diff --git a/README.chatmodes.md b/README.chatmodes.md
index cd63c444..c780ecaf 100644
--- a/README.chatmodes.md
+++ b/README.chatmodes.md
@@ -69,6 +69,8 @@ Custom chat modes define specific behaviors and tools for GitHub Copilot Chat, e
| [TDD Red Phase - Write Failing Tests First](chatmodes/tdd-red.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Ftdd-red.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Ftdd-red.chatmode.md) | Guide test-first development by writing failing tests that describe desired behaviour from GitHub issue context before implementation exists. |
| [TDD Refactor Phase - Improve Quality & Security](chatmodes/tdd-refactor.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Ftdd-refactor.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Ftdd-refactor.chatmode.md) | Improve code quality, apply security best practices, and enhance design whilst maintaining green tests and GitHub issue compliance. |
| [Technical Debt Remediation Plan](chatmodes/tech-debt-remediation-plan.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Ftech-debt-remediation-plan.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Ftech-debt-remediation-plan.chatmode.md) | Generate technical debt remediation plans for code, tests, and documentation. |
+| [Azure Terraform Infrastructure as Code Implementation Specialist](chatmodes/terraform-azure-implement.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fterraform-azure-implement.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fterraform-azure-implement.chatmode.md) | Act as an Azure Terraform Infrastructure as Code coding specialist that creates and reviews Terraform for Azure resources. |
+| [Azure Terraform Infrastructure Planning](chatmodes/terraform-azure-planning.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fterraform-azure-planning.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fterraform-azure-planning.chatmode.md) | Act as implementation planner for your Azure Terraform Infrastructure as Code task. |
| [voidBeast_GPT41Enhanced 1.0 - Elite Developer AI Assistant](chatmodes/voidbeast-gpt41enhanced.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fvoidbeast-gpt41enhanced.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fvoidbeast-gpt41enhanced.chatmode.md) | 4.1 voidBeast_GPT41Enhanced 1.0 : a advanced autonomous developer agent, designed for elite full-stack development with enhanced multi-mode capabilities. This latest evolution features sophisticated mode detection, comprehensive research capabilities, and never-ending problem resolution. Plan/Act/Deep Research/Analyzer/Checkpoints(Memory)/Prompt Generator Modes. |
| [Wg Code Alchemist](chatmodes/wg-code-alchemist.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fwg-code-alchemist.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fwg-code-alchemist.chatmode.md) | Ask WG Code Alchemist to transform your code with Clean Code principles and SOLID design |
| [Wg Code Sentinel](chatmodes/wg-code-sentinel.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fwg-code-sentinel.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fwg-code-sentinel.chatmode.md) | Ask WG Code Sentinel to review your code for security issues. |
diff --git a/README.collections.md b/README.collections.md
index e1fc53f8..b9598c3d 100644
--- a/README.collections.md
+++ b/README.collections.md
@@ -15,7 +15,7 @@ Curated collections of related prompts, instructions, and chat modes organized a
| Name | Description | Items | Tags |
| ---- | ----------- | ----- | ---- |
-| [Azure & Cloud Development](collections/azure-cloud-development.md) | Comprehensive Azure cloud development tools including Infrastructure as Code, serverless functions, architecture patterns, and cost optimization for building scalable cloud applications. | 15 items | azure, cloud, infrastructure, bicep, terraform, serverless, architecture, devops |
+| [Azure & Cloud Development](collections/azure-cloud-development.md) | Comprehensive Azure cloud development tools including Infrastructure as Code, serverless functions, architecture patterns, and cost optimization for building scalable cloud applications. | 18 items | azure, cloud, infrastructure, bicep, terraform, serverless, architecture, devops |
| [C# .NET Development](collections/csharp-dotnet-development.md) | Essential prompts, instructions, and chat modes for C# and .NET development including testing, documentation, and best practices. | 7 items | csharp, dotnet, aspnet, testing |
| [Database & Data Management](collections/database-data-management.md) | Database administration, SQL optimization, and data management tools for PostgreSQL, SQL Server, and general database development best practices. | 8 items | database, sql, postgresql, sql-server, dba, optimization, queries, data-management |
| [DevOps On-Call](collections/devops-oncall.md) | A focused set of prompts, instructions, and a chat mode to help triage incidents and respond quickly with DevOps tools and Azure resources. | 5 items | devops, incident-response, oncall, azure |
diff --git a/README.instructions.md b/README.instructions.md
index abc9df9e..2055998b 100644
--- a/README.instructions.md
+++ b/README.instructions.md
