mirror of
https://github.com/sidpalas/devops-directive-terraform-course.git
synced 2025-12-10 12:51:14 +00:00
49 lines
1.3 KiB
Markdown
49 lines
1.3 KiB
Markdown
# Static checks
|
|
|
|
## Built in
|
|
|
|
### Format
|
|
Enforces style rules for your configurations.
|
|
```
|
|
terraform fmt -check # checks if formatter would make chances
|
|
|
|
terraform fmt # applies those changes
|
|
```
|
|
|
|
### Validate
|
|
Checks that configuration are valid.
|
|
|
|
Terraform init is required to use validate. If not working with a remote backend, `terraform init -backend=false` can be used.
|
|
```
|
|
terraform validate
|
|
```
|
|
|
|
### Plan
|
|
Looking at the resulting Terraform plan can help catch bugs.
|
|
```
|
|
terraform plan
|
|
```
|
|
|
|
### Custom Validation Rules
|
|
Enforce conditions on variables to prevent misuse
|
|
```
|
|
variable "short_variable" {
|
|
type = string
|
|
|
|
validation {
|
|
condition = length(var.short_variable) < 4
|
|
error_message = "The short_variable value must be less than 4 characters!"
|
|
}
|
|
}
|
|
```
|
|
|
|
## External
|
|
|
|
There are many 3rd party tools which can check Terraform configurations for potential issues and/or suggest best practices:
|
|
- [tflint](https://github.com/terraform-linters/tflint)
|
|
- [checkov](https://github.com/bridgecrewio/checkov)
|
|
- [terrascan](https://github.com/accurics/terrascan)
|
|
- [terraform-compliance](https://terraform-compliance.com/)
|
|
- [snyk](https://support.snyk.io/hc/en-us/articles/360010916577-Scan-and-fix-security-issues-in-your-Terraform-files)
|
|
- [Terraform Sentinel](https://www.terraform.io/docs/cloud/sentinel/index.html)
|