kiro on MD/Blog https://www.ducea.com/tag/kiro/ Recent content in kiro on MD/Blog Hugo -- gohugo.io en Sat, 07 Mar 2026 10:20:55 +0000 HowTo give Kiro safe access to your AWS environment https://www.ducea.com/2026/03/07/howto-give-kiro-safe-access-to-your-aws-environment/ Sat, 07 Mar 2026 10:20:55 +0000 https://www.ducea.com/2026/03/07/howto-give-kiro-safe-access-to-your-aws-environment/ <p><a href="https://kiro.dev">Kiro</a> is AWS&rsquo;s agentic coding tool, available both as an IDE and a CLI. I&rsquo;ve been using the CLI a lot lately, including for AWS work where I let it run <code>aws</code> commands on my behalf. It works well. But the moment you point it at a real AWS account from a laptop that already has prod credentials configured locally, there&rsquo;s a gap nobody talks about.</p> <p>You probably have a dozen profiles in <code>~/.aws/config</code>. Setting up a dedicated IAM role for Kiro and pointing <code>AWS_PROFILE</code> at it doesn&rsquo;t actually stop Kiro from running <code>aws --profile prod-admin ec2 terminate-instances</code>. The CLI reads the whole config file and that profile is right there. <code>AWS_PROFILE</code> only sets a default. It restricts nothing.</p> <p><em>This post is CLI-first. The IDE works the same way for steps 1 and 2, and I&rsquo;ll note the differences at the end. Production accounts only — if you&rsquo;re playing in a sandbox, none of this matters much.</em></p> <h3 id="step-1-a-read-only-iam-role-for-kiro">Step 1: A read-only IAM role for Kiro</h3> <p>Start from the AWS managed policy <code>ReadOnlyAccess</code> and strip what you don&rsquo;t want the agent reading. At minimum, deny reads on <strong>Secrets Manager</strong>, <strong>SSM SecureString parameters</strong>, and anything storing customer data.</p> <p>Use <strong>IAM Identity Center</strong> to access the role via SSO. No long-lived access keys. Credentials are short-lived, they expire on their own, and CloudTrail records the actual user who assumed the role.</p> <p>A permission boundary on top of this role is a good idea, but out of scope for this post. The role&rsquo;s permissions policy is your ceiling for now.</p> <h3 id="step-2-isolate-kiros-aws-config-from-your-shells">Step 2: Isolate Kiro&rsquo;s AWS config from your shell&rsquo;s</h3> <p>This is the part that matters.</p> <p>The AWS CLI and SDK read <code>~/.aws/config</code> and <code>~/.aws/credentials</code> by default. Both file locations can be overridden with environment variables:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gdscript3" data-lang="gdscript3"><span class="line"><span class="cl"><span class="k">export</span> <span class="n">AWS_CONFIG_FILE</span><span class="o">=~/.</span><span class="n">aws</span><span class="o">/</span><span class="n">kiro</span><span class="o">/</span><span class="n">config</span> </span></span><span class="line"><span class="cl"><span class="k">export</span> <span class="n">AWS_SHARED_CREDENTIALS_FILE</span><span class="o">=~/.</span><span class="n">aws</span><span class="o">/</span><span class="n">kiro</span><span class="o">/</span><span class="n">credentials</span> </span></span></code></pre></div><p>When these are set, the SDK ignores the default files entirely. Profiles that aren&rsquo;t in the file you specified simply do not exist as far as <code>aws</code> is concerned. <strong>This is the only mechanism that actually prevents Kiro from seeing your other profiles.</strong> Filtering file reads at the agent level (which we&rsquo;ll add in step 3) is not enough on its own, because the AWS SDK reads <code>~/.aws/config</code> directly without going through the agent&rsquo;s <code>fs_read</code> tool.</p> <p>Create the isolated config. Put every Kiro profile you&rsquo;ll need in here. Start with read-only and add a write role for the dev account. Add a prod read-only role too if you want Kiro to be able to look at prod without being able to change it:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl"># ~/.aws/kiro/config </span></span><span class="line"><span class="cl">[profile kiro-readonly] </span></span><span class="line"><span class="cl">sso_session = my-sso </span></span><span class="line"><span class="cl">sso_account_id = 123456789012 </span></span><span class="line"><span class="cl">sso_role_name = KiroReadOnly </span></span><span class="line"><span class="cl">region = us-east-1 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">[profile kiro-dev-write] </span></span><span class="line"><span class="cl">sso_session = my-sso </span></span><span class="line"><span class="cl">sso_account_id = 123456789012 </span></span><span class="line"><span class="cl">sso_role_name = KiroDevWrite </span></span><span class="line"><span class="cl">region = us-east-1 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">[profile kiro-prod-readonly] </span></span><span class="line"><span class="cl">sso_session = my-sso </span></span><span class="line"><span class="cl">sso_account_id = 999999999999 </span></span><span class="line"><span class="cl">sso_role_name = KiroReadOnly </span></span><span class="line"><span class="cl">region = us-east-1 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">[sso-session my-sso] </span></span><span class="line"><span class="cl">sso_start_url = https://my-org.awsapps.com/start </span></span><span class="line"><span class="cl">sso_region = us-east-1 </span></span><span class="line"><span class="cl">sso_registration_scopes = sso:account:access </span></span></code></pre></div><p>Touch an empty credentials file alongside it so the SDK doesn&rsquo;t fall back to anything else:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">touch ~/.aws/kiro/credentials </span></span><span class="line"><span class="cl">chmod 600 ~/.aws/kiro/credentials </span></span></code></pre></div><p>Now you need to make sure Kiro is launched with these