Claude Code skill · Terraform

Never ship a terraform apply that destroys prod.

Somewhere in those 80 lines of terraform plan is a -/+ on your production database, or a firewall rule opening 0.0.0.0/0. This reads the plan for you and answers one question — is this safe? — with a GO / NO-GO you can trust.

✓ Zero dependencies · stdlib Python
✓ CI gate with --fail-on=high
✓ AWS + GCP out of the box

plan-review · ci

➜

Plan: 8 to add, 3 to change, 1 to destroy

✗ NO-GO — 5 HIGH risks found

↳ destroy google_sql_database_instance.main

↳ firewall ingress 0.0.0.0/0 → port 5432

↳ IAM binding grants allUsers

exit 1 · blocked the merge

Severity-ranked, with a one-line "why" for each finding.

Readsterraform show -json ·AWSGCP · pipe it in, gate CI, move on

You read the plan. It scrolls past. You apply.

The dangerous line is never the obvious one. It's a replace on a stateful resource, a public IP that wasn't there yesterday, or an IAM binding three modules deep. By the time you notice, it's applied.

destroy

a database or disk replaced in place — data gone, no undo.

expose

0.0.0.0/0 ingress or a public IP slips into the diff.

over-grant

allUsers or roles/owner buried in a module.

plan → analyze → decide

Three commands to a GO / NO-GO

Export the plan

terraform plan -out=tf.plan && terraform show -json tf.plan > plan.json

Run the analyzer

python3 review-plan.py plan.json

Pure stdlib — nothing to pip install.

Gate the merge

--fail-on=high → exit 1

Drop it in CI and risky plans can't merge.

What it catches

Heuristic, severity-ranked HIGH → MED → LOW, each with a one-line reason.

⚠
Data loss
databases, disks, buckets being destroyed or replaced.
⚠
Public exposure
0.0.0.0/0 / ::/0 ingress, open ports, public IPs.
⚠
Over-broad IAM
allUsers, roles/owner, AWS AdministratorAccess.
⚠
Plaintext secrets
secrets being created or set in the clear.

What's in the pack

›review-plan.py — the analyzer, pure stdlib, path arg or stdin, --json
›rules.py — every risk rule as editable data; add your org's policies in minutes
›--fail-on=high — the CI gate that blocks a destructive merge
›SKILL.md — a real Claude Code skill: "review my terraform plan"
›examples/ — a realistic AWS + GCP plan fixture and its exact report
›INSTALL.md — install, pipe a live plan, gate CI, extend rules

Terraform Plan Reviewer — cover showing a NO-GO verdict on a risky plan

one-time · yours forever

$19no subscription

✓ Runs anywhere Python 3 runs
✓ Editable rules — make them yours
✓ Real GO / NO-GO + CI exit code
✓ AWS + GCP coverage included
✓ Free updates to this product
✓ 14-day refund, no questions

A static review, not OPA/Sentinel — a fast sanity check that stops the obvious disasters.

Questions, answered

Do I need to install anything?＋

Just Python 3.7+. The analyzer is pure standard library — no pip install, no lockfile, nothing to vendor. Terraform CLI is only needed to generate a live plan.

Which providers does it understand?＋

AWS and GCP common resource types out of the box. Rules live in rules.py as plain data, so adding Azure or your own resources is a few lines.

Can it gate my CI?＋

Yes — --fail-on=high exits non-zero when a HIGH-severity risk is present, so a plan that would destroy prod or open a port simply can't merge.

Is GO a guarantee it's safe?＋

No — GO means "no obvious red flags found." It's a heuristic second pair of eyes, not a policy engine. A human still owns the apply.

Read the next plan with confidence.

Two seconds to a GO / NO-GO. Never get surprised by an apply again.