terraform-plan-review

# Terraform Plan Review

## Overview

Analyze terraform plan output using parallel agents for comprehensive risk assessment. **Never auto-apply** - always present findings and require explicit approval.

**Announce at start:** "I'm using the terraform-plan-review skill to analyze these changes safely."

## The Process

### Step 1: Verify Environment

Before running any plan:

1. **Check AWS Profile**
   ```bash
   aws sts get-caller-identity
   ```
   - Verify the account ID matches expected environment
   - Verify the role/user is appropriate for this operation
   - If mismatch: STOP and alert user

2. **Identify Environment**
   - Check current directory structure (which environment?)
   - Verify backend configuration matches environment

### Step 2: Generate Plan

```bash
# Initialize if needed
terraform init

# Generate plan file (required for JSON parsing)
terraform plan -out=plan.out

# Convert to JSON for analysis
terraform show -json plan.out > plan.json
```

### Step 3: Dispatch Parallel Analysis Agents

Launch these agents in a **single message with multiple Task calls**:

```
Task 1:
  description: "Analyze plan risks"
  prompt: |
    Analyze this Terraform plan for risks and impact.
    Environment: [env name]
    Account: [account id]

    Plan JSON:
    [plan.json content]

    Focus on destruction, modification risks, and cascade effects.
  subagent_type: "terraform-plan-analyzer"

Task 2:
  description: "Security review plan"
  prompt: |
    Review this Terraform plan for security implications.
    Environment: [env name]

    Plan JSON:
    [plan.json content]

    Focus on IAM, network, encryption, and compliance.
  subagent_type: "security-reviewer"

Task 3:
  description: "Check historical patterns"
  prompt: |
    Analyze git history for patterns related to these resources.
    Resources being changed: [list from plan]

    Look for similar past changes, incidents, and outcomes.
  subagent_type: "historical-pattern-analyzer"
```

**CRITICAL:** A