env vars set, plus a default profile. Kiro doesn&rsquo;t have a way to set env vars for its shell tool yet (<a href="https://github.com/kirodotdev/Kiro/issues/40">kirodotdev/Kiro#40</a>), so the vars have to be set in the parent process. The cleanest way I&rsquo;ve found is a shell alias in <code>~/.zshrc</code>:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">alias kiro-aws=&#39;AWS_CONFIG_FILE=~/.aws/kiro/config \ </span></span><span class="line"><span class="cl"> AWS_SHARED_CREDENTIALS_FILE=~/.aws/kiro/credentials \ </span></span><span class="line"><span class="cl"> AWS_PROFILE=kiro-readonly \ </span></span><span class="line"><span class="cl"> kiro-cli chat --agent aws-readonly&#39; </span></span></code></pre></div><p>Always launch Kiro for AWS work with <code>kiro-aws</code> instead of <code>kiro-cli</code> directly. From inside the session, ask it to run <code>aws configure list-profiles</code>. You should see only the kiro-* profiles. If <code>prod-admin</code> shows up, the isolation didn&rsquo;t take.</p> <p><em>This step alone takes Kiro from &ldquo;could touch anything you have credentials for&rdquo; to &ldquo;physically cannot see your other accounts&rdquo;.</em></p> <h3 id="step-3-a-custom-agent-and-a-steering-document">Step 3: A custom agent and a steering document</h3> <p>Kiro CLI lets you define custom agents in <code>~/.kiro/agents/&lt;n&gt;.json</code> with their own tool settings. The CLI has a dedicated <code>use_aws</code> tool that calls AWS APIs directly, separate from the general <code>shell</code> tool. Define a custom agent for AWS work:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;aws-readonly&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;description&#34;</span><span class="p">:</span> <span class="s2">&#34;AWS infrastructure assistant. Default read-only access via kiro-* profiles. Write operations require explicit user confirmation and a profile switch. Never attempt to use credentials outside the isolated AWS config.&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;tools&#34;</span><span class="p">:</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;read&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;shell&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;use_aws&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;thinking&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;grep&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;glob&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;delegate&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">],</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;toolsSettings&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;shell&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;autoAllowReadonly&#34;</span><span class="p">:</span> <span class="kc">true</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;resources&#34;</span><span class="p">:</span> <span class="p">[],</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;hooks&#34;</span><span class="p">:</span> <span class="p">{},</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;includeMcpJson&#34;</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;model&#34;</span><span class="p">:</span> <span class="kc">null</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p>A few things going on here. The <code>description</code> field doubles as a system-level hint, so I put the key constraints right in there. I dropped <code>write</code> from the tools list — this agent is for AWS investigation, not editing your codebase. If you need file edits in the same session, add it back. <code>delegate</code> is included so Kiro can spin up sub-tasks for longer investigations (e.g., &ldquo;check all Lambda functions in this account for public URLs&rdquo;). The <code>shell</code> tool with <code>autoAllowReadonly</code> lets read-only shell commands run without prompting every time.</p> <p>The isolated config from step 2 is doing the heavy lifting regardless. Since it only contains kiro-* profiles, any <code>aws --profile something-else</code> would just fail with &ldquo;profile not found.&rdquo; The whole point of isolating the config is so we don&rsquo;t have to filter every shell command for safety.</p> <p>The steering document lives at <code>~/.kiro/steering/AGENTS.md</code>. This is where you give the agent enough context to make good decisions on its own, not just a list of don&rsquo;ts:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-markdown" data-lang="markdown"><span class="line"><span class="cl"><span class="gh"># AWS Access Rules for Kiro </span></span></span><span class="line"><span class="cl"><span class="gh"></span> </span></span><span class="line"><span class="cl"><span class="gu">## Context </span></span></span><span class="line"><span class="cl"><span class="gu"></span> </span></span><span class="line"><span class="cl">This environment uses isolated AWS credentials. The only profiles available </span></span><span class="line"><span class="cl">are in <span class="sb">`~/.aws/kiro/config`</span>, set via <span class="sb">`AWS_CONFIG_FILE`</span>. The standard </span></span><span class="line"><span class="cl"><span class="sb">`~/.aws/config`</span> is not visible. Do not assume other profiles exist. </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="gu">## Available profiles </span></span></span><span class="line"><span class="cl"><span class="gu"></span> </span></span><span class="line"><span class="cl">| Profile | Account | Access level | Use case | </span></span><span class="line"><span class="cl">|------------------------|-------------|--------------|-----------------------------------| </span></span><span class="line"><span class="cl">| <span class="sb">`kiro-readonly`</span> | dev | read-only | Default. Inspecting resources. | </span></span><span class="line"><span