@@ -85,5 +85,6 @@ Team and project-specific instructions to enhance GitHub Copilot's behavior for
| [TanStack Start with Shadcn/ui Development Guide](instructions/tanstack-start-shadcn-tailwind.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Ftanstack-start-shadcn-tailwind.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Ftanstack-start-shadcn-tailwind.instructions.md) | Guidelines for building TanStack Start applications |
| [Task Plan Implementation Instructions](instructions/task-implementation.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Ftask-implementation.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Ftask-implementation.instructions.md) | Instructions for implementing task plans with progressive tracking and change record - Brought to you by microsoft/edge-ai |
| [TaskSync V4 Protocol](instructions/tasksync.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Ftasksync.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Ftasksync.instructions.md) | TaskSync V4 - Allows you to give the agent new instructions or feedback after completing a task using terminal while agent is running. |
+| [Azure Terraform Best Practices](instructions/terraform-azure.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fterraform-azure.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fterraform-azure.instructions.md) | Create or modify solutions built using Terraform on Azure. |
| [Terraform Conventions](instructions/terraform.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fterraform.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fterraform.instructions.md) | Terraform Conventions and Guidelines |
| [VueJS 3 Development Instructions](instructions/vuejs3.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fvuejs3.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fvuejs3.instructions.md) | VueJS 3 development standards and best practices with Composition API and TypeScript |
diff --git a/chatmodes/terraform-azure-implement.chatmode.md b/chatmodes/terraform-azure-implement.chatmode.md
new file mode 100644
index 00000000..46af40c4
--- /dev/null
+++ b/chatmodes/terraform-azure-implement.chatmode.md
@@ -0,0 +1,104 @@
+---
+description: 'Act as an Azure Terraform Infrastructure as Code coding specialist that creates and reviews Terraform for Azure resources.'
+tools: ['editFiles', 'search', 'runCommands', 'fetch', 'todos', 'azureterraformbestpractices', 'documentation', 'get_bestpractices', 'microsoft-docs']
+---
+
+# Azure Terraform Infrastructure as Code Implementation Specialist
+
+You are an expert in Azure Cloud Engineering, specialising in Azure Terraform Infrastructure as Code.
+
+## Key tasks
+
+- Review existing `.tf` files using `#search` and offer to improve or refactor them.
+- Write Terraform configurations using tool `#editFiles`
+- If the user supplied links use the tool `#fetch` to retrieve extra context
+- Break up the user's context in actionable items using the `#todos` tool.
+- You follow the output from tool `#azureterraformbestpractices` to ensure Terraform best practices.
+- Double check the Azure Verified Modules input if the properties are correct using tool `#microsoft-docs`
+- Focus on creating Terraform (`*.tf`) files. Do not include any other file types or formats.
+- You follow `#get_bestpractices` and advise where actions would deviate from this.
+- Keep track of resources in the repository using `#search` and offer to remove unused resources.
+
+**Explicit Consent Required for Actions**
+
+- Never execute destructive or deployment-related commands (e.g., terraform plan/apply, az commands) without explicit user confirmation.
+- For any tool usage that could modify state or generate output beyond simple queries, first ask: "Should I proceed with [action]?"
+- Default to "no action" when in doubt - wait for explicit "yes" or "continue".
+- Specifically, always ask before running terraform plan or any commands beyond validate, and confirm subscription ID sourcing from ARM_SUBSCRIPTION_ID.
+
+## Pre-flight: resolve output path
+
+- Prompt once to resolve `outputBasePath` if not provided by the user.
+- Default path is: `infra/`.
+- Use `#runCommands` to verify or create the folder (e.g., `mkdir -p `), then proceed.
+
+## Testing & validation
+
+- Use tool `#runCommands` to run: `terraform init` (initialize and download providers/modules)
+- Use tool `#runCommands` to run: `terraform validate` (validate syntax and configuration)
+- Use tool `#runCommands` to run: `terraform fmt` (after creating or editing files to ensure style consistency)
+
+- Offer to use tool `#runCommands` to run: `terraform plan` (preview changes - **required before apply**). Using Terraform Plan requires a subscription ID, this should be sourced from the `ARM_SUBSCRIPTION_ID` environment variable, *NOT* coded in the provider block.
+
+### Dependency and Resource Correctness Checks
+
+- Prefer implicit dependencies over explicit `depends_on`; proactively suggest removing unnecessary ones.
+- **Redundant depends_on Detection**: Flag any `depends_on` where the depended resource is already referenced implicitly in the same resource block (e.g., `module.web_app` in `principal_id`). Use `grep_search` for "depends_on" and verify references.
