TFLint

TFLint is a linter specifically designed for Terraform configurations.

To lint code means to check it for potential issues, errors, and formatting problems. It’s derived from a Linux utility called lint that was used to analyze C code. Linting code helps to keep things clean and promotes and can enforce good common practices.

Whilst Terraform has two similar tools that check code, fmt and validate, these are not strictly lint tools as they specifically enforce formatting and validation where TFLint goes beyond that and checks for potential errors, issues, and violations of best practices.

Written on Windows 11

Install TFLint

This will install TFLint on Windows using the Chocolatey package manager. There are alternative methods described on the TFLInt GitHub page.

choco install tflint

Configure plugins

TFLint uses plugins downloaded to the working system to check the code. These are sourced from a GitHub repository and updated frequently with new rules and checks for Terraform code as it is devloped over time.

To configure TFLint to download the plugin data you add a .tflint.hcl file to the Terraform code working directory. In this file you specify the plugin you want to download and use. The example below downloads the generic Terraform plugin that checks all HCL code, it also downloads the Azure and AWS plugins.

#----------------------------------------------------------
# Warn about deprecated syntax, unused declarations
#----------------------------------------------------------
plugin "terraform" {
  enabled = true
  preset  = "recommended"
}

#----------------------------------------------------------
# TFLint ruleset plugin for Terraform Provider for Azure (Resource Manager)
# https://github.com/terraform-linters/tflint-ruleset-azurerm
#----------------------------------------------------------
plugin "azurerm" {
    enabled = true
    version = "0.25.1"
    source  = "github.com/terraform-linters/tflint-ruleset-azurerm"
}

#----------------------------------------------------------
# TFLint ruleset plugin for Terraform AWS Provider
# https://github.com/terraform-linters/tflint-ruleset-aws
#----------------------------------------------------------
plugin "aws" {
    enabled = true
    version = "0.27.0"
    source  = "github.com/terraform-linters/tflint-ruleset-aws"
}

To download the plugins, from the working directory run the following command.

tflint --init

Using TFLint

To check the code using TFLint, from the working directory run the following command:

tflint

You will get a result showing any issues with your code. It’d be best practice to work through each comment and fix it before you classify your code a clean and ready to go.

You do not need TFLint binary to be in the working directory, it uses the $PATH to locate the binary and the plugins.

References

TFLint

Last modified July 21, 2024: update (e2ae86c)