Skip to content

AI Terraform Plan Analyzer

Terraform is widely used to manage infrastructure as code (IaC). Terraform plan outputs can be large and complex, often spanning thousands of lines.

⚠️ The Challenge

Manually reviewing these plans to identify security risks or misconfigurations is time-consuming and prone to human error. Even a small oversight such as exposing a resource publicly can lead to serious issues in production environments.


🎯 The Solution: Automated AI Review

CD3 introduces an AI-assisted analysis step as part of the Jenkins pipeline to help review Terraform plans.

This feature analyzes Terraform plans for potential security risks and best practice violations, helping identify issues early before deployment.

It leverages Oracle Generative AI from configured regions to perform the following:

  1. Parse the plan - Understand the infrastructure changes being introduced.

  2. Identify issues - Detect misconfigurations such as open network access or insecure settings.

  3. Summarize findings - Generate a clear, human-readable report of risks and recommendations.

This feature helps identify common issues early, improving deployment confidence. It acts as a safety check and complements standard review practices.


💻 Usage

This is an optional feature in the CD3 Jenkins workflow and can be enabled as part of Connect Container to Tenancy configuration

1. Open the file: /cd3user/oci_tools/cd3_automation_toolkit/connectOCI.properties
2. Set the parameter enable_terraform_plan_analysis to yes, along with other required config details
3. This configuration takes effect when the connectCloud.py script is executed (see Executing connectCloud.py)
4. Once enabled, it runs automatically as part of the Jenkins build.

To view the results:
    - Open the Jenkins build
    - Check the Console Output
    - Locate the section: >> Terraform AI Analysis

The analysis provides:
    - Risk level – Indicates whether changes are low or high risk
    - Findings – List of identified issues
    - Recommendations – Suggested fixes
    - Cost estimation – Approximate cost based on planned resources

Disable AI summary

1. Update the parameter enable_terraform_plan_analysis from yes to no in the file /cd3user/oci_tools/cd3_automation_toolkit/connectOCI.properties
2. Re-run connectCloud.py script (see Executing connectCloud.py)
3. Restart Jenkins using: /usr/share/jenkins/jenkins.sh &