class="cl">| <span class="sb">`kiro-dev-write`</span> | dev | read-write | Making changes in dev. | </span></span><span class="line"><span class="cl">| <span class="sb">`kiro-prod-readonly`</span> | production | read-only | Investigating prod issues. | </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="sb">`kiro-readonly`</span> is the default (set via <span class="sb">`AWS_PROFILE`</span>). You do not need to </span></span><span class="line"><span class="cl">pass <span class="sb">`--profile`</span> for it. </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="gu">## Rules </span></span></span><span class="line"><span class="cl"><span class="gu"></span> </span></span><span class="line"><span class="cl"><span class="gu">### Read operations </span></span></span><span class="line"><span class="cl"><span class="gu"></span><span class="k">-</span> <span class="sb">`describe`</span>, <span class="sb">`get`</span>, <span class="sb">`list`</span>, and similar read calls can run without asking. </span></span><span class="line"><span class="cl"><span class="k">-</span> If you need to look at prod, use <span class="sb">`--profile kiro-prod-readonly`</span> and tell </span></span><span class="line"><span class="cl"> the user you&#39;re switching to the prod account before running the command. </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="gu">### Write operations </span></span></span><span class="line"><span class="cl"><span class="gu"></span><span class="k">-</span> Any mutating call (`create`, <span class="sb">`update`</span>, <span class="sb">`delete`</span>, <span class="sb">`put`</span>, <span class="sb">`modify`</span>, </span></span><span class="line"><span class="cl"> <span class="sb">`terminate`</span>, <span class="sb">`stop`</span>, <span class="sb">`start`</span>, <span class="sb">`reboot`</span>, <span class="sb">`invoke`</span>) requires explicit </span></span><span class="line"><span class="cl"> user confirmation before execution. </span></span><span class="line"><span class="cl"><span class="k">-</span> Before asking for confirmation, state: what you intend to do, which </span></span><span class="line"><span class="cl"> resources will be affected (ARN or name), and which profile you&#39;ll use. </span></span><span class="line"><span class="cl"><span class="k">-</span> Only use profiles ending in <span class="sb">`-write`</span> for mutations. Never attempt a write </span></span><span class="line"><span class="cl"> call with a read-only profile. </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="gu">### Credential boundaries </span></span></span><span class="line"><span class="cl"><span class="gu"></span><span class="k">-</span> If a call returns <span class="sb">`AccessDenied`</span> or <span class="sb">`UnauthorizedAccess`</span>, stop and ask </span></span><span class="line"><span class="cl"> the user. Do not: </span></span><span class="line"><span class="cl"> <span class="k">-</span> Try a different profile hoping it has more permissions </span></span><span class="line"><span class="cl"> <span class="k">-</span> Look for credentials in the filesystem </span></span><span class="line"><span class="cl"> <span class="k">-</span> Suggest the user re-authenticate or assume a different role </span></span><span class="line"><span class="cl"> <span class="k">-</span> Attempt to modify IAM policies to grant yourself access </span></span><span class="line"><span class="cl"><span class="k">-</span> The permissions you have are intentional. Treat access errors as a signal </span></span><span class="line"><span class="cl"> to check with the user, not a problem to solve. </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="gu">### General behavior </span></span></span><span class="line"><span class="cl"><span class="gu"></span><span class="k">-</span> When running multiple AWS commands in sequence, prefer combining related </span></span><span class="line"><span class="cl"> reads into a single investigation before presenting findings. </span></span><span class="line"><span class="cl"><span class="k">-</span> If a task requires both read and write operations, do all the reads first </span></span><span class="line"><span class="cl"> with the read-only profile, present your plan, then switch to the write </span></span><span class="line"><span class="cl"> profile only after the user confirms. </span></span><span class="line"><span class="cl"><span class="k">-</span> Always include <span class="sb">`--output json`</span> for programmatic parsing. Use `--output </span></span><span class="line"><span class="cl"> table` only when the user asks for a summary view. </span></span></code></pre></div><p>The &ldquo;credential boundaries&rdquo; section is what prevents the drift behavior. Without it, when Kiro hits an <code>AccessDenied</code> it will try to find another way around it. The agent is helpful to a fault.</p> <h3 id="step-4-verify-activity-in-cloudtrail">Step 4: Verify activity in CloudTrail</h3> <p>Every API call the agent makes shows up in CloudTrail, tied to the SSO user who assumed the role. The role session name looks something like <code>KiroReadOnly/your_user</code> or <code>KiroDevWrite/your_user</code>, so you can tell at a glance which role was used and by whom.</p> <p>You can filter for this in the CloudTrail console under <strong>Event history</strong> by searching for the username <code>KiroReadOnly</code> (or whatever your role is named). No extra setup required — standard CloudTrail covers this.