zopdev · gizmo-rt · Dec 9, 2025 · Dec 9, 2025
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -0,0 +1,21 @@
+plugin "terraform" {
+  enabled = true
+  preset  = "recommended"
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.35.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+plugin "google" {
+  enabled = true
+  version = "0.26.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-google"
+}
+
+config {
+  call_module_type = "all"
+}
+
diff --git a/account-setup/aws/main.tf b/account-setup/aws/main.tf
@@ -4,31 +4,31 @@
       for subnet in var.subnets[vpc_name].public_subnets_cidr : "${vpc_name}-${subnet}" => {
         vpc_id = aws_vpc.vpc[vpc_name].id
         subnet = subnet
-        az = var.subnets[vpc_name].availability_zones[index(var.subnets[vpc_name].public_subnets_cidr,subnet)]
+        az     = var.subnets[vpc_name].availability_zones[index(var.subnets[vpc_name].public_subnets_cidr, subnet)]
       }
     })
-  ]
-    ...)
+    ]
+  ...)
   private_subnet_map = merge([
     for vpc_name in keys(var.subnets) : tomap({
       for subnet in var.subnets[vpc_name].private_subnets_cidr : "${vpc_name}-${subnet}" => {
         vpc_id = aws_vpc.vpc[vpc_name].id
         subnet = subnet
-        az = var.subnets[vpc_name].availability_zones[index(var.subnets[vpc_name].private_subnets_cidr,subnet)]
+        az     = var.subnets[vpc_name].availability_zones[index(var.subnets[vpc_name].private_subnets_cidr, subnet)]
       }
     })
-  ]
-    ...)
+    ]
+  ...)
   db_subnet_map = merge([
     for vpc_name in keys(var.subnets) : tomap({
       for subnet in var.subnets[vpc_name].db_subnets_cidr : "${vpc_name}-${subnet}" => {
         vpc_id = aws_vpc.vpc[vpc_name].id
         subnet = subnet
-        az = var.subnets[vpc_name].availability_zones[index(var.subnets[vpc_name].db_subnets_cidr,subnet)]
+        az     = var.subnets[vpc_name].availability_zones[index(var.subnets[vpc_name].db_subnets_cidr, subnet)]
       }
     })
-  ]
-    ...)
+    ]
+  ...)
 
 }
 
@@ -44,16 +44,16 @@
  }
 }

 resource "aws_subnet" "public_subnets" {
   for_each                = local.public_subnet_map
   vpc_id                  = each.value["vpc_id"]
   cidr_block              = each.value["subnet"]
-  availability_zone = each.value["az"]
+  availability_zone       = each.value["az"]
   map_public_ip_on_launch = true
 
   tags = {
     Name        = "${each.key}-public-subnet"
-    Environment = "${each.key}"
+    Environment = each.key
   }
   depends_on = [
     aws_vpc.vpc
@@ -64,12 +64,12 @@
   for_each                = local.private_subnet_map
   vpc_id                  = each.value["vpc_id"]
   cidr_block              = each.value["subnet"]
-  availability_zone = each.value["az"]
+  availability_zone       = each.value["az"]
   map_public_ip_on_launch = false
 
   tags = {
     Name        = "${each.key}-private-subnet"
-    Environment = "${each.key}"
+    Environment = each.key
   }
   depends_on = [
     aws_vpc.vpc
@@ -80,12 +80,12 @@
   for_each                = local.db_subnet_map
   vpc_id                  = each.value["vpc_id"]
   cidr_block              = each.value["subnet"]
-  availability_zone = each.value["az"]
+  availability_zone       = each.value["az"]
   map_public_ip_on_launch = false
 
   tags = {
     Name        = "${each.key}-db-subnet"
-    Environment = "${each.key}"
+    Environment = each.key
   }
   depends_on = [
     aws_vpc.vpc
@@ -94,7 +94,7 @@
 
 resource "aws_internet_gateway" "internet_gw" {
   for_each = var.subnets
-  vpc_id                  = aws_vpc.vpc[each.key].id
+  vpc_id   = aws_vpc.vpc[each.key].id
 
   tags = {
     Name = "${each.key}-internet-gw"
@@ -104,97 +104,97 @@
 ## Route table
 resource "aws_route_table" "public_route_table" {
   for_each = var.subnets
-  vpc_id              = aws_vpc.vpc[each.key].id
+  vpc_id   = aws_vpc.vpc[each.key].id
 
