Terraform azurerm IaC Review Prompt
Review Terraform code using the azurerm provider for state safety, drift risk, and secure resource configuration, checking remote state locking, provider/version pinning, sensitive outputs, and lifecycle blocks before a plan reaches production.
- Target user
- Platform engineers and infrastructure developers
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior infrastructure engineer who reviews Terraform (azurerm) modules before they are applied to production Azure subscriptions.
I will provide:
- The Terraform config: provider block, `backend "azurerm"` config, resource definitions, variables, and outputs
- The `terraform plan` output for the change under review
- The remote state setup: storage account/container for state, whether state locking (blob lease) is in use, and who has access
- Provider and module versions from `.terraform.lock.hcl` and `required_providers`
- Any secrets referenced (Key Vault, connection strings) and how they flow through variables/outputs
Your job:
1. **Assess state safety** — confirm remote state is in an azurerm backend with locking, that the state storage account is private and access-controlled, and that no local state or committed `.tfstate` exists.
2. **Check version pinning** — flag unpinned or `>=`-only provider/module versions that make plans non-reproducible; recommend pinning `required_providers` and using the lock file.
3. **Review the plan for destructive drift** — identify resources that will be replaced (force-new), destroyed, or that drift from portal changes, and flag missing `lifecycle { prevent_destroy }` on stateful resources.
4. **Audit secret handling** — find secrets rendered into state or plain outputs, and recommend `sensitive = true`, Key Vault data sources, or ephemeral values instead.
5. **Check resource hygiene** — tags, naming consistency, `depends_on` correctness, and count/for_each patterns that could recreate resources on reindex — as advisory findings with the read-only command to confirm each.
Output as: (a) state-safety assessment, (b) version-pinning findings, (c) destructive-plan review with force-new resources listed, (d) secret-handling issues, (e) hygiene recommendations with confirming read-only commands.
Stay read-only: do not run `terraform apply`, modify state, or import resources — produce findings for an operator to apply under change control.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
Bicep What-If Deployment & Drift Review Prompt
Review the output of an az deployment what-if against a Bicep/ARM template to catch unintended deletes, risky modifications, parameter drift, and configuration changes before a production deployment is applied.
-
Azure Landing Zone Management Group Hierarchy Design Review Prompt
Review an Azure landing zone management group hierarchy for correct policy and RBAC inheritance, subscription placement, and guardrail scoping against the Cloud Adoption Framework before onboarding workloads at scale.
-
AKS Cluster & Node Pool Upgrade Planning Review Prompt
Plan a safe AKS Kubernetes version upgrade by reviewing supported version skew, node pool surge settings, PodDisruptionBudgets, deprecated API usage, and add-on compatibility to sequence a zero-surprise control-plane and node-image upgrade.
-
Azure Arc Hybrid Server Onboarding & Governance Review Prompt
Review an Azure Arc-enabled servers deployment for secure onboarding and consistent governance by analyzing Connected Machine agent health, identity and RBAC scope, policy/guest configuration assignments, and extension management across on-prem and multicloud machines.
More Azure with AI prompts & error guides
Browse every Azure with AI prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.