</p> <p>If you have <strong>CloudTrail Lake</strong> set up, a saved query makes this even faster:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sql" data-lang="sql"><span class="line"><span class="cl"><span class="k">SELECT</span><span class="w"> </span><span class="n">eventTime</span><span class="p">,</span><span class="w"> </span><span class="n">eventName</span><span class="p">,</span><span class="w"> </span><span class="n">requestParameters</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">FROM</span><span class="w"> </span><span class="o">&lt;</span><span class="n">your_event_data_store</span><span class="o">&gt;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">WHERE</span><span class="w"> </span><span class="n">userIdentity</span><span class="p">.</span><span class="n">sessionContext</span><span class="p">.</span><span class="n">sessionIssuer</span><span class="p">.</span><span class="n">userName</span><span class="w"> </span><span class="k">LIKE</span><span class="w"> </span><span class="s1">&#39;Kiro%&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">AND</span><span class="w"> </span><span class="n">eventTime</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="k">current_timestamp</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="nb">interval</span><span class="w"> </span><span class="s1">&#39;24&#39;</span><span class="w"> </span><span class="n">hour</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">ORDER</span><span class="w"> </span><span class="k">BY</span><span class="w"> </span><span class="n">eventTime</span><span class="w"> </span><span class="k">DESC</span><span class="w"> </span></span></span></code></pre></div><p>Either way, when something looks off in the account, you want CloudTrail to answer &ldquo;what did the agent do&rdquo; without having to ask the agent itself.</p> <h3 id="working-with-write-access">Working with write access</h3> <p>When you actually need Kiro to make changes, just tell it to use the write profile:</p> <blockquote> <p>Use <code>--profile kiro-dev-write</code> to update the IAM policy attached to the lambda role.</p> </blockquote> <p>The steering doc kicks in. Kiro asks for confirmation, explains what it&rsquo;s about to do, and only then runs the command. The IAM role enforces what <code>kiro-dev-write</code> can actually touch, so even if the agent misreads your prompt the blast radius is bounded by the role&rsquo;s permissions.</p> <p>For prod writes, the same pattern. Make a <code>KiroProdWrite</code> IAM role with very narrow permissions, add a <code>kiro-prod-write</code> profile to the isolated config, and ask Kiro to use it explicitly when you need it. Roles are cheap. Blast radius is not.</p> <h3 id="a-note-on-the-ide">A note on the IDE</h3> <p>The Kiro IDE doesn&rsquo;t have a <code>use_aws</code> tool. All AWS commands go through the shell tool, which means the config isolation from step 2 and the steering document are your primary guardrails. Steps 1 and 2 apply identically: create the role, isolate the config, then launch the IDE from a terminal where the env vars are already exported so the IDE&rsquo;s agent inherits them. Step 3&rsquo;s custom agent JSON is CLI-only, but the steering doc at <code>~/.kiro/steering/AGENTS.md</code> is read by both.</p> <h3 id="thats-it">That&rsquo;s it</h3> <p>The IAM role gets all the airtime, but the config isolation in step 2 is what actually keeps Kiro from drifting into the wrong account when you&rsquo;re moving fast.</p> HowTo use Kiro hooks to enforce IaC standards https://www.ducea.com/2025/10/12/howto-use-kiro-hooks-to-enforce-iac-standards/ Sun, 12 Oct 2025 10:20:55 +0000 https://www.ducea.com/2025/10/12/howto-use-kiro-hooks-to-enforce-iac-standards/ <p><a href="https://kiro.dev/docs/cli/hooks/">Kiro hooks</a> are actions that trigger at specific points in the agent&rsquo;s lifecycle: before or after a tool call, when a file is saved, when the agent stops, or when you manually fire them. A hook can either run a shell command or send a prompt back to the agent. They&rsquo;re how you get the agent to actually follow your team&rsquo;s rules, not just write code that compiles.</p> <p>When Kiro writes Terraform, the default loop is: agent writes the .tf, you eyeball it, you push, CI complains, you go back to the agent. Hooks shorten that loop by running validators during the agent&rsquo;s own turn. Bad code never makes it to the PR.</p> <p>This post shows how to wire up four checks for Terraform work and back them with a steering document. The setup assumes apply happens in CI (Atlantis or similar). Hooks are about the local feedback loop, not gating production.</p> <p>The four checks:</p> <ul> <li><strong>terraform validate</strong> — catches invalid HCL and schema errors</li> <li><strong>terraform fmt</strong> — small formatting issues, auto-fix</li> <li><strong>tflint</strong> — bigger linter issues (provider-specific best practices, deprecations)</li> <li><strong>trivy</strong> — security misconfigurations (which absorbed tfsec)</li> </ul> <h3 id="step-1-where-things-live">Step 1: Where things live</h3> <p>Kiro hooks are <code>.kiro.hook</code> files that live in <code>.kiro/hooks/</code> inside your workspace (or <code>~/.kiro/hooks/</code> for user-level hooks that apply everywhere). Each hook is its own file with a <code>when</code>/<code>then</code> structure — what event triggers it, and what action to take.</p> <p>There are two action types: <code>runCommand</code> executes a shell command, and <code>askAgent</code> sends a prompt back to the agent so it can act on the result. Some checks work better as agent prompts than shell scripts — more on that below.</p> <p>Steering documents go in <code>.kiro/steering/</code>. We&rsquo;ll create one of those too.