Guides
Start typing to search…

Terracotta AI Bot

Learn how you can interact with the Terracotta AI bot inside your PR comments here.

Overview

Terracotta is an AI-powered platform for reviewing and validating Infrastructure as Code (IaC), supporting both Terraform and CDK for Terraform (CDKTF). It provides:

  • Security & compliance insights
  • Best practice enforcement
  • Drift and cost analysis
  • Context-aware policy validation

All of this happens directly inside the pull request, without leaving your Git provider.


🚀 Built-in Commands

Terracotta AI commands can be triggered by commenting directly in a pull request. Each command performs a specific analysis on the Terraform or CDKTF code, helping your team catch issues and enforce standards before code is merged.

tc:help

Display a list of available Terracotta commands and usage instructions directly in the pull request.

  • Helpful for onboarding and discovering what actions Terracotta can perform.
  • Returns command syntax and descriptions inline in the PR thread.

tc:review

Run a comprehensive static analysis of the Infrastructure as Code (IaC) in the pull request.

  • Analyzes .tf files and CDKTF (TypeScript) for:
    • Security risks (e.g., wildcard IAM roles, open security groups)
    • Misconfigurations and deprecated resource usage
    • Hardcoded secrets, missing tags, naming inconsistencies
    • Violations of community and internal best practices
  • Functions like an AI-powered linter purpose-built for Terraform and CDK.

tc:plan

If credentials are available, runs terraform init and terraform plan to generate a real execution plan.

  • Evaluates planned changes in full context.
  • Performs:
    • Drift detection based on the current state
    • Cost impact estimation for any resource modifications
    • Recommendations for configuration improvements
  • Enables reviewers to understand what the infrastructure will actually do, not just what the code says.

tc:guard

Validate changes against your organization’s custom Guardrail policies.

  • Supports both org-level and repo-specific rule enforcement.
  • Detects violations related to:
    • Required tagging and naming
    • Encryption settings
    • IAM permissions and privilege boundaries
    • Region, environment, and resource-specific constraints
  • Prevents non-compliant infrastructure from being merged.

tc:conflict

Detect resource-level conflicts across other active pull requests in the same repository.

  • Compares resources being modified or created in parallel PRs.
  • Surfaces overlapping changes that may:
    • Cause state contention or corruption
    • Trigger double-apply issues
    • Break shared modules or dependencies
  • Helps teams avoid merge conflicts and Terraform state errors before they happen.

tc:drift

Run drift detection between the pull request’s Terraform code, the latest state file, and the live cloud environment.

  • Identifies drift caused by manual changes or external tooling.
  • Highlights:
    • Deleted or modified resources
    • Differences between code, state, and deployed infrastructure
  • Shows a clear diff of what’s out of sync and why.
  • Helps fix drift during review instead of reacting after incidents.

✅ Features Powered by Commands

Terracotta’s built-in commands power a wide range of high-impact infrastructure validation features:

  • Terraform & CDKTF Static Review
    Validate infrastructure code for quality, structure, and safety without relying solely on manual review.

  • Security Analysis
    Catch IAM misconfigurations, public S3 buckets, open ports, unencrypted resources, and hardcoded secrets.

  • Performance & Cost Optimization
    Estimate cloud spend, identify overprovisioned resources, and recommend cost-effective configurations.

  • Drift & State Awareness
    Detect out-of-band changes between code, state, and deployed infrastructure to prevent production surprises.

  • Contextual Guardrails
    Enforce organization-specific policies using AI that understands your infrastructure’s purpose and structure.

🧠 How to Use in Practice

  1. Open a PR with .tf or CDKTF code
  2. Leave a comment with the command you want to run (e.g., tc:review)
  3. Terracotta replies in the PR with a structured report and actionable feedback

Pro Tip: Use multiple commands in sequence to review code (tc:review), check for drift (tc:drift), validate policy (tc:guard), and analyze cost (tc:plan).

📫 Need Help?

Email: [email protected]
See the Getting Started Guide for detailed walkthroughs.

Updated 4 days ago