awslabs · matthew-l-weber · Feb 8, 2026
diff --git a/.devcontainer/config/terraform.env b/.devcontainer/config/terraform.env
@@ -21,4 +21,4 @@ TF_CLI_ARGS_apply=""
 
 # GCP Provider Configuration
 # GOOGLE_APPLICATION_CREDENTIALS=/home/vscode/.config/gcloud/application_default_credentials.json
-# CLOUDSDK_CORE_PROJECT=your-project-id
+# CLOUDSDK_CORE_PROJECT=your-project-id
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -21,10 +21,8 @@
   "postStartCommand": "post-start",
   "remoteUser": "vscode",
 
-  // Configure tool-specific properties
   "customizations": {
     "vscode": {
-      // Add the IDs of extensions you want installed when the container is created
       "extensions": [
         "hashicorp.terraform",
         "ms-azuretools.vscode-azureterraform",
@@ -46,7 +44,6 @@
         "ms-python.vscode-pylance"
       ],
 
-      // Set *default* container specific settings.json values on container create
       "settings": {
         "terminal.integrated.defaultProfile.linux": "bash",
         "terminal.integrated.profiles.linux": {
@@ -63,7 +60,6 @@
         "files.insertFinalNewline": true,
         "files.trimFinalNewlines": true,
 
-        // Terraform settings
         "[terraform]": {
           "editor.defaultFormatter": "hashicorp.terraform",
           "editor.formatOnSave": true,
@@ -80,14 +76,12 @@
         },
         "terraform.experimentalFeatures.validateOnSave": true,
 
-        // YAML settings
         "[yaml]": {
           "editor.defaultFormatter": "redhat.vscode-yaml",
           "editor.formatOnSave": true,
           "editor.tabSize": 2
         },
 
-        // Markdown settings
         "[markdown]": {
           "editor.defaultFormatter": "yzhang.markdown-all-in-one",
           "editor.formatOnSave": true
@@ -96,7 +90,6 @@
     }
   },
 
-  // Mount host volumes for credentials and caching
   "mounts": [
     "source=${localEnv:HOME}${localEnv:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind,consistency=cached",
     "source=${localEnv:HOME}${localEnv:USERPROFILE}/.azure,target=/home/vscode/.azure,type=bind,consistency=cached",
@@ -105,10 +98,8 @@
     "source=terraform-cache,target=/home/vscode/.terraform.d/plugin-cache,type=volume"
   ],
 
-  // Use 'forwardPorts' to make a list of ports inside the container available locally
-  // "forwardPorts": [],
+  "forwardPorts": [],
 
-  // Features to add to the dev container
   "features": {
     "ghcr.io/devcontainers/features/github-cli:1": {},
     "ghcr.io/devcontainers/features/git:1": {
@@ -117,7 +108,6 @@
     }
   },
 
-  // Environment variables
   "containerEnv": {
     "TF_PLUGIN_CACHE_DIR": "/home/vscode/.terraform.d/plugin-cache"
   }

diff --git a/.devcontainer/library-scripts/cloud-cli-tools.sh b/.devcontainer/library-scripts/cloud-cli-tools.sh
@@ -30,4 +30,4 @@ chown -R vscode:vscode /home/vscode/.aws
 chown -R vscode:vscode /home/vscode/.azure
 chown -R vscode:vscode /home/vscode/.config/gcloud
 
-echo "Cloud CLI tools installation complete!"
+echo "Cloud CLI tools installation complete!"
diff --git a/.devcontainer/library-scripts/common-utils.sh b/.devcontainer/library-scripts/common-utils.sh
@@ -37,4 +37,4 @@ mkdir -p /home/vscode/.ssh
 chown -R vscode:vscode /home/vscode/.ssh
 chmod 700 /home/vscode/.ssh
 
-echo "Common utilities installation complete!"
+echo "Common utilities installation complete!"
diff --git a/.devcontainer/library-scripts/terraform-tools.sh b/.devcontainer/library-scripts/terraform-tools.sh
@@ -77,7 +77,9 @@ if ! command -v go &> /dev/null; then
     GO_VERSION="1.20.5"
     curl -sSLo /tmp/go.tar.gz "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz"
     sudo tar -C /usr/local -xzf /tmp/go.tar.gz
+    #shellcheck disable=SC2016
     echo 'export PATH=$PATH:/usr/local/go/bin' >> /home/vscode/.bashrc
+    #shellcheck disable=SC2016
     echo 'export PATH=$PATH:$HOME/go/bin' >> /home/vscode/.bashrc
     rm -f /tmp/go.tar.gz
 fi
@@ -100,7 +102,7 @@ sudo mv /tmp/infracost-linux-amd64 /usr/local/bin/infracost
 rm -f /tmp/infracost.tar.gz
 
 echo "Installing Checkov v${CHECKOV_VERSION}..."
-pip3 install checkov==${CHECKOV_VERSION}
+pip3 install checkov=="${CHECKOV_VERSION}"
 
