Skill

Terraform Review

This skill should be used when the user asks to "review Terraform code", "Terraform plan review", "check Terraform implementation", "validate infrastructure code", "IaC review", or mentions reviewing Terraform plans, modules, or infrastructure-as-code for production readiness.

npx claudepluginhub sniper-fly/souma-recette --plugin terraform-review

Tool Access

This skill uses the workspace's default tool permissions.

Preview

This skill provides a structured approach to reviewing Terraform implementation plans before deployment. The focus is on identifying technical issues that should be fixed before implementation begins, with emphasis on production stability and minimizing operational burden.

Supporting Assets

examples/sample-review-output.mdreferences/review-perspectives.md

SKILL.md

Similar Skills

terraform-review

Reviews Terraform PRs with 8-category checklist on structure, state safety, security, naming, modules, variables, providers, and CI/CD. Outputs Approved/Needs Changes/Blocked verdict for PR reviews, pre-merge checks, and audits.

ai-toolkit

terraform-audit

Audits Terraform codebases for security, compliance, cost optimization, code quality, and architecture issues in AWS resources. Outputs Markdown reports with severity levels, remediations, and HCL fixes.

5 files

enterprise-harness-engineering

terraform-validator

139

Validates, lints, audits, and plans Terraform HCL files using tflint, checkov, terraform validate/fmt/init; enforces security checklists and best practices.

10 files

devops-skills

Stats

Parent Repo Stars0

Parent Repo Forks1

Last CommitJan 31, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Terraform Implementation Plan Review

Purpose

When to Use

Reviewing Terraform implementation plans or designs
Pre-deployment infrastructure code review
Validating Terraform module configurations
Assessing infrastructure-as-code for production readiness

Review Process

Step 1: Establish Review Perspectives

Before reviewing, identify applicable review perspectives based on the plan content. Common perspectives include:

Category	Focus Areas
Resource Design	Dependencies, configuration consistency, lifecycle management
Security	IAM permissions, network settings, secrets management
Operations	Naming conventions, tagging, module structure, state management
Cost	Resource sizing, unused resources, cost optimization options
Constraints/Risks	Service limits, quotas, region dependencies

Adapt perspectives based on the specific plan. Add domain-specific perspectives as needed (e.g., compliance for regulated industries).

Step 2: Execute Review

Examine the plan against each perspective. For categories with no issues, document as "Confirmed - No issues found."

Step 3: Document Findings

Use the standard output format for each issue found.

Output Format

For each issue discovered:

### Issue N: [Issue Title]
- **Location**: Filename/Section, specific configuration item
- **Problem**: What is wrong, why it's a problem
- **Severity**: High/Medium/Low
  - High: Deployment failure, security vulnerability, data loss risk
  - Medium: Operational difficulty, scalability constraints, maintainability issues
  - Low: Best practice deviation, readability concerns
- **Recommendation**: Suggested fix (include code example if applicable)

Conclude with a summary:

---
**Summary**: X issues found
- High: N
- Medium: N
- Low: N

Review Perspectives Details

For comprehensive review criteria and checklists, see:

references/review-perspectives.md - Detailed review criteria per category

Example Output

For a complete review example, see:

examples/sample-review-output.md - Sample Terraform review output

Key Principles

Production stability first: Prioritize issues affecting production reliability
Operational burden: Identify configurations that increase operational complexity
Actionable feedback: Provide specific, implementable recommendations
No false positives: Only report genuine issues, not stylistic preferences
Context-aware: Adapt severity based on the deployment target (dev vs prod)

Common Issue Patterns

High Severity Patterns

Missing required provider configuration
Hardcoded secrets or credentials
Overly permissive IAM policies (* wildcards)
No state backend configuration for team environments
Missing lifecycle rules causing accidental resource destruction

Medium Severity Patterns

Inconsistent naming conventions
Missing or incomplete tagging strategy
No resource dependencies explicitly defined
Missing output values for inter-module communication
Suboptimal resource sizing

Low Severity Patterns

Variable descriptions missing
No validation rules on variables
Inconsistent formatting
Missing README documentation