Back to Cookbook

Plan Whisperer

Spot the destroy hiding in 2,000 lines of Terraform plan

Runs terraform plan, parses the JSON output, and gives you a risk-rated summary. Flags resource deletions, replacements, and security-sensitive changes (IAM, security groups, databases) so you catch the dangerous stuff before it hits production.

House RecipeWork2 min

INGREDIENTS

🐙GitHub

PROMPT

Create a skill called "Plan Whisperer". When I point you at a Terraform directory, run `terraform plan -out=tfplan && terraform show -json tfplan` and analyze the JSON output. Categorize every resource change by risk: - CRITICAL: any destroy or replace action - HIGH: changes to IAM, security groups, databases, encryption, DNS - MEDIUM: updates to compute, networking, storage configuration - LOW: creates, tag-only changes, output changes For each CRITICAL and HIGH change, explain what will happen in plain English and flag if it could cause downtime. Calculate the blast radius (dependent resources). Generate a concise summary suitable for a PR comment, plus a detailed breakdown I can expand if needed.

How It Works

Instead of scrolling through hundreds of lines of plan output looking for

the one `forces replacement` that's going to take down your database, this

skill categorizes every change by risk level and surfaces the scary stuff first.

What You Get

  • Risk-rated plan summary: destroy (critical) → replace (high) → update (medium) → create (low)
  • Highlighted security-sensitive changes (IAM, security groups, encryption settings)
  • Blast radius analysis: which other resources depend on changed resources
  • Database and stateful resource change warnings
  • One-line summary suitable for a PR comment
  • Full breakdown available on request

Setup Steps

  1. Ensure Terraform is initialized in your working directory
  2. Ask your Claw to review the plan for a given directory or workspace
  3. Review the risk-rated summary
  4. Drill into any flagged changes for details

Tips

  • Works by running `terraform plan -out=tfplan` and parsing `terraform show -json tfplan`
  • Can compare plans across workspaces to catch environment drift
  • Ask it to generate the PR comment format for your team's review process
  • Pairs well with environment drift detection for cross-env consistency checks
Tags:#terraform#iac#devops#code-review