.Terraform Helpers we love at globaldatanet

Apr 29th 2022-2 min read

Terraform is an open-source infrastructure as a code software tool that enables you to safely and predictably create, change, and improve infrastructure. At globaldatanet we are using Terraform heavily for our clients' IaC codebase.

In this blog post, we will list our favorite open-source tools that supercharge our Terraform codebase development:


website: terraform-docs

Generate Terraform modules documentation in various formats

terraform-docs markdown . --output-file


website: tflint

TFLint is a framework and each feature is provided by plugins, the key features are as follows:

  • Find possible errors (like illegal instance types) for Major Cloud providers (AWS/Azure/GCP).
  • Warn about deprecated syntax and unused declarations.
  • Enforce best practices, and naming conventions.

.tflint.hcl file we are using:

# borrowed & modified indefinitely from

plugin "aws" {
  enabled = true
  version = "0.13.3"
  source  = ""

config {
  module     = false
  force      = false

rule "terraform_required_providers" {
  enabled = true

rule "terraform_required_version" {
  enabled = true

rule "terraform_naming_convention" {
  enabled = true
  format  = "snake_case"

rule "terraform_typed_variables" {
  enabled = true

rule "terraform_unused_declarations" {
  enabled = true

rule "terraform_comment_syntax" {
  enabled = true

rule "terraform_deprecated_index" {
  enabled = true

rule "terraform_deprecated_interpolation" {
  enabled = true

rule "terraform_documented_outputs" {
  enabled = true

rule "terraform_documented_variables" {
  enabled = true

rule "terraform_module_pinned_source" {
  enabled = true

rule "terraform_standard_module_structure" {
  enabled = true

rule "terraform_workspace_remote" {
  enabled = true
tflint --init
tflint --config=.tflint.hcl --var-file=terraform.tfvars .


website: tfsec

tfsec is a static analysis security scanner for your Terraform code.


  • ☁ī¸ Checks for misconfigurations across all major (and some minor) cloud providers
  • ⛔ Hundreds of built-in rules
  • đŸĒ† Scans modules (local and remote)
  • ➕ Evaluates HCL expressions as well as literal values
  • â†Ēī¸ Evaluates Terraform functions e.g. concat()
  • 🔗 Evaluates relationships between Terraform resources
  • 🧰 Compatible with the Terraform CDK
  • 🙅 Applies (and embellishes) user-defined Rego policies
  • 📃 Supports multiple output formats: CLI, JSON, SARIF, CSV, CheckStyle, and JUnit.
  • 🛠ī¸ Configurable (via CLI flags and/or config file)
  • ⚡ Very fast, capable of quickly scanning huge repositories
tfsec . --tfvars-file terraform.tfvars


website: infracost

Cloud cost estimates for Terraform in pull requests

Infracost helps engineers see cloud costs before launching resources. Map costs to code directly in pull requests. Take action directly in your workflow.

infracost breakdown --path . --terraform-plan-flags "-var-file=terraform.tfvars"


website: driftctl

driftctl is a free and open-source CLI that warns of infrastructure drift and fills in the missing piece in your DevSecOps toolbox.

driftctl scan


We automate all of the upper tools and their command-line argument using a Taskfile , GitHub repo can be found here

version: "3"

  CONFIG: '{{.CONFIG | default "."}}'

dotenv: [".env", "aws/.env"]

silent: true

    desc: Banner
      - cowsay $CONFIG  | lolcat
      - echo "✔ī¸  {{.GREETING}} - run 'task -l' for more task list"
      - echo "đŸ’ģ {{OS}} - {{ARCH}}"

    desc: ℹī¸ Documentation Task for Terraform
    summary: |
      A utility to generate documentation from Terraform modules in various output formats
      - terraform-docs markdown . --output-file
    ignore_error: true

    desc: AWS Access with aws-vault
      - aws-vault exec -d 2h gdn-lab --region=eu-central-1

    desc: Trunk
      - task: banner
        vars: { { .CONFIG } }
      - trunk init # ✖ Trunk can only init if it's run at the root of a git repo
      - trunk check -n $CONFIG

    desc: Terraform Build
      - task: banner
        vars: { { .CONFIG } }
      - terraform -chdir=$CONFIG init
      - terraform -chdir=$CONFIG fmt
      - terraform -chdir=$CONFIG validate
      - terraform -chdir=$CONFIG plan

    desc: Terraform Deploy
      - task: banner
        vars: { { .CONFIG } }
      - terraform -chdir=$CONFIG apply -auto-approve

    desc: Terraform Destroy
      - task: banner
        vars: { { .CONFIG } }
      - terraform -chdir=$CONFIG apply -auto-approve -destroy

    desc: infracost - Generate cost estimates from Terraform
      - infracost breakdown --usage-file infracost-usage.yml --path . --terraform-plan-flags "-var-file=terraform.tfvars"

    desc: tflint - A Pluggable Terraform Linter
    dir: $STACK
      - tflint --init
      - tflint --config=.tflint.hcl --var-file=terraform.tfvars .

    desc: tfsec - a simple tool to detect potential security vulnerabilities in your terraformed infrastructure.
    dir: $STACK
      - tfsec . --tfvars-file terraform.tfvars

    desc: ℹī¸ Catch infrastructure drift
    summary: |
      driftctl is a free and open-source CLI that warns of infrastructure drift and fills in the missing piece in your DevSecOps toolbox.
      - driftctl scan
    ignore_error: true

Extra tools:

there are quite cool and useful tools beside the upper list, including:

  • pre-commit
  • checkov - cloudrail
  • terragrunt - terraspace - terramate -
  • terratest - inSpec
  • tfenv - tfswitch - tgenv

globaldatanetCloud Development, Optimization & Automation



  • follow globaldatanet on instagram
  • follow globaldatanet on facebook
  • follow globaldatanet on twitter
  • follow globaldatanet on linkendin
  • follow globaldatanet on twitch
  •  listen to our serverless world podcast
  • follow globaldatanet's tech rss feed
  • follow globaldatanet at github
Š 2024 by globaldatanet. All Right Reserved
Your privacy is important to us!

We use cookies on our website. Some of them are essential,while others help us to improve our online offer.
You can find more information in our Privacy policy