A comprehensive VS Code Dev Container providing a consistent, pre-configured environment for developing, testing, and deploying infrastructure as code with Terraform across AWS, Azure, and GCP.
Boost your infrastructure development productivity with a ready-to-use, standardized environment that works the same way for everyone on your team, across all major cloud providers.
- Features | Prerequisites | Getting Started
- Tools | Authentication | Configuration
- Contributing | License | Getting Help
Infrastructure as code (IaC) development with Terraform presents several challenges:
- Environment Setup Complexity: Time-consuming and error-prone setup process
- Cross-Cloud Development: Managing different CLIs and authentication methods
- Security and Compliance: Ensuring code meets security standards
- Team Consistency: Maintaining consistent environments across team members
- Onboarding Friction: New team members often spend days configuring their environment
This development container solves these problems by providing a ready-to-use, standardized environment with all necessary tools pre-configured.
- βοΈ Multi-cloud Support: Pre-installed CLIs and tools for AWS, Azure, and GCP
- π οΈ Complete Terraform Ecosystem: Comprehensive suite of tools including terraform-docs, tflint, tfsec, and more
- π Security and Compliance: Pre-commit hooks for security scanning and compliance checking
- π» Enhanced Developer Experience: VS Code integration with tasks, settings, and extensions
- β‘ Performance Optimization: Caching strategies and optimized volume mounts
- π§ͺ Testing and Validation: Built-in tools for testing infrastructure code
- π° Cost Management: Integrated cost estimation with Infracost
- Docker - Required for running containers
- Visual Studio Code - The recommended IDE
- VS Code Remote Development Extension Pack - Required for Dev Containers
-
Clone this repository:
git clone https://github.com/awslabs/aws-terraform-dev-container.git # or with SSH git clone [email protected]:awslabs/aws-terraform-dev-container.git
-
Open the folder in VS Code:
code aws-terraform-dev-container
-
When prompted, click "Reopen in Container" or use the command palette (F1) and select "Remote-Containers: Reopen in Container"
-
Wait for the container to build and initialize (this may take a few minutes the first time)
-
Start developing with all tools pre-configured and ready to use!
- Initialize your project: Use VS Code tasks to run
terraform init - Install pre-commit hooks: Run
pre-commit installto set up automated validation - Develop iteratively: Make small changes and validate frequently
- Validate changes: Use the pre-configured tasks for linting, security scanning, and validation
- Generate documentation: Use terraform-docs to keep documentation up-to-date
- Estimate costs: Run Infracost before applying changes to understand cost implications
- Test your infrastructure: Use Terratest to write and run tests for your infrastructure
- Review and apply: After thorough validation, apply your changes to the target environment
We recommend organizing your Terraform projects like this:
project/
βββ environments/
β βββ dev/
β β βββ main.tf
β β βββ variables.tf
β β βββ terraform.tfvars
β βββ staging/
β β βββ ...
β βββ prod/
β βββ ...
βββ modules/
β βββ networking/
β βββ compute/
β βββ storage/
βββ tests/
βββ ...
This structure promotes code reuse, environment isolation, and easier testing.
| Tool | Version | Description |
|---|---|---|
| Terraform | 1.12.1 | Infrastructure as Code tool |
| AWS CLI | 2.27.26 | Command line interface for AWS |
| Azure CLI | Latest | Command line interface for Azure |
| Google Cloud SDK | Latest | Command line interface for GCP |
| terraform-docs | 0.20.0 | Documentation generator for Terraform modules |
| tflint | 0.48.0 | Terraform linter |
| tfsec | 1.28.13 | Security scanner for Terraform code |
| terrascan | 1.19.9 | Detect compliance and security violations |
| terragrunt | 0.50.1 | Thin wrapper for Terraform that provides extra tools |
| terratest | v0.49.0 | Testing utility for infrastructure code |
| infracost | 0.10.41 | Cloud cost estimates for Terraform |
| checkov | 3.2.439 | Static code analysis tool for IaC |
| pre-commit | Latest | Framework for managing git pre-commit hooks |
The container includes helper scripts for authenticating with each cloud provider:
.devcontainer/scripts/aws-auth.sh [--profile PROFILE] [--region REGION] [--sso].devcontainer/scripts/azure-auth.sh [--subscription SUBSCRIPTION_ID] [--tenant TENANT_ID] [--service-principal] [--client-id CLIENT_ID] [--client-secret CLIENT_SECRET].devcontainer/scripts/gcp-auth.sh [--project PROJECT_ID] [--credentials FILE_PATH]The environment includes pre-configured VS Code tasks for common operations:
- Terraform: Init - Initialize a Terraform working directory
- Terraform: Plan - Generate and show an execution plan
- Terraform: Apply - Build or change infrastructure
- Terraform: Destroy - Destroy Terraform-managed infrastructure
- Terraform: Validate - Validate the Terraform files
- Terraform: Format - Rewrite Terraform configuration files to canonical format
- TFLint: Run - Run TFLint for static analysis
- TFSec: Run - Run TFSec for security scanning
- Checkov: Run - Run Checkov for compliance checks
- Pre-commit: Run All Hooks - Run all pre-commit hooks
To run a task, press Ctrl+Shift+P (or Cmd+Shift+P on macOS) and select "Tasks: Run Task", then choose the task you want to run.