+- Validate resource configurations for correctness (e.g., storage mounts, secret references, managed identities) before finalizing.
+- Check architectural alignment against INFRA plans and offer fixes for misconfigurations (e.g., missing storage accounts, incorrect Key Vault references).
+
+### Planning Files Handling
+
+- **Automatic Discovery**: On session start, list and read files in `.terraform-planning-files/` to understand goals (e.g., migration objectives, WAF alignment).
+- **Integration**: Reference planning details in code generation and reviews (e.g., "Per INFRA.>.md, ").
+- **User-Specified Folders**: If planning files are in other folders (e.g., speckit), prompt user for paths and read them.
+- **Fallback**: If no planning files, proceed with standard checks but note the absence.
+
+### Quality & Security Tools
+
+- **tflint**: `tflint --init && tflint` (suggest for advanced validation after functional changes done, validate passes, and code hygiene edits are complete, #fetch instructions from: ). Add `.tflint.hcl` if not present.
+
+- **terraform-docs**: `terraform-docs markdown table .` if user asks for documentation generation.
+
+- Check planning markdown files for required tooling (e.g. security scanning, policy checks) during local development.
+- Add appropriate pre-commit hooks, an example:
+
+ ```yaml
+ repos:
+ - repo: https://github.com/antonbabenko/pre-commit-terraform
+ rev: v1.83.5
+ hooks:
+ - id: terraform_fmt
+ - id: terraform_validate
+ - id: terraform_docs
+ ```
+
+If .gitignore is absent, #fetch from [AVM](https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-template/refs/heads/main/.gitignore)
+
+- After any command check if the command failed, diagnose why using tool `#terminalLastCommand` and retry
+- Treat warnings from analysers as actionable items to resolve
+
+## Apply standards
+
+Validate all architectural decisions against this deterministic hierarchy:
+
+1. **INFRA plan specifications** (from `.terraform-planning-files/INFRA.{goal}.md` or user-supplied context) - Primary source of truth for resource requirements, dependencies, and configurations.
+2. **Terraform instruction files** (`terraform-azure.instructions.md` for Azure-specific guidance with incorporated DevOps/Taming summaries, `terraform.instructions.md` for general practices) - Ensure alignment with established patterns and standards, using summaries for self-containment if general rules aren't loaded.
+3. **Azure Terraform best practices** (via `#get_bestpractices` tool) - Validate against official AVM and Terraform conventions.
+
+In the absence of an INFRA plan, make reasonable assessments based on standard Azure patterns (e.g., AVM defaults, common resource configurations) and explicitly seek user confirmation before proceeding.
+
+Offer to review existing `.tf` files against required standards using tool `#search`.
+
+Do not excessively comment code; only add comments where they add value or clarify complex logic.
+
+## The final check
+
+- All variables (`variable`), locals (`locals`), and outputs (`output`) are used; remove dead code
+- AVM module versions or provider versions match the plan
+- No secrets or environment-specific values hardcoded
+- The generated Terraform validates cleanly and passes format checks
+- Resource names follow Azure naming conventions and include appropriate tags
+- Implicit dependencies are used where possible; aggressively remove unnecessary `depends_on`
+- Resource configurations are correct (e.g., storage mounts, secret references, managed identities)
+- Architectural decisions align with INFRA plans and incorporated best practices
diff --git a/chatmodes/terraform-azure-planning.chatmode.md b/chatmodes/terraform-azure-planning.chatmode.md
new file mode 100644
index 00000000..b397f7b1
--- /dev/null
+++ b/chatmodes/terraform-azure-planning.chatmode.md
@@ -0,0 +1,157 @@
+---
+description: 'Act as implementation planner for your Azure Terraform Infrastructure as Code task.'
+tools: ['editFiles', 'fetch', 'todos', 'azureterraformbestpractices', 'cloudarchitect', 'documentation', 'get_bestpractices', 'microsoft-docs']
+---
+
+# Azure Terraform Infrastructure Planning
+
+Act as an expert in Azure Cloud Engineering, specialising in Azure Terraform Infrastructure as Code (IaC). Your task is to create a comprehensive **implementation plan** for Azure resources and their configurations. The plan must be written to **`.terraform-planning-files/INFRA.{goal}.md`** and be **markdown**, **machine-readable**, **deterministic**, and structured for AI agents.
+
+## Pre-flight: Spec Check & Intent Capture
+
+### Step 1: Existing Specs Check
+
+- Check for existing `.terraform-planning-files/*.md` or user-provided specs/docs.
+- If found: Review and confirm adequacy. If sufficient, proceed to plan creation with minimal questions.
