Top Gun Terraform Development Environment

6 min readJul 24, 2023

As a Hashicorp Certified Terraform Instructor, I get asked a lot of questions from beginners, and I decided to put together a “Best in Class” post with recommendations for Old and New Terraform Developers.

In this post we’ll cover, VSCode’s Dev/Remote containers for a portable (can run on your developers laptops, can run as a build agent, will run on Grannie’s laptop, God bless her soul ❤) all-in-code developer setup.

We’ll cover, TFEnv, TGEnv, TFSec, Terraform Docs, Terraform Format, TFLint, Terraform Validate, Terraform Plan, Pre Commit amongst other

This post is a Buffet, you can pick what you want to eat or try everything, it’s up to you, Bon Appétit!

You can find all the code, ready to use here: https://github.com/star3am/terraform-modules-library

Terraform plan, format, lint, docs, tfsec and Pre Commit

This post will cover the following topics:

Development Environment
Helpful Tools such as TFEnv, Terraform Docs, Terraform Format
Terraform Modules (Testing and Development for Multi-Cloud)
General Tips and Tricks
Links

So let’s start with our Development Environment. We need a consistent Development Environment with a small Tool Chain.

This Environment Should be quick and easy to install.
It should run all Operating Systems (Windows, Mac (Intel and Arm), Linux and of course our build agents)
In Code solution as far as possible.

For our Development Environment, I use Docker Desktop, this gives us a consistent containerised environment which runs on all Operating Systems. https://www.docker.com/products/docker-desktop/

As and IDE, I use VSCode https://code.visualstudio.com/ and the Dev/Remote Containers Extension https://code.visualstudio.com/docs/devcontainers/tutorial

Now we have a pretty tiny Tool Chain, that runs consistently on All Operating Systems. This is important, because our colleagues might be on Windows while we are on a Mac, and we want to as far as possible work in the same way.

Our VSCode .devcontainer/devcontainer.json looks as follows https://github.com/star3am/terraform-modules-library/blob/main/.devcontainer/devcontainer.json

{
  "dockerComposeFile": "../docker-compose.yml",
  "service": "tools",
  "workspaceFolder": "/app",
  "postStartCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
  "customizations": {
    "vscode": {
      "extensions": [
        "dbaeumer.vscode-eslint",
        "hashicorp.terraform",
        "nhoizey.gremlins",
        "hashicorp.hcl"
      ]
    }
  }
}

The important bits are that it references a docker-compose file https://github.com/star3am/terraform-modules-library/blob/main/docker-compose.yml#L9 which launches our Dev Container from a Dockerfile https://github.com/star3am/terraform-modules-library/blob/main/Dockerfile

The Dockerfile does most of the magic (It runs on Windows, Linux, Mac (Intel and Arm)) and it installs base tools such as wget, curl, nano, less etc. for Ubuntu 22.04 and it also installs our Developer tools such as:

TFEnv https://github.com/tfutils/tfenv Installs the appropriate Terraform Version as defined in a .terraform-version file
TGEnv https://github.com/cunymatthieu/tgenv Installs the appropriate Terragrunt Version as defined in a .terragrunt-version file
TFSec https://github.com/aquasecurity/tfsec Which Scans our Terraform Code for potential security risks
Terraform Docs https://github.com/terraform-docs/terraform-docs utility to generate documentation from Terraform modules in various output formats
Terraform Format https://developer.hashicorp.com/terraform/cli/commands/fmt is used to rewrite Terraform configuration files to a canonical format and style and correctly format our Terraform code
TFLint https://github.com/terraform-linters/tflint Linting our Terraform code
Terraform Validate https://developer.hashicorp.com/terraform/cli/commands/validate validates the Terraform configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc.
Terraform Plan https://developer.hashicorp.com/terraform/cli/commands/plan run a Terraform Plan on all our Modules using Terragrunt `terragrunt run-all plan`
Pre Commit https://pre-commit.com/ Git Pre Commit hooks to help us lint our code and detect common coding errors see: https://github.com/star3am/terraform-modules-library/blob/main/.pre-commit-config.yaml

Now that we know how our Development Environment is spun up, and what it does, let’s see a practical Demo.

If you install Docker Desktop, VSCode and the Dev/Remote containers extension. You can Clone https://github.com/star3am/terraform-modules-library

Now Let’s open VSCode and open the project folder, you will see that VSCode notifies you that it has detected a Remote Dev Container and it will ask you if you want to open in a Dev Container.

Click Reopen in Container

This will build the Dockerfile and drop you into a Terminal inside the container, with everything installed.

Meaning that you don’t need to have Terraform, Terragrunt, TFEnv etc. installed on your laptop, all you need is Docker, Git and VSCode + The Dev / Remote Container extension for VSCode.. Everything is managed in Code!

If you look at the folders on the left, we have aws, azure, gcp and custom and and inside each of those a modules folder, I have added a few examples, and you can add more, this framework will scan, check, format all our modules, plan them and generate documentation for them.

You might not need al of this, and you are welcome to use parts of this repository to suite your own needs, for example you might only need the Dev Container part or just the Pre Commit component or just the Dockerfile, either way you are welcome to help yourself.

Be sure to checkout the .github/workflows/pipeline.yml file. Currently this builds an Arm64 and Amd64 container image on Github Container Registry using Github Actions.

jobs:
  build-and-publish-latest:
    runs-on: ubuntu-latest
    # Running this job only for master branch
    # if: github.ref == 'refs/heads/main'

    steps:
      # Checking out the repo
      - uses: actions/checkout@v2

      # https://github.com/docker/setup-qemu-action
      # https://blog.thesparktree.com/docker-multi-arch-github-actions
      - name: Setup QEMU
        uses: docker/setup-qemu-action@v2
        with:
          platforms: 'arm64,amd64'

      # https://github.com/docker/setup-buildx-action
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      # https://github.com/marketplace/actions/docker-build-push-action
      - uses: mr-smithers-excellent/docker-build-push@v6
        name: Build and Push Docker image
        with:
          image: terraform-modules-library-container
          tags: latest
          registry: ghcr.io
          multiPlatform: true
          platform: linux/amd64,linux/arm64
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

This Dockerfile can also be build into a container image and used as our build agent, because it uses Docker, you are able to easily install new software as you need without having to ask or log a ticket for it to be installed on the build agents, as long as your build agents has Docker installed you should be fine.

Closing Remarks ❤

Many thanks goes to the team at Gruntwork https://gruntwork.io/ for their amazing effort and for selflessly sharing their code in the great spirit of Open Source. In fact https://github.com/gruntwork-io/terragrunt-infrastructure-modules-example inspired this repo and set the foundation for this repo.

So, that brings us to the end of how I setup my Terraform Development Environment, I hope you enjoyed this post, as much as I did writing it and setting it up.