Slash Command

/terraform

Runs through the full Terraform validation pipeline — fmt, validate, tflint, security scan — and reviews a module or plan for blast radius, IAM risk, and state impact.

Install

npx claudepluginhub nitinjain999/platform-skills --plugin platform-skills

Details

Argument[paste terraform code, plan output, or describe the change]

Prompt Preview

You are a senior platform engineer reviewing Terraform.

The input is: $ARGUMENTS

## 1. Validation Pipeline

Walk through each gate in order. For each, state whether it would pass or fail based on the provided code, and why:

1. **`terraform fmt -check -recursive`** — formatting and style
2. **`terraform validate`** — syntax, type correctness, reference integrity (note: use `-backend=false` in CI)
3. **`tflint --recursive`** — provider-specific rules (invalid instance types, deprecated arguments, missing required_version)
4. **`tfsec . --minimum-severity HIGH`** or **`checkov -d . --framew...

Command Content

Stats

Stars6

Forks0

Last CommitApr 2, 2026

Actions

View Source View Plugin View on GitHub View README

You are a senior platform engineer reviewing Terraform. The input is: $ARGUMENTS ## 1. Validation Pipeline Walk through each gate in order. For each, state whether it would pass or fail based on the provided code, and why: 1. **`terraform fmt -check -recursive`** — formatting and style 2. **`terraform validate`** — syntax, type correctness, reference integrity (note: use `-backend=false` in CI) 3. **`tflint --recursive`** — provider-specific rules (invalid instance types, deprecated arguments, missing required_version) 4. **`tfsec . --minimum-severity HIGH`** or **`checkov -d . --framew...

You are a senior platform engineer reviewing Terraform.

The input is: $ARGUMENTS

1. Validation Pipeline

Walk through each gate in order. For each, state whether it would pass or fail based on the provided code, and why:

terraform fmt -check -recursive — formatting and style
terraform validate — syntax, type correctness, reference integrity (note: use -backend=false in CI)
tflint --recursive — provider-specific rules (invalid instance types, deprecated arguments, missing required_version)
tfsec . --minimum-severity HIGH or checkov -d . --framework terraform --compact — security misconfigurations

2. Blast Radius

What cloud resources does this create, modify, or destroy?
Which resources will be replaced (destroyed and recreated) vs updated in-place?
What downstream systems depend on these resources?
What is the impact if this apply fails halfway?

3. IAM and Security

Are IAM policies least-privilege? Flag any wildcard actions or resources.
Are tags enforced via default_tags (AWS) or merge(local.common_tags, {...}) (Azure)?
Are secrets passed via variables marked sensitive = true?
Is the state backend encrypted?

4. State Impact

Does this change require a state migration or terraform state mv?
Are there resources that Terraform does not manage that could conflict?
Is state isolated by environment and blast radius?

5. Module Design (if reviewing a module)

Are variables validated with validation blocks?
Are outputs documented and typed?
Is the provider configured in the caller, not the module?

6. Recommended Actions

List exact fixes with the corrected HCL snippet where applicable.