← Back to Skills Marketplace
Cloudmigrate
by
ncreighton
· GitHub ↗
· v1.0.0
· MIT-0
117
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install cloudmigrate
Description
Automate multi-cloud migrations and infrastructure deployments with customizable IaC workflows. Use when the user needs cloud strategy planning, infrastructu...
README (SKILL.md)
\r \r
Overview\r
\r CloudMigrate is a production-grade skill for automating complex cloud migrations and infrastructure deployments across AWS, Azure, GCP, and hybrid environments. It orchestrates Infrastructure-as-Code (IaC) generation, multi-step deployment workflows, service discovery, data migration planning, and environment configuration — eliminating manual processes that introduce errors and delay time-to-production.\r \r Why CloudMigrate Matters:\r
- Reduces Migration Complexity: Converts high-level requirements into executable Terraform, CloudFormation, and Ansible playbooks\r
- Multi-Cloud Support: Seamlessly provisions across AWS (EC2, RDS, Lambda), Azure (VMs, SQL Database, App Service), and GCP (Compute Engine, Cloud SQL)\r
- Risk Mitigation: Generates validation scripts, pre-flight checks, and rollback procedures automatically\r
- Team Enablement: Integrates with Slack for approval workflows and GitHub for GitOps-ready code repositories\r
- Cost Optimization: Analyzes current infrastructure and recommends cost-reduction strategies before migration\r \r Typical Use Cases:\r
- Lift-and-shift migration from on-premises to public cloud\r
- Multi-region failover and disaster recovery setup\r
- Microservices deployment with containerization\r
- Database migration with zero-downtime cutover planning\r
- DevOps pipeline automation and CI/CD infrastructure\r \r ---\r \r
Quick Start\r
\r Try these prompts immediately to see CloudMigrate in action:\r \r
Example 1: Generate AWS Migration Plan\r
Plan a migration for a 50-server on-premises data center to AWS. \r
The environment includes:\r
- 10 Windows servers running legacy applications (SQL Server backend)\r
- 20 Linux web servers (Apache/PHP)\r
- 15 database servers (MySQL, PostgreSQL)\r
- Network: 10.0.0.0/8 with 5 subnets\r
\r
Generate:\r
1. Network architecture diagram (as code)\r
2. Terraform configuration for VPC, subnets, security groups\r
3. AWS Database Migration Service (DMS) configuration\r
4. Cost estimate (3-year TCO comparison)\r
5. Risk assessment and mitigation steps\r
```\r
\r
### Example 2: Create Multi-Environment Infrastructure\r
```\r
Create Terraform code for a production SaaS application with:\r
- Development, staging, and production environments\r
- Application load balancer routing to auto-scaling groups\r
- RDS PostgreSQL with read replicas\r
- ElastiCache Redis cluster for sessions\r
- S3 buckets with versioning and encryption\r
- CloudFront CDN configuration\r
- Monitoring with CloudWatch and SNS alerts\r
\r
Include:\r
- Environment variable files (.tfvars)\r
- Terraform state locking with DynamoDB\r
- IAM roles and policies (least privilege)\r
- Backup and disaster recovery automation\r
```\r
\r
### Example 3: Azure Hybrid Cloud Deployment\r
```\r
Generate infrastructure-as-code for a hybrid Azure deployment:\r
- On-premises Hyper-V VMs migrated to Azure\r
- Azure ExpressRoute connection\r
- Azure SQL Database failover groups (read replicas)\r
- App Service with staging slots for blue-green deployments\r
- Azure DevOps pipeline for automated testing\r
- Monitoring with Application Insights\r
\r
Provide:\r
1. Bicep templates (Azure native IaC)\r
2. Network configuration and security policies\r
3. Azure Migrate assessment and scripts\r
