Terraform Code Analysis
Infrastructure-as-code analysis of Terraform configurations, module dependencies, and resource relationships
What Axiom Refract Analyzes in Terraform
Module Dependency Graph
Resolves Terraform module source references — local paths, registry modules, and Git sources. Maps the complete module dependency tree including transitive module dependencies and version constraints.
Resource Dependency Analysis
Maps explicit (depends_on) and implicit (reference-based) dependencies between Terraform resources. Identifies resource chains where a single resource change cascades through the infrastructure graph.
Provider and Backend Configuration
Analyzes provider configurations, backend settings, and state file dependencies. Identifies coupling between Terraform configurations and specific cloud provider services.
Variable and Output Flow Tracing
Traces the flow of variables through module inputs, local values, and outputs. Identifies where variable changes propagate through the module hierarchy and affect downstream resources.
State File Blast Radius
Calculates the blast radius of resource changes within state files. Identifies resources whose modification would trigger cascading updates to dependent resources through plan analysis.
How It Works
Terraform is parsed using a hand-hardened Tree-sitter grammar supporting HCL2 syntax, including Terraform 1.x features such as moved blocks, import blocks, check blocks, and testing framework (.tftest.hcl). The parser resolves module source references against the local filesystem and Terraform Registry conventions. Provider configurations and required_providers blocks are parsed to map cloud service dependencies. Terragrunt configurations (terragrunt.hcl) are detected and handled alongside standard Terraform.
Common Findings in Terraform Codebases
Monolithic State Files
Terraform configurations with all resources in a single state file create high blast radius for any change. Axiom identifies state boundaries and recommends decomposition into smaller, focused state files.
Module Depth Complexity
Deeply nested module hierarchies make Terraform plans difficult to understand and debug. Axiom identifies module chains with excessive nesting depth and recommends flattening.
Implicit Provider Coupling
Terraform resources implicitly depend on provider configurations. Axiom maps provider usage across modules and identifies where provider changes would affect the most resources.
Orphaned Variables and Outputs
Terraform modules accumulate variables and outputs that are defined but never referenced by any caller. Axiom identifies dead variables and outputs that can be safely removed.
Polyglot Support
Terraform is one of 145+ languages Axiom Refract supports through Tree-sitter AST parsing. Terraform analysis covers .tf files, .tfvars files, terraform.lock.hcl, .terraformrc, backend configurations, and Terraform Cloud/Enterprise workspace definitions. Terragrunt, Pulumi (HCL mode), and OpenTofu configurations are also supported. Your entire codebase is analyzed in a single scan — regardless of how many languages it contains.