update

Author: Mukesh

.github/workflows/tflint.yaml

@@ -0,0 +1,26 @@
+name: TFLint Check
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  tflint:
+    name: Run TFLint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Install TFLint
+        run: |
+          curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
+
+      - name: Initialize TFLint
+        run: tflint --init
+
+      - name: Run TFLint on All Modules
+        run: tflint --config .tflint.hcl --recursive modules/

.tflint.hcl

@@ -0,0 +1,34 @@
+plugin "aws" {
+  enabled = true
+  version = "latest"
+}
+
+# Enable built-in AWS rules
+rule "aws_instance_invalid_type" {
+  enabled = true
+}
+
+rule "aws_security_group_ingress_cidr_blocks" {
+  enabled = true
+}
+
+# Custom rule: Ensure S3 Buckets are private
+rule "aws_s3_bucket_private" {
+  enabled = true
+}
+
+# Custom rule: Ensure tags are always defined
+rule "terraform_module_tag_required" {
+  enabled = true
+  required_tags = ["Name", "Environment", "Owner"]
+}
+
+# Custom rule: Prevent usage of sensitive IAM actions
+rule "aws_iam_policy_restricted_actions" {
+  enabled = true
+  restricted_actions = [
+    "iam:*",         # Prevent wildcard permissions
+    "s3:*",          # Prevent full S3 access
+    "ec2:*"          # Prevent full EC2 access
+  ]
+}