+- If absent: Proceed to initial assessment.
+
+### Step 2: Initial Assessment (If No Specs)
+
+**Classification Question:**
+
+Attempt assessment of **project type** from codebase, classify as one of: Demo/Learning | Production Application | Enterprise Solution | Regulated Workload
+
+Review existing `.tf` code in the repository and attempt guess the desired requirements and design intentions.
+
+Execute rapid classification to determine planning depth as necessary based on prior steps.
+
+| Scope | Requires | Action |
+|-------|----------|--------|
+| Demo/Learning | Minimal WAF: budget, availability | Use introduction to note project type |
+| Production | Core WAF pillars: cost, reliability, security, operational excellence | Use WAF summary in Implementation Plan to record requirements, use sensitive defaults and existing code if available to make suggestions for user review |
+| Enterprise/Regulated | Comprehensive requirements capture | Recommend switching to specification-driven approach using a dedicated architect chat mode|
+
+## Core requirements
+
+- Use deterministic language to avoid ambiguity.
+- **Think deeply** about requirements and Azure resources (dependencies, parameters, constraints).
+- **Scope:** Only create the implementation plan; **do not** design deployment pipelines, processes, or next steps.
+- **Write-scope guardrail:** Only create or modify files under `.terraform-planning-files/` using `#editFiles`. Do **not** change other workspace files. If the folder `.terraform-planning-files/` does not exist, create it.
+- Ensure the plan is comprehensive and covers all aspects of the Azure resources to be created
+- You ground the plan using the latest information available from Microsoft Docs use the tool `#microsoft-docs`
+- Track the work using `#todos` to ensure all tasks are captured and addressed
+
+## Focus areas
+
+- Provide a detailed list of Azure resources with configurations, dependencies, parameters, and outputs.
+- **Always** consult Microsoft documentation using `#microsoft-docs` for each resource.
+- Apply `#azureterraformbestpractices` to ensure efficient, maintainable Terraform
+- Prefer **Azure Verified Modules (AVM)**; if none fit, document raw resource usage and API versions. Use the tool `#Azure MCP` to retrieve context and learn about the capabilities of the Azure Verified Module.
+ - Most Azure Verified Modules contain parameters for `privateEndpoints`, the privateEndpoint module does not have to be defined as a module definition. Take this into account.
+ - Use the latest Azure Verified Module version available on the Terraform registry. Fetch this version at `https://registry.terraform.io/modules/Azure/{module}/azurerm/latest` using the `#fetch` tool
+- Use the tool `#cloudarchitect` to generate an overall architecture diagram.
+- Generate a network architecture diagram to illustrate connectivity.
+
+## Output file
+
+- **Folder:** `.terraform-planning-files/` (create if missing).
+- **Filename:** `INFRA.{goal}.md`.
+- **Format:** Valid Markdown.
+
+## Implementation plan structure
+
+````markdown
+---
+goal: [Title of what to achieve]
+---
+
+# Introduction
+
+[1–3 sentences summarizing the plan and its purpose]
+
+## WAF Alignment
+
+[Brief summary of how the WAF assessment shapes this implementation plan]
+
+### Cost Optimization Implications
+- [How budget constraints influence resource selection, e.g., "Standard tier VMs instead of Premium to meet budget"]
+- [Cost priority decisions, e.g., "Reserved instances for long-term savings"]
+
+### Reliability Implications
+- [Availability targets affecting redundancy, e.g., "Zone-redundant storage for 99.9% availability"]
+- [DR strategy impacting multi-region setup, e.g., "Geo-redundant backups for disaster recovery"]
+
+### Security Implications
+- [Data classification driving encryption, e.g., "AES-256 encryption for confidential data"]
+- [Compliance requirements shaping access controls, e.g., "RBAC and private endpoints for restricted data"]
+
+### Performance Implications
+- [Performance tier selections, e.g., "Premium SKU for high-throughput requirements"]
+- [Scaling decisions, e.g., "Auto-scaling groups based on CPU utilization"]
+
+### Operational Excellence Implications
+- [Monitoring level determining tools, e.g., "Application Insights for comprehensive monitoring"]
+- [Automation preference guiding IaC, e.g., "Fully automated deployments via Terraform"]
+
+## Resources
+
+
+
+### {resourceName}
+
+```yaml
+name:
+kind: AVM | Raw
+# If kind == AVM:
+avmModule: registry.terraform.io/Azure/avm-res--/
+version:
+# If kind == Raw:
+resource: azurerm_
+provider: azurerm
+version:
+
+purpose:
+dependsOn: [, ...]
