrastructure pipeline"