Terraform is an open-source infrastructure as a code software tool that enables you to safely and predictably create, change, and improve infrastructure. At globaldatanet we are using Terraform heavily for our clients' IaC codebase.
In this blog post, we will list our favorite open-source tools that supercharge our Terraform codebase development:
website: terraform-docs
Generate Terraform modules documentation in various formats
terraform-docs markdown . --output-file README.md
website: tflint
TFLint is a framework and each feature is provided by plugins, the key features are as follows:
.tflint.hcl file we are using:
# https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/module-inspection.md
# borrowed & modified indefinitely from https://github.com/ksatirli/building-infrastructure-you-can-mostly-trust/blob/main/.tflint.hcl
plugin "aws" {
enabled = true
version = "0.13.3"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}
config {
module = false
force = false
}
rule "terraform_required_providers" {
enabled = true
}
rule "terraform_required_version" {
enabled = true
}
rule "terraform_naming_convention" {
enabled = true
format = "snake_case"
}
rule "terraform_typed_variables" {
enabled = true
}
rule "terraform_unused_declarations" {
enabled = true
}
rule "terraform_comment_syntax" {
enabled = true
}
rule "terraform_deprecated_index" {
enabled = true
}
rule "terraform_deprecated_interpolation" {
enabled = true
}
rule "terraform_documented_outputs" {
enabled = true
}
rule "terraform_documented_variables" {
enabled = true
}
rule "terraform_module_pinned_source" {
enabled = true
}
rule "terraform_standard_module_structure" {
enabled = true
}
rule "terraform_workspace_remote" {
enabled = true
}
tflint --init
tflint --config=.tflint.hcl --var-file=terraform.tfvars .
website: tfsec
tfsec
is a static analysis security scanner for your Terraform code.
Features:
concat()
tfsec . --tfvars-file terraform.tfvars
website: infracost
Cloud cost estimates for Terraform in pull requests
Infracost helps engineers see cloud costs before launching resources. Map costs to code directly in pull requests. Take action directly in your workflow.
infracost breakdown --path . --terraform-plan-flags "-var-file=terraform.tfvars"
website: driftctl
driftctl
is a free and open-source CLI that warns of infrastructure drift and fills in the missing piece in your DevSecOps toolbox.