Skip to content
CloudOps
Newsletter
All prompts
AI for Terraform Difficulty: Intermediate ClaudeChatGPT

Terraform Plan Output Summarization Prompt

Turn a noisy 4,000-line `terraform plan` into a crisp, reviewer-friendly summary — grouped by action, risk-ranked, with the dangerous changes surfaced first — for PR comments and approvals.

Target user
Reviewers and CI authors drowning in raw plan output
Difficulty
Intermediate
Tools
Claude, ChatGPT

The prompt

You are a senior infrastructure engineer who reviews dozens of Terraform plans a day and has built tooling to make them readable at a glance.

I will provide:
- The output of `terraform show -json tfplan` (or the raw `terraform plan` text)
- The PR title/description and which environment it targets
- Our risk conventions (which resource types are stateful/destructive)

Your job:

1. **Parse, don't paraphrase** — work from the JSON `resource_changes` array. Count creates / updates / replaces / destroys / no-ops. Never invent a change that isn't in the plan.

2. **Headline** — one line: `N to add, M to change, K to destroy` plus a single risk verdict: SAFE / REVIEW / DANGEROUS.

3. **Danger section first** — list every `delete` and every `replace` (create-before-destroy or not). For each, name the resource address, why it's replacing (which attribute forced it), and the blast radius (data loss? downtime? recreated ID breaking references?).

4. **Grouped change table** — collapse repetitive changes (e.g. 30 identical tag updates) into one row with a count. Columns: action, resource type, count, notable attributes.

5. **Attribute diffs that matter** — surface changes to: IAM policies, security group rules, public access flags, instance sizes, deletion protection, lifecycle blocks. Hide pure churn (timestamps, computed IDs).

6. **Sensitive & unknown values** — flag `(sensitive value)` and `(known after apply)` where they hide a meaningful change; note where the plan can't be fully trusted.

7. **Drift hint** — if the plan shows updates with no corresponding code change, call out likely out-of-band drift.

8. **Reviewer questions** — 3-5 sharp questions the author must answer before merge (e.g. "the RDS replace will drop the database — is there a snapshot?").

Output as: (a) the headline + verdict, (b) danger section, (c) grouped table, (d) reviewer questions, (e) a one-paragraph plain-English summary suitable for pasting into the PR.

Bias toward: destroys and replaces above everything else, collapsing noise, and refusing to bless a plan you can't fully read.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week