
Ask HN: How to check/enforce best practices on infrastructure? - ivanilves
Dear HN,<p>In my company we use Infrastructure as Code approach to deal with complexity and chaos.<p>We use pull requests and code reviews to ensure code&#x2F;resulting infrastructure quality.<p>However, we would like to go deeper and spend less human time on this.
For conventional programming languages we have lots of linters and other quality control tools that help us a lot, so we don&#x27;t search for stupid Python or Go errors manually.<p>But does anybody have any idea if there are similar tools that check common infrastructure (for example: Terraform) &quot;fxckups&quot; like passwords and API keys being put in cleartext form or database server (e.g. RDS) created with &quot;public&quot; access allowed to the whole world?<p>Currently I can use things like serverspec&#x2F;inspec to check out infra after deployment and this works pretty well,
but maybe there any tools we could apply BEFORE the deploy the [potentially flawed or broken] infrastructure?<p>Thank YOU!!!
======
mtmail
For the [https://www.chef.sh/](https://www.chef.sh/) there's
[http://www.foodcritic.io/](http://www.foodcritic.io/) For Terraform there
seems to exist a linter as well
[https://github.com/wata727/tflint](https://github.com/wata727/tflint)

~~~
apodobnik
I've used tflint in a pipeline and it works well.

------
chatmasta
I know you're asking about pre-deploy, but for post-deployment, you might want
to check out Bash Automated Testing System (BATS) [0].

[0] [https://github.com/sstephenson/bats](https://github.com/sstephenson/bats)

~~~
JeffRosenberg
As a fellow user of that project, FYI it has been migrated to
[https://github.com/bats-core/bats-core](https://github.com/bats-core/bats-
core)