</p> <p>Here&rsquo;s what we&rsquo;re building:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">.kiro/ </span></span><span class="line"><span class="cl">├── hooks/ </span></span><span class="line"><span class="cl">│ ├── terraform-fmt-validate.kiro.hook </span></span><span class="line"><span class="cl">│ ├── terraform-lint-scan.kiro.hook </span></span><span class="line"><span class="cl">│ ├── terraform-lint-scan.sh </span></span><span class="line"><span class="cl">│ └── block-terraform-apply.kiro.hook </span></span><span class="line"><span class="cl">└── steering/ </span></span><span class="line"><span class="cl"> └── terraform.md </span></span></code></pre></div><h3 id="step-2-auto-format-and-validate-on-save">Step 2: Auto-format and validate on save</h3> <p>The first hook fires whenever you save a <code>.tf</code> file. It uses <code>askAgent</code> to tell the agent to run <code>terraform fmt</code> and <code>terraform validate</code> and surface any errors.</p> <p><code>.kiro/hooks/terraform-fmt-validate.kiro.hook</code>:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;enabled&#34;</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;Validate&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;description&#34;</span><span class="p">:</span> <span class="s2">&#34;Runs terraform fmt to format and terraform validate to check syntax whenever a .tf file is saved.&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;version&#34;</span><span class="p">:</span> <span class="s2">&#34;1&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;when&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;type&#34;</span><span class="p">:</span> <span class="s2">&#34;fileEdited&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;patterns&#34;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&#34;**/*.tf&#34;</span><span class="p">]</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;then&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;type&#34;</span><span class="p">:</span> <span class="s2">&#34;askAgent&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;prompt&#34;</span><span class="p">:</span> <span class="s2">&#34;A .tf file was saved. Run &#39;terraform fmt&#39; on the saved file, then run &#39;terraform validate&#39; in its parent directory. Surface any errors.&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p>Why <code>askAgent</code> and not <code>runCommand</code>? A shell script would just print errors. I like using <code>askAgent</code> here because the agent can read the output and fix issues in the same turn, which is the whole point. The <code>enabled</code> flag also lets you toggle hooks on and off without deleting them.</p> <h3 id="step-3-lint-and-security-scan-at-end-of-turn">Step 3: Lint and security scan at end of turn</h3> <p>Running <strong>tflint</strong> and <strong>trivy</strong> after every single file save is overkill — they&rsquo;re slower and the agent often writes multiple files in a turn. Better to run them once when the agent finishes using the <code>agentStop</code> event, which fires at the end of every agent response.</p> <p>This hook uses <code>askAgent</code> to check whether any <code>.tf</code> files were touched, and if so, calls a shell script that runs both linters. The script lives alongside the hook files.</p> <p><code>.kiro/hooks/terraform-lint-scan.sh</code>:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="cp">#!/usr/bin/env bash </span></span></span><span class="line"><span class="cl"><span class="cp"></span><span class="nb">set</span> -euo pipefail </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># Find all directories containing .tf files</span> </span></span><span class="line"><span class="cl"><span class="nv">tf_dirs</span><span class="o">=</span><span class="k">$(</span>find . -name <span class="s1">&#39;*.tf&#39;</span> -not -path <span class="s1">&#39;*/.terraform/*&#39;</span> -exec dirname <span class="o">{}</span> <span class="se">\;</span> <span class="p">|</span> sort -u<span class="k">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">if</span> <span class="o">[</span> -z <span class="s2">&#34;</span><span class="nv">$tf_dirs</span><span class="s2">&#34;</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span> </span></span><span class="line"><span class="cl"> <span class="nb">echo</span> <span class="s2">&#34;No .tf files found, skipping.&#34;</span> </span></span><span class="line"><span class="cl"> <span class="nb">exit</span> <span class="m">0</span> </span></span><span class="line"><span class="cl"><span class="k">fi</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">for</span> dir in <span class="nv">$tf_dirs</span><span class="p">;</span> <span class="k">do</span> </span></span><span class="line"><span class="cl"> <span class="nb">echo</span> <span class="s2">&#34;==&gt; Running tflint in </span><span class="nv">$dir</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"> tflint --chdir<span class="o">=</span><span class="s2">&#34;</span><span class="nv">$dir</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="nb">echo</span> <span class="s2">&#34;==&gt; Running trivy config scan on </span><span class="nv">$dir</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"> trivy config <span class="s2">&#34;</span><span class="nv">$dir</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"><span class="k">done</span> </span></span></code></pre></div><p>And the hook definition at <code>.kiro/hooks/terraform-lint-scan.kiro.hook</code>:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;enabled&#34;</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;Terraform Lint &amp; Scan&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;description&#34;</span><span class="p">:</span> <span class="s2">&#34;Runs tflint and trivy config scan on all directories containing .tf files once the agent finishes its turn.&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;version&#34;</span><span class="p">:</span> <span class="s2">&#34;1&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;when&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;type&#34;</span><span class="p">:</span> <span class="s2">&#34;agentStop&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;then&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;type&#34;</span><span class="p">:</span> <span class="s2">&#34;askAgent&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;prompt&#34;</span><span class="p">:</span> <span class="s2">&#34;Check if any .tf files were created or modified during this session. If yes, run: bash .kiro/hooks/terraform-lint-scan.sh and surface the findings. If no .tf files were touched, do nothing and skip silently.