explaingit

terraform-linters/tflint

5,709GoAudience · ops devopsComplexity · 3/5LicenseSetup · moderate

TLDR

TFLint is a linter for Terraform files that catches mistakes like invalid cloud resource types or deprecated syntax before you deploy, using a plugin system with separate rule sets for AWS, Azure, and GCP.

Mindmap

mindmap
  root((TFLint))
    What it does
      Terraform linting
      Error detection
      Plugin-based rules
    Cloud providers
      AWS plugin
      Azure plugin
      GCP plugin
    Output formats
      JSON
      JUnit XML
      SARIF
    Use cases
      CI pipelines
      PR checks
      Infra validation
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Catch invalid AWS EC2 instance types in Terraform config before deploying and paying for a failed provision.

USE CASE 2

Run TFLint in a CI pipeline to automatically flag Terraform errors on every pull request.

USE CASE 3

Scan an entire Terraform directory tree for unused variables and deprecated syntax in one command.

USE CASE 4

Install provider-specific plugins for AWS, Azure, or GCP to get cloud-aware lint rules for your infrastructure code.

Tech stack

GoTerraformHCLDocker

Getting it running

Difficulty · moderate Time to first run · 30min

Provider-specific plugins (AWS/Azure/GCP) must be declared in .tflint.hcl and installed separately before cloud rules are available.

Core is MPL 2.0, modifications must stay open source but can be combined with proprietary code, some parts are BUSL 1.1 with production-use restrictions until a future date.

In plain English

TFLint is a tool that checks Terraform configuration files for problems before you apply them to your cloud infrastructure. Terraform is a widely used tool for describing and managing cloud resources as code, and TFLint acts as a quality checker that runs against those descriptions. It can catch mistakes like specifying a virtual machine type that does not exist in a cloud provider's catalog, using syntax that has been removed in a newer Terraform version, or declaring variables that are never used. The tool is built around a plugin system. The core program is a framework that does not contain many rules on its own. Instead, you install plugins that provide rule sets for specific cloud providers. Separate plugins exist for Amazon Web Services, Microsoft Azure, and Google Cloud Platform. A plugin for checking Terraform's own language syntax is bundled with TFLint and enabled by default. Additional plugins from the community or custom-built ones can be declared in a configuration file and installed with a single command. Configuration lives in a file called .tflint.hcl in your project directory. You declare which plugins to use, which preset of rules to enable, and any rules you want to turn on or off. From the command line you can also override these settings with flags, run TFLint across an entire directory tree at once, or filter results to specific files. Output can be formatted in several ways beyond the default readable text: JSON, JUnit XML, checkstyle XML, and SARIF are all available, which makes it easy to feed results into code review tools or CI pipelines. A GitHub Actions integration is available for running checks automatically on pull requests. Installation options include downloading a binary directly, Homebrew on macOS, Chocolatey on Windows, and a Docker image. The project is licensed under MPL 2.0 for most code, with BUSL 1.1 applying to some parts.

Copy-paste prompts

Prompt 1
Set up TFLint for my AWS Terraform project: show me the .tflint.hcl config file and how to install and enable the aws plugin.
Prompt 2
How do I run TFLint across my entire Terraform monorepo and output results as JSON to feed into a CI dashboard?
Prompt 3
I want to add TFLint to my GitHub Actions workflow to check Terraform PRs automatically. Show me the full workflow YAML.
Prompt 4
Using TFLint, how do I enable a rule to catch unused variables and disable another rule I don't want enforced in my project?
Prompt 5
My TFLint check flags an instance type as invalid. How do I update the AWS plugin and verify it recognizes the new instance type?
Open on GitHub → Explain another repo

← terraform-linters on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.