📝 Tutorials
· 3 min read

Use AI to Write and Review Terraform Code (2026)

Infrastructure as Code is repetitive, error-prone, and full of boilerplate. AI handles all three well. But Terraform files contain sensitive infrastructure details — provider credentials, internal network CIDRs, database connection strings. Using cloud AI means exposing your infrastructure topology.

Here’s how to use AI for Terraform safely.

Generate Terraform with AI

Using Claude Code or Codex CLI

# Claude Code
claude "Create a Terraform module for an AWS ECS Fargate service with:
- ALB with HTTPS
- Auto-scaling (2-10 tasks)
- CloudWatch logging
- Secrets from SSM Parameter Store"

# Codex CLI
codex --auto-edit "Add a Redis ElastiCache cluster to the existing VPC"

Both tools read your existing .tf files and generate code that fits your project structure.

Using Ollama (private)

# Generate locally — nothing leaves your machine
ollama run qwen3.5:27b "Write a Terraform module for an AWS RDS PostgreSQL instance with:
- Multi-AZ deployment
- Automated backups (7 day retention)
- Private subnet only (no public access)
- KMS encryption
- Output the connection string"

Use qwen3.5:27b for Terraform — the 27B model handles complex HCL better than 8B models.

Review Terraform with AI

Security review

# Pipe your Terraform plan to AI
terraform plan -no-color | ollama run qwen3:8b "Review this Terraform plan for:
1. Security issues (public access, missing encryption, overly permissive IAM)
2. Cost concerns (oversized instances, missing spot/reserved pricing)
3. Best practice violations
4. Missing tags"

Pre-commit hook

#!/bin/bash
# .git/hooks/pre-commit
# AI review before every commit

CHANGED_TF=$(git diff --cached --name-only | grep '\.tf$')
if [ -n "$CHANGED_TF" ]; then
    echo "🤖 AI reviewing Terraform changes..."
    git diff --cached -- $CHANGED_TF | ollama run qwen3:8b \
        "Review these Terraform changes for security issues and best practices. Be brief — only flag problems:" 
fi

In CI/CD

# .github/workflows/terraform-review.yml
- name: AI Terraform Review
  run: |
    terraform plan -no-color -out=plan.txt 2>&1 | head -200 > plan_summary.txt
    REVIEW=$(cat plan_summary.txt | curl -s https://openrouter.ai/api/v1/chat/completions \
      -H "Authorization: Bearer ${{ secrets.OPENROUTER_KEY }}" \
      -H "Content-Type: application/json" \
      -d "{\"model\":\"openai/gpt-5.4-mini\",\"messages\":[{\"role\":\"user\",\"content\":\"Review this Terraform plan for security and cost issues:\n$(cat plan_summary.txt)\"}]}" \
      | jq -r '.choices[0].message.content')
    echo "$REVIEW"

Optimize existing Terraform

# Find cost optimization opportunities
cat main.tf variables.tf | ollama run qwen3.5:27b "Analyze this Terraform configuration for cost optimization:
1. Are any resources oversized?
2. Can anything use spot/preemptible instances?
3. Are there missing auto-scaling configurations?
4. Any resources that should use reserved pricing?"

Common Terraform patterns AI generates well

PatternPromptQuality
VPC + subnets”Create a VPC with public/private subnets in 3 AZs”✅ Excellent
ECS Fargate”Deploy a containerized app on ECS Fargate with ALB”✅ Good
RDS instance”Create an RDS PostgreSQL with encryption and backups”✅ Excellent
IAM roles”Create least-privilege IAM role for Lambda accessing S3 and DynamoDB”⚠️ Review carefully
Networking/security groups”Create security groups for a 3-tier architecture”⚠️ Review carefully

Always review AI-generated IAM policies and security groups manually. AI tends to be overly permissive — it’s easier to generate a working policy than a secure one.

Local vs cloud AI for Terraform

ConcernLocal (Ollama)Cloud (GPT/Claude)
Infrastructure details exposed❌ No✅ Yes
QualityGood (27B)Best
SpeedSlowerFaster
Cost$0$0.01-0.05/review

For production infrastructure, use local models. Your Terraform files describe your entire infrastructure topology — that’s sensitive information.

For learning and personal projects, cloud AI is fine and gives better results.

Related: Terraform vs Pulumi · Terraform Cheat Sheet · AI for CI/CD Pipelines · AI Log Analysis with Local Models · Ollama Complete Guide · Self-Hosted AI for Enterprise

You might also like

AI for CI/CD: Smarter Pipelines with Local and Cloud Models (2026)

Add AI to your CI/CD pipeline for automated code review, test generation, PR descriptions, changelog generation, and deployment decisions.

What is Terraform? A Simple Explanation for Developers

Terraform explained in plain English — infrastructure as code, providers, state, and when to use it vs. CloudFormation or Pulumi.

Build an AI-Powered Code Snippet Manager

Step-by-step tutorial: build a CLI tool that saves code snippets with AI-generated tags, descriptions, and search. Never lose a useful snippet again.

AI-Assisted Kubernetes Troubleshooting with Local Models (2026)

Use Ollama and local AI to debug Kubernetes issues: pod crashes, OOMKilled, ImagePullBackOff, and networking problems without sending cluster data to the cloud.