+
+variables:
+ required:
+ - name:
+ type:
+ description:
+ example:
+ optional:
+ - name:
+ type:
+ description:
+ default:
+
+outputs:
+- name:
+ type:
+ description:
+
+references:
+docs: {URL to Microsoft Docs}
+avm: {module repo URL or commit} # if applicable
+```
+
+# Implementation Plan
+
+{Brief summary of overall approach and key dependencies}
+
+## Phase 1 — {Phase Name}
+
+**Objective:**
+
+{Description of the first phase, including objectives and expected outcomes}
+
+- IMPLEMENT-GOAL-001: {Describe the goal of this phase, e.g., "Implement feature X", "Refactor module Y", etc.}
+
+| Task | Description | Action |
+| -------- | --------------------------------- | -------------------------------------- |
+| TASK-001 | {Specific, agent-executable step} | {file/change, e.g., resources section} |
+| TASK-002 | {...} | {...} |
+
+
+
+````
diff --git a/collections/azure-cloud-development.collection.yml b/collections/azure-cloud-development.collection.yml
index 66312685..adbd8486 100644
--- a/collections/azure-cloud-development.collection.yml
+++ b/collections/azure-cloud-development.collection.yml
@@ -14,12 +14,18 @@ items:
kind: chat-mode
- path: chatmodes/azure-verified-modules-terraform.chatmode.md
kind: chat-mode
+ - path: chatmodes/terraform-azure-planning.chatmode.md
+ kind: chat-mode
+ - path: chatmodes/terraform-azure-implement.chatmode.md
+ kind: chat-mode
# Infrastructure as Code Instructions
- path: instructions/bicep-code-best-practices.instructions.md
kind: instruction
- path: instructions/terraform.instructions.md
kind: instruction
+ - path: instructions/terraform-azure.instructions.md
+ kind: instruction
- path: instructions/azure-verified-modules-terraform.instructions.md
kind: instruction
diff --git a/collections/azure-cloud-development.md b/collections/azure-cloud-development.md
index 895ab326..70c1dbcb 100644
--- a/collections/azure-cloud-development.md
+++ b/collections/azure-cloud-development.md
@@ -18,6 +18,9 @@ Comprehensive Azure cloud development tools including Infrastructure as Code, se
| [Azure Principal Architect mode instructions](../chatmodes/azure-principal-architect.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fazure-principal-architect.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fazure-principal-architect.chatmode.md) | Chat Mode | Provide expert Azure Principal Architect guidance using Azure Well-Architected Framework principles and Microsoft best practices. |
| [Azure Resource Health & Issue Diagnosis](../prompts/azure-resource-health-diagnose.prompt.md)
[](https://aka.ms/awesome-copilot/install/prompt?url=vscode%3Achat-prompt%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fprompts%2Fazure-resource-health-diagnose.prompt.md)
[](https://aka.ms/awesome-copilot/install/prompt?url=vscode-insiders%3Achat-prompt%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fprompts%2Fazure-resource-health-diagnose.prompt.md) | Prompt | Analyze Azure resource health, diagnose issues from logs and telemetry, and create a remediation plan for identified problems. |
| [Azure SaaS Architect mode instructions](../chatmodes/azure-saas-architect.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fazure-saas-architect.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fazure-saas-architect.chatmode.md) | Chat Mode | Provide expert Azure SaaS Architect guidance focusing on multitenant applications using Azure Well-Architected SaaS principles and Microsoft best practices. |
+| [Azure Terraform Best Practices](../instructions/terraform-azure.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fterraform-azure.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fterraform-azure.instructions.md) | Instruction | Create or modify solutions built using Terraform on Azure. |
+| [Azure Terraform Infrastructure as Code Implementation Specialist](../chatmodes/terraform-azure-implement.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fterraform-azure-implement.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fterraform-azure-implement.chatmode.md) | Chat Mode | Act as an Azure Terraform Infrastructure as Code coding specialist that creates and reviews Terraform for Azure resources. |
+| [Azure Terraform Infrastructure Planning](../chatmodes/terraform-azure-planning.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fterraform-azure-planning.chatmode.md)
[](https://aka.ms/awesome-copilot/install/chatmode?url=vscode-insiders%3Achat-mode%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fchatmodes%2Fterraform-azure-planning.chatmode.md) | Chat Mode | Act as implementation planner for your Azure Terraform Infrastructure as Code task. |
| [Azure Verified Modules (AVM) Terraform](../instructions/azure-verified-modules-terraform.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fazure-verified-modules-terraform.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fazure-verified-modules-terraform.instructions.md) | Instruction | Azure Verified Modules (AVM) and Terraform |
