Terraform Helpers We Love At Heline

At Heline we are using Terraform heavily for our clients' IaC codebase

January 16, 2023

Terraform is an open-source infrastructure as a code software tool that enables you to safely and predictably create, change, and improve infrastructure. At Heline we are using Terraform heavily for our clients' IaC codebase.

In this blog post, we will list our favourite open-source tools that supercharge our Terraform codebase development:

terraform-docs

website: terraform-docs

Generate Terraform modules documentation in various formats

terraform-docs markdown . --output-file README.md

tflint

website: tflint

TFLint is a framework and each feature is provided by plugins, the key features are as follows:

  • Find possible errors (like illegal instance types) for Major Cloud providers (AWS/Azure/GCP).
  • Warn about deprecated syntax and unused declarations.
  • Enforce best practices, and naming conventions.

.tflint.hcl file we are using:

plugin "aws" {
  enabled = true
  version = "0.13.3"
  source  = "github.com/terraform-linters/tflint-ruleset-aws"
}

config {
  module     = false
  force      = false
}

rule "terraform_required_providers" {
  enabled = true
}

rule "terraform_required_version" {
  enabled = true
}

rule "terraform_naming_convention" {
  enabled = true
  format  = "snake_case"
}

rule "terraform_typed_variables" {
  enabled = true
}

rule "terraform_unused_declarations" {
  enabled = true
}

rule "terraform_comment_syntax" {
  enabled = true
}

rule "terraform_deprecated_index" {
  enabled = true
}

rule "terraform_deprecated_interpolation" {
  enabled = true
}

rule "terraform_documented_outputs" {
  enabled = true
}

rule "terraform_documented_variables" {
  enabled = true
}

rule "terraform_module_pinned_source" {
  enabled = true
}

rule "terraform_standard_module_structure" {
  enabled = true
}

rule "terraform_workspace_remote" {
  enabled = true
}

tflint --init
tflint --config=.tflint.hcl --var-file=terraform.tfvars .

tfsec

website: tfsec

tfsec is a static analysis security scanner for your Terraform code.

Features:

  • ☁️ Checks for misconfigurations across all major (and some minor) cloud providers
  • ⛔ Hundreds of built-in rules
  • 🪆 Scans modules (local and remote)
  • ➕ Evaluates HCL expressions as well as literal values
  • ↪️ Evaluates Terraform functions e.g. concat()
  • 🔗 Evaluates relationships between Terraform resources
  • 🧰 Compatible with the Terraform CDK
  • 🙅 Applies (and embellishes) user-defined Rego policies
  • 📃 Supports multiple output formats: CLI, JSON, SARIF, CSV, CheckStyle, and JUnit.
  • 🛠️ Configurable (via CLI flags and/or config file)
  • ⚡ Very fast, capable of quickly scanning huge repositories
tfsec . --tfvars-file terraform.tfvars

infracost

website: infracost

Cloud cost estimates for Terraform in pull requests

Infracost helps engineers see cloud costs before launching resources. Map costs to code directly in pull requests. Take action directly in your workflow.

infracost breakdown --path . --terraform-plan-flags "-var-file=terraform.tfvars"

driftctl

website: driftctl

driftctl is a free and open-source CLI that warns of infrastructure drift and fills in the missing piece in your DevSecOps toolbox.

driftctl scan

Extra tools:

there are quite cool and useful tools beside the upper list, including:

  • pre-commit
  • checkov - cloudrail
  • terragrunt - terraspace - terramate - cluster.dev
  • terratest - inSpec
  • tfenv - tfswitch - tgenv
Cloud – Where Big Ideas Scale Fast
ServicesJournalAbout UsContact Us
LinkedIn
dubai@heline.ae
abudhabi@heline.ae