Skip to content
Go to file

Latest commit

Bumps []( from 1.35.7 to 1.35.9.
- [Release notes](
- [Changelog](
- [Commits](aws/aws-sdk-go@v1.35.7...v1.35.9)

Signed-off-by: dependabot[bot] <>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]>

Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Build Status GitHub release Terraform Compatibility Docker Hub License: MPL 2.0 Go Report Card

TFLint is a Terraform linter focused on possible errors, best practices, etc.

Why TFLint is required?

Terraform is a great tool for Infrastructure as Code. However, many of these tools don't validate provider-specific issues. For example, see the following configuration file:

resource "aws_instance" "foo" {
  ami           = "ami-0ff8a91507f77f867"
  instance_type = "t1.2xlarge" # invalid type!

Since t1.2xlarge is a nonexistent instance type, an error will occur when you run terraform apply. But terraform plan and terraform validate cannot find this possible error beforehand. That's because it's an AWS provider-specific issue and it's valid as a Terraform configuration.

TFLint finds such errors in advance:



You can download the binary built for your architecture from the latest release. The following is an example of installation on macOS:

$ curl --location --output
$ unzip
  inflating: tflint
$ install tflint /usr/local/bin
$ tflint -v

For Linux based OS, you can use the to automate the installation process, or try the following oneliner to download latest binary for AMD64 architecture.

$ curl -L "$(curl -Ls | grep -o -E "https://.+?")" -o && unzip && rm


macOS users can also use Homebrew to install TFLint:

$ brew install tflint


Windows users can use Chocolatey:

choco install tflint


You can also use TFLint via Docker.

$ docker run --rm -v $(pwd):/data -t wata727/tflint


700+ rules are available. See Rules.


TFLint supports multiple providers via plugins. The following is the Major Cloud support status.

name status description
AWS Available Inspections for AWS resources are now built into TFLint. So, it is not necessary to install the plugin separately. In the future, these will be cut out to the plugin, but all are in progress.
Azure Experimental Experimental support has been started. You can inspect Azure resources by installing the plugin.
Google Cloud Platform Experimental Experimental support has been started. You can inspect GCP resources by installing the plugin.

Please see the documentation about the plugin system.


TFLint load configurations in the same way as Terraform v0.13. This means that it cannot inspect configurations that cannot be parsed on Terraform v0.13.

See Compatibility with Terraform for details.


TFLint inspects all configurations under the current directory by default. You can also change the behavior with the following options:

$ tflint --help
  tflint [OPTIONS] [FILE or DIR...]

Application Options:
  -v, --version                                   Print TFLint version
      --langserver                                Start language server
  -f, --format=[default|json|checkstyle|junit]    Output format (default: default)
  -c, --config=FILE                               Config file name (default: .tflint.hcl)
      --ignore-module=SOURCE                      Ignore module sources
      --enable-rule=RULE_NAME                     Enable rules from the command line
      --disable-rule=RULE_NAME                    Disable rules from the command line
      --only=RULE_NAME                            Enable only this rule, disabling all other defaults. Can be specified multiple times
      --var-file=FILE                             Terraform variable file name
      --var='foo=bar'                             Set a Terraform variable
      --module                                    Inspect modules
      --deep                                      Enable deep check mode
      --aws-access-key=ACCESS_KEY                 AWS access key used in deep check mode
      --aws-secret-key=SECRET_KEY                 AWS secret key used in deep check mode
      --aws-profile=PROFILE                       AWS shared credential profile name used in deep check mode
      --aws-creds-file=FILE                       AWS shared credentials file path used in deep checking
      --aws-region=REGION                         AWS region used in deep check mode
      --force                                     Return zero exit status even if issues found
      --no-color                                  Disable colorized output
      --loglevel=[trace|debug|info|warn|error]    Change the loglevel (default: none)

Help Options:
  -h, --help                                      Show this help message

See User guide for each option.

Exit Statuses

TFLint returns the following exit statuses on exit:

  • 0: No issues found
  • 2: Errors occurred
  • 3: No errors occurred, but issues found


Does TFLint check modules recursively?

  • No. TFLint always checks only the current root module (no recursive check)

Do I need to install Terraform for TFLint to work?

  • No. TFLint works as a single binary because Terraform is embedded as a library. Note that this means that the version of Terraform used is determined for each TFLint version. See also Compatibility with Terraform.

TFLint causes a loading error in my code that is valid in Terraform. Why?

  • First, check the version of Terraform you are using. Terraform v0.12 introduced a major syntax change, and unfortunately TFLint only supports that new syntax.


If you don't get the expected behavior, you can see the detailed logs when running with TFLINT_LOG environment variable.

$ TFLINT_LOG=debug tflint


See Developer guide.

You can’t perform that action at this time.