Skip to content

Latest commit

 

History

History
79 lines (59 loc) · 3.37 KB

README.md

File metadata and controls

79 lines (59 loc) · 3.37 KB

Useful tooling for Terragrunt/Terraform

The goal of this page is to list some useful tooling for Terragrunt/Terraform.

Code quality

Good code quality is a must-have for any project

  • tflint ✨ - Linter for Terraform
    • Default configuration
    • We recommend this one because it can check a wide range of cloud providers as well as Terraform code
  • terraform fmt - Rewrites all Terraform configuration files to a canonical format
    • Example usage : terraform fmt -recursive -diff -write=true
  • terragrunt hclfmt - Rewrites all Terragrunt configuration files to a canonical format
    • Example usage : terragrunt hclfmt

Code security

Left shift security related tasks as much as possible

  • checkov ✨ - Static code analysis tool for infrastructure-as-code
    • Example : checkov -d . --framework terraform --skip-file baseline.skip
    • We recommend this one because it can check a wide range of cloud providers as well as Terraform code
  • tfsec - Static analysis powered security scanner for your terraform code
    • Example : tfsec .
  • terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure
    • Example : terrascan scan -i terraform -d .

Documentation

Documentation is a must-have for any project

  • terraform-docs - Generate documentation from Terraform modules in various output formats
    • Example : terraform-docs markdown .

Readability of plan and apply

When working with Terraform and even more so for Terragrunt, reading plan can be a pain. Terraform is not fixing it any time soon : Github issue on concise plan

  • grep ✨
    • terraform plan -no-color | grep -E '(^.*[#~+-] .*|^[[:punct:]]|Plan|Changes)'
    • We recommend this one because it's simple and efficient
  • tfnotify
  • tftools
  • tf-summarize

How to operate this tools

  • pre-commit - A framework for managing and maintaining multi-language pre-commit hooks

For terraform fmt, terragrunt hcl and checkov you can use the following configuration :

repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
    rev: v1.77.0
    hooks:
      - id: terraform_fmt
      - id: terragrunt_fmt
      - id: terraform_checkov
        args:
          - --args=--quiet    
          - --args=--framework=terraform
      - id: terraform_providers_lock
        args:
          - --hook-config=--mode=only-check-is-current-lockfile-cross-platform

For tflint check here

  • CI/CD - Run these tools in your CI/CD pipeline