How do I install terraform-style-guide?

Run `npx skills add https://github.com/hashicorp/agent-skills --skill terraform-style-guide` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does terraform-style-guide support?

terraform-style-guide works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is terraform-style-guide free to use?

Yes. terraform-style-guide is free to install and use. It is available from the open explainx.ai skill registry published by hashicorp.

Where can I read ratings and reviews for terraform-style-guide?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

Cloud

terraform-style-guide▌

hashicorp/agent-skills · updated Apr 8, 2026

$npx skills add https://github.com/hashicorp/agent-skills --skill terraform-style-guide

0 commentsdiscussion

summary

Generate and maintain Terraform code following HashiCorp's official style conventions.

›Enforces two-space indentation, lowercase underscore naming, and standard file organization across terraform.tf , providers.tf , main.tf , variables.tf , outputs.tf , and locals.tf
›Requires type and description on all variables and outputs, with validation rules and sensitive flag support for credentials
›Prioritizes for_each over count for dynamic resources, applies security hardening (encryption,

skill.md

Terraform Style Guide

Generate and maintain Terraform code following HashiCorp's official style conventions and best practices.

Reference: HashiCorp Terraform Style Guide

Code Generation Strategy

When generating Terraform code:

Start with provider configuration and version constraints
Create data sources before dependent resources
Build resources in dependency order
Add outputs for key resource attributes
Use variables for all configurable values

File Organization

File	Purpose
`terraform.tf`	Terraform and provider version requirements
`providers.tf`	Provider configurations
`main.tf`	Primary resources and data sources
`variables.tf`	Input variable declarations (alphabetical)
`outputs.tf`	Output value declarations (alphabetical)
`locals.tf`	Local value declarations

Example Structure

# terraform.tf
terraform {
  required_version = ">= 1.7"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

# variables.tf
variable "environment" {
  description = "Target deployment environment"
  type        = string

  validation {
    condition     = contains(["dev", "staging", "prod"], var.environment)
    error_message = "Environment must be dev, staging, or prod."
  }
}

# locals.tf
locals {
  common_tags = {
    Environment = var.environment
    ManagedBy   = "Terraform"
  }
}

# main.tf
resource "aws_vpc" "main" {
  cidr_block           = var.vpc_cidr
  enable_dns_hostnames = true

  tags = merge(local.common_tags, {
    Name = "${var.project_name}-${var.environment}-vpc"
  })
}

# outputs.tf
output "vpc_id" {
  description = "ID of the created VPC"
  value       = aws_vpc.main.id
}

Code Formatting

Indentation and Alignment

Use two spaces per nesting level (no tabs)
Align equals signs for consecutive arguments

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
  subnet_id     = "subnet-12345678"

  tags = {
    Name        = "web-server"
    Environment = "production"
  }
}

Block Organization

Arguments precede blocks, with meta-arguments first:

resource "aws_instance" "example" {
  # Meta-arguments
  count = 3

  # Arguments
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  # Blocks
  root_block_device {
    volume_size = 20
  }

  # Lifecycle last
  lifecycle {
    create_before_destroy = true
  }
}

Naming Conventions

Use lowercase with underscores for all names
Use descriptive nouns excluding the resource type
Be specific and meaningful
Resource names must be singular, not plural
Default to main for resources where a specific descriptive name is redundant or unavailable, provided only one instance exists

# Bad
resource "aws_instance" "webAPI-aws-instance" {}
resource "aws_instance" "web_apis" {}
variable "name" {}

# Good
resource "aws_instance" "web_api" {}
resource "aws_vpc" "main" {}
variable "application_name" {}

Variables

Every variable must include type and description:

variable "instance_type" {
  description = "EC2 instance type for the web server"
  type        = string
  default     = "t2.micro"

  validation {
    condition     = contains(["t2.micro", "t2.small", "t2.medium"], var.instance_type)
    error_message = "Instance type must be t2.micro, t2.small, or t2.medium."
  }
}

variable "database_password" {
  description = "Password for the database admin user"
  type        = string
  sensitive   = true
}

Outputs

Every output must include description:

output "instance_id" {
  description = "ID of the EC2 instance"
  value       = aws_instance.web.id
}

output "database_password" {
  description = "Database administrator password"
  value       = aws_db_instance.main.password
  sensitive   = true
}

