MCP HubMCP Hub
스킬 목록으로 돌아가기

azure-verified-modules

hashicorp
업데이트됨 2 days ago
1 조회
631
75
631
GitHub에서 보기
메타design

정보

이 스킬은 Azure Verified Modules(AVM) 인증 표준을 충족하는 Azure Terraform 모듈 개발을 위한 요구사항과 모범 사례를 제공합니다. 공급자 요구사항, 코드 스타일, 변수 정의를 포함하여 일관성, 품질 및 유지보수성을 위한 필수 사항을 다룹니다. AVM 인증을 목표로 하는 Azure 모듈을 생성하거나 검토할 때 활용하세요.

빠른 설치

Claude Code

추천
기본
npx skills add hashicorp/agent-skills -a claude-code
플러그인 명령대체
/plugin add https://github.com/hashicorp/agent-skills
Git 클론대체
git clone https://github.com/hashicorp/agent-skills.git ~/.claude/skills/azure-verified-modules

Claude Code에서 이 명령을 복사하여 붙여넣어 스킬을 설치하세요

문서

Azure Verified Modules (AVM) Requirements

This guide covers the mandatory requirements for Azure Verified Modules certification. These requirements ensure consistency, quality, and maintainability across Azure Terraform modules.

References:

Table of Contents

Module Cross-Referencing

Severity: MUST | Requirement: TFFR1

When building Resource or Pattern modules, module owners MAY cross-reference other modules. However:

  • Modules MUST be referenced using HashiCorp Terraform registry reference to a pinned version
    • Example: source = "Azure/xxx/azurerm" with version = "1.2.3"
  • Modules MUST NOT use git references (e.g., git::https://xxx.yyy/xxx.git or github.com/xxx/yyy)
  • Modules MUST NOT contain references to non-AVM modules

Azure Provider Requirements

Severity: MUST | Requirement: TFFR3

Authors MUST only use the following Azure providers:

ProviderMin VersionMax Version
azapi>= 2.0< 3.0
azurerm>= 4.0< 5.0

Requirements:

  • Authors MAY select either Azurerm, Azapi, or both providers
  • MUST use required_providers block to enforce provider versions
  • SHOULD use pessimistic version constraint operator (~>)

Example:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 4.0"
    }
    azapi = {
      source  = "Azure/azapi"
      version = "~> 2.0"
    }
  }
}

Code Style Standards

Lower snake_casing

Severity: MUST | Requirement: TFNFR4

MUST use lower snake_casing for:

  • Locals
  • Variables
  • Outputs
  • Resources (symbolic names)
  • Modules (symbolic names)

Example: snake_casing_example

Resource & Data Source Ordering

Severity: SHOULD | Requirement: TFNFR6

  • Resources that are depended on SHOULD come first
  • Resources with dependencies SHOULD be defined close to each other

Count & for_each Usage

Severity: MUST | Requirement: TFNFR7

  • Use count for conditional resource creation
  • MUST use map(xxx) or set(xxx) as resource's for_each collection
  • The map's key or set's element MUST be static literals

Example:

resource "azurerm_subnet" "pair" {
  for_each             = var.subnet_map  # map(string)
  name                 = "${each.value}-pair"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]
}

Resource & Data Block Internal Ordering

Severity: SHOULD | Requirement: TFNFR8

Order within resource/data blocks:

  1. Meta-arguments (top):

    • provider
    • count
    • for_each

  2. Arguments/blocks (middle, alphabetical):

    • Required arguments
    • Optional arguments
    • Required nested blocks
    • Optional nested blocks

  3. Meta-arguments (bottom):

    • depends_on
    • lifecycle (with sub-order: create_before_destroy, ignore_changes, prevent_destroy)

Separate sections with blank lines.

Module Block Ordering

Severity: SHOULD | Requirement: TFNFR9

Order within module blocks:

  1. Top meta-arguments:

    • source
    • version
    • count
    • for_each

  2. Arguments (alphabetical):

    • Required arguments
    • Optional arguments

  3. Bottom meta-arguments:

    • depends_on
    • providers

Lifecycle ignore_changes Syntax

Severity: MUST | Requirement: TFNFR10

The ignore_changes attribute MUST NOT be enclosed in double quotes.

