This repository contains my template for creating Terraform modules, yes even my root modules. This template is based on the best practices I have learned and the HashiCorp style guide.
I use a wide array of tools to make things easier for me.
- 1Password: Password and Secret storage
brew install 1password
- 1Password - CLI: Allows for
access to 1Password via environment variables and shell scripts.
brew install 1password-cli
- Direnv: Manages dynamic environment variables based on
the directory.
brew install direnv
- Task: Replacement for GNU make. Uses YAML files.
brew install go-task
- Terraform: Kind of the whole point
here 😄
brew install hashicorp/tap/terraform
- git: Another obvious one 😃
brew install git
- pre-commit: Provides a method for running scripts
and other tools during the
git commitprocess.brew install pre-commit
- trufflehog: Scans your git
repo for committed secrets 😱.
brew install trufflesecurity/trufflehog/trufflehog
- autotag: Automatically creates
git tags based on the commit message. Used to create semantic version tags in
GitHub Actions pipeline. (Not installed locally, but you could)
brew install pantheon-systems/autotag/autotag
All of these tools can be used standalone, but I use them as part of the git commit process.
- terraform-docs:
Dynamically updates your README.md with information on the inputs, outputs,
and requirements of your module.
brew install terraform-docs
- infracost: Gives you a cost estimate
for the cloud resources your module would deploy.
brew install infracost
- jq: A lightweight and flexible command-line
JSON processor. required for
terraform_validatewith--retry-once-with-cleanupflag, and forinfracost_breakdownhook.brew install jq
- TFLint: A Terraform linter that
checks for best practices and errors in your Terraform code.
brew install tflint
- One or more of these terraform security scanning tools
- tfvars: This tool helps you manage Terraform variables. It allows you to store Terraform variables in a central location, and it also provides a way to encrypt Terraform variables.
- inframap: Inframap is a tool that can be used to visualize your Terraform infrastructure. It reads your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
- driftctl: driftctl detects infrastructure drift by comparing actual resources with Terraform configuration, identifying changes or drift in attributes.
- Terraspace: Terraspace is a framework that simplifies the development and deployment of Terraform infrastructure, offering automated module generation and integrated testing.
- Terraform Compliance: Terraform Compliance is a security and compliance scanner for Terraform code, allowing you to define and verify policies as code.
Here are a couple of tools I use to help with managing Terraform versions.
- TFSwitch: Used to switch the version of
terraform installed based on the directory you are in or the version
constraint in your terraform code.
brew install warrensbox/tap/tfswitch
- tfupdate: Used to update the version
constraints in your terraform code for core, providers and modules.
brew install tfupdate
- TFTUI: TFTUI is a powerful
textual UI that empowers users to effortlessly view and interact with their
Terraform state.
brew install idoavrah/tap/tftui
I use Visual Studio Code as my code editor. I have included my settings and extensions in the .vscode directory, so they should be automatically installed when you open the project. They are also listed below.
I use the following extensions for VS Code.
- HashiCorp HCL
- HashiCorp Sentinel
- HashiCorp Terraform
- indent-rainbow
- Indented Block Highlighting
- Multiple cursor case preserve
I use the following settings for VS Code.
{
"[sentinel]": {
"editor.defaultFormatter": "hashicorp.terraform"
},
"[terraform]": {
"editor.defaultFormatter": "hashicorp.terraform"
},
"[tfvars]": {
"editor.defaultFormatter": "hashicorp.terraform"
},
"editor.bracketPairColorization.enabled": true,
"editor.formatOnSave": true,
"editor.rulers": [
{
"color": "#A5FF90",
"column": 80
},
{
"color": "#FF628C",
"column": 100
}
],
"editor.tabCompletion": "on",
"editor.tabSize": 2,
"files.associations": {
"*.hcl": "terraform",
"*.nomad": "terraform",
"*.policy": "sentinel"
},
"terraform.indexing": {
"delay": 500,
"enabled": false,
"exclude": [".terraform/**/*", "**/.terraform/**/*"],
"liveIndexing": false
},
"terraform.languageServer.enable": true
}I've included example config files for some of the tools.
direnv: Rename .envrc.example to .envrc and update.
pre-commit: Review .pre-commit-config.yaml to enable/disable hooks.
terraform-docs: Review .terraform-docs.yml to adjust document formatting
options.
TFLint: Review .tflint.hcl
Task: Review Taskfile.yaml and or remove tasks.
Terraform: Rename terraform.tfvars.example to terraform.tfvars and update.
Everything above this should be removed and replaced with your module description.
The following two lines specify where the terraform-docs dynamic content will
be placed.
| Name | Version |
|---|---|
| terraform | ~> 1.0 |
| ~>4.55 | |
| hcp | ~>0.54 |
No providers.
No modules.
No resources.
No inputs.
No outputs.