&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p>If either linter finds something, the agent surfaces the findings and can fix them in the same turn.</p> <p><em>Very handy.</em></p> <p>I tested this with tflint v0.55+ and trivy v0.58+. Both have to be installed locally. On macOS: <code>brew install tflint trivy</code>.</p> <h3 id="step-4-discourage-local-apply">Step 4: Discourage local apply</h3> <p>Local apply skips CI, skips review, skips state locking conventions. This hook is advisory, not a hard block — see the note at the end — but it catches the common case.</p> <p>It uses <code>preToolUse</code> on shell commands with an <code>askAgent</code> prompt. The agent checks the command before it runs and refuses if it&rsquo;s an apply or destroy.</p> <p><code>.kiro/hooks/block-terraform-apply.kiro.hook</code>:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;enabled&#34;</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;Block Terraform Apply&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;description&#34;</span><span class="p">:</span> <span class="s2">&#34;Prevents terraform apply and terraform destroy from being run locally. Push the PR and let CI handle it.&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;version&#34;</span><span class="p">:</span> <span class="s2">&#34;1&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;when&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;type&#34;</span><span class="p">:</span> <span class="s2">&#34;preToolUse&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;toolTypes&#34;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&#34;shell&#34;</span><span class="p">]</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;then&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;type&#34;</span><span class="p">:</span> <span class="s2">&#34;askAgent&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;prompt&#34;</span><span class="p">:</span> <span class="s2">&#34;Check if the command being executed contains &#39;terraform apply&#39; or &#39;terraform destroy&#39;. If it does, STOP and do NOT run the command. Instead, tell the user: &#39;terraform apply/destroy is blocked locally. Push the PR and let CI handle it.&#39; If the command does not contain terraform apply or destroy, proceed normally.&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p><code>terraform plan</code> still works, so the agent can preview changes. Hopefully Kiro will add a proper <code>denyCommand</code> action at some point so we don&rsquo;t have to rely on the agent being well-behaved for this.</p> <h3 id="step-5-a-steering-document-with-your-teams-iac-standards">Step 5: A steering document with your team&rsquo;s IaC standards</h3> <p>Hooks catch mechanical errors. The steering document is where you encode the things linters can&rsquo;t catch — your team&rsquo;s conventions, naming patterns, what modules to use. Put it at <code>.kiro/steering/terraform.md</code> in your workspace.</p> <p>A starting point for what to put in there. Adjust to your team&rsquo;s actual standards:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-mysql" data-lang="mysql"><span class="line"><span class="cl"><span class="c1"># Terraform standards </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">## File and resource conventions </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="o">-</span><span class="w"> </span><span class="n">One</span><span class="w"> </span><span class="n">resource</span><span class="w"> </span><span class="n">per</span><span class="w"> </span><span class="n">file</span><span class="w"> </span><span class="k">when</span><span class="w"> </span><span class="n">possible</span><span class="p">.</span><span class="w"> </span><span class="k">Group</span><span class="w"> </span><span class="n">tightly</span><span class="o">-</span><span class="n">related</span><span class="w"> </span><span class="nf">resources</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">(</span><span class="n">e</span><span class="p">.</span><span class="n">g</span><span class="p">.,</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">Lambda</span><span class="w"> </span><span class="n">function</span><span class="w"> </span><span class="k">and</span><span class="w"> </span><span class="n">its</span><span class="w"> </span><span class="n">IAM</span><span class="w"> </span><span class="n">role</span><span class="p">)</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">same</span><span class="w"> </span><span class="n">file</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="n">Resource</span><span class="w"> </span><span class="n">names</span><span class="w"> </span><span class="k">use</span><span class="w"> </span><span class="n">snake_case</span><span class="w"> </span><span class="k">and</span><span class="w"> </span><span class="n">start</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">noun</span><span class="w"> </span><span class="n">describing</span><span class="w"> </span><span class="n">what</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">resource</span><span class="w"> </span><span class="k">is</span><span class="p">,</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="n">what</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="n">does</span><span class="p">.