A playground for building tools around hclwrite, tfupdate, and hcledit.

  • By angie pinilla
  • Last update: Oct 13, 2022
  • Comments: 3


A playground for experimenting with hclwrite and tfupdate, inspired by hcledit. In the spirit of ohmyzsh, the vision of this repository is to bundle different helpful tools for managing your HCL configurations, namely Terraform, and perhaps one day become an interactive framework.


This repository currently houses the experimental tools tfrefactor and upcoming tfimportgen to assist migrating terraform configurations from v3 Terraform AWS Provider to v4 where S3 bucket refactoring is necessary.




  • 1

    Compatible with Terraform's Name best practices

    Thank you for making this tool! It looks like it will be easy and successful to Upgrade AWS Provider.

    I would like to suggest a few improvements. This is a proposal. The Code owner is free to change this PR at will.


    The current code automatically generates very long resource names. Terraform best practices recommend not repeating resource types in resource names.

    This change excludes the resource type from the resource name as well to generates very simple resource names.

    refs: https://www.terraform-best-practices.com/naming#resource-and-data-source-arguments

  • 2

    Add support for versioning.mfa_delete


    Versioning block supports two arguments, enabled & mfa_delete. They both should be migrated into new s3_bucket_versioning resource's versioning_configuration block. Currently mfa_delete configuration was missing, so I added it.


    old https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#versioning mfa_delete - (Optional) Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

    new https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning#versioning_configuration mfa_delete - (Optional) Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: Enabled or Disabled.

  • 3

    provider attribute is ignored

    Terraform can override the default provider with the provider attribute in the resource block.


    resource "aws_s3_bucket" "example-bucket" {
      bucket   = "example-bucket"
      provider = aws.us-east-1
      versioning {
        enabled = true

    In the above, tfrefactor will migrate from the versioning attribute to the aws_s3_bucket_versioning resource but the provider attribute is ignored.

    resource "aws_s3_bucket" "example-bucket" {
      bucket   = "example-bucket"
      provider = aws.us-east-1
    resource "aws_s3_bucket_versioning" "example-bucket_versioning" {
      bucket = aws_s3_bucket.example-bucket.id
      versioning_configuration {
        status = "Enabled"

    aws_s3_bucket.example-bucket is a resource in the aws.us-east-1 provider but terraform takes that as the default region resource (In this case ap-northeast-1) in aws_s3_bucket_versioning.example-bucket_versioning and occurs following error.

    Error: error waiting for S3 Bucket Versioning status for bucket (example-bucket): BucketRegionError: incorrect region, the bucket is not in 'ap-northeast-1' region at endpoint ''
    	status code: 301, request id: , host id: