## Quick Answer
Describe your infrastructure in plain English with the cloud provider name, and AI writes Terraform, Pulumi, or OpenTofu code. Always review IAM policies, security groups, and state backend configuration.
- AI knows major providers well (AWS, GCP, Azure, Hetzner, DigitalOcean) - Modules, remote state, and workspaces need human architecture decisions - Never run `terraform apply` from AI output without `terraform plan` review
## What You'll Need
- Cloud provider account with API credentials - Terraform or OpenTofu installed (`tofu` is the FOSS fork) - State backend (S3, GCS, Terraform Cloud, or local for dev) - AI IDE or CLI
## Steps
1. **Describe desired state.** Prompt: `Write Terraform for a Hetzner CAX41 VPS, floating IP, and firewall allowing 22, 80, 443.` 2. **Organize with modules.** Ask: `Refactor into reusable modules with clear input variables.` 3. **Add remote state.** Prompt: `Add a backend block using S3 with DynamoDB locking.` 4. **Parameterize environments.** One root per env (`envs/prod`, `envs/staging`) with shared modules. 5. **Run terraform plan.** Review every resource carefully. 6. **Secrets management.** Inject via `TF_VAR_*` env vars or SOPS. Never commit `.tfvars` with secrets. 7. **Apply with approval.** CI pipeline: plan on PR, apply on main merge with manual approval gate. 8. **Drift detection.** Schedule nightly `terraform plan` — alert on drift.
## Common Mistakes
- **Hardcoded secrets in `.tf`.** Use a secrets manager. - **`count` instead of `for_each`.** `for_each` is safer for refactors. - **Overly permissive IAM.** AI defaults to `*` actions. Narrow manually. - **No tags.** Every resource should have `environment`, `owner`, `cost-center` tags.
## Top Tools
| Tool | Use | |------|-----| | Terraform / OpenTofu | IaC runtime | | Infracost | Cost estimation in PRs | | tflint | Lint | | Atlantis | PR-based workflow | | Pulumi | Typed IaC (TS/Python/Go) |
## FAQs
**Should I pick Terraform or OpenTofu?** OpenTofu — FOSS, same syntax, actively developed post-license change.
**Can AI write Pulumi?** Yes — TypeScript Pulumi is easier for AI than HCL since it reuses its JS/TS strengths.
**Does AI handle multi-region?** Yes, via provider aliases. Specify regions in the prompt.
**What about Kubernetes manifests?** Both Terraform's `kubernetes` provider and `kubectl` manifests work. Helm charts too.
**How do I test Terraform?** Terratest (Go) or `checkov` for static analysis.
**Does AI know about cost optimization?** Yes — ask: `Suggest cost optimizations for this architecture.`
## Conclusion
AI removes the cold-start problem of IaC. Start from a rough prompt, harden with a human security review, lock with a remote state backend. [Misar Dev](https://misar.dev) scaffolds Coolify + Hetzner Terraform setups in minutes.
Free newsletter
Join thousands of creators and builders. One email a week — practical AI tips, platform updates, and curated reads.
No spam · Unsubscribe anytime
Terraform, Pulumi, and AI review — ship infrastructure changes safely without staring at plan output for hours.
Let AI generate, tune, and self-heal your CI/CD workflows — GitHub Actions, CircleCI, and GitLab pipelines that fix them…
AI calendar assistants, smart reminders, and rescheduling automation — kill the scheduling ping-pong.
Comments
Sign in to join the conversation
No comments yet. Be the first to share your thoughts!