   tags = {
     Name = "${each.key}-public_route_table"
   }
 }
 
 resource "aws_route_table" "private_route_table" {
-  for_each            = local.private_subnet_map
-  vpc_id              = aws_vpc.vpc[split("-",each.key)[0]].id
+  for_each = local.private_subnet_map
+  vpc_id   = aws_vpc.vpc[split("-", each.key)[0]].id
 
   tags = {
     Name = "${each.key}-private_route_table"
   }
 }
 
 resource "aws_route_table" "db_route_table" {
-  for_each            = local.db_subnet_map
-  vpc_id              = aws_vpc.vpc[split("-",each.key)[0]].id
+  for_each = local.db_subnet_map
+  vpc_id   = aws_vpc.vpc[split("-", each.key)[0]].id
 
   tags = {
     Name = "${each.key}-db_route_table"
   }
 }
 
 resource "aws_eip" "eip" {
-  for_each = local.public_subnet_map
-  vpc      = true
+  for_each   = local.public_subnet_map
+  vpc        = true
   depends_on = [aws_internet_gateway.internet_gw]
   tags = {
     Name = "${each.key}-nat-gateway-eip"
   }
 }
 
 resource "aws_nat_gateway" "nat-gateway" {
-  for_each = local.public_subnet_map
+  for_each      = local.public_subnet_map
   allocation_id = aws_eip.eip[each.key].id
   subnet_id     = aws_subnet.public_subnets[each.key].id
   tags = {
     Name = "${each.key}-nat-gateway-public"
   }
 
-  depends_on = [aws_eip.eip,aws_subnet.public_subnets,aws_internet_gateway.internet_gw]
+  depends_on = [aws_eip.eip, aws_subnet.public_subnets, aws_internet_gateway.internet_gw]
 }
 
 resource "aws_route" "public_route" {
-  for_each = var.subnets
-  route_table_id            = aws_route_table.public_route_table[each.key].id
-  destination_cidr_block    = "0.0.0.0/0"
-  gateway_id                = aws_internet_gateway.internet_gw[each.key].id
-  depends_on                = [aws_internet_gateway.internet_gw]
+  for_each               = var.subnets
+  route_table_id         = aws_route_table.public_route_table[each.key].id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.internet_gw[each.key].id
+  depends_on             = [aws_internet_gateway.internet_gw]
 }
 
 resource "aws_route" "private_route" {
-  count = length(keys(local.private_subnet_map))
-  route_table_id            = aws_route_table.private_route_table[element(keys(local.private_subnet_map),count.index)].id
-  destination_cidr_block    = "0.0.0.0/0"
-  nat_gateway_id            = aws_nat_gateway.nat-gateway[element(keys(local.public_subnet_map),count.index)].id
-  depends_on                = [aws_nat_gateway.nat-gateway,aws_internet_gateway.internet_gw]
+  count                  = length(keys(local.private_subnet_map))
+  route_table_id         = aws_route_table.private_route_table[element(keys(local.private_subnet_map), count.index)].id
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.nat-gateway[element(keys(local.public_subnet_map), count.index)].id
+  depends_on             = [aws_nat_gateway.nat-gateway, aws_internet_gateway.internet_gw]
 }
 
 resource "aws_route" "db_route" {
-  count = length(keys(local.db_subnet_map))
-  route_table_id            = aws_route_table.db_route_table[element(keys(local.db_subnet_map),count.index)].id
-  destination_cidr_block    = "0.0.0.0/0"
-  nat_gateway_id            = aws_nat_gateway.nat-gateway[element(keys(local.public_subnet_map),count.index)].id
-  depends_on                = [aws_nat_gateway.nat-gateway,aws_internet_gateway.internet_gw]
+  count                  = length(keys(local.db_subnet_map))
+  route_table_id         = aws_route_table.db_route_table[element(keys(local.db_subnet_map), count.index)].id
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.nat-gateway[element(keys(local.public_subnet_map), count.index)].id
+  depends_on             = [aws_nat_gateway.nat-gateway, aws_internet_gateway.internet_gw]
 }
 
 resource "aws_route_table_association" "public_route_table_association" {
-  for_each = local.public_subnet_map
+  for_each       = local.public_subnet_map
   subnet_id      = aws_subnet.public_subnets[each.key].id
-  route_table_id = aws_route_table.public_route_table[split("-",each.key)[0]].id
+  route_table_id = aws_route_table.public_route_table[split("-", each.key)[0]].id
 }
 
 resource "aws_route_table_association" "private_route_table_association" {
-  for_each      = local.private_subnet_map
+  for_each = local.private_subnet_map
 