4. Cutover schedule with validation steps\r
5. Rollback procedures\r
```\r
\r
### Example 4: Kubernetes Deployment Automation\r
```\r
Create a complete Kubernetes infrastructure for a microservices platform:\r
- EKS cluster on AWS (multi-AZ)\r
- Container registry (ECR)\r
- Helm charts for 5 microservices\r
- Persistent storage (EBS volumes)\r
- Ingress controller with TLS\r
- Service mesh (Istio) for traffic management\r
- Prometheus + Grafana monitoring\r
- RBAC and network policies\r
\r
Include deployment scripts and GitOps workflows with Flux.\r
```\r
\r
---\r
\r
## Capabilities\r
\r
### 1. Infrastructure-as-Code Generation\r
**What it does:** Converts natural language requirements into production-ready Terraform, CloudFormation, Bicep, or Ansible code.\r
\r
**Example Usage:**\r
```\r
Generate a Terraform module for a secure multi-AZ RDS cluster with:\r
- Automated backups (30-day retention)\r
- Encryption at rest (KMS) and in transit (TLS)\r
- IAM database authentication\r
- Performance Insights enabled\r
- Parameter group tuning for PostgreSQL 14\r
- Subnet group spanning 3 availability zones\r
```\r
\r
**Supported IaC Frameworks:**\r
- Terraform (HCL)\r
- AWS CloudFormation (JSON/YAML)\r
- Azure Bicep\r
- Ansible playbooks\r
- Kubernetes manifests (YAML)\r
- Docker Compose\r
- Helm Charts\r
\r
### 2. Multi-Cloud Migration Planning\r
**What it does:** Assesses source environments and generates cloud-specific migration strategies.\r
\r
**Outputs Include:**\r
- Current state analysis (resource inventory, dependencies, costs)\r
- Target architecture diagrams\r
- Network topology with CIDR planning\r
- Database migration strategy (schema conversion, data replication)\r
- Application re-platforming recommendations\r
- Cost analysis (CapEx → OpEx breakdown)\r
- Timeline and resource allocation\r
\r
### 3. Deployment Orchestration\r
**What it does:** Creates step-by-step automation workflows for safe, validated deployments.\r
\r
**Features:**\r
- Pre-deployment validation scripts (connectivity, permissions, quotas)\r
- Rolling deployments with health checks\r
- Canary releases with traffic shifting\r
- Automated rollback on failure detection\r
- Post-deployment smoke tests\r
- Approval gates (integrate with Slack for manual sign-offs)\r
\r
### 4. Data Migration & Cutover Planning\r
**What it does:** Generates scripts and procedures for zero-downtime data migration.\r
\r
**Capabilities:**\r
- Schema validation and conversion (Oracle → PostgreSQL, etc.)\r
- Replication lag monitoring\r
- Cutover scheduling and validation\r
- DNS failover automation\r
- Data validation queries\r
- Backup and recovery procedures\r
\r
### 5. Security & Compliance Automation\r
**What it does:** Embeds security best practices into generated infrastructure.\r
\r
**Includes:**\r
- IAM role and policy generation (least privilege principle)\r
- Network segmentation (security groups, NACLs, firewalls)\r
- Encryption configuration (KMS, TDE, SSL/TLS)\r
- Compliance scanning (CIS benchmarks, PCI-DSS)\r
- Secrets management (HashiCorp Vault, AWS Secrets Manager)\r
- Audit logging and monitoring\r
\r
### 6. Cost Optimization Analysis\r
**What it does:** Recommends cost-saving strategies and calculates savings.\r
\r
**Outputs:**\r
- Reserved instance recommendations\r
- Spot instance opportunities\r
- Right-sizing recommendations\r
- Storage optimization (S3 tiers, compression)\r
- Network cost analysis\r
- 3-year TCO projections\r
\r
---\r
\r
## Configuration\r
\r
### Required Environment Variables\r
\r
```bash\r
# AWS\r
export AWS_ACCESS_KEY_ID="your-access-key"\r
export AWS_SECRET_ACCESS_KEY="your-secret-key"\r
export AWS_REGION="us-east-1"\r
