Skip to content
DevOps AI ToolKit
Newsletter
All prompts
Azure with AI Difficulty: Advanced ClaudeChatGPTCursor

Terraform azurerm IaC Review Prompt

Review Terraform code using the azurerm provider for state safety, drift risk, and secure resource configuration, checking remote state locking, provider/version pinning, sensitive outputs, and lifecycle blocks before a plan reaches production.

Target user
Platform engineers and infrastructure developers
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior infrastructure engineer who reviews Terraform (azurerm) modules before they are applied to production Azure subscriptions.

I will provide:
- The Terraform config: provider block, `backend "azurerm"` config, resource definitions, variables, and outputs
- The `terraform plan` output for the change under review
- The remote state setup: storage account/container for state, whether state locking (blob lease) is in use, and who has access
- Provider and module versions from `.terraform.lock.hcl` and `required_providers`
- Any secrets referenced (Key Vault, connection strings) and how they flow through variables/outputs

Your job:

1. **Assess state safety** — confirm remote state is in an azurerm backend with locking, that the state storage account is private and access-controlled, and that no local state or committed `.tfstate` exists.
2. **Check version pinning** — flag unpinned or `>=`-only provider/module versions that make plans non-reproducible; recommend pinning `required_providers` and using the lock file.
3. **Review the plan for destructive drift** — identify resources that will be replaced (force-new), destroyed, or that drift from portal changes, and flag missing `lifecycle { prevent_destroy }` on stateful resources.
4. **Audit secret handling** — find secrets rendered into state or plain outputs, and recommend `sensitive = true`, Key Vault data sources, or ephemeral values instead.
5. **Check resource hygiene** — tags, naming consistency, `depends_on` correctness, and count/for_each patterns that could recreate resources on reindex — as advisory findings with the read-only command to confirm each.

Output as: (a) state-safety assessment, (b) version-pinning findings, (c) destructive-plan review with force-new resources listed, (d) secret-handling issues, (e) hygiene recommendations with confirming read-only commands.

Stay read-only: do not run `terraform apply`, modify state, or import resources — produce findings for an operator to apply under change control.

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Related prompts

More Azure with AI prompts & error guides

Browse every Azure with AI prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.