-  subnet_id = aws_subnet.private_subnets[each.key].id
+  subnet_id      = aws_subnet.private_subnets[each.key].id
   route_table_id = aws_route_table.private_route_table[each.key].id
 }
 
 resource "aws_route_table_association" "db_route_table_association" {
-  for_each      = local.db_subnet_map
+  for_each = local.db_subnet_map
 
   subnet_id      = aws_subnet.db_subnets[each.key].id
   route_table_id = aws_route_table.db_route_table[each.key].id
 }
 
 resource "aws_security_group" "allow_tls" {
-  for_each      = var.subnets
+  for_each    = var.subnets
   description = "Cluster communication with worker nodes"
   vpc_id      = aws_vpc.vpc[each.key].id
 }
diff --git a/account-setup/aws/outputs.tf b/account-setup/aws/outputs.tf
@@ -1,5 +1,5 @@
 output "vpc_id" {
-  value = ["${aws_vpc.vpc}"]
+  value = [aws_vpc.vpc]
 }
 
 output "public_subnets" {

diff --git a/github/aws/teams.tf b/github/aws/teams.tf
@@ -1,16 +1,15 @@
 data "github_organization" "organization" {
-    name = var.owner
+  name = var.owner
 }
 
 locals {
-  org_members = data.github_organization.organization.members
   github_repo_admin_access = merge([
     for team in keys(var.github_teams) : tomap({
       for user in var.github_teams[team].admins : "${team}-${user}" => {
-            user = user
-            team = team
-    }
-  })
+        user = user
+        team = team
+      }
+    })
   ]...)
 
   github_repo_editor_access = merge([
@@ -33,58 +32,58 @@ locals {
 
 }
 resource "github_team" "admin_team" {
-  for_each    = var.github_teams
-  name        = "${each.key}_admin"
+  for_each = var.github_teams
+  name     = "${each.key}_admin"
 }
 
 resource "github_team" "editor_team" {
-  for_each    = var.github_teams
-  name        = "${each.key}_editor"
+  for_each = var.github_teams
+  name     = "${each.key}_editor"
 }
 
 resource "github_team" "viewer_team" {
-  for_each    = var.github_teams
-  name        = "${each.key}_viewer"
+  for_each = var.github_teams
+  name     = "${each.key}_viewer"
 }
 
 resource "github_team_membership" "admin_team" {
-  for_each  = local.github_repo_admin_access
-  team_id   = github_team.admin_team[each.value.team].id
-  username  = each.value.user
-  role      = "member"
+  for_each = local.github_repo_admin_access
+  team_id  = github_team.admin_team[each.value.team].id
+  username = each.value.user
+  role     = "member"
 }
 
 resource "github_team_membership" "editor_team" {
-  for_each  = local.github_repo_editor_access
-  team_id   = github_team.editor_team[each.value.team].id
-  username  = each.value.user
-  role      = "member"
+  for_each = local.github_repo_editor_access
+  team_id  = github_team.editor_team[each.value.team].id
+  username = each.value.user
+  role     = "member"
 }
 
 resource "github_team_membership" "viewer_team" {
-  for_each  = local.github_repo_viewer_access
-  team_id   = github_team.viewer_team[each.value.team].id
-  username  = each.value.user
-  role      = "member"
+  for_each = local.github_repo_viewer_access
+  team_id  = github_team.viewer_team[each.value.team].id
+  username = each.value.user
+  role     = "member"
 }
 
 resource "github_team_repository" "admin_team" {
-    for_each   =  var.github_repos
-    team_id    =  github_team.admin_team[each.value.team_name].id
-    repository =  github_repository.app_repo[each.key].name
-    permission = "admin"
+  for_each   = var.github_repos
+  team_id    = github_team.admin_team[each.value.team_name].id
+  repository = github_repository.app_repo[each.key].name
+  permission = "admin"
 }
 
 resource "github_team_repository" "editor_team" {
-    for_each   =  var.github_repos
-    team_id    =  github_team.editor_team[each.value.team_name].id
-    repository =  github_repository.app_repo[each.key].name
-    permission = "push"
+  for_each   = var.github_repos
+  team_id    = github_team.editor_team[each.value.team_name].id
+  repository = github_repository.app_repo[each.key].name
+  permission = "push"
 }
 
 resource "github_team_repository" "viewer_team" {
-    for_each   =  var.github_repos
-    team_id    =  github_team.viewer_team[each.value.team_name].id
-    repository =  github_repository.app_repo[each.key].name
-    permission = "pull"
+  for_each   = var.github_repos
+  team_id    = github_team.viewer_team[each.value.team_name].id
+  repository = github_repository.app_repo[each.key].name
+  permission = "pull"
 }