\r
# Azure\r
export AZURE_SUBSCRIPTION_ID="your-subscription-id"\r
export AZURE_CLIENT_ID="your-client-id"\r
export AZURE_CLIENT_SECRET="your-client-secret"\r
export AZURE_TENANT_ID="your-tenant-id"\r
\r
# GCP\r
export GCP_PROJECT_ID="your-project-id"\r
export GCP_SERVICE_ACCOUNT_JSON="/path/to/service-account.json"\r
\r
# CloudMigrate Specific\r
export CLOUDMIGRATE_STATE_BUCKET="your-terraform-state-bucket"\r
export CLOUDMIGRATE_SLACK_WEBHOOK="https://hooks.slack.com/services/YOUR/WEBHOOK"\r
export CLOUDMIGRATE_GITHUB_TOKEN="your-github-pat-token"\r
export CLOUDMIGRATE_VAULT_ADDR="https://vault.example.com"\r
```\r
\r
### Setup Instructions\r
\r
1. **Install Required Binaries:**\r
```bash\r
# macOS (Homebrew)\r
brew install terraform ansible awscli azure-cli google-cloud-sdk docker\r
\r
# Linux (Debian/Ubuntu)\r
sudo apt-get install -y terraform ansible awscli azure-cli docker.io\r
\r
# Windows (Chocolatey)\r
choco install terraform ansible awscli azure-cli docker-desktop\r
```\r
\r
2. **Authenticate Cloud Providers:**\r
```bash\r
# AWS\r
aws configure\r
\r
# Azure\r
az login\r
\r
# GCP\r
gcloud auth application-default login\r
```\r
\r
3. **Initialize Terraform State Backend:**\r
```bash\r
cloudmigrate init-backend \\r
--provider aws \\r
--bucket my-terraform-state \\r
--region us-east-1\r
```\r
\r
4. **Configure Slack Integration (Optional):**\r
```bash\r
cloudmigrate config slack \\r
--webhook-url "https://hooks.slack.com/services/YOUR/WEBHOOK" \\r
--channel "#infrastructure"\r
```\r
\r
### Configuration Options\r
\r
```yaml\r
# cloudmigrate-config.yaml\r
migration:\r
strategy: "lift-and-shift" # or "refactor", "replatform", "repurchase"\r
parallelization:\r
max_concurrent_deployments: 5\r
max_concurrent_migrations: 3\r
validation:\r
pre_deployment_checks: true\r
post_deployment_tests: true\r
health_check_retries: 5\r
\r
cloud_targets:\r
aws:\r
regions: ["us-east-1", "us-west-2", "eu-west-1"]\r
instance_types: ["t3.medium", "m5.large", "c5.xlarge"]\r
azure:\r
regions: ["eastus", "westeurope"]\r
vm_sizes: ["Standard_B2s", "Standard_D2s_v3"]\r
gcp:\r
regions: ["us-central1", "europe-west1"]\r
machine_types: ["e2-medium", "n2-standard-2"]\r
\r
security:\r
encryption_at_rest: true\r
encryption_in_transit: true\r
enable_mfa: true\r
compliance_framework: "pci-dss" # or "hipaa", "gdpr", "sox"\r
\r
cost_optimization:\r
reserved_instances: true\r
spot_instances: false\r
auto_shutdown_dev: true\r
budget_alerts: true\r
```\r
\r
---\r
\r
## Example Outputs\r
\r
### Generated Terraform Code\r
```hcl\r
# main.tf - Generated by CloudMigrate\r
terraform {\r
required_version = ">= 1.0"\r
required_providers {\r
aws = {\r
source = "hashicorp/aws"\r
version = "~> 5.0"\r
}\r
}\r
backend "s3" {\r
bucket = "my-terraform-state"\r
key = "production/terraform.tfstate"\r
region = "us-east-1"\r
dynamodb_table = "terraform-locks"\r
encrypt = true\r
}\r
}\r
\r
provider "aws" {\r
region = var.aws_region\r
default_tags {\r
tags = {\r
Environment = var.environment\r
ManagedBy = "CloudMigrate"\r
Project = var.project_name\r
}\r
}\r
}\r
\r
# VPC with private/public subnets\r
resource "aws_vpc" "main" {\r
cidr_block = var.vpc_cidr\r
enable_dns_hostnames = true\r
enable_dns_support = true\r
\r
tags = {\r
Name = "${var.project_name}-vpc"\r
}\r
}\r
\r
# Security Group with least-privilege rules\r
resource "aws_security_group" "app" {\r
name = "${var.project_name}-app-sg"\r
description = "Security group for application tier"\r
vpc_id = aws_vpc.main.id\r
\r
ingress {\r
from_port = 443\r
to_port = 443\r
protocol = "tcp"\r
security_groups = [aws_security_group.alb.id]\r
}\r
\r
egress {\r
from_port = 0\r