The environment includes pre-configured pre-commit hooks for Terraform validation, formatting, and security scanning. To install the hooks:
pre-commit installEnvironment variables for Terraform and cloud providers can be configured in .devcontainer/config/terraform.env. The following variables are available:
TF_PLUGIN_CACHE_DIR- Directory for caching Terraform pluginsTF_CLI_ARGS_init- Arguments forterraform initTF_CLI_ARGS_plan- Arguments forterraform planTF_CLI_ARGS_apply- Arguments forterraform applyTF_LOG- Terraform logging level
AWS_PROFILE- AWS profile to useAWS_REGION- AWS region to useAWS_SDK_LOAD_CONFIG- Load config from AWS config file
ARM_SUBSCRIPTION_ID- Azure subscription IDARM_TENANT_ID- Azure tenant IDARM_CLIENT_ID- Azure client IDARM_CLIENT_SECRET- Azure client secret
GOOGLE_APPLICATION_CREDENTIALS- Path to GCP service account key fileCLOUDSDK_CORE_PROJECT- GCP project ID
To add custom tools to the container, modify the .devcontainer/Dockerfile and add your installation commands.
VS Code settings can be customized in .vscode/settings.json.
Pre-commit hooks can be customized in .pre-commit-config.yaml.
Click to expand Advanced Usage details
This development environment is designed with tool integration in mind. Here's how the tools work together:
-
Development Flow:
- Write Terraform code in VS Code with syntax highlighting and IntelliSense
- Use terraform fmt (via tasks or pre-commit) to maintain consistent formatting
- Validate syntax with terraform validate
- Check for best practices with tflint
- Generate documentation automatically with terraform-docs
-
Security and Compliance Flow:
- Scan for security issues with tfsec
- Check compliance with terrascan and checkov
- Detect secrets with pre-commit hooks
- All integrated into the pre-commit workflow
-
Testing Flow:
- Write infrastructure tests with Terratest
- Validate infrastructure behavior before deployment
- Ensure infrastructure meets requirements
-
Deployment Flow:
- Estimate costs with Infracost
- Plan changes with terraform plan
- Apply changes with terraform apply
- Manage complex deployments with Terragrunt
You can extend this development environment to suit your specific needs:
-
Adding Custom Tools:
- Modify the Dockerfile to add additional tools
- Add custom scripts to the scripts directory
- Configure additional VS Code extensions in devcontainer.json
-
Team Customization:
- Fork this repository for your team
- Add team-specific configurations and tools
- Share custom modules and examples
- Configure team-specific pre-commit hooks
-
CI/CD Integration:
- Use the same tools in your CI/CD pipelines
- Export configurations from the dev container to CI/CD
- Ensure consistency between development and automation
Click to expand Use Cases
- Standardize development environments across large teams
- Enforce security and compliance policies through built-in tools
- Simplify onboarding of new team members
- Ensure consistent practices across multiple cloud providers
- Rapidly prototype and test infrastructure changes
- Validate changes before applying to production environments
- Generate documentation automatically
- Estimate costs before deploying resources
- Design and test multi-cloud architectures
- Validate designs against security best practices
- Create reusable infrastructure modules
- Document architecture decisions
- Learn Terraform and cloud infrastructure in a pre-configured environment
- Experiment with different cloud providers without complex setup
- Follow industry best practices from day one
- Focus on code rather than tooling
Click to expand Productivity Benefits
- Environment Setup: Save 4-8 hours per developer on initial setup
- Tool Updates: Eliminate 1-2 hours per month maintaining tools
- Onboarding: Reduce new team member onboarding from days to hours
- Troubleshooting: Minimize environment-related issues that can waste hours of development time
- Consistent Validation: Every code change is automatically validated
- Security Scanning: Catch security issues before they reach production
- Documentation: Automatically generate and maintain documentation
- Testing: Verify infrastructure works as expected with integrated testing tools
- Standardized Environment: Everyone works with the same tools and versions
- Reproducible Results: Eliminate "works on my machine" problems
- Knowledge Sharing: Common toolset makes it easier to share techniques and solutions
- Cross-Platform: Works the same way on Windows, macOS, and Linux
The container includes the following volume mounts:
~/.aws- AWS credentials and configuration~/.azure- Azure credentials and configuration~/.config/gcloud- GCP credentials and configuration~/.ssh- SSH keysterraform-cache- Terraform plugin cache
- Credential Isolation: Credentials are mounted from the host to avoid storing them in the container
- Automated Scanning: Pre-commit hooks include security scanning for Terraform code
- Secret Detection: Automated detection is enabled to prevent committing sensitive information
- Compliance Checking: Built-in tools validate infrastructure against compliance standards
- Least Privilege: Authentication helpers encourage following least privilege principles
- Docker not running: Ensure Docker is running on your system
- Permission issues: Ensure you have the necessary permissions for the mounted volumes
- Authentication failures: Check your credentials and ensure they are properly configured
- Resource constraints: Increase Docker's allocated memory if container builds fail
- Network issues: Verify your network can access required repositories and cloud services
Container logs can be viewed in VS Code by clicking on the "Remote" indicator in the bottom-left corner and selecting "Show Container Log".
- Official Documentation: Refer to the USAGE.md file for detailed usage instructions
- Issue Tracker: Report bugs or request features through the GitHub Issues
- Community Support: Join discussions in the Discussions section
- Terraform Documentation: Terraform Docs
- AWS Documentation: AWS Docs
- Azure Documentation: Azure Docs
- GCP Documentation: GCP Docs
Contributions are welcome! Please see CONTRIBUTING.md for details on how to contribute to this project.
This project is licensed under the MIT License - see the LICENSE file for details.
See SECURITY.md for details on reporting security issues.