运行完整的 Agentic 部署流水线:从 Scaffold 到 Live CloudFront
I’m happy to translate the article for you, but I’ll need the full text (the markdown content) that you’d like translated. Could you please paste the rest of the article here? Once I have it, I’ll keep the source line unchanged and translate the rest into Simplified Chinese while preserving all formatting, code blocks, URLs, and technical terms.
第4阶段 — 主动基础设施
使用 Claude Code 构建实时 AWS 部署流水线
第1‑3阶段奠定了基础:一个已验证的环境、一个了解项目的代理以及四个可复用的技能。第4阶段利用这些基础运行完整的部署流水线——从空的 Terraform 目录到在 AWS CloudFront 上的实时静态网站。本文记录了每一步、每条命令以及所有输出。
执行步骤
| # | 命令 | 类型 | 输出 |
|---|---|---|---|
| 1 | /scaffold-terraform | 技能 | 生成 4 个 Terraform 文件 |
| 2 | terraform init | 手动 | 已下载提供商 |
| 3 | /tf-plan | 技能 | 计划:创建 4 项,0 项销毁 |
| 4 | /tf-apply | 技能 | 已创建 4 个 AWS 资源 |
| 5 | /deploy | 技能 | 网站已在 CloudFront 上上线 |
生成的 Terraform 文件
Claude 阅读了 template-spec.md 并在 terraform/ 目录下生成了完整的 Terraform 配置。
terraform/
├── main.tf
├── variables.tf
├── outputs.tf
└── providers.tfmain.tf (摘录)
# S3 bucket — versioning enabled, public access blocked
resource "aws_s3_bucket" "site" {
bucket = var.bucket_name
tags = var.tags
}
resource "aws_s3_bucket_versioning" "site" {
bucket = aws_s3_bucket.site.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket_public_access_block" "site" {
bucket = aws_s3_bucket.site.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
# CloudFront origin access control
resource "aws_cloudfront_origin_access_control" "oac" {
name = "${var.bucket_name}-oac"
origin_access_control_origin_type = "s3"
signing_behavior = "always"
signing_protocol = "sigv4"
}
# CloudFront distribution
resource "aws_cloudfront_distribution" "site" {
enabled = true
default_root_object = "index.html"
price_class = "PriceClass_200" # Africa + Europe coverage
origin {
domain_name = aws_s3_bucket.site.bucket_regional_domain_name
origin_id = "S3Origin"
origin_access_control_id = aws_cloudfront_origin_access_control.oac.id
}
default_cache_behavior {
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "S3Origin"
forwarded_values {
query_string = false
cookies { forward = "none" }
}
}
restrictions {
geo_restriction { restriction_type = "none" }
}
viewer_certificate {
cloudfront_default_certificate = true
}
}
# Bucket policy — CloudFront access only
resource "aws_s3_bucket_policy" "site_policy" {
bucket = aws_s3_bucket.site.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Principal = { Service = "cloudfront.amazonaws.com" }
Action = "s3:GetObject"
Resource = "${aws_s3_bucket.site.arn}/*"
Condition = {
StringEquals = {
"AWS:SourceArn" = aws_cloudfront_distribution.site.arn
}
}
}]
})
}providers.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = "af-south-1"
}初始化 Terraform
cd terraform/
terraform init输出(截断):
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 5.0"...
- Installing hashicorp/aws v5.x.x...
- Installed hashicorp/aws v5.x.x (signed by HashiCorp)
Terraform has been successfully initialized!注意:
terraform init故意不在 Skill 中自动化,因为它会下载提供商插件并设置后端——这些决定需要手动确认。
规划
Skill 运行了 terraform validate,随后执行 terraform plan -out=tfplan.binary,并扫描输出以检测是否有销毁操作。
计划摘要
| 变更类型 | 数量 | 资源 |
|---|---|---|
| 创建 | 4 | aws_s3_bucket、aws_cloudfront_distribution、aws_cloudfront_origin_access_control、aws_s3_bucket_policy |
| 修改 | 0 | — |
| 销毁 | 0 | — |
检测到零个销毁操作,因此该计划被视为安全,并在继续之前提交审查。
应用
terraform apply tfplan.binaryResult (excerpt):
aws_cloudfront_origin_access_control.oac: Creating...
aws_s3_bucket.site: Creating...
aws_s3_bucket.site: Creation complete
aws_s3_bucket_versioning.site: Creating...
aws_s3_bucket_public_access_block.site: Creating...
aws_cloudfront_origin_access_control.oac: Creation complete
aws_cloudfront_distribution.site: Creating...
aws_cloudfront_distribution.site: Still creating... [10m elapsed]
aws_cloudfront_distribution.site: Creation complete
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.CloudFront propagation note: 在 apply 完成后,分发需要 8‑12 分钟才能在全球范围内传播。传播期间,状态显示为
InProgress;准备就绪后会变为Deployed。只有在状态为Deployed时,站点才可访问。
部署站点内容
The Skill read the Terraform outputs for the bucket name and distribution ID, then executed:
# Sync site files
aws s3 sync ./site s3:/// --delete
# Trigger CloudFront cache invalidation
aws cloudfront create-invalidation \
--distribution-id \
--paths '/*'输出(摘录):
upload: site/index.html to s3:///index.html
upload: site/styles.css to s3:///styles.css
{
"Location": "...",
"Invalidation": {
"Id": "...",
"Status": "InProgress"
}
}已确认站点在 CloudFront URL 上上线。
验证清单
| 检查项 | 结果 |
|---|---|
在 terraform/ 中生成的 Terraform 文件 | 通过 |
terraform validate — 无错误 | 通过 |
| 计划:创建 4 项,销毁 0 项 | 通过 |
在 af-south-1 中创建的 S3 存储桶 | 通过 |
| CloudFront 分配状态:已部署 | 通过 |
| 站点文件已正确提供 | 通过 |
部署检查
| 步骤 | 状态 |
|---|---|
| 使用 AWS S3 sync 同步 | 通过 |
| CloudFront 失效已触发 | 通过 |
| 通过浏览器访问 CloudFront URL 的站点 | 通过 |
部署概述
部署本身是本项目压力最小的部分。这是因为之前的三个阶段完成了真正的工作:
Phase 1 – Verify the environment
部署期间没有出现模糊的工具错误。Phase 2 – Load project memory
代理在没有提示的情况下就了解了架构、区域和约定。Phase 3 – Define the Skills
每一步都遵循相同的流程和相同的检查,正如设计的那样。
一个结构良好的流水线不仅能很好地处理问题;它还能使某些类别的问题变得不可能出现。
Live site: