AI CLI Setup & Usage¶
Comprehensive guide to setting up and using the AI CLI tools (Claude, Codex, Copilot, Gemini) included in DevOps Images for AI-assisted infrastructure development.
Why AI CLI Tools?
- Code generation: Generate Infrastructure as Code from natural language
- Code review: Automated security and best practice reviews
- Troubleshooting: Debug errors and get solutions
- Documentation: Auto-generate documentation from code
- Learning: Get explanations of complex configurations
Available AI CLIs¶
| Tool | Provider | Best For | API Required |
|---|---|---|---|
| claude | Anthropic | Code review, architecture design, complex reasoning | ✅ Anthropic API Key |
| codex | OpenAI | Code generation, completion | ✅ OpenAI API Key |
| copilot | GitHub | IDE integration, inline suggestions | ✅ GitHub Copilot subscription |
| gemini | Multi-modal tasks, GCP integration | ✅ Google AI API Key |
Claude CLI Setup¶
Get API Key¶
- Visit Anthropic Console
- Sign up or log in
- Navigate to API Keys
- Create new API key
- Copy the key (starts with
sk-ant-)
Configure Claude CLI¶
Usage Examples¶
Code Review¶
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "Review this Terraform code for security issues and best practices" \
--file terraform/main.tf
Generate Infrastructure Code¶
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "Generate Terraform code to create an AWS VPC with 3 public and 3 private subnets" \
> vpc.tf
Explain Complex Configuration¶
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "Explain what this Ansible playbook does" \
--file ansible/deploy.yml
Debug Errors¶
# Save error output
terraform apply 2>&1 | tee error.log
# Ask Claude to debug
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "This Terraform apply failed. What's wrong and how do I fix it?" \
--file error.log
Codex CLI Setup¶
Get API Key¶
- Visit OpenAI Platform
- Sign up or log in
- Navigate to API Keys
- Create new API key
- Copy the key (starts with
sk-)
Configure Codex CLI¶
Usage Examples¶
Generate Scripts¶
docker run --rm \
-v $PWD:/workspace \
-v ~/.codex:/root/.codex \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
codex "Create a bash script to backup PostgreSQL database to S3" \
> backup.sh
Code Completion¶
# Complete partial code
docker run --rm \
-v $PWD:/workspace \
-v ~/.codex:/root/.codex \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
codex --complete \
--file partial-script.py
GitHub Copilot CLI Setup¶
Get Access¶
- Subscribe to GitHub Copilot
- Install GitHub Copilot CLI extension
- Authenticate with GitHub
Configure Copilot CLI¶
docker run -it --rm \
-v ~/.copilot:/root/.copilot \
ghcr.io/jinalshah/devops/images/all-devops:latest \
copilot auth login
Usage Examples¶
Suggest Commands¶
docker run --rm \
-v $PWD:/workspace \
-v ~/.copilot:/root/.copilot \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
copilot suggest "deploy kubernetes application with helm"
Explain Commands¶
docker run --rm \
-v ~/.copilot:/root/.copilot \
ghcr.io/jinalshah/devops/images/all-devops:latest \
copilot explain "kubectl rollout status deployment/myapp -n production"
Gemini CLI Setup¶
Get API Key¶
- Visit Google AI Studio
- Sign in with Google account
- Create API key
- Copy the key
Configure Gemini CLI¶
Usage Examples¶
GCP-Specific Tasks¶
docker run --rm \
-v $PWD:/workspace \
-v ~/.gemini:/root/.gemini \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
gemini "Create a Cloud Run service with auto-scaling" \
> cloud-run.yaml
Multi-Modal Analysis¶
# Analyze architecture diagram
docker run --rm \
-v $PWD:/workspace \
-v ~/.gemini:/root/.gemini \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
gemini "Describe this infrastructure architecture" \
--image architecture.png
Real-World Workflows¶
Workflow 1: Security-First Development¶
#!/bin/bash
# secure-deploy.sh
# 1. Generate infrastructure code with Claude
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "Generate secure AWS EKS cluster with encrypted EBS volumes and VPC endpoints" \
> eks-cluster.tf
# 2. Review with Claude
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "Review this EKS cluster code for security issues" \
--file eks-cluster.tf \
> security-review.md
# 3. Scan with Trivy
docker run --rm \
-v $PWD:/workspace \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
trivy config eks-cluster.tf
# 4. Deploy
docker run --rm \
-v $PWD:/workspace \
-v ~/.aws:/root/.aws \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
sh -c "terraform init && terraform apply"
Workflow 2: AI-Assisted Troubleshooting¶
#!/bin/bash
# ai-troubleshoot.sh
# Capture error
kubectl apply -f deployment.yaml 2>&1 | tee error.log
# Get AI help
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "This Kubernetes deployment failed. Analyze the error and provide a fix." \
--file error.log \
--file deployment.yaml \
> solution.md
cat solution.md
Workflow 3: Documentation Generation¶
#!/bin/bash
# generate-docs.sh
# Generate README for Terraform module
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "Generate comprehensive README.md documentation for this Terraform module" \
--file main.tf \
--file variables.tf \
--file outputs.tf \
> README.md
Workflow 4: Multi-Cloud Translation¶
# Translate AWS to GCP
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "Convert this AWS Terraform code to equivalent GCP resources" \
--file aws/main.tf \
> gcp/main.tf
Comparison Matrix¶
When to Use Which AI CLI?¶
| Use Case | Claude | Codex | Copilot | Gemini |
|---|---|---|---|---|
| Security review | ✅ Best | ⚠️ Good | ⚠️ Good | ⚠️ Good |
| Code generation | ✅ Best | ✅ Best | ✅ Best | ✅ Best |
| Architecture design | ✅ Best | ⚠️ Good | ❌ Limited | ⚠️ Good |
| Troubleshooting | ✅ Best | ⚠️ Good | ⚠️ Good | ⚠️ Good |
| Multi-modal (images) | ❌ No | ❌ No | ❌ No | ✅ Yes |
| GCP-specific tasks | ⚠️ Good | ⚠️ Good | ⚠️ Good | ✅ Best |
| Cost | $$ | $$ | $ | Free tier |
Recommendations:
- General DevOps: Claude (best reasoning)
- Quick code snippets: Codex or Copilot
- GCP workloads: Gemini
- Visual analysis: Gemini (only one with multi-modal)
Best Practices¶
Effective AI Usage
- Be specific: Detailed prompts get better results
- Provide context: Include relevant files with
--file - Iterate: Refine prompts based on output
- Review output: Always review AI-generated code
- Combine tools: Use Trivy/TFLint alongside AI review
Security
- Never expose API keys: Use environment variables or mounted config files
- Review before deploy: AI-generated code should always be reviewed
- Scan AI output: Run security scanners on generated code
- Cost awareness: Monitor API usage to avoid unexpected bills
- Rotate keys: Regularly rotate API keys
Limitations
- ❌ AI makes mistakes: Always review output
- ❌ Not always up-to-date: May suggest deprecated approaches
- ❌ Context limits: Large files may be truncated
- ❌ Costs add up: Monitor usage
Cost Management¶
Track Usage¶
# Create usage tracking script
cat > track-ai-usage.sh <<'EOF'
#!/bin/bash
DATE=$(date +%Y-%m-%d)
USAGE_LOG="ai-usage-$DATE.log"
echo "$(date): Claude API call" >> $USAGE_LOG
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "$@"
EOF
chmod +x track-ai-usage.sh
Cost Estimates (Approximate)¶
| Provider | Model | Cost per 1M tokens (input) | Cost per 1M tokens (output) |
|---|---|---|---|
| Anthropic | Claude 3.5 Sonnet | $3 | $15 |
| OpenAI | GPT-4 Turbo | $10 | $30 |
| GitHub | Copilot | $10/month (unlimited) | N/A |
| Gemini Pro | Free tier, then $0.50 | $1.50 |
Troubleshooting¶
API key not working
Problem: Authentication error when using AI CLI
Solutions: 1. Verify API key is correct and active 2. Check config file permissions:
3. Ensure container can access mounted config:Rate limit exceeded
Problem: Too many API requests
Solutions: 1. Add delays between requests 2. Upgrade to higher tier plan 3. Batch requests when possible 4. Cache responses locally
Context too long
Problem: Input file too large for AI model
Solutions: 1. Split large files into chunks 2. Provide only relevant sections 3. Use summary/extract approach:
Advanced Integration¶
Pre-commit Hook with AI Review¶
.pre-commit-config.yaml:
repos:
- repo: local
hooks:
- id: ai-code-review
name: AI Code Review
entry: ./scripts/ai-review.sh
language: system
files: \.(tf|yml|yaml)$
pass_filenames: true
scripts/ai-review.sh:
#!/bin/bash
for file in "$@"; do
docker run --rm \
-v $PWD:/workspace \
-v ~/.claude:/root/.claude \
-w /workspace \
ghcr.io/jinalshah/devops/images/all-devops:latest \
claude "Quick security review of this file" --file "$file"
done
CI/CD Integration¶
See AI-Assisted DevOps Workflows for complete CI/CD integration examples.
Next Steps¶
- AI-Assisted DevOps Workflows - Complete workflow examples
- Authentication Guide - Mount AI credentials in containers
- Multi-Tool Patterns - Combine AI with other DevOps tools
- Security Workflows - AI + security scanning