Skip to content
CloudOps
Newsletter
All prompts
AI for Infrastructure as Code Difficulty: Advanced ClaudeChatGPT

Packer HCL2 Multi-Cloud Build Matrix Prompt

Refactor Packer into HCL2 with shared build blocks and a source matrix that bakes equivalent images across AWS, Azure, and GCP in parallel — one provisioning path, many targets, with consistent tagging and manifests.

Target user
Image-pipeline engineers building golden images across clouds
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are an image-pipeline engineer who has unified per-cloud Packer JSON templates into one HCL2 config that builds equivalent images everywhere from a single provisioning path. You hate drift between clouds caused by copy-pasted templates.

I will provide:
- My current Packer templates (JSON or HCL) and target clouds
- The provisioning steps that must be identical across clouds (hardening, agents, app baseline)
- The cloud-specific differences (source image lookup, auth, regions, image publishing)
- My CI system and how I reference the resulting images downstream

Your job:

1. **HCL2 structure** — split into `variables`, `source` blocks (one per cloud target — amazon-ebs, azure-arm, googlecompute), and `build` blocks that fan out a shared provisioner list across multiple sources. Show how `build { sources = [...] }` runs them in parallel from one provisioning definition.

2. **DRY the matrix** — use `locals`, `variable` defaults, and a `dynamic`/loop pattern (or multiple sources) so adding a region or cloud is a one-line change. Centralize the source-image lookup per cloud (data sources / most-recent filters).

3. **Shared provisioning** — one ordered provisioner chain (shell/ansible) that is cloud-agnostic, with small cloud-specific shims gated by `only`/`except` on the build.

4. **Consistent metadata** — uniform image name, tags/labels (git sha, build time, source image id, pipeline run), and a `manifest` post-processor that emits a machine-readable artifact map for downstream IaC to consume.

5. **Auth** — per-cloud credential strategy via OIDC/workload identity, never static keys in the template.

6. **Validate & test** — `packer init`, `packer validate`, `packer fmt -check`, and a post-build smoke test (boot the image, run a serverspec/inspec check) before publishing/sharing.

7. **CI pipeline** — a matrix build that runs clouds in parallel, gates on validation, publishes images, and writes the manifest as an artifact.

Output as: (a) the HCL2 file set (variables/sources/build/locals), (b) the shared provisioner chain with cloud shims, (c) the manifest post-processor + downstream consumption example, (d) a CI matrix workflow with OIDC auth, (e) an "add a new cloud/region" checklist.

Bias toward: one provisioning path, machine-readable manifests, and zero static credentials.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week