This repository contains my template for creating Terraform modules, yes even my root modules. This template is based on the best practices I have learned and the HashiCorp style guide.

I use a wide array of tools to make things easier for me.

• 1Password: Password and Secret storage
  • brew install 1password
• 1Password - CLI: Allows for access to 1Password via environment variables and shell scripts.
  • brew install 1password-cli
• Direnv: Manages dynamic environment variables based on the directory.
  • brew install direnv
• Task: Replacement for GNU make. Uses YAML files.
  • brew install go-task
• Terraform: Kind of the whole point here 😄
  • brew install hashicorp/tap/terraform
• git: Another obvious one 😃
  • brew install git
• pre-commit: Provides a method for running scripts and other tools during the git commit process.
  • brew install pre-commit
• trufflehog: Scans your git repo for committed secrets 😱.
  • brew install trufflesecurity/trufflehog/trufflehog
• autotag: Automatically creates git tags based on the commit message. Used to create semantic version tags in GitHub Actions pipeline. (Not installed locally, but you could)
  • brew install pantheon-systems/autotag/autotag

All of these tools can be used standalone, but I use them as part of the git commit process.

• terraform-docs: Dynamically updates your README.md with information on the inputs, outputs, and requirements of your module.
  • brew install terraform-docs
• infracost: Gives you a cost estimate for the cloud resources your module would deploy.
  • brew install infracost
• jq: A lightweight and flexible command-line JSON processor. required for terraform_validate with --retry-once-with-cleanup flag, and for infracost_breakdown hook.
  • brew install jq
• TFLint: A Terraform linter that checks for best practices and errors in your Terraform code.
  • brew install tflint
• One or more of these terraform security scanning tools
  • checkov
    • brew install checkov
  • terrascan
    • brew install terrascan
  • TFSec
    • brew install tfsec

• tfvars: This tool helps you manage Terraform variables. It allows you to store Terraform variables in a central location, and it also provides a way to encrypt Terraform variables.
• inframap: Inframap is a tool that can be used to visualize your Terraform infrastructure. It reads your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
• driftctl: driftctl detects infrastructure drift by comparing actual resources with Terraform configuration, identifying changes or drift in attributes.
• Terraspace: Terraspace is a framework that simplifies the development and deployment of Terraform infrastructure, offering automated module generation and integrated testing.
• Terraform Compliance: Terraform Compliance is a security and compliance scanner for Terraform code, allowing you to define and verify policies as code.

Here are a couple of tools I use to help with managing Terraform versions.

• TFSwitch: Used to switch the version of terraform installed based on the directory you are in or the version constraint in your terraform code.
  • brew install warrensbox/tap/tfswitch
• tfupdate: Used to update the version constraints in your terraform code for core, providers and modules.
  • brew install tfupdate
• TFTUI: TFTUI is a powerful textual UI that empowers users to effortlessly view and interact with their Terraform state.
  • brew install idoavrah/tap/tftui

I use Visual Studio Code as my code editor. I have included my settings and extensions in the .vscode directory, so they should be automatically installed when you open the project. They are also listed below.

I use the following extensions for VS Code.

• HashiCorp HCL
• HashiCorp Sentinel
• HashiCorp Terraform
• indent-rainbow
• Indented Block Highlighting
• Multiple cursor case preserve

I use the following settings for VS Code.

{
  "[sentinel]": {
    "editor.defaultFormatter": "hashicorp.terraform"
  },
  "[terraform]": {
    "editor.defaultFormatter": "hashicorp.terraform"
  },
  "[tfvars]": {
    "editor.defaultFormatter": "hashicorp.terraform"
  },
  "editor.bracketPairColorization.enabled": true,
  "editor.formatOnSave": true,
  "editor.rulers": [
    {
      "color": "#A5FF90",
      "column": 80
    },
    {
      "color": "#FF628C",
      "column": 100
    }
  ],
  "editor.tabCompletion": "on",
  "editor.tabSize": 2,
  "files.associations": {
    "*.hcl": "terraform",
    "*.nomad": "terraform",
    "*.policy": "sentinel"
  },
  "terraform.indexing": {
    "delay": 500,
    "enabled": false,
    "exclude": [".terraform/**/*", "**/.terraform/**/*"],
    "liveIndexing": false
  },
  "terraform.languageServer.enable": true
}

I've included example config files for some of the tools.

direnv: Rename .envrc.example to .envrc and update.

pre-commit: Review .pre-commit-config.yaml to enable/disable hooks.

terraform-docs: Review .terraform-docs.yml to adjust document formatting options.

TFLint: Review .tflint.hcl

Task: Review Taskfile.yaml and or remove tasks.

Terraform: Rename terraform.tfvars.example to terraform.tfvars and update.

Everything above this should be removed and replaced with your module description.

The following two lines specify where the terraform-docs dynamic content will be placed.

No providers.

No modules.

No resources.

No inputs.

No outputs.