Terraform Iac Reviewer
by Timoranjes
Expert IaC auditing for Terraform and OpenTofu to catch security holes, cost leaks, and state management risks.
$10
· or 50 creditsSecure checkout via Stripe
Works with the AI tools you already use
About this skill
Senior-Level IaC Auditing for Terraform and OpenTofu
Infrastructure as Code (IaC) is the backbone of modern cloud deployments, but a single misconfigured S3 bucket or unencrypted database can lead to catastrophic data breaches. This skill transforms your AI agent into a senior-level infrastructure architect that audits HCL configurations for security, cost efficiency, and operational stability across AWS, Azure, and GCP.
What it does
The Terraform IaC Reviewer scans your workspace to build a complete resource graph of modules, providers, and variables. Performance is categorized into three key pillars:
- Security Audit: Detects public exposure, unencrypted volumes, overly permissive IAM wildcards, and hardcoded secrets.
- Cost Optimization: Identifies over-provisioned instances, orphaned resources like unattached Elastic IPs, and missing lifecycle policies.
- State & Drift Management: Ensures safe remote backend configurations, state locking to prevent corruption, and versioning for disaster recovery.
Why use this skill
While standard AI prompts can catch basic syntax errors, this skill follows a structured multi-step workflow. It doesn't just look at files in isolation; it analyzes provider pinning, module boundaries, and variable validation blocks. It provides specific "Critical," "Warning," and "Suggestion" tiers with drop-in HCL fixes, ensuring your infrastructure is production-grade before you ever run terraform apply.
Supported Platforms
- AWS: S3 Bucket Policies, IMDSv2, VPC Flow Logs, and RDS Deletion Protection.
- Azure: Key Vault Soft Delete, NSG Flow Logs, and Storage Account Secure Transfer.
- GCP: Uniform Bucket-Level Access, Shielded VMs, and KMS Rotation.
Details
How to install
Drop the file into your AI Agent. Works with Claude, Cursor, ChatGPT, and 20+ more.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
No special permissions declared or detected
Creator
Frequently Asked Questions
Browse More Skills
code-reviewer
Reviews your code for bugs, security vulnerabilities, logic errors, performance issues, and style violations. Organizes findings by severity and suggests fixes with code examples.

frontend-motion-wizard
Advanced responsive layout and interactive micro-interaction engine for React, Tailwind CSS, and Framer Motion. Automatically injects fluid element states, mobile-first touch behaviors, adaptive viewports, and non-destructive layout transitions into static codebases
java-best-practice-checker
Expert Java code auditor for SE 8–24, flagging performance leaks, threading risks, and modernization gaps.

Business Strategist
A framework-driven consultant for business diagnosis, market mapping, and pricing strategy.