# AGENTS.md — Terraform

Follow the official HashiCorp Terraform Style Guide.

- Run `terraform fmt` and `terraform validate` before committing.
- Indent two spaces per level; align `=` for consecutive single-line arguments.
- Use `#` for comments, never `//` or `/* */`.
- Use the standard files: `terraform.tf`, `providers.tf`, `backend.tf`,
  `main.tf`, `variables.tf`, `outputs.tf`, `locals.tf`.
- Keep `variables.tf` and `outputs.tf` blocks alphabetical; split large
  `main.tf` by logical group (`network.tf`, `compute.tf`, `storage.tf`).
- Name with `snake_case` descriptive nouns; don't put the resource type in the
  name (`resource "aws_instance" "web_api"`).
- Give every variable and output a `type` and `description`; mark secrets
  `sensitive = true`.
- Use variables/locals instead of hardcoded values; use locals sparingly.
- Argument order: `count`/`for_each`, params, blocks, `lifecycle`, `depends_on`.
- Use `count` for identical resources, `for_each` when values differ; use both
  in moderation.
- Set `required_version`; pin providers and modules to specific versions.
- Commit `.terraform.lock.hcl`.
- Never commit `*.tfstate`, `.terraform/`, plan files, or secret `*.tfvars`.
- Keep secrets out of code — use env vars, Vault, or CI secrets.
- Create modules only for real abstractions, not single-resource wrappers; keep
  the module tree flat.