Good:

lifecycle {
  ignore_changes = [tags]
}

Bad:

lifecycle {
  ignore_changes = ["tags"]
}

Null Comparison for Conditional Creation

Severity: SHOULD | Requirement: TFNFR11

For parameters requiring conditional resource creation, wrap with object type to avoid "known after apply" issues during plan stage.

Recommended:

variable "security_group" {
  type = object({
    id = string
  })
  default = null
}

Dynamic Blocks for Optional Nested Objects

Severity: MUST | Requirement: TFNFR12

Nested blocks under conditions MUST use this pattern:

dynamic "identity" {
  for_each = <condition> ? [<some_item>] : []

  content {
    # block content
  }
}

Default Values with coalesce/try

Severity: SHOULD | Requirement: TFNFR13

Good:

coalesce(var.new_network_security_group_name, "${var.subnet_name}-nsg")

Bad:

var.new_network_security_group_name == null ? "${var.subnet_name}-nsg" : var.new_network_security_group_name

Provider Declarations in Modules

Severity: MUST | Requirement: TFNFR27

  • provider MUST NOT be declared in modules (except for configuration_aliases)
  • provider blocks in modules MUST only use alias
  • Provider configurations SHOULD be passed in by module users

Variable Requirements

Not Allowed Variables

Severity: MUST | Requirement: TFNFR14

Module owners MUST NOT add variables like enabled or module_depends_on to control entire module operation. Boolean feature toggles for specific resources are acceptable.

Variable Definition Order

Severity: SHOULD | Requirement: TFNFR15

Variables SHOULD follow this order:

  1. All required fields (alphabetical)
  2. All optional fields (alphabetical)

Variable Naming Rules

Severity: SHOULD | Requirement: TFNFR16

Variables with Descriptions

Severity: SHOULD | Requirement: TFNFR17

  • description SHOULD precisely describe the parameter's purpose and expected data type
  • Target audience is module users, not developers
  • For object types, use HEREDOC format

Variables with Types

Severity: MUST | Requirement: TFNFR18

  • type MUST be defined for every variable
  • type SHOULD be as precise as possible
  • any MAY only be used with adequate reasons
  • Use bool instead of string/number for true/false values
  • Use concrete object instead of map(any)

Sensitive Data Variables

Severity: SHOULD | Requirement: TFNFR19

If a variable's type is object and contains sensitive fields, the entire variable SHOULD be sensitive = true, or extract sensitive fields into separate variables.

Non-Nullable Defaults for Collections

Severity: SHOULD | Requirement: TFNFR20

Nullable SHOULD be set to false for collection values (sets, maps, lists) when using them in loops. For scalar values, null may have semantic meaning.

Discourage Nullability by Default

Severity: MUST | Requirement: TFNFR21

nullable = true MUST be avoided unless there's a specific semantic need for null values.

Avoid sensitive = false

Severity: MUST | Requirement: TFNFR22

sensitive = false MUST be avoided (this is the default).

Sensitive Default Value Conditions

Severity: MUST | Requirement: TFNFR23

A default value MUST NOT be set for sensitive inputs (e.g., default passwords).

Handling Deprecated Variables

Severity: MUST | Requirement: TFNFR24

  • Move deprecated variables to deprecated_variables.tf
  • Annotate with DEPRECATED at the beginning of description
  • Declare the replacement's name
  • Clean up during major version releases

Output Requirements

Additional Terraform Outputs

Severity: SHOULD | Requirement: TFFR2

Authors SHOULD NOT output entire resource objects as these may contain sensitive data and the schema can change with API or provider versions.

Best Practices:

  • Output computed attributes of resources as discrete outputs (anti-corruption layer pattern)
  • SHOULD NOT output values that are already inputs (except name)
  • Use sensitive = true for sensitive attributes
  • For resources deployed with for_each, output computed attributes in a map structure

Examples:

# Single resource computed attribute
output "foo" {
  description = "MyResource foo attribute"
  value       = azurerm_resource_myresource.foo
}

# for_each resources
output "childresource_foos" {
  description = "MyResource children's foo attributes"
  value = {
    for key, value in azurerm_resource_mychildresource : key => value.foo
  }
}

# Sensitive output
output "bar" {
  description = "MyResource bar attribute"
  value       = azurerm_resource_myresource.bar
  sensitive   = true
}

Sensitive Data Outputs

Severity: MUST | Requirement: TFNFR29

Outputs containing confidential data MUST be declared with sensitive = true.

