Follow Hashicorp's Terraform style guide when writing Terraform code, with a few exceptions (see below).
Here are some exceptions (and additions) to Hashicorp's Terraform style guide.
- Use module names based on the logical function of the module rather than the underlying proprietary service used for implementing the module. For example, use "database" instead of "rds", or "storage" instead of "s3".
- Organize resources according to the infrastructure layers described in module architecture.
- Use shared configuration instead of the tfe_outputs data source to share state between two state files.
- Use underscores instead of dashes in file names and module names.
- Separate words in filenames with underscores (_) instead of dashes (-), e.g., main.tf, output_variables.tf.
- Use lowercase letters to avoid case sensitivity issues.
- Include additional type information in string variable names to clarify the value being stored. For example, use
access_policy_arn
instead ofaccess_policy
. Common examples of suffixes include:_id
,_arn
, and_name
. - Include units in numerical variable names. For example, use
max_request_seconds
instead ofmax_request_time
. - Use plural nouns for lists. For example, use
subnet_ids
to represent a list of subnet ids. - Use
values_by_key
for maps that map keys to values. For example useaccount_ids_by_name
to represent a map from account names to account ids. - For boolean feature flags, use the prefix
enable_
, as inenable_https
.
- Do not commit the
.terraform.lock.hcl
dependency lock file. As of Feb 2023, Terraform lock files, while well intentioned, have a tendency to get into a confusing state that requires recreating the lock file, which defeats the purpose. Moreover, lock files are per environment, which can make it difficult for people to upgrade dependencies (e.g. upgrade an AWS provider) across environments if certain environments are locked down (e.g. production).
- For testing, use Terratest instead of the Terraform test framework.
- For policy enforcement and compliance checks, Tfsec is used instead of Terraform's policy enforcement framework
Follow Google's Shell Style Guide.