</span><span class="w"> </span><span class="o">`</span><span class="n">vpc_main</span><span class="o">`</span><span class="p">,</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="o">`</span><span class="n">main_vpc</span><span class="o">`</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="k">All</span><span class="w"> </span><span class="n">variables</span><span class="w"> </span><span class="n">have</span><span class="w"> </span><span class="o">`</span><span class="n">type</span><span class="o">`</span><span class="w"> </span><span class="k">and</span><span class="w"> </span><span class="o">`</span><span class="n">description</span><span class="o">`</span><span class="p">.</span><span class="w"> </span><span class="k">Sensitive</span><span class="w"> </span><span class="n">variables</span><span class="w"> </span><span class="n">have</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">`</span><span class="k">sensitive</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">true</span><span class="o">`</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="n">Provider</span><span class="w"> </span><span class="n">versions</span><span class="w"> </span><span class="n">are</span><span class="w"> </span><span class="n">pinned</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="o">`~&gt;`</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="o">`</span><span class="n">versions</span><span class="p">.</span><span class="n">tf</span><span class="o">`</span><span class="p">.</span><span class="w"> </span><span class="n">Never</span><span class="w"> </span><span class="o">`&gt;=`</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">## Modules </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="o">-</span><span class="w"> </span><span class="k">Use</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">company</span><span class="w"> </span><span class="o">`</span><span class="n">terraform</span><span class="o">-</span><span class="n">aws</span><span class="o">-</span><span class="n">eks</span><span class="o">`</span><span class="w"> </span><span class="n">module</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">EKS</span><span class="p">,</span><span class="w"> </span><span class="n">do</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">declare</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">raw</span><span class="w"> </span><span class="o">`</span><span class="n">aws_eks_cluster</span><span class="o">`</span><span class="w"> </span><span class="n">resources</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="k">Use</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">company</span><span class="w"> </span><span class="o">`</span><span class="n">terraform</span><span class="o">-</span><span class="n">aws</span><span class="o">-</span><span class="n">s3</span><span class="o">-</span><span class="n">secure</span><span class="o">`</span><span class="w"> </span><span class="n">module</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">any</span><span class="w"> </span><span class="n">S3</span><span class="w"> </span><span class="n">bucket</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="n">Modules</span><span class="w"> </span><span class="n">sourced</span><span class="w"> </span><span class="k">from</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">internal</span><span class="w"> </span><span class="n">registry</span><span class="p">,</span><span class="w"> </span><span class="n">never</span><span class="w"> </span><span class="k">from</span><span class="w"> </span><span class="o">`</span><span class="n">github</span><span class="p">.</span><span class="n">com</span><span class="o">`</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">directly</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">## Required tags </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="o">-</span><span class="w"> </span><span class="n">Every</span><span class="w"> </span><span class="n">resource</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">supports</span><span class="w"> </span><span class="n">tags</span><span class="w"> </span><span class="n">must</span><span class="w"> </span><span class="n">have</span><span class="p">:</span><span class="w"> </span><span class="o">`</span><span class="n">Owner</span><span class="o">`</span><span class="p">,</span><span class="w"> </span><span class="o">`</span><span class="n">Environment</span><span class="o">`</span><span class="p">,</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">`</span><span class="n">ManagedBy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&#34;terraform&#34;</span><span class="o">`</span><span class="p">,</span><span class="w"> </span><span class="o">`</span><span class="n">CostCenter</span><span class="o">`</span><span class="p">,</span><span class="w"> </span><span class="o">`</span><span class="n">Repository</span><span class="o">`</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="k">Use</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="o">`</span><span class="n">default_tags</span><span class="o">`</span><span class="w"> </span><span class="n">block</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">provider</span><span class="w"> </span><span class="k">when</span><span class="w"> </span><span class="n">possible</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">## Things to never do </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="o">-</span><span class="w"> </span><span class="n">No</span><span class="w"> </span><span class="n">public</span><span class="w"> </span><span class="n">ACLs</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">S3</span><span class="w"> </span><span class="nf">buckets</span><span class="w"> </span><span class="p">(</span><span class="o">`</span><span class="n">acl</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&#34;public-read&#34;</span><span class="o">`</span><span class="w"> </span><span class="n">etc</span><span class="p">.).