TFLint ruleset plugin for Terraform AWS Provider
This ruleset focus on possible errors and best practices about AWS resources. Many rules are enabled by default and warn against code that might fail when running terraform apply
, or clearly unrecommened.
- TFLint v0.30+
- Go v1.17
You can install the plugin by adding a config to .tflint.hcl
and running tflint --init
:
plugin "aws" {
enabled = true
version = "0.9.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}
For more configuration about the plugin, see Plugin Configuration.
NOTE: This plugin is bundled with the TFLint binary for backward compatibility, so you can use it without installing it separately. And it is automatically enabled when your Terraform configuration requires AWS provider.
Terraform is a great tool for Infrastructure as Code. However, many of these tools don't validate provider-specific issues. For example, see the following configuration file:
resource "aws_instance" "foo" {
ami = "ami-0ff8a91507f77f867"
instance_type = "t1.2xlarge" # invalid type!
}
Since t1.2xlarge
is an invalid instance type, an error will occur when you run terraform apply
. But terraform validate
and terraform plan
cannot find this possible error in advance. That's because it's an AWS provider-specific issue and it's valid as the Terraform Language.
The goal of this ruleset is to find such errors:
By running TFLint with this ruleset in advance, you can fix the problem before the error occurs in production CI/CD pipelines.
700+ rules are available. See Rules.
Clone the repository locally and run the following command:
$ make
You can easily install the built plugin with the following:
$ make install
Note that if you install the plugin with make install
, you must omit the version
and source
attributes in .tflint.hcl
:
plugin "aws" {
enabled = true
}
If you are interested in adding a new rule to this ruleset, you can use the generator. Run the following command:
$ go run ./rules/generator
Follow the instructions to edit the generated files and open a new pull request.