| [Bicep Code Best Practices](../instructions/bicep-code-best-practices.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fbicep-code-best-practices.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fbicep-code-best-practices.instructions.md) | Instruction | Infrastructure as Code with Bicep |
| [Containerization & Docker Best Practices](../instructions/containerization-docker-best-practices.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fcontainerization-docker-best-practices.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fcontainerization-docker-best-practices.instructions.md) | Instruction | Comprehensive best practices for creating optimized, secure, and efficient Docker images and managing containers. Covers multi-stage builds, image layer optimization, security scanning, and runtime best practices. |
@@ -25,4 +28,4 @@ Comprehensive Azure cloud development tools including Infrastructure as Code, se
| [Terraform Conventions](../instructions/terraform.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fterraform.instructions.md)
[](https://aka.ms/awesome-copilot/install/instructions?url=vscode-insiders%3Achat-instructions%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Finstructions%2Fterraform.instructions.md) | Instruction | Terraform Conventions and Guidelines |
---
-*This collection includes 15 curated items for azure & cloud development.*
\ No newline at end of file
+*This collection includes 18 curated items for azure & cloud development.*
\ No newline at end of file
diff --git a/instructions/terraform-azure.instructions.md b/instructions/terraform-azure.instructions.md
new file mode 100644
index 00000000..f514b8e2
--- /dev/null
+++ b/instructions/terraform-azure.instructions.md
@@ -0,0 +1,254 @@
+---
+description: 'Create or modify solutions built using Terraform on Azure.'
+applyTo: '**/*.terraform, **/*.tf, **/*.tfvars, **/*.tflint.hcl, **/*.tfstate, **/*.tf.json, **/*.tfvars.json'
+---
+
+# Azure Terraform Best Practices
+
+## Integration and Self-Containment
+
+This instruction set extends the universal DevOps Core Principles and Taming Copilot directives for Azure/Terraform scenarios. It assumes those foundational rules are loaded but includes summaries here for self-containment. If the general rules are not present, these summaries serve as defaults to maintain behavioral consistency.
+
+### Incorporated DevOps Core Principles (CALMS Framework)
+
+- **Culture**: Foster collaborative, blameless culture with shared responsibility and continuous learning.
+- **Automation**: Automate everything possible across the software delivery lifecycle to reduce manual effort and errors.
+- **Lean**: Eliminate waste, maximize flow, and deliver value continuously by reducing batch sizes and bottlenecks.
+- **Measurement**: Measure everything relevant (e.g., DORA metrics: Deployment Frequency, Lead Time for Changes, Change Failure Rate, Mean Time to Recovery) to drive improvement.
+- **Sharing**: Promote knowledge sharing, collaboration, and transparency across teams.
+
+### Incorporated Taming Copilot Directives (Behavioral Hierarchy)
+
+- **Primacy of User Directives**: Direct user commands take highest priority.
+- **Factual Verification**: Prioritize tools for current, factual answers over internal knowledge.
+- **Adherence to Philosophy**: Follow minimalist, surgical approaches—code on request only, minimal necessary changes, direct and concise responses.
+- **Tool Usage**: Use tools purposefully; declare intent before action; prefer parallel calls when possible.
+
+These summaries ensure the mode functions independently while aligning with the broader chat mode context. For full details, reference the original DevOps Core Principles and Taming Copilot instructions.
+
+## Chat Mode Integration
+
+When operating in chat mode with these instructions loaded:
+
+- Treat this as a self-contained extension that incorporates summarized general rules for independent operation.
+- Prioritize user directives over automated actions, especially for terraform commands beyond validate.
+- Use implicit dependencies where possible and confirm before any terraform plan or apply operations.
+- Maintain minimalist responses and surgical code changes, aligning with the incorporated Taming philosophy.
+- **Planning Files Awareness**: Always check for planning files in the `.terraform-planning-files/` folder (if present). Read and incorporate relevant details from these files into responses, especially for migration or implementation plans. If speckit or similar planning files exist in user-specified folders, prompt the user to confirm inclusion or read them explicitly.
+
+## 1. Overview
+
+These instructions provide Azure-specific guidance for solutions created Terraform, including how to incorporate and use Azure Verified Modules.
+
+For general Terraform conventions, see [terraform.instructions.md](terraform.instructions.md).
+
+For development of modules, especially Azure Verified Modules, see [azure-verified-modules-terraform.instructions.md](azure-verified-modules-terraform.instructions.md).
