terraform-iac-reviewer
by Timoranjes
Expert IaC auditing for Terraform and OpenTofu to catch security holes, cost leaks, and state management risks.
- Audit HCL code for public S3 buckets and unencrypted RDS instances
- Identify orphaned cloud resources and over-provisioned instance types
- Analyze terraform plan output for accidental resource destruction risks
$10
· or 50 creditsSecure checkout via Stripe
Included in download
- Audit HCL code for public S3 buckets and unencrypted RDS instances
- Identify orphaned cloud resources and over-provisioned instance types
- Includes example output and usage patterns
Sample input
Review my AWS Terraform files for security and cost. I'm specifically worried about the log bucket and my dev instances.
Sample output
CRITICAL: aws_s3_bucket.logs Issue: Public read access enabled. Impact: Sensitive logs exposed to internet. Fix: resource "aws_s3_bucket_public_access_block" "logs" { bucket = aws_s3_bucket.logs.id block_public_acls = true block_public_policy = true }
WARNING: Use spot instances for 'dev-node'.
terraform-iac-reviewer
by Timoranjes
Expert IaC auditing for Terraform and OpenTofu to catch security holes, cost leaks, and state management risks.
$10
· or 50 creditsSecure checkout via Stripe
Included in download
- Audit HCL code for public S3 buckets and unencrypted RDS instances
- Identify orphaned cloud resources and over-provisioned instance types
- Includes example output and usage patterns
- Instant install
Sample input
Review my AWS Terraform files for security and cost. I'm specifically worried about the log bucket and my dev instances.
Sample output
CRITICAL: aws_s3_bucket.logs Issue: Public read access enabled. Impact: Sensitive logs exposed to internet. Fix: resource "aws_s3_bucket_public_access_block" "logs" { bucket = aws_s3_bucket.logs.id block_public_acls = true block_public_policy = true }
WARNING: Use spot instances for 'dev-node'.
About This Skill
Senior-Level IaC Auditing for Terraform and OpenTofu
Infrastructure as Code (IaC) is the backbone of modern cloud deployments, but a single misconfigured S3 bucket or unencrypted database can lead to catastrophic data breaches. This skill transforms your AI agent into a senior-level infrastructure architect that audits HCL configurations for security, cost efficiency, and operational stability across AWS, Azure, and GCP.
What it does
The Terraform IaC Reviewer scans your workspace to build a complete resource graph of modules, providers, and variables. Performance is categorized into three key pillars:
- Security Audit: Detects public exposure, unencrypted volumes, overly permissive IAM wildcards, and hardcoded secrets.
- Cost Optimization: Identifies over-provisioned instances, orphaned resources like unattached Elastic IPs, and missing lifecycle policies.
- State & Drift Management: Ensures safe remote backend configurations, state locking to prevent corruption, and versioning for disaster recovery.
Why use this skill
While standard AI prompts can catch basic syntax errors, this skill follows a structured multi-step workflow. It doesn't just look at files in isolation; it analyzes provider pinning, module boundaries, and variable validation blocks. It provides specific "Critical," "Warning," and "Suggestion" tiers with drop-in HCL fixes, ensuring your infrastructure is production-grade before you ever run terraform apply.
Supported Platforms
- AWS: S3 Bucket Policies, IMDSv2, VPC Flow Logs, and RDS Deletion Protection.
- Azure: Key Vault Soft Delete, NSG Flow Logs, and Storage Account Secure Transfer.
- GCP: Uniform Bucket-Level Access, Shielded VMs, and KMS Rotation.
Use Cases
- Audit HCL code for public S3 buckets and unencrypted RDS instances
- Identify orphaned cloud resources and over-provisioned instance types
- Analyze terraform plan output for accidental resource destruction risks
- Enforce tagging strategies and naming conventions across cloud providers
- Verify remote backend and state locking configurations for team safety
Known Limitations
- Does not execute terraform plan or apply commands.
- Cannot audit external modules hosted in private registries without file access.
- Limited to HCL static analysis; cannot verify runtime cloud IAM permissions.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/terraform-iac-reviewer -o /tmp/terraform-iac-reviewer.zip && unzip -o /tmp/terraform-iac-reviewer.zip -d ~/.claude/skills && rm /tmp/terraform-iac-reviewer.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
No special permissions declared or detected
Compatible with SKILL.md-compatible agents like Claude Code and Cursor.
Creator
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
Multi-Agent Orchestration Master Library
Transform Claude Code into a coordinated multi-agent system. Battle-tested tmux orchestration patterns, YAML task queues, event-driven communication, and parallel worker management for 8+ agents.
sast-configuration
Automate the setup and optimization of Semgrep, SonarQube, and CodeQL for high-signal security testing.
software-architect
A structured framework for planning, reviewing, and evolving complex software systems with explicit trade-offs.
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.