Is there a way to lint Terraform?

Question

I'm hoping there is something to pick up when I have misspelled variables and comments to save me some time when I'm checking my code and reduce the potential for any errors.

I normally use IntelliJ IDE for Terraform on a MAC but also have VS code set up that I can use.

Is there a plugin for either I could use or even a different tool? I imaging variable might be difficult to lint due as I use underscores to separate words in my variable names so the tool would need to know to treat underscores as white space for linting purposes.

score 13 · Answer 1 · answered Dec 02 '20 at 19:58

13

terraform fmt

The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style.

answered Dec 02 '20 at 19:58

mikequentel

618
4
9

score 7 · Answer 2 · answered May 13 '21 at 10:22

7

The tools that we have include in our Terraform pipelines to check code quality and best practises are;

This way any issues get highlighted early at the MR stage.

answered May 13 '21 at 10:22

Alastair Montgomery

246
2
4

score 1 · Answer 3 · answered Dec 01 '20 at 18:56

1

VSCode has a Terraform Linter "l2fprod.terraform-fork" Have NOT tried it. Did a simple search terra + lint. HTH DrewBai

answered Dec 01 '20 at 18:56

DrewBai

11
1

score 1 · Answer 4 · answered Apr 02 '21 at 08:04

1

You can use tflint project. It has lot of plugins for cloud providers. https://github.com/terraform-linters/tflint

answered Apr 02 '21 at 08:04

Oleksii Molchanov

11
1

score 0 · Answer 5 · answered Jul 23 '24 at 21:47

To go further and actually show what the change will do, after using linting as an initial gate (as other answers have mentioned how to do), I found what worked well as a quality gate was to perform a terraform plan (on a particular workspace that had the latest resources) without locking the state, e.g, using -lock=false. This tested that what an actual pull request would actually change and would not fail if there is a syntax error but also show to myself and whoever is reviewing the PR what the change would result in.

I also found if you want to lint a whole group of terraform workspaces a helpful tool is terragrunt. Running terragrunt run-all validate could validate all the workspaces that had a terragrunt.hcl file in it in 1 command.

I used this even before I passed my pull request onto others, creating a pull request early, pushing the code and let the pipeline validate things in the background while I'm also checking I have the best I could do at the same time.

Is there a way to lint Terraform?

5 Answers5