TFLint vs Overmind: Choosing the Right Tool for Your Terraform Workflow

When working with Terraform, selecting the right tools can make all the difference in streamlining your workflow and ensuring your infrastructure is robust and compliant. In this blog, we'll explore two noteworthy tools — TFLint and Overmind. We'll compare their features, highlight their unique advantages, and help you understand how each can benefit your Terraform projects.

‍

What is TFLint?

‍

TFLint is a popular open-source Terraform linter that helps developers identify potential errors and best practices in their Terraform code. It performs static code analysis to detect issues such as security vulnerabilities, misconfigurations, and compliance violations. TFLint supports a wide range of IaC formats, making it a versatile tool for ensuring the quality and integrity of your Terraform code.

‍

Key Features of TFLint:

‍

1. Static Code Analysis: Scans Terraform configurations for potential errors and best practice violations.
2. Extensive Rule Set: Provides a comprehensive set of rules covering various aspects of Terraform configurations, including security, performance, and maintainability.
3. Customisation: Users can customise TFLint's ruleset to align with their specific organisational standards and best practices.
4. CI/CD Integration: Seamlessly integrates into CI/CD pipelines, allowing developers to catch issues early in the development lifecycle.

‍

How to Install and Configure TFLint:

‍

To use TFLint, follow these steps to install the tool and configure it for your project.

1. Install TFLint:

    
# Install via Homebrew:
brew install tflint

# Install via Choco:
choco install tflint 
  

2. Initialise TFLint in Your Project:Create a .tflint.hcl configuration file in the root of your Terraform project:

    
plugin "aws" {
  enabled = true
  version = "0.10.0"
  source  = "github.com/terraform-linters/tflint-ruleset-aws"
}

rule "aws_instance_invalid_type" {
  enabled = true
} 
  

3. Run TFLint:

    tflint 
  

4. Example Output:‍‍

    2 issues found:

Error: aws_instance_invalid_type
- Invalid instance type found. Valid types: t2.micro, t2.small

File: main.tf
Line: 5 
  

5. Custom Rules and CI/CD Integration:You can extend TFLint by creating custom rules and integrating it into your CI/CD pipeline using tools like GitHub Actions or Jenkins.

‍

‍

What is Overmind?

‍

Overmind is a powerful tool that provides real-time impact analysis on Terraform changes. It helps users identify the blast radius and potential risks associated with Terraform modifications, allowing for confident and secure infrastructure changes. Overmind plays a crucial role in minimizing downtime and ensuring that infrastructure changes are thoroughly vetted before implementation.

‍

Key Features of Overmind:

‍

1. Blast Radius Analysis: Automatically reveals dependencies and potential impacts of Terraform changes, enabling users to understand the full scope of their modifications.
2. Risk Analysis: Pinpoints potential issues and their impacts, eliminating the need for extensive manual reviews and assessments.
3. Real-time Dependency Discovery: Overmind's "Explore" feature helps users plan deployments by revealing dependencies and impacts early in the planning stage.
4. Change Tracking: Tracks change outcomes and correlates issues to their causes, facilitating reliable rollbacks and post-deployment analysis.

‍

How to Install and Configure Overmind:

‍

To use Overmind, follow these steps to install the tool and configure it for your project.‍

1. Install Overmind:

    
# Install via Homebrew:
brew install overmindtech/overmind/overmind-cli

# Install all other ways:
https://github.com/overmindtech/cli
 
  

2. Run a Terraform plan

    
overmind terraform plam
 
  

3. Example Output:

    
$ overmind terraform plan
### Check for a token locally, if it doesn't exist log the user in
Please sign-up/login at 
### Device OAuth flow
Authentication succeeded.
### Check to see if the user has any config about where the source should run
### If they don't, they will be prompted to choose
Choose how to access your AWS account (read-only):
> Use $AWS_PROFILE (currently: dogfood)
  Use a different profile
  Use the default settings # if AWS_PROFILE is not set
  Configure managed source (opens browser)
### Detect outdated topology cache and populate if necessary
Detected outdated topology cache, populating in the background...
Running `terraform plan`...
### Terraform plan output
Plan Complete! Submitting plan to Overmind...
✅ Mapping resources
✅ Stripping sensitive data
✅ Submitting changes to Overmind
✅ Discovering Blast Radius
✅ Blast radius graph ready, opening in browser: 
✅ Calculating risks
Plan complete: Expected Changes:
+ dns > www.google.com
~ ec2-instance > i-18b23b43h
- ip > 1.1.1.1
-/+ ec2-instance > i-18b23b43h (replaced)

Blast Radius: Items: 128 Edges: 350

### Potential Risks
- **Impact on Target Groups (High 🔥)**: Target groups may be indirectly affected if the security group change causes networking issues.
- **Impact on Load Balancer Traffic (Medium !)**: The restriction of egress traffic to just port 8080 could affect the distribution of traffic to backend services.
- **Misconfiguration of Egress Rules (Low ⁉)**: The security group change to port 8080 poses a risk of blocking other outbound traffic required by applications.

See this change in the graph: 

To apply and track changes, run:
```sh
overmind terraform apply -file .overmind/plan.out
 
  

‍

Choosing the Right Tool

‍

TFLint and Overmind serve different purposes within the Terraform workflow, making them complementary tools rather than direct competitors. TFLint focuses on static code analysis and ensuring the quality and compliance of Terraform configurations, while Overmind specialises in real-time impact analysis, risk assessment, and dependency visualisation.

‍

When to Use TFLint:

‍

Use TFLint when you need to:

• Identify potential errors and best practice violations in your Terraform code.
• Ensure compliance with security and organisational standards.
• Integrate static code analysis seamlessly into your CI/CD pipeline for early issue detection.

‍

When to Use Overmind:

‍

Use Overmind when you need to:

• Understand the full impact and dependencies of proposed Terraform changes.
• Minimise the risk of downtime and potential infrastructure disruptions.
• Track and visualise the potential impacts of infrastructure modifications in real time.

‍

Comparison Table: TFLint vs Overmind

‍

‍

Join the Discussion

Have you used TFLint or Overmind in your Terraform workflow? Share your experiences and insights with our community. Join our Discord for in-depth discussions and updates on Terraform and related tools. Stay tuned to our blog for the latest insights and tips on optimising your infrastructure management.