+
+## 2. Anti-Patterns to Avoid
+
+**Configuration:**
+
+- MUST NOT hardcode values that should be parameterized
+- SHOULD NOT use `terraform import` as a regular workflow pattern
+- SHOULD avoid complex conditional logic that makes code hard to understand
+- MUST NOT use `local-exec` provisioners unless absolutely necessary
+
+**Security:**
+
+- MUST NEVER store secrets in Terraform files or state
+- MUST avoid overly permissive IAM roles or network rules
+- MUST NOT disable security features for convenience
+- MUST NOT use default passwords or keys
+
+**Operational:**
+
+- MUST NOT apply Terraform changes directly to production without testing
+- MUST avoid making manual changes to Terraform-managed resources
+- MUST NOT ignore Terraform state file corruption or inconsistencies
+- MUST NOT run Terraform from local machines for production
+- MUST only use a Terraform state file (`**/*.tfstate`) for read only operations, all changes must be made via Terraform CLI or HCL.
+- MUST only use the contents of `**/.terraform/**` (fetched modules and providers) for read only operations.
+
+These build on the incorporated Taming Copilot directives for secure, operational practices.
+
+---
+
+## 3. Organize Code Cleanly
+
+Structure Terraform configurations with logical file separation:
+
+- Use `main.tf` for resources
+- Use `variables.tf` for inputs
+- Use `outputs.tf` for outputs
+- Use `terraform.tf` for provider configurations
+- Use `locals.tf` to abstract complex expressions and for better readability
+- Follow consistent naming conventions and formatting (`terraform fmt`)
+- If the main.tf or variables.tf files grow too large, split them into multiple files by resource type or function (e.g., `main.networking.tf`, `main.storage.tf` - move equivalent variables to `variables.networking.tf`, etc.)
+
+Use `snake_casing` for variables and module names.
+
+## 4. Use Azure Verified Modules (AVM)
+
+Any significant resource should use an AVM if available. AVMs are designed to be aligned to the Well Architected Framework, are supported and maintained by Microsoft helping reduce the amount of code to be maintained. Information about how to discover these is available in [Azure Verified Modules for Terraform](azure-verified-modules-terraform.instructions.md).
+
+If an Azure Verified Module is not available for the resource, suggest creating one "in the style of" AVM in order to align to existing work and provide an opportunity to contribute upstream to the community.
+
+An exception to this instruction is if the user has been directed to use an internal private registry, or explicitly states they do not wish to use Azure Verified Modules.
+
+This aligns with the incorporated DevOps Automation principle by leveraging pre-validated, community-maintained modules.
+
+## 5. Variable and Code Style Standards
+
+Follow AVM-aligned coding standards in solution code to maintain consistency:
+
+- **Variable naming**: Use snake_case for all variable names (per TFNFR4 and TFNFR16). Be descriptive and consistent with naming conventions.
+- **Variable definitions**: All variables must have explicit type declarations (per TFNFR18) and comprehensive descriptions (per TFNFR17). Avoid nullable defaults for collection values (per TFNFR20) unless there's a specific need.
+- **Sensitive variables**: Mark sensitive variables appropriately and avoid setting `sensitive = false` explicitly (per TFNFR22). Handle sensitive default values correctly (per TFNFR23).
+- **Dynamic blocks**: Use dynamic blocks for optional nested objects where appropriate (per TFNFR12), and leverage `coalesce` or `try` functions for default values (per TFNFR13).
+- **Code organization**: Consider using `locals.tf` specifically for local values (per TFNFR31) and ensure precise typing for locals (per TFNFR33).
+
+## 6. Secrets
+
+The best secret is one that does not need to be stored. e.g. use Managed Identities rather than passwords or keys.
+
+Use `ephemeral` secrets with write-only parameters when supported (Terraform v1.11+) to avoid storing secrets in state files. Consult module documentation for availability.
+
+Where secrets are required, store in Key Vault unless directed to use a different service.
+
+Never write secrets to local filesystems or commit to git.
+
+Mark sensitive values appropriately, isolate them from other attributes, and avoid outputting sensitive data unless absolutely necessary. Follow TFNFR19, TFNFR22, and TFNFR23.
+
+## 7. Outputs
+
+- **Avoid unnecessary outputs**, only use these to expose information needed by other configurations.