Handling Deprecated Outputs

Severity: MUST | Requirement: TFNFR30

  • Move deprecated outputs to deprecated_outputs.tf
  • Define new outputs in outputs.tf
  • Clean up during major version releases

Local Values Standards

locals.tf Organization

Severity: MAY | Requirement: TFNFR31

  • locals.tf SHOULD only contain locals blocks
  • MAY declare locals blocks next to resources for advanced scenarios

Alphabetical Local Arrangement

Severity: MUST | Requirement: TFNFR32

Expressions in locals blocks MUST be arranged alphabetically.

Precise Local Types

Severity: SHOULD | Requirement: TFNFR33

Use precise types (e.g., number for age, not string).

Terraform Configuration Requirements

Terraform Version Requirements

Severity: MUST | Requirement: TFNFR25

terraform.tf requirements:

  • MUST contain only one terraform block
  • First line MUST define required_version
  • MUST include minimum version constraint
  • MUST include maximum major version constraint
  • SHOULD use ~> #.# or >= #.#.#, < #.#.# format

Example:

terraform {
  required_version = "~> 1.6"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 4.0"
    }
  }
}

Providers in required_providers

Severity: MUST | Requirement: TFNFR26

  • terraform block MUST contain required_providers block
  • Each provider MUST specify source and version
  • Providers SHOULD be sorted alphabetically
  • Only include directly required providers
  • source MUST be in format namespace/name
  • version MUST include minimum and maximum major version constraints
  • SHOULD use ~> #.# or >= #.#.#, < #.#.# format

Testing Requirements

Test Tooling

Severity: MUST | Requirement: TFNFR5

Required testing tools for AVM:

  • Terraform (terraform validate/fmt/test)
  • terrafmt
  • Checkov
  • tflint (with azurerm ruleset)
  • Go (optional for custom tests)

Test Provider Configuration

Severity: SHOULD | Requirement: TFNFR36

For robust testing, prevent_deletion_if_contains_resources SHOULD be explicitly set to false in test provider configurations.

Documentation Requirements

Module Documentation Generation

Severity: MUST | Requirement: TFNFR2

  • Documentation MUST be automatically generated via Terraform Docs
  • A .terraform-docs.yml file MUST be present in the module root

Breaking Changes & Feature Management

Using Feature Toggles

Severity: MUST | Requirement: TFNFR34

New resources added in minor/patch versions MUST have a toggle variable to avoid creation by default:

variable "create_route_table" {
  type     = bool
  default  = false
  nullable = false
}

resource "azurerm_route_table" "this" {
  count = var.create_route_table ? 1 : 0
  # ...
}

Reviewing Potential Breaking Changes

Severity: MUST | Requirement: TFNFR35

Breaking changes requiring caution:

Resource blocks:

  1. Adding new resource without conditional creation
  2. Adding arguments with non-default values
  3. Adding nested blocks without dynamic
  4. Renaming resources without moved blocks
  5. Changing count to for_each or vice versa

Variable/Output blocks:

  1. Deleting/renaming variables
  2. Changing variable type
  3. Changing variable default values
  4. Changing nullable to false
  5. Changing sensitive from false to true
  6. Adding variables without default
  7. Deleting outputs
  8. Changing output value
  9. Changing output sensitive value

Contribution Standards

GitHub Repository Branch Protection

Severity: MUST | Requirement: TFNFR3

Module owners MUST set branch protection policies on the default branch (typically main):

  1. Require Pull Request before merging
  2. Require approval of most recent reviewable push
  3. Dismiss stale PR approvals when new commits are pushed
  4. Require linear history
  5. Prevent force pushes
  6. Not allow deletions
  7. Require CODEOWNERS review
  8. No bypassing settings allowed
  9. Enforce for administrators

Compliance Checklist

Use this checklist when developing or reviewing Azure Verified Modules:

Module Structure

  • Module cross-references use registry sources with pinned versions
  • Azure providers (azurerm/azapi) versions meet AVM requirements
  • .terraform-docs.yml present in module root
  • CODEOWNERS file present