to_port = 0\r
protocol = "-1"\r
cidr_blocks = ["0.0.0.0/0"]\r
}\r
\r
tags = {\r
Name = "${var.project_name}-app-sg"\r
}\r
}\r
\r
# RDS PostgreSQL with encryption\r
resource "aws_db_instance" "postgres" {\r
allocated_storage = var.db_storage_gb\r
engine = "postgres"\r
engine_version = "14.7"\r
instance_class = var.db_instance_class\r
db_name = var.db_name\r
username = var.db_username\r
password = random_password.db.result\r
parameter_group_name = aws_db_parameter_group.postgres.name\r
skip_final_snapshot = false\r
final_snapshot_identifier = "${var.project_name}-final-snapshot-${formatdate("YYYY-MM-DD-hhmm", timestamp())}"\r
\r
# Security\r
storage_encrypted = true\r
kms_key_id = aws_kms_key.db.arn\r
publicly_accessible = false\r
db_subnet_group_name = aws_db_subnet_group.main.name\r
vpc_security_group_ids = [aws_security_group.database.id]\r
\r
# High Availability\r
multi_az = true\r
backup_retention_period = 30\r
backup_window = "03:00-04:00"\r
maintenance_window = "sun:04:00-sun:05:00"\r
\r
# Performance\r
performance_insights_enabled = true\r
performance_insights_retention_period = 7\r
enabled_cloudwatch_logs_exports = ["postgresql"]\r
\r
tags = {\r
Name = "${var.project_name}-postgres"\r
}\r
\r
depends_on = [aws_security_group.database]\r
}\r
\r
# Auto Scaling Group\r
resource "aws_autoscaling_group" "app" {\r
name = "${var.project_name}-asg"\r
vpc_zone_identifier = aws_subnet.private[*].id\r
target_group_arns = [aws_lb_target_group.app.arn]\r
health_check_type = "ELB"\r
health_check_grace_period = 300\r
\r
launch_template {\r
id = aws_launch_template.app.id\r
version = "$Latest"\r
}\r
\r
min_size = var.asg_min_size\r
max_size = var.asg_max_size\r
desired_capacity = var.asg_desired_capacity\r
\r
tag {\r
key = "Name"\r
value = "${var.project_name}-asg-instance"\r
propagate_at_launch = true\r
}\r
\r
tag {\r
key = "Environment"\r
value = var.environment\r
propagate_at_launch = true\r
}\r
}\r
```\r
\r
### Migration Assessment Report (JSON)\r
```json\r
{\r
"assessment_id": "mig-2024-001",\r
"timestamp": "2024-01-15T10:30:00Z",\r
"source_environment": {\r
"type": "on-premises",\r
"location": "data-center-01",\r
"total_servers": 47,\r
"total_storage_gb": 5120,\r
"total_vms": {\r
"windows": 10,\r
"linux": 37\r
}\r
},\r
"target_environment": {\r
"provider": "aws",\r
"regions": ["us-east-1", "us-west-2"],\r
"estimated_monthly_cost": 18500\r
},\r
"migration_strategy": "lift-and-shift",\r
"timeline": {\r
"assessment_phase": "2 weeks",\r
"planning_phase": "4 weeks",\r
"migration_phase": "12 weeks",
Usage Guidance
This skill broadly looks like a real multi-cloud migration helper, but treats high-privilege cloud credentials as mandatory and references external data transfers (SFTP, Google Drive) and integrations (Slack, GitHub) without declaring the tokens or detailing safeguards. Before installing: 1) Ask the author why all provider credentials are required up-front and whether they can be optional or prompted at runtime. 2) Never supply long-lived full-privilege credentials; create narrowly scoped, temporary service accounts/keys with the minimum permissions needed for the task. 3) Confirm exactly where data will be uploaded (SFTP host, Google Drive account, GitHub repos, Slack channels) and require explicit consent/confirmation before any transfer. 4) Run any tests in an isolated environment (sandbox or throwaway cloud accounts) first. 5) Request the complete SKILL.md and any code for review; if the maintainer cannot justify why the GCP service-account JSON and all provider secrets must be present together, treat the skill as higher risk and avoid using it with real production credentials.
