← AI for Cloud
Field Guide · Prompt Engineering for Cloud

Become AI-ready as a cloud engineer in one day.

One reusable prompt frame at 9 AM, then eight copy-paste recipes until your AI writes cloud work you'd actually ship — architecture, Terraform, Kubernetes manifests, CI/CD pipelines, debugging, scripts, incident summaries, and runbooks.

1
Day
8
Prompt Recipes
1
Framework
0
Blank Pages
// 09:00 · Warm-up

The R·C·T·F Frame

Every recipe below builds on these four moves. Learn it once — reuse it forever.

R

Role

Tell the model who to be. A persona sets vocabulary, rigor, and defaults.

"Act as a senior cloud architect with 10 years in AWS and Terraform."

C

Context

Feed the facts: cloud, stack, constraints, and the source material to work from.

"Cloud: AWS. Workload: EKS + RDS. Constraint: <2s p99, PCI scope. Here's the current setup: …"

T

Task

One verb, one deliverable. Be explicit about scope and depth.

"Write a Terraform module for a VPC with public/private subnets and a NAT gateway."

F

Format

Pin the shape of the answer so it drops straight into your repo or tools.

"Output complete .tf files + a variables table; no hardcoded secrets."

+ Power-ups

Examples — paste 1–2 of your real configs so it matches your house style. Constraints — "least-privilege IAM, encrypt at rest, no public buckets". Iterate — "now add an HPA and probes" beats rewriting from scratch.

// The Day

09:00 → 17:00 at a glance

Morning designs and provisions the infra. Afternoon debugs, automates, and documents it.

09Architecture
10Terraform
11Kubernetes
12CI/CD
13Lunch
14Debug
15Scripting
16Incidents
17Runbooks
Morning · Design & Provision09:00 – 12:00 · plan before you apply
09:00ARCHITECTURE01

Architecture & Design

Produce a cost- and risk-aware design for the workload — services, topology, trade-offs.

architecture.md
Act as a cloud architect. We're building [workload/feature] for [users/scale].
Cloud: [AWS / Azure / GCP]. Constraints: [budget, latency, compliance].

Propose a reference architecture: compute, storage, networking,
identity, and observability. Give 2 options (managed vs. self-hosted)
with cost, scaling, and failure-mode trade-offs.

Format with headings + a trade-off table.

TIPFollow up with "which single point of failure worries you most?"

10:00TERRAFORM02

Terraform / IaC

Produce a reviewable Terraform module with sane, secure-by-default variables.

main.tf
Act as a senior platform engineer. Write a [AWS / Azure / GCP]
Terraform module for [resource: e.g. VPC + EKS / AKS / GKE].

Parameterize [region, CIDR, node count, instance type] as variables.
Use remote state, tags, least-privilege IAM, and encrypted storage.
Add outputs for downstream modules. No hardcoded secrets.

Output complete .tf files + a variables table.

TIPAlways run "terraform plan" and read the diff before apply — never let AI apply.

11:00KUBERNETES03

Kubernetes Manifests

Produce production-ready manifests — probes, limits, and security context set.

deploy.yaml
Act as a Kubernetes engineer. Generate manifests to run
[app/image] with [N] replicas.

Include Deployment, Service, and HPA. Set resource requests/limits,
liveness/readiness probes, a non-root securityContext, and
[ConfigMap / Secret refs]. Add an Ingress for [host].

Output as valid YAML with brief comments per block.

TIPAsk it to flag anything that would fail a "kubectl apply --dry-run".

12:00PIPELINE04

CI/CD Pipeline

Produce a build-test-deploy pipeline with gates and a safe rollout strategy.

pipeline.yml
Write a [GitHub Actions / GitLab CI / Azure Pipelines] pipeline for
[app] deploying to [target: ECS / AKS / Cloud Run].

Stages: lint → build → scan (SAST + image scan) → terraform plan →
deploy to staging → manual approval → prod. Cache deps, pin versions,
and inject secrets from [OIDC / secrets manager] — never inline.

Output the complete pipeline file + a stage summary.

TIPAdd "use OIDC, no long-lived cloud keys in the repo" every time.

Afternoon · Operate & Document14:00 – 17:00 · debug, automate, and write it down
14:00DEBUG05

Debug Cloud Errors

Produce a ranked diagnosis from an error or stack — likely cause, next checks.

debug.md
Act as an SRE. Here's an error from [service / CLI]:
"[paste error / kubectl describe / cloud event]".

Stack: [context: provider, resource, recent change].

Give a ranked list of likely causes, the exact command
to confirm each (CLI / kubectl / cloud console), and the fix.
Call out anything that needs a config or IAM change.

TIPPaste the full error AND what changed recently — the diff is usually the cause.

15:00SCRIPTING06

Automation Scripts

Produce idempotent CLI / scripts — AWS CLI, kubectl, or a tidy Python automation.

automate.sh
Act as a DevOps engineer. Write a [bash / Python] script to
[task: e.g. rotate keys / tag untagged resources / drain nodes].

Use [AWS CLI / az / gcloud / kubectl]. Make it idempotent,
add dry-run + confirm flags, handle pagination and errors,
and log each action. No credentials in the script.

Output complete, runnable code with usage comments.

TIP"Add a --dry-run that prints actions without making changes" prevents accidents.

16:00INCIDENT07

Log & Incident Triage

Produce a clean incident summary from messy logs and alerts.

incident.md
Turn these logs/alerts into an incident summary:
"[paste logs / CloudWatch / metrics]".

Include: title, severity, affected services, timeline,
probable root cause, blast radius, and immediate mitigation.
Separate "what we know" from "what we're assuming".

Format for [Slack / Jira / status page].

TIPAsk for a one-line summary on-callers can scan in 2 seconds.

17:00RUNBOOK08

Runbook & Review

Produce a repeatable runbook and a security review of the generated infra.

runbook.md
Review this [Terraform / manifest / pipeline]:
"[paste config]".

Flag insecure defaults, over-broad IAM, missing encryption,
public exposure, and drift risk. Then write a runbook
for [deploy / rollback / on-call response] with exact steps.

Output the review checklist + the runbook.

TIPEnd the day here — a runbook today saves a 3 AM scramble tomorrow.

/ GOLDEN RULE 01

Never paste secrets.

No keys, tokens, or .env contents in a prompt. Use placeholders and wire real secrets from a secrets manager.

/ GOLDEN RULE 02

Always review generated infra.

AI drafts; you verify. Read the terraform plan, check IAM scope, then own the apply.

Save it. Share it. Use it tomorrow.

New AI-for-Cloud guides drop here every few weeks. If this was useful, send it to a fellow cloud or DevOps engineer who's wrestling with their backlog.

All AI for Cloud guidesBrowse free resources

By the Cloud Career Lab team · AI & Cloud Engineering