Create a tflint ruleset

[nitrocode]

It would be nice to integrate this into tflint via a custom ruleset or directly in the terraform ruleset

References

• https://github.com/terraform-linters/tflint
• https://github.com/terraform-linters/tflint-ruleset-template
• https://github.com/terraform-linters/tflint-ruleset-terraform
• rule to set a list of allowed or denied providers terraform-linters/tflint-ruleset-terraform#146

[suzuki-shunsuke]

Thank you for your proposal.
I'm not familiar with tflint custom ruleset, but I'll take a look.

[nitrocode]

No need. See this converted discussion. Thanks for considering.

terraform-linters/tflint-ruleset-terraform#148 (comment)

I'd say this is a policy enforcement issue versus adherence to official Terraform recommendations.

I also wouldn't recommend static analysis (TFLint) as a means of doing this—tfprovidercheck is taking the right approach. The actual list of used providers is determined by the whole module tree, both root and children. By using the JSON mode of terraform version, it's getting the exact versions fetched by terraform init, which in turn handles resolving provider versions from the requirements in the module tree.

If you use static analysis, a deny rule can be trivially bypassed with a module block with any remote source (registry, git, etc.).