Capability Analysis
Type: OpenClaw Skill
Name: cloudmigrate
Version: 1.0.0
The skill bundle requests an extensive and highly sensitive set of environment variables, including full administrative credentials for AWS, Azure, GCP, GitHub, and Slack. While these permissions are technically relevant to the stated purpose of multi-cloud migration and Infrastructure-as-Code (IaC) automation, the bundle consists entirely of markdown instructions (SKILL.md) without any underlying implementation logic, which significantly increases the risk of credential exfiltration via prompt injection. Furthermore, there is a suspicious discrepancy between the title (mentioning SFTP and Google Drive) and the actual content (focused on Terraform and cloud providers), suggesting either a deceptive 'bait-and-switch' or a poorly constructed template.
Capability Assessment
Purpose & Capability
The declared binaries (terraform, ansible, az, gcloud, docker, aws-cli) and the overall description align with a multi-cloud migration/IaC tool. However, requiring credentials for AWS, Azure, and GCP simultaneously (including a raw GCP service-account JSON) as mandatory environment variables is heavier than most single-use migration tasks normally require. Minor inconsistency: the required binary is listed as 'aws-cli' while the actual executable is usually named 'aws'.
Instruction Scope
The SKILL.md explicitly mentions automated SFTP transfers and Google Drive sync plus integrations with Slack and GitHub. Those features imply reading potentially large sets of local data and transmitting them to external endpoints. The skill manifest does not declare Slack/GitHub tokens or specify safe handling/consent flows. Because the skill is instruction-only and the full runtime instructions are truncated, it's unclear what safeguards or explicit user prompts exist before data is moved — this increases risk of unintended data exfiltration.
Install Mechanism
There is no install specification and no bundled code to write to disk (instruction-only). That lowers install-time risk: nothing is downloaded or executed implicitly by an installer.
Credentials
Requiring AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY, AZURE_SUBSCRIPTION_ID/AZURE_CLIENT_ID/AZURE_CLIENT_SECRET, and GCP_PROJECT_ID/GCP_SERVICE_ACCOUNT_JSON as mandatory env vars is disproportionate unless the user intends to run cross-cloud operations in one session. The GCP service-account JSON in an env var is high-sensitivity material. The skill also claims integrations (Slack/GitHub) but lists no corresponding tokens or scopes — a mismatch that could mean the skill expects to use other means to access services or will prompt for credentials at runtime. Either way, humans should only provide scoped, temporary credentials if they proceed.
Persistence & Privilege
The skill is not marked always:true, does not request config paths, and has no install-time persistence. It does allow normal autonomous invocation (default), which is expected for skills; that alone is not a concern but increases the importance of limiting credentials and reviewing instructions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cloudmigrate - After installation, invoke the skill by name or use
/cloudmigrate - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of CloudMigrate skill for automated cloud migration and IaC workflows.
- Automates multi-cloud migrations and infrastructure deployment across AWS, Azure, and GCP.
- Generates Infrastructure-as-Code (Terraform, CloudFormation, Bicep, Ansible) from natural language requirements.
- Provides migration strategy planning, cost analysis, risk mitigation, and rollback procedures.
- Supports complex use cases: lift-and-shift, CI/CD pipelines, disaster recovery, Kubernetes automation, and more.
- Integrates with Slack and GitHub for collaboration and GitOps workflows.
Metadata
Frequently Asked Questions
What is Cloudmigrate?
Automate multi-cloud migrations and infrastructure deployments with customizable IaC workflows. Use when the user needs cloud strategy planning, infrastructu... It is an AI Agent Skill for Claude Code / OpenClaw, with 117 downloads so far.
How do I install Cloudmigrate?
Run "/install cloudmigrate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Cloudmigrate free?
Yes, Cloudmigrate is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Cloudmigrate support?
Cloudmigrate is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux, win32).
Who created Cloudmigrate?
It is built and maintained by ncreighton (@ncreighton); the current version is v1.0.0.
More Skills