When to Use
- •Validating Terraform configurations
- •Planning infrastructure changes
- •Applying infrastructure changes (with approval)
- •Security scanning IaC
Prerequisites
- •Terraform >= 1.5.0 installed
- •Azure CLI authenticated
- •Backend storage account accessible
- •Environment variables: ARM_SUBSCRIPTION_ID, ARM_TENANT_ID
Commands
Format & Validate
bash
# Check formatting terraform fmt -check -recursive -diff # Apply formatting terraform fmt -recursive # Validate configuration terraform init -backend=false terraform validate
Planning
bash
# Initialize with backend
terraform init -reconfigure
# Create plan
terraform plan \
-var-file=environments/${ENVIRONMENT}.tfvars \
-out=tfplan \
-detailed-exitcode
# Show plan in JSON
terraform show -json tfplan | jq '.resource_changes'
Security Scanning
bash
# TFSec scan tfsec . --format=json --out=tfsec-results.json # Checkov scan checkov -d . --output-file=checkov-results.json --output=json
State Operations (Read-Only)
bash
# List resources terraform state list # Show resource details terraform state show 'azurerm_kubernetes_cluster.main'
Best Practices
- •ALWAYS run
terraform fmtbefore committing - •ALWAYS run
terraform validatebefore planning - •NEVER commit .tfstate files
- •ALWAYS use -out flag for plans to review
- •Use workspaces for environment separation
- •Enable state locking with Azure blob lease
Output Format
Provide structured output:
- •Command executed with full parameters
- •Exit code (0=success, 1=error, 2=changes pending)
- •Summary: resources to add/change/destroy
- •Warnings or errors with line references
- •Recommendations for next steps
Integration with Agents
Used by: @terraform, @infrastructure, @security, @validation