terraform-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides high-quality guidance on infrastructure security, including the principle of least privilege for IAM roles, mandatory state file encryption, and integrated secrets management using AWS Secrets Manager or HashiCorp Vault.
- [SAFE]: Recommends integrating standard community security scanners such as tfsec, Checkov, and Terrascan into CI/CD pipelines to detect misconfigurations early.
- [SAFE]: Encourages the use of remote backends with state locking (e.g., S3 with DynamoDB) and explicitly warns against committing sensitive state files to version control.
- [EXTERNAL_DOWNLOADS]: References the use of pre-commit hooks from a widely recognized community repository (antonbabenko/pre-commit-terraform) to automate code formatting, validation, and security linting.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were detected in the instructions or reference materials.
Audit Metadata