</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="n">No</span><span class="w"> </span><span class="o">`</span><span class="mi">0</span><span class="p">.</span><span class="mi">0</span><span class="p">.</span><span class="mi">0</span><span class="p">.</span><span class="mi">0</span><span class="o">/</span><span class="mi">0</span><span class="o">`</span><span class="w"> </span><span class="n">ingress</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">security</span><span class="w"> </span><span class="n">groups</span><span class="w"> </span><span class="n">except</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">resources</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">explicitly</span><span class="w"> </span><span class="n">tagged</span><span class="w"> </span><span class="o">`</span><span class="n">Public</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&#34;true&#34;</span><span class="o">`</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="n">No</span><span class="w"> </span><span class="n">hardcoded</span><span class="w"> </span><span class="n">AWS</span><span class="w"> </span><span class="n">account</span><span class="w"> </span><span class="n">IDs</span><span class="w"> </span><span class="k">or</span><span class="w"> </span><span class="n">ARNs</span><span class="p">.</span><span class="w"> </span><span class="k">Use</span><span class="w"> </span><span class="o">`</span><span class="n">data</span><span class="w"> </span><span class="s2">&#34;aws_caller_identity&#34;</span><span class="o">`</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">and</span><span class="w"> </span><span class="o">`</span><span class="n">data</span><span class="o">`</span><span class="w"> </span><span class="n">sources</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">ARNs</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="n">No</span><span class="w"> </span><span class="o">`</span><span class="n">aws_iam_policy</span><span class="o">`</span><span class="w"> </span><span class="n">declared</span><span class="w"> </span><span class="n">inline</span><span class="w"> </span><span class="n">outside</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">approved</span><span class="w"> </span><span class="n">modules</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">## Workflow </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="o">-</span><span class="w"> </span><span class="n">After</span><span class="w"> </span><span class="n">modifying</span><span class="w"> </span><span class="n">any</span><span class="w"> </span><span class="p">.</span><span class="n">tf</span><span class="w"> </span><span class="n">file</span><span class="p">,</span><span class="w"> </span><span class="n">validate</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="o">`</span><span class="n">terraform</span><span class="w"> </span><span class="n">validate</span><span class="o">`</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">If</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="n">fails</span><span class="p">,</span><span class="w"> </span><span class="n">fix</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="k">before</span><span class="w"> </span><span class="n">reporting</span><span class="w"> </span><span class="n">back</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">user</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="n">After</span><span class="w"> </span><span class="n">making</span><span class="w"> </span><span class="n">meaningful</span><span class="w"> </span><span class="n">changes</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">directory</span><span class="p">,</span><span class="w"> </span><span class="n">run</span><span class="w"> </span><span class="o">`</span><span class="n">tflint</span><span class="o">`</span><span class="w"> </span><span class="k">and</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">`</span><span class="n">trivy</span><span class="o">`</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="k">and</span><span class="w"> </span><span class="n">surface</span><span class="w"> </span><span class="n">findings</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">-</span><span class="w"> </span><span class="n">Never</span><span class="w"> </span><span class="n">run</span><span class="w"> </span><span class="o">`</span><span class="n">terraform</span><span class="w"> </span><span class="n">apply</span><span class="o">`</span><span class="w"> </span><span class="k">or</span><span class="w"> </span><span class="o">`</span><span class="n">terraform</span><span class="w"> </span><span class="n">destroy</span><span class="o">`</span><span class="w"> </span><span class="n">locally</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">Apply</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">handled</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="n">CI</span><span class="p">.</span><span class="w"> </span></span></span></code></pre></div><p>Without a steering doc the agent writes generic Terraform. With one it writes like someone who actually read your wiki.</p> <h3 id="a-note-on-ci">A note on CI</h3> <p>Run <code>terraform fmt</code>, <code>tflint</code>, and <code>trivy</code> in CI as a backstop. Hooks can be bypassed: they can be disabled with the <code>enabled</code> flag, they only fire when changes go through Kiro&rsquo;s tools or editor saves, and an agent following <code>askAgent</code> prompts is ultimately advisory — it&rsquo;s an LLM, not a hard gate. CI is the boundary that actually has to hold.</p> <p>The point of hooks isn&rsquo;t to replace CI. It&rsquo;s faster feedback. Catch the issue during the agent&rsquo;s turn while it&rsquo;s still in context, not 20 minutes later in PR review when you&rsquo;ve moved on to something else.</p> <p>That&rsquo;s it.</p>