---
title: "Terraform"
type: entity
tags:
  - devops
  - iac
  - infrastructure
  - automation
created: 2026-04-25
---

# Terraform

## Definition

Terraform 是 HashiCorp 开源的**基础设施即代码 (IaC)** 工具，通过声明式配置文件管理云资源。Agentic AI 代理审查 Terraform 脚本，在执行前建议改进，确保基础设施配置的可靠性和安全性。

## Aliases

- Terraform
- Terraform IaC
- Infrastructure as Code

## Relationship with [[Infrastructure-as-Code]]

Terraform 是 [[Infrastructure-as-Code]] 实践的主要实现工具之一：

```
Infrastructure as Code Tools:
├── Terraform ←
├── CloudFormation (AWS)
├── Pulumi
├── Ansible
└── Pulumi
```

## Agentic AI IaC Management

Agentic AI 在 Terraform 工作流中扮演审查者角色：

```
┌─────────────────────────────────────────────────┐
│        Agentic AI IaC Management Workflow        │
├─────────────────────────────────────────────────┤
│                                                  │
│  1. Developer writes Terraform                   │
│     ↓                                           │
│  2. Agentic AI reviews (auto)                   │
│     ├── Security scan (IAM policies)            │
│     ├── Cost estimation                         │
│     ├── Best practices check                    │
│     └── Compliance validation                   │
│     ↓                                           │
│  3. AI Suggestions                              │
│     ├── "S3 bucket should enable encryption"   │
│     ├── "Remove hardcoded credentials"         │
│     └── "Consider using modules for reuse"     │
│     ↓                                           │
│  4. Apply (after approval)                      │
│                                                  │
└─────────────────────────────────────────────────┘
```

## AI Review Capabilities

| Check Type | Description |
|------------|-------------|
| **Security** | IAM 过度权限、公开 S3 访问、硬编码密钥 |
| **Cost** | 资源过度配置、未使用资源识别 |
| **Compliance** | 标签规范、资源命名、区域限制 |
| **Best Practices** | 模块化、状态管理、回滚计划 |

## Example

> Agentic AI reviews Terraform plan:
> ```hcl
> resource "aws_s3_bucket" "data" {
>   bucket = "my-sensitive-data"
> }
> ```
> 
> AI Detection:
> - ⚠️ **Security Risk**: Bucket is public by default
> - ⚠️ **Missing**: Encryption not enabled
> - ⚠️ **Missing**: Versioning not enabled
> 
> AI Suggestions:
> ```hcl
> resource "aws_s3_bucket" "data" {
>   bucket = "my-sensitive-data"
>   
>   server_side_encryption_configuration {
>     rule {
>       apply_server_side_encryption_by_default {
>         sse_algorithm = "AES256"
>       }
>     }
>   }
> }
> 
> versioning { enabled = true }
> acl = "private"  # Block public access
> ```

## Related Concepts

- [[Infrastructure-as-Code]] — Terraform 是 IaC 的实现工具
- [[Automated Security Audit]] — AI 审查 Terraform 安全
- [[Cloud-Native]] — IaC 支持 Cloud-Native 实践
- [[Multi-Account Deployment]] — Terraform HCP/Cloud 多账户部署与 CloudFormation StackSets 对比
- [[AWS CloudFormation StackSets]] — AWS 原生多账户 IaC 部署工具，与 Terraform 有功能重叠

## Related Entities

- [[AWS CloudFormation StackSets]]：AWS 原生多账户部署服务，与 Terraform 在多账户 IaC 场景形成对比

## Related Sources

- [[how-agentic-ai-can-help-for-cloud-devops]]