Auto-sync: 2026-04-22 04:02

2026-04-22 04:03:04 +08:00
parent 24218550d2
commit de096f2f88
232 changed files with 16604 additions and 514 deletions
--- a/wiki/entities/Terraform.md
+++ b/wiki/entities/Terraform.md
@@ -0,0 +1,119 @@
+---
+title: "Terraform"
+type: entity
+tags:
+  - devops
+  - iac
+  - infrastructure
+  - automation
+created: 2026-04-25
+---
+
+# Terraform
+
+## Definition
+
+Terraform 是 HashiCorp 开源的**基础设施即代码 (IaC)** 工具，通过声明式配置文件管理云资源。Agentic AI 代理审查 Terraform 脚本，在执行前建议改进，确保基础设施配置的可靠性和安全性。
+
+## Aliases
+
+- Terraform
+- Terraform IaC
+- Infrastructure as Code
+
+## Relationship with [[Infrastructure-as-Code]]
+
+Terraform 是 [[Infrastructure-as-Code]] 实践的主要实现工具之一：
+
+```
+Infrastructure as Code Tools:
+├── Terraform ←
+├── CloudFormation (AWS)
+├── Pulumi
+├── Ansible
+└── Pulumi
+```
+
+## Agentic AI IaC Management
+
+Agentic AI 在 Terraform 工作流中扮演审查者角色：
+
+```
+┌─────────────────────────────────────────────────┐
+│        Agentic AI IaC Management Workflow        │
+├─────────────────────────────────────────────────┤
+│                                                  │
+│  1. Developer writes Terraform                   │
+│     ↓                                           │
+│  2. Agentic AI reviews (auto)                   │
+│     ├── Security scan (IAM policies)            │
+│     ├── Cost estimation                         │
+│     ├── Best practices check                    │
+│     └── Compliance validation                   │
+│     ↓                                           │
+│  3. AI Suggestions                              │
+│     ├── "S3 bucket should enable encryption"   │
+│     ├── "Remove hardcoded credentials"         │
+│     └── "Consider using modules for reuse"     │
+│     ↓                                           │
+│  4. Apply (after approval)                      │
+│                                                  │
+└─────────────────────────────────────────────────┘
+```
+
+## AI Review Capabilities
+
+| Check Type | Description |
+|------------|-------------|
+| **Security** | IAM 过度权限、公开 S3 访问、硬编码密钥 |
+| **Cost** | 资源过度配置、未使用资源识别 |
+| **Compliance** | 标签规范、资源命名、区域限制 |
+| **Best Practices** | 模块化、状态管理、回滚计划 |
+
+## Example
+
+> Agentic AI reviews Terraform plan:
+> ```hcl
+> resource "aws_s3_bucket" "data" {
+>   bucket = "my-sensitive-data"
+> }
+> ```
+> 
+> AI Detection:
+> - ⚠️ **Security Risk**: Bucket is public by default
+> - ⚠️ **Missing**: Encryption not enabled
+> - ⚠️ **Missing**: Versioning not enabled
+> 
+> AI Suggestions:
+> ```hcl
+> resource "aws_s3_bucket" "data" {
+>   bucket = "my-sensitive-data"
+>   
+>   server_side_encryption_configuration {
+>     rule {
+>       apply_server_side_encryption_by_default {
+>         sse_algorithm = "AES256"
+>       }
+>     }
+>   }
+> }
+> 
+> versioning { enabled = true }
+> acl = "private"  # Block public access
+> ```
+
+## Related Concepts
+
+- [[Infrastructure-as-Code]] — Terraform 是 IaC 的实现工具
+- [[Automated Security Audit]] — AI 审查 Terraform 安全
+- [[Cloud-Native]] — IaC 支持 Cloud-Native 实践
+- [[Multi-Account Deployment]] — Terraform HCP/Cloud 多账户部署与 CloudFormation StackSets 对比
+- [[AWS CloudFormation StackSets]] — AWS 原生多账户 IaC 部署工具，与 Terraform 有功能重叠
+
+## Related Entities
+
+- [[AWS CloudFormation StackSets]]：AWS 原生多账户部署服务，与 Terraform 在多账户 IaC 场景形成对比
+
+## Related Sources
+
+- [[how-agentic-ai-can-help-for-cloud-devops]]