Enhancing Your Terraform Code with TFLint and FMT

Rafael Medeiros
3 min readJan 7, 2025

--

The good old AI-generated image

Detecting errors at early stages is good in any development environment, and Terraform is no different.

In this blog post, you will see how tflint and terraform fmt work.

TFLint

TFlint is a tool that can help you scan and check for errors, syntax, deprecations, enforce naming conventions, and even unused declarations.

If you are on linux, install it with:

curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash

Depending on the cloud provider, we also need to install its plugin, in our case, it’s AWS, so let’s install that.

To install a new plugin, first you need to create a file called .tflint.hcl:

#.tflint.hcl

plugin "aws" {
enabled = true
version = "0.27.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}

In the official documentation, you can also find other cloud providers.

Make sure that you are in the folder where main.tf exists, then run:

tflint --init

This will initialize the plugin.

The following Terraform code will create an EC2 instance, but it has some problems, let’s find them out:


#main.tf


terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}

variable "region" {
type = string
default = "eastus"
}

resource "aws_instance" "example_instance" {
ami = "ami-12345678"
instance_type = "t4.medium"

tags = {
Name = "ExampleInstance"
}
}

If we run tflint, here’s what we get:

tflint
lots of errors :(

Now, all we need to do is to fix them and run tflint again, you won’t see any input if everything is good:

#fixed version

terraform {
required_version = ">= 0.12" #<- fixed
required_providers {
aws = {
source = "hashicorp/aws"
version = "~>5.82.2" #<- fixed
}
}
}

variable "region" {
type = string
default = "eastus"
}

resource "aws_instance" "example_instance" {

ami = "ami-12345678"
instance_type = "t3.medium" #<- fixed

tags = {
Name = "ExampleInstance-${var.region}"
}
}
tflint
no output means everything is good :)

Terraform fmt

This is more of a formatting tool to ensure that the indentation is correct. It scans the current directory and format it according to the canonical format.

To get started, simply run:

terraform fmt

and it will do its magic:

beautifully formatted now

Now, imagine this in a repository with thousands of lines, you don’t need to go one by one, it will apply the format recursively.

Both tools in Jenkins Pipeline

To finish that, you can easily integrate it to your CI CD pipeline process, let’s see a simple example using Jenkins:

pipeline {
agent any

stages {
stage('Checkout Code') {
steps {
// Pull the Terraform code from the repository
git branch: 'main', url: 'https://github.com/hashicorp-education/learn-terraform-test.git'
}
}

stage('Validate and Format Terraform Code') {
steps {
script {
// Check for unformatted code using terraform fmt
sh 'terraform fmt -check'

// Optionally fix formatting issues
sh 'terraform fmt'

// Run tflint to lint the Terraform code
sh 'tflint'
}
}
}

stage('Terraform Init') {
steps {
// Initialize the Terraform working directory
sh 'terraform init'
}
}

stage('Terraform Plan') {
steps {
// Generate and show an execution plan
sh 'terraform plan'
}
}
}
}

Do not forget to install terraform and tflint on your jenkins before running the pipeline!

Follow me on Linkedin!

Give it a clap if you like it, let’s spread the knowledge :)

--

--

Rafael Medeiros
Rafael Medeiros

Written by Rafael Medeiros

DevOps Engineer | CNCF Kubestronaut | 3x Azure | Terraform Fanatic | Another IT Professional willing to help the community

No responses yet