Code Style

  • All names use lower snake_casing
  • Resources ordered with dependencies first
  • for_each uses map() or set() with static keys
  • Resource/data/module blocks follow proper internal ordering
  • ignore_changes not quoted
  • Dynamic blocks used for conditional nested objects
  • coalesce() or try() used for default values

Variables

  • No enabled or module_depends_on variables
  • Variables ordered: required (alphabetical) then optional (alphabetical)
  • All variables have precise types (avoid any)
  • All variables have descriptions
  • Collections have nullable = false
  • No sensitive = false declarations
  • No default values for sensitive inputs
  • Deprecated variables moved to deprecated_variables.tf

Outputs

  • Outputs use anti-corruption layer pattern (discrete attributes)
  • Sensitive outputs marked sensitive = true
  • Deprecated outputs moved to deprecated_outputs.tf

Terraform Configuration

  • terraform.tf has version constraints (~> format)
  • required_providers block present with all providers
  • No provider declarations in module (except aliases)
  • Locals arranged alphabetically

Testing & Quality

  • Required testing tools configured
  • New resources have feature toggles
  • Breaking changes reviewed and documented

Summary Statistics

  • Functional Requirements: 3
  • Non-Functional Requirements: 34
  • Total Requirements: 37

By Severity

  • MUST: 21 requirements
  • SHOULD: 14 requirements
  • MAY: 2 requirements

Based on: Azure Verified Modules - Terraform Requirements

GitHub 저장소

hashicorp/agent-skills
경로: terraform/code-generation/skills/azure-verified-modules
0
doormat-managed

연관 스킬

content-collections

메타

이 스킬은 콘텐츠 콜렉션(Content Collections)을 위한 프로덕션 검증된 설정을 제공합니다. 콘텐츠 콜렉션은 Markdown/MDX 파일을 Zod 검증이 포함된 타입 안전한 데이터 콜렉션으로 변환해주는 TypeScript 최우선 도구입니다. 블로그, 문서 사이트 또는 콘텐츠 중심의 Vite + React 애플리케이션을 구축할 때 타입 안전성과 자동 콘텐츠 검증을 보장하기 위해 사용하세요. Vite 플러그인 구성과 MDX 컴파일부터 배포 최적화 및 스키마 검증에 이르기까지 모든 것을 다룹니다.

스킬 보기

polymarket

메타

이 스킬은 개발자들이 Polymarket 예측 시장 플랫폼을 활용한 애플리케이션을 구축할 수 있도록 지원하며, 거래 및 시장 데이터를 위한 API 통합 기능을 포함합니다. 또한 WebSocket을 통한 실시간 데이터 스트리밍을 제공하여 실시간 거래와 시장 활동을 모니터링할 수 있습니다. 이를 통해 거래 전략을 구현하거나 실시간 시장 업데이트를 처리하는 도구를 생성하는 데 활용할 수 있습니다.

스킬 보기

creating-opencode-plugins

메타

이 스킬은 개발자들이 명령어, 파일, LSP 작업 등 25개 이상의 이벤트 유형에 연결되는 OpenCode 플러그인을 만들 수 있도록 돕습니다. JavaScript/TypeScript 모듈을 위한 플러그인 구조, 이벤트 API 명세, 구현 패턴을 제공합니다. OpenCode AI 어시스턴트의 라이프사이클을 사용자 정의 이벤트 기반 로직으로 가로채거나, 모니터링하거나, 확장해야 할 때 사용하세요.

스킬 보기

sglang

메타

SGLang은 RadixAttention 프리픽스 캐싱을 활용하여 JSON, 정규식, 에이전트 워크플로우를 위한 고속 구조화 생성에 특화된 고성능 LLM 서빙 프레임워크입니다. 특히 반복되는 프리픽스가 있는 작업에서 상당히 빠른 추론 속도를 제공하여 복잡한 구조화 출력 및 다중 턴 대화에 이상적입니다. 제약 디코딩이 필요하거나 광범위한 프리픽스 공유가 있는 애플리케이션을 구축할 때는 vLLM과 같은 대안보다 SGLang을 선택하십시오.

스킬 보기