Switch AWS rules implementation to the tflint-ruleset-aws plugin

[wata727]

This pull request switches an existing AWS rule implementation to the tflint-ruleset-aws plugin. This is a change that has a significant impact on the implementation of TFLint, so I'm going to describe more details.

Why?

Currently, TFLint is primarily focused on the AWS provider, but I think that support other providers is just as important. However, the current implementation of TFLint provides AWS rules built-in, and if we want to support other providers, we must change the repository (TFLint core).

This is not scaleable. TFLint should be a "pluggable" linter so that it can support more providers and many rules by plugins. To achieve this, I have been implementing the plugin system. I'm trying to cut out existing AWS rules into the plugin.

What's happened?

The goal of this change is to switch the implementation to the plugin, but there are some tricks to minimize the impact of the migration.

First, TFLint binary will also act as the tflint-ruleset-aws plugin. So that you don't have to download the tflint-ruleset-aws plugin separately. Of course, like other plugins, you can install the plugin separately. In that case, the installed plugin will take precedence. The bundled plugin will only be used if you don't have the tflint-ruleset-aws installed.

If you want to see which plugin is enabled, check the version output:

% tflint -v
TFLint version 0.23.0
+ ruleset.aws (0.1.0-bundled)

Plugins ending in -bundled indicate that they are plugins built into TFLint itself, called "bundled plugins".

In the future, I plan to remove this mechanism as well, but at least after implementing a mechanism that makes it easy to download plugins, such as terraform init.

The other one, the tflint-ruleset-aws plugin is automatically enabled from the Terraform configurations. This implementation is similar to Terraform's automatic installation of providers. For example, it is automatically enabled for the following configurations:

resource "aws_instance" "foo" {
  ami = "ami-12345678"
  instance_type = "t2.micro"
}

provider "aws" {
  region = "us-east-1"
}

If you want to see the plugin is automatically enabled, check the version output. You can also control the activation of plugins by explicitly writing a plugin configuration, whether it is automatically enabled or not:

plugin "aws" {
  enabled = true
}

When used as a Language Server, the AWS plugin is always enabled, regardless of the Terraform configurations. If you want to disable it, such as when using another provider, write the plugin configuration explicitly and disable it.

What should we do?

I try to minimize the impact of this change as much as possible, but it does affect users who use deep checking.

The global --deep option will no longer be available to enable deep checking for AWS rules. If you want to continue using it, set the deep_check attribute of the aws plugin setting to true.

plugin "aws" {
  enabled = true
  deep_check = true
}

See the tflint-ruleset-aws plugin configurations for details.

Remove the --deep option is out of scope for this pull request, but will be removed by the next release.

What's next?

Unless there are any major issues, I plan to merge this change in the next minor release. If you have any questions about this change, please let me know. Thanks.