 # Create .tflint.hcl config file
 mkdir -p /home/vscode/.tflint.d

diff --git a/.devcontainer/post-start.sh b/.devcontainer/post-start.sh
@@ -17,7 +17,8 @@ chmod +x /home/vscode/.devcontainer/scripts/*.sh
 
 # Display welcome message
 clear
-printf "\e[0;32mTerraform Development Environment: $(basename $PWD)\e[0m\n\n"
+#shellcheck disable=SC2059
+printf "\e[0;32mTerraform Development Environment: $(basename "$PWD")\e[0m\n\n"
 
 # Display installed tools and versions
 echo "=== Installed Tools ==="

diff --git a/.devcontainer/scripts/aws-auth.sh b/.devcontainer/scripts/aws-auth.sh
@@ -68,7 +68,7 @@ fi
 if [ "$USE_SSO" = true ]; then
     echo "Authenticating with AWS SSO..."
     aws sso login
-    
+
     # Verify authentication
     echo "Verifying authentication..."
     aws sts get-caller-identity
@@ -78,4 +78,4 @@ else
     aws sts get-caller-identity
 fi
 
-echo "AWS authentication complete!"
+echo "AWS authentication complete!"
diff --git a/.devcontainer/scripts/azure-auth.sh b/.devcontainer/scripts/azure-auth.sh
@@ -83,16 +83,16 @@ if [ "$USE_SP" = true ]; then
         echo "Error: Service principal authentication requires --client-id and --client-secret"
         exit 1
     fi
-    
+
     export ARM_CLIENT_ID="$CLIENT_ID"
     export ARM_CLIENT_SECRET="$CLIENT_SECRET"
-    
+
     echo "Authenticating with Azure service principal..."
     az login --service-principal --username "$CLIENT_ID" --password "$CLIENT_SECRET" --tenant "$TENANT_ID"
 else
     echo "Authenticating with Azure interactive login..."
     az login
-    
+
     # Set subscription if provided
     if [ -n "$SUBSCRIPTION_ID" ]; then
         az account set --subscription "$SUBSCRIPTION_ID"
@@ -103,4 +103,4 @@ fi
 echo "Verifying Azure authentication..."
 az account show
 
-echo "Azure authentication complete!"
+echo "Azure authentication complete!"
diff --git a/.devcontainer/scripts/gcp-auth.sh b/.devcontainer/scripts/gcp-auth.sh
@@ -59,10 +59,10 @@ if [ -n "$CREDENTIALS_FILE" ]; then
         echo "Error: Credentials file not found: $CREDENTIALS_FILE"
         exit 1
     fi
-    
+
     export GOOGLE_APPLICATION_CREDENTIALS="$CREDENTIALS_FILE"
     echo "Using service account credentials: $CREDENTIALS_FILE"
-    
+
     # Activate service account
     gcloud auth activate-service-account --key-file="$CREDENTIALS_FILE"
 else
@@ -74,4 +74,4 @@ fi
 echo "Verifying GCP authentication..."
 gcloud auth list
 
-echo "GCP authentication complete!"
+echo "GCP authentication complete!"
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,5 +1,4 @@
 {
-  // Editor settings
   "editor.formatOnSave": true,
   "editor.tabSize": 2,
   "editor.insertSpaces": true,
@@ -8,8 +7,6 @@
   "editor.codeActionsOnSave": {
     "source.fixAll": "explicit"
   },
-
-  // Files settings
   "files.trimTrailingWhitespace": true,
   "files.insertFinalNewline": true,
   "files.trimFinalNewlines": true,
@@ -22,8 +19,6 @@
     "**/.terraform": true,
     ".terraform.lock.hcl": true
   },
-
-  // Terraform settings
   "[terraform]": {
     "editor.defaultFormatter": "hashicorp.terraform",
     "editor.formatOnSave": true,
@@ -39,34 +34,24 @@
     "args": []
   },
   "terraform.experimentalFeatures.validateOnSave": true,
-
-  // YAML settings
   "[yaml]": {
     "editor.defaultFormatter": "redhat.vscode-yaml",
     "editor.formatOnSave": true,
     "editor.tabSize": 2
   },
-
-  // Markdown settings
   "[markdown]": {
     "editor.defaultFormatter": "yzhang.markdown-all-in-one",
     "editor.formatOnSave": true
   },
-
-  // Terminal settings
   "terminal.integrated.defaultProfile.linux": "bash",
   "terminal.integrated.profiles.linux": {
     "bash": {
       "path": "/bin/bash"
     }
   },
-
-  // Git settings
   "git.autofetch": true,
   "git.enableSmartCommit": true,
   "git.confirmSync": false,
-
-  // Spell checker settings
   "cSpell.enabled": true,
   "cSpell.words": [
     "azurerm",

diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -112,4 +112,4 @@
       "problemMatcher": []
     }
   ]
-}
+}
diff --git a/README.md b/README.md
@@ -57,13 +57,25 @@ This development container solves these problems by providing a ready-to-use, st
 ### Quick Start
 
 1. Clone this repository:
+
    ```bash
    git clone https://github.com/awslabs/aws-terraform-dev-container.git
    # or with SSH
    git clone git@github.com:awslabs/aws-terraform-dev-container.git
    ```
 
+   If you don't have these directories, create placeholders the container can mount in.
+
+   `mkdir -p ~/.aws ~/.ssh ~/.azure ~/.config/gcloud`
+
+   Verify your user has Docker rights
+
+   `docker run hello-world`
+
+   If that fails try: `sudo usermod -aG docker $USER` . The `newgrp docker` and run the `hello-world` again.
+
 2. Open the folder in VS Code:
+
    ```bash
    code aws-terraform-dev-container
    ```
@@ -116,21 +128,21 @@ This structure promotes code reuse, environment isolation, and easier testing.
 
