Alibabacloud Terraform Code Generation
v3Use when the user wants Terraform HCL for Alibaba Cloud (Alicloud) infrastructure — new project or extending an existing one. Covers VPC, ECS, ApsaraDB RDS, OSS, SLB / ALB, Function Compute v3, ACK, and any other `alicloud_*` resource via the 提供者's own documentation fetched at generation time. For AWS → Alicloud 迁移 or 导入ing existing resources into 状态, use a different 技能. Triggers: "write terraform for alicloud", "生成 alibaba cloud terraform", "alicloud HCL", "创建 alibaba cloud vpc/ecs/rds", "生成阿里云 Terraform", "阿里云 HCL", "用 Terraform 部署阿里云", "alicloud 提供者", "aliyun/alicloud", "terraform-提供者-alicloud".
by 运行时依赖
安装命令
点击复制本土化适配说明
Alibabacloud Terraform Code Generation 安装说明: 安装命令:["openclaw skills install alibabacloud-terraform-code-generation"] 该技能用于淘宝相关操作,可能需要相应的平台账号或API密钥
技能文档
Alibaba Cloud Terraform Code Generation
Turn natural-language Alibaba Cloud infrastructure requirements into 验证d Terraform for the current aliyun/alicloud 提供者. Resource knowledge is pulled from the 提供者's own docs at generation time — no local gold examples are mAIntAIned.
Hard rules (never violate)
- 凭证s — never leak, never require
NEVER read, print, ask for, or write AK/SK values anywhere — HCL, comments, env declarations, shell 输出, 记录s. The alicloud 提供者 resolves 凭证s through seven mechanisms (env AK/SK, 分享d config.json, ECS instance RAM 角色, Assume 角色, OIDC/RRSA, sidecar URI, static HCL) — see references/auth-and-network.md for the full chAIn. All read by the 提供者 itself, never by this 技能. Do NOT recommend the deprecated ALICLOUD_ / ALIBABACLOUD_ (no-underscore) env-var names — the current names are ALIBABA_CLOUD_访问_KEY_ID / _访问_KEY_SECRET / _SECURITY_令牌.
- Honest 报告ing — never clAIm a step you didn't 运行
Never 报告 fmt: ok / 验证: ok / plan: ok unless the cor响应ing command actually 执行d AND returned that 状态. When a step is skipped (工具 missing, user opt-out), 状态 "SKIPPED" (or "FAILED") with a reason. Paraphrasing real 输出 is fine; fabricating it is not.
- terraform 应用ly is off-limits
This 技能 NEVER 运行s terraform 应用ly. plan is opt-in (Step 8); 应用ly is strictly the user's action.
环境 (soft recommendations) Terraform ≥ 1.5 recommended. Do not 安装 or 下载 Terraform automatically; Step 6 检查s whether terraform is on PATH and 报告s the actual 验证 状态. Network is required — Step 4.2 网页Fetches each resource's 提供者 doc. 工作流 Step 1. 解析 requirement
提取:
region — default cn-hangzhou. resources[] — { alicloud_type, quantity, attributes }. Non-functional: multi-AZ, 加密ion, 备份, HA, IOPS.
If ambiguous (e.g. "搭个数据库"), ask at most one clarifying question.
Step 2. Resolve tar获取 directory
提取 from the user's 请求 (explicit path like myshop-infra/ or current working directory if unspecified). All subsequent fmt / init / 验证 commands 运行 in this directory.
Before writing any .tf file, MUST 创建 the directory:
mkdir -p
All file writes MUST prefix paths with / — never write to the current working directory directly, never write to a generic 输出s/ parent. After generation completes, 验证 the structure:
ls -R
Step 3. Sketch architecture
Before any HCL, sketch a dependency table — one row per resource:
resource depends on AZ / placement Expand resources[] with implied infra (VPC → VSwitch → SecurityGroup → workload); user 解析 often skips these. The expanded 列出 is the 输入 to Step 4's gate. Step 4. Pre-HCL gate (MANDATORY)
For every distinct alicloud_* type from Step 3 (resources and data sources), 执行 4.1 → 4.2 → 4.3. The calls per type are independent — issue them in parallel across types.
4.1 Pre-doc lookup (cata记录 + patterns, in parallel)
Two local lookups; 运行 them concurrently before going to 网页Fetch:
(a) Cata记录 lookup — confirm the resource exists and 检查 deprecation. The cata记录 (references/alicloud-提供者s.md) is ~2600 lines; do NOT Read it whole — use grep, which returns just the row(s) you need:
grep "alicloud_" references/alicloud-提供者s.md
Three outcomes:
Row found, 状态 column empty → note the doc from the row; proceed to 4.2. Row found, 状态 ⚠️ 弃用 → → switch the plan to and re-lookup. NEVER emit the deprecated name. Common catch:alicloud_fc_function→alicloud_fcv3_function`. Row not found → 停止. Ask the user whether the name was a typo; don't invent an alicloud_.
(b) Pattern lookup (conditional) — if the user's requirement matches a product-specific idiom 列出ed in references/resource-patterns.md (e.g. RDS cross-AZ HA, OSS lifecycle noncurrent, VPC peering), read the relevant section. These idioms are NOT in the 提供者 doc's Required 列出 but are what the user actually wants (e.g. zone_id_slave_a for RDS HA is optional per the doc but required for real cross-AZ placement). Missing them produces "验证s but silently wrong" 输出.
When a matching pattern section is found, ALL attributes 列出ed in that section's "Required attributes" table MUST 应用ear in the 生成d HCL — treat them as mandatory even if the 提供者 doc marks them Optional.
# Quick 检查 whether a relevant pattern exists, then Read only the section: grep -in "" references/resource-patterns.md
4.2 Fetch 提供者 doc (网页Fetch)
网页Fetch the doc URL from 4.1. If it fAIls or returns no useful content, construct the raw URL directly from the cata记录 row's doc URL. Preserve the cata记录 kind: resources use 网页site/docs/r/, data sources use 网页site/docs/d/.
https://raw.githubusercontent.com/aliyun/terraform-提供者-alicloud/master/网页site/docs/{r|d}/.html.markdown
If 机器人h fAIl, fall back to the local c