Dynamic Resource Creation

Prefer for_each over count

# Bad - count for multiple resources
resource "aws_instance" "web" {
  count = var.instance_count
  tags  = { Name = "web-${count.index}" }
}

# Good - for_each with named instances
variable "instance_names" {
  type    = set(string)
  default = ["web-1", "web-2", "web-3"]
}

resource "aws_instance" "web" {
  for_each = var.instance_names
  tags     = { Name = each.key }
}

count for Conditional Creation

resource "aws_cloudwatch_metric_alarm" "cpu" {
  count = var.enable_monitoring ? 1 : 0

  alarm_name = "high-cpu-usage"
  threshold  = 80
}

Security Best Practices

When generating code, apply security hardening:

Enable encryption at rest by default
Configure private networking where applicable
Apply principle of least privilege for security groups
Enable logging and monitoring
Never hardcode credentials or secrets
Mark sensitive outputs with sensitive = true

Example: Secure S3 Bucket

resource "aws_s3_bucket" "data" {
  bucket = "${var.project}-${var.environment}-data"
  tags   = local.common_tags
}

resource "aws_s3_bucket_versioning" "data" {
  bucket = aws_s3_bucket.data.id

  versioning_configuration {
    status = "Enabled"
  }
}

resource "aws_s3_bucket_server_side_encryption_configuration" "data" {
  bucket = aws_s3_bucket.data.id

  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm     = "aws:kms"
      kms_master_key_id = aws_kms_key.s3.arn
    }
  }
}

resource "aws_s3_bucket_public_access_block" "data" {
  bucket = aws_s3_bucket.data.id

  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true
}

Version Pinning

terraform {
  required_version = ">= 1.7"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"  # Allow minor updates
    }
  }
}

Version constraint operators:

= 1.0.0 - Exact version
>= 1.0.0 - Greater than or equal
~> 1.0 - Allow rightmost component to increment
>= 1.0, < 2.0 - Version range

Provider Configuration

provider "aws" {
  region = "us-west-2"

  default_tags {
    tags = {
      ManagedBy = "Terraform"
      Project   = var.project_name
    }
  }
}

# Aliased provider for multi-region
provider "aws" {
  alias  = "east"
  region = "us-east-1"
}

Version Control

Never commit:

terraform.tfstate, terraform.tfstate.backup
.terraform/ directory
*.tfplan
.tfvars files with sensitive data

Always commit:

All .tf configuration files
.terraform.lock.hcl (dependency lock file)

Validation Tools

Run before committing:

terraform fmt -recursive
terraform validate

Additional tools:

tflint - Linting and best practices
checkov / tfsec - Security scanning

Code Review Checklist

Based on: HashiCorp Terraform Style Guide

Discussion

Product Hunt–style comments (not star reviews)

No comments yet — start the thread.

general reviews

Ratings

4.7★★★★★26 reviews

★★★★★Shikha Mishra· Dec 28, 2024
terraform-style-guide has been reliable in day-to-day use. Documentation quality is above average for community skills.
★★★★★Camila Thompson· Dec 28, 2024
terraform-style-guide fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
★★★★★Yash Thakker· Nov 19, 2024
Solid pick for teams standardizing on skills: terraform-style-guide is focused, and the summary matches what you get after install.
★★★★★Omar Robinson· Nov 19, 2024
Registry listing for terraform-style-guide matched our evaluation — installs cleanly and behaves as described in the markdown.
★★★★★Sakshi Patil· Nov 15, 2024
terraform-style-guide reduced setup friction for our internal harness; good balance of opinion and flexibility.
★★★★★Dhruvi Jain· Oct 10, 2024
We added terraform-style-guide from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★Luis Chen· Oct 10, 2024
Keeps context tight: terraform-style-guide is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Chaitanya Patil· Oct 6, 2024
I recommend terraform-style-guide for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
★★★★★Kofi Tandon· Sep 5, 2024
terraform-style-guide fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
★★★★★Kofi Nasser· Aug 24, 2024
terraform-style-guide is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

showing 1-10 of 26

1 / 3