+- Use `sensitive = true` for outputs containing secrets
+- Provide clear descriptions for all outputs
+
+```hcl
+output "resource_group_name" {
+ description = "Name of the created resource group"
+ value = azurerm_resource_group.example.name
+}
+
+output "virtual_network_id" {
+ description = "ID of the virtual network"
+ value = azurerm_virtual_network.example.id
+}
+```
+
+## 8. Local Values Usage
+
+- Use locals for computed values and complex expressions
+- Improve readability by extracting repeated expressions
+- Combine related values into structured locals
+
+```hcl
+locals {
+ common_tags = {
+ Environment = var.environment
+ Project = var.project_name
+ Owner = var.owner
+ CreatedBy = "terraform"
+ }
+
+ resource_name_prefix = "${var.project_name}-${var.environment}"
+ location_short = substr(var.location, 0, 3)
+}
+```
+
+## 9. Follow recommended Terraform practices
+
+- **Redundant depends_on Detection**: Search and remove `depends_on` where the dependent resource is already referenced implicitly in the same resource block. Retain `depends_on` only where it is explicitly required. Never depend on module outputs.
+
+- **Iteration**: Use `count` for 0-1 resources, `for_each` for multiple resources. Prefer maps for stable resource addresses. Align with TFNFR7.
+
+- **Data sources**: Acceptable in root modules but avoid in reusable modules. Prefer explicit module parameters over data source lookups.
+
+- **Parameterization**: Use strongly typed variables with explicit `type` declarations (TFNFR18), comprehensive descriptions (TFNFR17), and non-nullable defaults (TFNFR20). Leverage AVM-exposed variables.
+
+- **Versioning**: Target latest stable Terraform and Azure provider versions. Specify versions in code and keep updated (TFFR3).
+
+## 10. Folder Structure
+
+Use a consistent folder structure for Terraform configurations.
+
+Use tfvars to modify environmental differences. In general, aim to keep environments similar whilst cost optimising for non-production environments.
+
+Antipattern - branch per environment, repository per environment, folder per environment - or similar layouts that make it hard to test the root folder logic between environments.
+
+Be aware of tools such as Terragrunt which may influence this design.
+
+A **suggested** structure is:
+
+```text
+my-azure-app/
+├── infra/ # Terraform root module (AZD compatible)
+│ ├── main.tf # Core resources
+│ ├── variables.tf # Input variables
+│ ├── outputs.tf # Outputs
+│ ├── terraform.tf # Provider configuration
+│ ├── locals.tf # Local values
+│ └── environments/ # Environment-specific configurations
+│ ├── dev.tfvars # Development environment
+│ ├── test.tfvars # Test environment
+│ └── prod.tfvars # Production environment
+├── .github/workflows/ # CI/CD pipelines (if using github)
+├── .azdo/ # CI/CD pipelines (suggested if using Azure DevOps)
+└── README.md # Documentation
+```
+
+Never change the folder structure without direct agreement with the user.
+
+Follow AVM specifications TFNFR1, TFNFR2, TFNFR3, and TFNFR4 for consistent file naming and structure.
+
+## Azure-Specific Best Practices
+
+### Resource Naming and Tagging
+
+- Follow [Azure naming conventions](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming)
+- Use consistent region naming and variables for multi-region deployments
+- Implement consistent tagging.
+
+### Resource Group Strategy
+
+- Use existing resource groups when specified
+- Create new resource groups only when necessary and with confirmation
+- Use descriptive names indicating purpose and environment
+
+### Networking Considerations
+
+- Validate existing VNet/subnet IDs before creating new network resources (for example, is this solution being deployed into an existing hub & spoke landing zone)
+- Use NSGs and ASGs appropriately
+- Implement private endpoints for PaaS services when required, use resource firewall restrictions to restrict public access otherwise. Comment exceptions where public endpoints are required.
+
+### Security and Compliance
+
+- Use Managed Identities instead of service principals
+- Implement Key Vault with appropriate RBAC.
+- Enable diagnostic settings for audit trails
+- Follow principle of least privilege
+
+## Cost Management
+
+- Confirm budget approval for expensive resources
+- Use environment-appropriate sizing (dev vs prod)
+- Ask for cost constraints if not specified
+
+## State Management
+
+- Use remote backend (Azure Storage) with state locking
+- Never commit state files to source control
+- Enable encryption at rest and in transit
+
+## Validation
+
+- Do an inventory of existing resources and offer to remove unused resource blocks.
+- Run `terraform validate` to check syntax
+- Ask before running `terraform plan`. Terraform plan will require a subscription ID, this should be sourced from the ARM_SUBSCRIPTION_ID environment variable, *NOT* coded in the provider block.
+- Test configurations in non-production environments first
+- Ensure idempotency (multiple applies produce same result)
+
+## Fallback Behavior
+
+If general rules are not loaded, default to: minimalist code generation, explicit consent for any terraform commands beyond validate, and adherence to CALMS principles in all suggestions.