 ## 🔧 Tools
 
-| Tool | Version | Description |
-|------|---------|-------------|
-| Terraform | 1.12.1 | Infrastructure as Code tool |
-| AWS CLI | 2.27.26 | Command line interface for AWS |
-| Azure CLI | Latest | Command line interface for Azure |
-| Google Cloud SDK | Latest | Command line interface for GCP |
-| terraform-docs | 0.20.0 | Documentation generator for Terraform modules |
-| tflint | 0.48.0 | Terraform linter |
-| tfsec | 1.28.13 | Security scanner for Terraform code |
-| terrascan | 1.19.9 | Detect compliance and security violations |
-| terragrunt | 0.50.1 | Thin wrapper for Terraform that provides extra tools |
-| terratest | v0.49.0 | Testing utility for infrastructure code |
-| infracost | 0.10.41 | Cloud cost estimates for Terraform |
-| checkov | 3.2.439 | Static code analysis tool for IaC |
-| pre-commit | Latest | Framework for managing git pre-commit hooks |
+| Tool             | Version | Description                                          |
+| ---------------- | ------- | ---------------------------------------------------- |
+| Terraform        | 1.12.1  | Infrastructure as Code tool                          |
+| AWS CLI          | 2.27.26 | Command line interface for AWS                       |
+| Azure CLI        | Latest  | Command line interface for Azure                     |
+| Google Cloud SDK | Latest  | Command line interface for GCP                       |
+| terraform-docs   | 0.20.0  | Documentation generator for Terraform modules        |
+| tflint           | 0.48.0  | Terraform linter                                     |
+| tfsec            | 1.28.13 | Security scanner for Terraform code                  |
+| terrascan        | 1.19.9  | Detect compliance and security violations            |
+| terragrunt       | 0.50.1  | Thin wrapper for Terraform that provides extra tools |
+| terratest        | v0.49.0 | Testing utility for infrastructure code              |
+| infracost        | 0.10.41 | Cloud cost estimates for Terraform                   |
+| checkov          | 3.2.439 | Static code analysis tool for IaC                    |
+| pre-commit       | Latest  | Framework for managing git pre-commit hooks          |
 
 ---
 
@@ -298,24 +310,28 @@ You can extend this development environment to suit your specific needs:
 <summary>Click to expand Use Cases</summary>
 
 ### Enterprise Infrastructure Teams
+
 - Standardize development environments across large teams
 - Enforce security and compliance policies through built-in tools
 - Simplify onboarding of new team members
 - Ensure consistent practices across multiple cloud providers
 
 ### DevOps Engineers
+
 - Rapidly prototype and test infrastructure changes
 - Validate changes before applying to production environments
 - Generate documentation automatically
 - Estimate costs before deploying resources
 
 ### Cloud Architects
+
 - Design and test multi-cloud architectures
 - Validate designs against security best practices
 - Create reusable infrastructure modules
 - Document architecture decisions
 
 ### Individual Developers
+
 - Learn Terraform and cloud infrastructure in a pre-configured environment
 - Experiment with different cloud providers without complex setup
 - Follow industry best practices from day one
@@ -331,18 +347,21 @@ You can extend this development environment to suit your specific needs:
 <summary>Click to expand Productivity Benefits</summary>
 
 ### Time Savings
+
 - **Environment Setup**: Save 4-8 hours per developer on initial setup
 - **Tool Updates**: Eliminate 1-2 hours per month maintaining tools
 - **Onboarding**: Reduce new team member onboarding from days to hours
 - **Troubleshooting**: Minimize environment-related issues that can waste hours of development time
 
 ### Quality Improvements
+
 - **Consistent Validation**: Every code change is automatically validated
 - **Security Scanning**: Catch security issues before they reach production
 - **Documentation**: Automatically generate and maintain documentation
 - **Testing**: Verify infrastructure works as expected with integrated testing tools
 
 ### Collaboration Enhancements
+
 - **Standardized Environment**: Everyone works with the same tools and versions
 - **Reproducible Results**: Eliminate "works on my machine" problems
 - **Knowledge Sharing**: Common toolset makes it easier to share techniques and solutions
-Original file line number
+Diff line change
@@ Expand Up / @@ -112,4 +112,4 @@ @@
           "problemMatcher": []
         }
       ]
-    }
+    }