Terraform HCL Formatter

Terraform HCL Formatter

Indents, aligns equals signs, and lints for common Terraform mistakes — hardcoded credentials, wildcard CIDRs, missing required variables, and risky resource flags.

Input HCL
Formatted
terraform {
  required_version = ">= 1.5.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = var.region
}

variable "region" {
  description = "AWS region"
  type        = string
  default     = "us-east-1"
}

variable "instance_type" {
  description = "EC2 instance type"
  type        = string
}

resource "aws_security_group" "web" {
  name        = "web-sg"
  description = "web sg"

  ingress {
    from_port = 22
    to_port   = 22
    protocol  = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_db_instance" "main" {
  identifier          = "main-db"
  engine              = "postgres"
  instance_class      = "db.t3.micro"
  username            = "admin"
  password            = "supersecret123"
  skip_final_snapshot = true
  publicly_accessible = true
}

output "db_endpoint" {
  value     = aws_db_instance.main.endpoint
  sensitive = false
}
Findings
1 err3 warn2 info
  • warnL34Wildcard CIDR 0.0.0.0/0 in security group — locks open the rule
  • warnL34Security group allows traffic from 0.0.0.0/0
  • errorL43Hardcoded password literal — use a variable with sensitive=true
  • infoL44skip_final_snapshot=true — recovery becomes harder if DB is destroyed
  • warnL45Resource is publicly_accessible — confirm this is intentional
  • infoL21variable "instance_type" has no default — caller must provide it (terraform.tfvars or -var)
Structure (7 blocks)
  • terraformL1
  • provider "aws"L11
  • variable "region"L15
  • variable "instance_type"L21
  • resource "aws_security_group" "web"L26
  • resource "aws_db_instance" "main"L38
  • output "db_endpoint"L48

What This Tool Does

Terraform HCL Formatter is built for deterministic developer and agent workflows.

Format and lint Terraform HCL with terraform fmt-style indentation, equals alignment, and detection of hardcoded credentials, wildcard CIDRs, and missing required variables. Runs locally.

Use How to Use for execution steps and FAQ for constraints, policies, and edge cases.

Last updated:

This tool is provided as-is for convenience. Output should be verified before use in any production or critical context.

Agent Invocation

Best Path For Builders

Browser workflow

Runs instantly in the browser with private local processing and copy/export-ready output.

Browser Workflow

This tool is optimized for instant in-browser execution with local data handling. Run it here and copy/export the output directly.

/terraform-hcl-formatter/

For automation planning, fetch the canonical contract at /api/tool/terraform-hcl-formatter.json.

How to Use Terraform HCL Formatter

  1. 1

    Paste your HCL

    Drop any Terraform configuration into the input pane: a single resource, a full module, or several files concatenated. The formatter handles HCL2 syntax, heredocs, and string interpolations.

  2. 2

    Read the formatted output

    The right pane shows terraform fmt-equivalent output: 2-space indentation, aligned equals signs within blocks, and normalized blank lines. Click Copy to lift the cleaned text back into your editor.

  3. 3

    Triage findings

    Errors flag hardcoded AWS keys, inline private keys, and dangerous patterns. Warnings cover 0.0.0.0/0 CIDRs, public flags, and missing safeguards. Info findings note declared variables without defaults.

  4. 4

    Inspect block structure

    The Structure panel lists every top-level block with its labels and line number, so you can quickly count resources, spot mistyped block types, or find a stray locals block buried in a long file.

  5. 5

    Re-run after edits

    Both formatting and linting recompute as you type. Iterate until findings are clean, then copy the output to your repo. The tool catches the issues that cause noisy code review feedback before you push.

Frequently Asked Questions

What is Terraform HCL Formatter?
It formats Terraform HCL with terraform fmt-equivalent indentation and equals alignment, then lints for hardcoded credentials, wildcard CIDRs, missing required variables, and other common mistakes. All in your browser.
Is the formatting identical to terraform fmt?
It matches the rules that catch the vast majority of code review noise: 2-space indentation, equals alignment within blocks, normalized blank lines. Edge cases with multi-line heredocs may differ slightly.
Does it send my data to a server?
No. Both formatting and linting run entirely in your browser. Your Terraform code, which often contains account IDs and bucket names, never leaves your device.
What lint rules are included?
Hardcoded AWS access keys and secrets, inline private keys, hardcoded passwords and tokens, 0.0.0.0/0 CIDR blocks, publicly_accessible flags, skip_final_snapshot, wildcard strings, and undeclared variable references.
Does it execute or plan my Terraform?
No. The tool is purely text analysis. To validate against real provider schemas, run terraform validate locally, which checks resource attributes against the actual provider plugin.