ghndrx/terraform-foundation
1
0
Fork 0
mirror of https://github.com/ghndrx/terraform-foundation.git synced 2026-02-09 22:35:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
terraform-foundation/.tflint.hcl
Greg Hendrickson 6136cde9bb feat: Terraform Foundation - AWS Landing Zone 
Enterprise-grade multi-tenant AWS cloud foundation.

Modules:
- GitHub OIDC for keyless CI/CD authentication
- IAM account settings and security baseline
- AWS Config Rules for compliance
- ABAC (Attribute-Based Access Control)
- SCPs (Service Control Policies)

Features:
- Multi-account architecture
- Cost optimization patterns
- Security best practices
- Comprehensive documentation

Tech: Terraform, AWS Organizations, IAM Identity Center
2026-02-02 02:57:23 +00:00

139 lines
2.7 KiB
HCL
Raw Permalink Blame History

# TFLint Configuration
# Terraform linting with AWS best practices
# https://github.com/terraform-linters/tflint
config {
module = true
force = false
}
# AWS Provider Plugin
plugin "aws" {
enabled = true
version = "0.29.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
# Deep checking (requires AWS credentials)
deep_check = false
}
################################################################################
# Terraform Core Rules
################################################################################
# Enforce snake_case naming
rule "terraform_naming_convention" {
enabled = true
format = "snake_case"
}
# Require descriptions
rule "terraform_documented_variables" {
enabled = true
}
rule "terraform_documented_outputs" {
enabled = true
}
# Standard module structure
rule "terraform_standard_module_structure" {
enabled = true
}
# Deprecated syntax
rule "terraform_deprecated_interpolation" {
enabled = true
}
rule "terraform_deprecated_index" {
enabled = true
}
# Comment formatting
rule "terraform_comment_syntax" {
enabled = true
}
# Require type declarations
rule "terraform_typed_variables" {
enabled = true
}
# Workspace usage (discouraged with Terragrunt)
rule "terraform_workspace_remote" {
enabled = true
}
################################################################################
# AWS Security Rules
################################################################################
# Invalid instance types
rule "aws_instance_invalid_type" {
enabled = true
}
# Invalid AMIs
rule "aws_instance_invalid_ami" {
enabled = true
}
# Resource tagging
rule "aws_resource_missing_tags" {
enabled = true
tags = ["Name", "Environment", "ManagedBy"]
}
# IAM Policy best practices
rule "aws_iam_policy_document_gov_friendly_arns" {
enabled = true
}
rule "aws_iam_policy_too_long_policy" {
enabled = true
}
# S3 bucket configuration
rule "aws_s3_bucket_invalid_acl" {
enabled = true
}
# Security group rules
rule "aws_security_group_invalid_protocol" {
enabled = true
}
# DB instance sizing
rule "aws_db_instance_invalid_type" {
enabled = true
}
rule "aws_db_instance_invalid_db_subnet_group" {
enabled = true
}
# ElastiCache
rule "aws_elasticache_cluster_invalid_type" {
enabled = true
}
# Lambda
rule "aws_lambda_function_invalid_runtime" {
enabled = true
}
################################################################################
# Disabled Rules
################################################################################
# Too strict for template modules with dynamic configs
rule "terraform_unused_declarations" {
enabled = false
}
# Allow empty defaults for optional objects
rule "terraform_required_providers" {
enabled = false
}
Reference in New Issue View Git Blame Copy Permalink