Skip to content
TFLint is a Terraform linter focused on possible errors, best practices, etc. (Terraform >= 0.12)
Go HCL Shell Ruby HTML Makefile
Branch: master
Clone or download
wata727 Merge pull request #585 from terraform-linters/plugin_v2
Introduce go-plugin based plugin system
Latest commit be121da Jan 18, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Bump terraform to v0.12.19 Jan 8, 2020
client Regenerate mocks Dec 7, 2019
cmd Show plugins version Jan 18, 2020
docs Add docs Jan 18, 2020
formatter Replace wata727 with terraform-linters Nov 10, 2019
integration Add plugin integration test Jan 18, 2020
langserver Add plugin support for LSP Jan 13, 2020
plugin Add plugin integration test Jan 18, 2020
rules Introduce go-plugin based plugin system Jan 13, 2020
tflint Introduce go-plugin based plugin system Jan 13, 2020
tools Bump tflint-plugin-sdk to v0.1.0 Jan 18, 2020
.dockerignore Revise docker image May 25, 2019
.gitignore Introduce go-plugin based plugin system Jan 13, 2020
.gitmodules Add mappings of attributes and AWS model shapes Jun 23, 2019
.goreleaser.yml Replace wata727 with terraform-linters Nov 10, 2019
.pre-commit-config.yaml Added pre-commit hooks Jun 7, 2019
.pre-commit-hooks.yaml Fix the pre-commit hook Dec 9, 2019
8CE69160EB3F2FE9.key gpg --armor --export 8CE69160EB3F2FE9 > 8CE69160EB3F2FE9.key Dec 27, 2019
CHANGELOG.md Bump up version to 0.13.4 Dec 27, 2019
Dockerfile Bump golang to v1.13.6 Jan 11, 2020
LICENSE Change license: MIT -> MPL 2.0 Oct 20, 2018
Makefile Introduce go-plugin based plugin system Jan 13, 2020
README.md Bump up version to 0.13.4 Dec 27, 2019
go.mod Bump tflint-plugin-sdk to v0.1.0 Jan 18, 2020
go.sum Bump tflint-plugin-sdk to v0.1.0 Jan 18, 2020
install_linux.sh Replace wata727 with terraform-linters Nov 10, 2019
integration_test.go Add plugin integration test Jan 18, 2020
main.go Replace wata727 with terraform-linters Nov 10, 2019

README.md

TFLint

Build Status GitHub release Terraform Compatibility Docker Hub License: MPL 2.0 Go Report Card

TFLint is a Terraform linter focused on possible errors, best practices, etc.

Why TFLint is required?

Terraform is a great tool for Infrastructure as Code. However, many of these tools don't validate provider-specific issues. For example, see the following configuration file:

resource "aws_instance" "foo" {
  ami           = "ami-0ff8a91507f77f867"
  instance_type = "t1.2xlarge" # invalid type!
}

Since t1.2xlarge is a nonexistent instance type, an error will occur when you run terraform apply. But terraform plan and terraform validate cannot find this possible error beforehand. That's because it's an AWS provider-specific issue and it's valid as a Terraform configuration.

TFLint finds such errors in advance:

demo

Installation

You can download the binary built for your architecture from the latest release. The following is an example of installation on macOS:

$ wget https://github.com/terraform-linters/tflint/releases/download/v0.13.4/tflint_darwin_amd64.zip
$ unzip tflint_darwin_amd64.zip
Archive:  tflint_darwin_amd64.zip
  inflating: tflint
$ mkdir -p /usr/local/tflint/bin
$ export PATH=/usr/local/tflint/bin:$PATH
$ install tflint /usr/local/tflint/bin
$ tflint -v

For Linux based OS, you can use the install_linux.sh to automate the installation process, or try the following oneliner to download latest binary for AMD64 architecture.

$ curl -L "$(curl -Ls https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" -o tflint.zip && unzip tflint.zip && rm tflint.zip

Homebrew

macOS users can also use Homebrew to install TFLint:

$ brew install tflint

Docker

You can also use TFLint via Docker.

$ docker run --rm -v $(pwd):/data -t wata727/tflint

Features

700+ rules are available. See Rules.

Limitations

TFLint currently only inspects Terraform-specific issues and AWS issues.

Also, load configurations in the same way as Terraform v0.12. This means that it cannot inspect configurations that cannot be parsed on Terraform v0.12.

See Compatibility with Terraform for details.

Usage

TFLint inspects all configurations under the current directory by default. You can also change the behavior with the following options:

$ tflint --help
Usage:
  tflint [OPTIONS] [FILE or DIR...]

Application Options:
  -v, --version                             Print TFLint version
      --langserver                          Start language server
  -f, --format=[default|json|checkstyle]    Output format (default: default)
  -c, --config=FILE                         Config file name (default: .tflint.hcl)
      --ignore-module=SOURCE                Ignore module sources
      --enable-rule=RULE_NAME               Enable rules from the command line
      --disable-rule=RULE_NAME              Disable rules from the command line
      --var-file=FILE                       Terraform variable file name
      --var='foo=bar'                       Set a Terraform variable
      --module                              Inspect modules
      --deep                                Enable deep check mode
      --aws-access-key=ACCESS_KEY           AWS access key used in deep check mode
      --aws-secret-key=SECRET_KEY           AWS secret key used in deep check mode
      --aws-profile=PROFILE                 AWS shared credential profile name used in deep check mode
      --aws-creds-file=FILE                 AWS shared credentials file path used in deep checking
      --aws-region=REGION                   AWS region used in deep check mode
      --force                               Return zero exit status even if issues found
      --no-color                            Disable colorized output

Help Options:
  -h, --help                                Show this help message

See User guide for each option.

Exit Statuses

TFLint returns the following exit statuses on exit:

  • 0: No issues found
  • 2: Errors occurred
  • 3: No errors occurred, but issues found

FAQ

Does TFLint check modules recursively?

  • No. TFLint always checks only the current root module (no recursive check)

Debugging

If you don't get the expected behavior, you can see the detailed logs when running with TFLINT_LOG environment variable.

$ TFLINT_LOG=debug tflint

Developing

See Developer guide.

You can’t perform that action at this time.