Alternatives To Tflint
Select To Compare



Build Status GitHub release Terraform Compatibility License: MPL 2.0 Go Report Card Homebrew

A Pluggable Terraform Linter


TFLint is a framework and each feature is provided by plugins, the key features are as follows:

  • Find possible errors (like invalid instance types) for Major Cloud providers (AWS/Azure/GCP).
  • Warn about deprecated syntax, unused declarations.
  • Enforce best practices, naming conventions.


Bash script (Linux):

curl -s | bash

Homebrew (macOS):

brew install tflint

Chocolatey (Windows):

choco install tflint

NOTE: The Chocolatey package is NOT directly maintained by the TFLint maintainers. The latest version is always available by manual installation.


Releases are signed by Cosign. cosign verify-blob ensures that the release was built with this repository's GitHub Actions.

cosign verify-blob --certificate=checksums.txt.pem --signature=checksums.txt.keyless.sig --certificate-identity-regexp="^" --certificate-oidc-issuer= checksums.txt
sha256sum --ignore-missing -c checksums.txt


Instead of installing directly, you can use the Docker image:

docker run --rm -v $(pwd):/data -t

GitHub Actions

If you want to run on GitHub Actions, setup-tflint action is available.

Getting Started

First, enable rules for Terraform Language (e.g. warn about deprecated syntax, unused declarations). TFLint Ruleset for Terraform Language is bundled with TFLint, so you can use it without installing it separately.

The bundled plugin enables the "recommended" preset by default, but you can disable the plugin or use a different preset. Declare the plugin block in .tflint.hcl like this:

plugin "terraform" {
  enabled = true
  preset  = "recommended"

See the tflint-ruleset-terraform documentation for more information.

Next, If you are using an AWS/Azure/GCP provider, it is a good idea to install the plugin and try it according to each usage:

If you want to extend TFLint with other plugins, you can declare the plugins in the config file and easily install them with tflint --init.

plugin "foo" {
  enabled = true
  version = "0.1.0"
  source  = ""

  signing_key = <<-KEY


See also Configuring Plugins.

If you want to add custom rules that are not in existing plugins, you can build your own plugin or write your own policy in Rego. See Writing Plugins or OPA Ruleset.


TFLint inspects files under the current directory by default. You can change the behavior with the following options/arguments:

$ tflint --help
  tflint --chdir=DIR/--recursive [OPTIONS]

Application Options:
  -v, --version                                                 Print TFLint version
      --init                                                    Install plugins
      --langserver                                              Start language server
  -f, --format=[default|json|checkstyle|junit|compact|sarif]    Output format
  -c, --config=FILE                                             Config file name (default: .tflint.hcl)
      --ignore-module=SOURCE                                    Ignore module sources
      --enable-rule=RULE_NAME                                   Enable rules from the command line
      --disable-rule=RULE_NAME                                  Disable rules from the command line
      --only=RULE_NAME                                          Enable only this rule, disabling all other defaults. Can be specified multiple times
      --enable-plugin=PLUGIN_NAME                               Enable plugins from the command line
      --var-file=FILE                                           Terraform variable file name
      --var='foo=bar'                                           Set a Terraform variable
      --module                                                  Enable module inspection
      --no-module                                               Disable module inspection
      --chdir=DIR                                               Switch to a different working directory before executing the command
      --recursive                                               Run command in each directory recursively
      --filter=FILE                                             Filter issues by file names or globs
      --force                                                   Return zero exit status even if issues found
      --minimum-failure-severity=[error|warning|notice]         Sets minimum severity level for exiting with a non-zero error code
      --color                                                   Enable colorized output
      --no-color                                                Disable colorized output
      --fix                                                     Fix issues automatically

Help Options:
  -h, --help                                                    Show this help message

See User Guide for details.


If you don't get the expected behavior, you can see the detailed logs when running with TFLINT_LOG environment variable.

$ TFLINT_LOG=debug tflint


See Developer Guide.


If you find a security vulnerability, please refer our security policy.

Stargazers over time

Stargazers over time

Popular Configuration Management Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.