Table of Contents

1. Modules1.1. What Are Terraform Modules?1.2. Definition and StructureExample Directory Structure for Modules:2. Why Use Modules?3. Types of Modules3.1. Root Module3.2. Child Modules3.3. Comparative Analysis3.4. Terraform module sources:3.4.1 Local directory3.4.2 Terraform Registry3.4.3 GitHub Repository3.4.4 Bitbucket, S3, GCS, etc.4. Using Modules in Terraform4.1. Module Invocation Mechanics4.2. Example: Provisioning an EC2 Instance Module5. Input Variables & Meta-Arguments in Modules5.1. Passing Input Variables5.2. Using Meta-Arguments6. What Makes a Good Terraform Module?7. Terraform modules registryDemo

Terraform for DevOps: Mastering Modules for Scalable Infrastructure (Part 5)

Rahim B.
Rahim B.
Apr 7, 2025
11 min read
2022 words

Hey DevOps champs! 🚀 Welcome back to our Terraform journey! In Part 4, we turbocharged our configs with variables, outputs, and dynamic workflows—making them flexible and powerful. Now, in Part 5, we’re stepping up to Modules—the building blocks that take your infrastructure to the next level. Think reusable, shareable, and scalable code that keeps your projects clean and your team in sync. Ready to master the art of modular Terraform? Let’s roll!

💬 Got Questions? If you have any questions or need further clarification while reading this post, please don't hesitate to drop a comment below! I'm here to help, and I'll gladly create new posts to dive deeper into any topics you find challenging. 😊

1. Modules

Terraform modules represent a cornerstone of modular design in infrastructure as code (IaC), enabling practitioners to encapsulate, reuse, and manage configurations efficiently. By abstracting resource definitions into self-contained units, modules promote scalability, maintainability, and collaboration within DevOps workflows. This section explores the concept of modules, their structure, and their role in streamlining infrastructure management.

1.1. What Are Terraform Modules?

A Terraform module is a cohesive collection of Terraform configuration files that collectively define a set of related resources. Rather than consolidating all infrastructure definitions into a single, monolithic file, modules allow practitioners to group logically associated components—such as a VPC, subnets, and routing rules—into a reusable and portable entity. This modular approach mirrors software engineering principles, treating infrastructure configurations as composable building blocks that can be invoked across multiple projects or environments.

1.2. Definition and Structure

At its core, a module is simply a directory containing one or more .tf files (e.g., main.tf, variables.tf, outputs.tf). The simplest module might reside in the root directory of a Terraform project, implicitly acting as the “root module.” However, explicitly defined modules are typically stored in subdirectories or external repositories, referenced via a module block. For example:

Example Directory Structure for Modules:

/project-root
│── main.tf
│── variables.tf
│── outputs.tf
│── /modules
│   ├── networking
│   │   ├── main.tf
│   │   ├── variables.tf
│   │   ├── outputs.tf
│   ├── compute
│   │   ├── main.tf
│   │   ├── variables.tf
│   │   ├── outputs.tf

2. Why Use Modules?

Modules serve several critical functions in Terraform:

  • Reusability: A single module (e.g., for a standard web server setup) can be instantiated multiple times with different parameters, reducing redundant code.
  • Abstraction: Complex resource interactions are encapsulated, exposing only necessary inputs and outputs to the user, simplifying high-level configuration.
  • Consistency: Standardized modules ensure uniform resource deployment across environments (e.g., dev, staging, prod), minimizing configuration drift.
  • Collaboration: Teams can share and version modules via repositories (e.g., Git, Terraform Registry), fostering collaborative development and governance.

3. Types of Modules

In Terraform, modules are categorized into two primary types—root modules and child modules—each serving distinct purposes within the infrastructure as code (IaC) paradigm. These classifications reflect their structural and functional roles in organizing and executing Terraform configurations. Understanding their differences is essential for leveraging Terraform’s modular architecture effectively, particularly in complex, multi-tiered deployments. The following delineates these module types, their characteristics, and their applications.

3.1. Root Module

The root module is the top-level directory where Terraform commands (e.g., terraform init, terraform apply) are executed. It serves as the entry point for a Terraform configuration and orchestrates the overall infrastructure deployment.

Structure: Typically, the root module resides in the working directory and contains configuration files such as main.tf, variables.tf, and outputs.tf. It may also include calls to child modules. For example:

provider "aws" {
  region = "us-east-1"
}
 
module "vpc" {
  source = "./modules/vpc"
}

Here, the root module defines the provider and invokes a child module for VPC resources.

  • Role: Acts as the central coordinator, defining global settings (e.g., provider configurations) and integrating child modules to compose the complete infrastructure. Every Terraform project has exactly one root module, implicitly created in the execution directory.
  • Use Case: Suitable for defining the high-level architecture of a project, such as specifying environment-wide parameters or aggregating modular components into a cohesive deployment.
  • Considerations: As the execution context, the root module’s state file tracks all resources, including those provisioned by child modules, necessitating secure state management (e.g., via a remote backend).

3.2. Child Modules

Child modules are reusable, self-contained configurations housed in subdirectories of the root module or sourced from external repositories (e.g., Git, Terraform Registry). They encapsulate specific subsets of infrastructure and are invoked by the root module or other child modules.

Structure: A child module is a directory containing its own .tf files. For example, a modules/vpc directory might include:

# modules/vpc/main.tf
resource "aws_vpc" "main" {
  cidr_block = var.vpc_cidr
}
 
variable "vpc_cidr" {
  type = string
}
 
output "vpc_id" {
  value = aws_vpc.main.id
}

This module is called from the root module with a module block:

module "vpc" {
  source    = "./modules/vpc"
  vpc_cidr = "10.0.0.0/16"
}
  • Role: Functions as a reusable template, abstracting specific resource groups (e.g., a VPC, an EC2 cluster) for instantiation with varying parameters. Child modules can be nested, allowing hierarchical composition.
  • Use Case: Ideal for standardizing recurring infrastructure patterns (e.g., a load-balanced web tier) across projects, environments, or teams, promoting consistency and reducing duplication.
  • Considerations: Child modules rely on the root module for execution context and state tracking. Sourcing from external repositories enhances shareability but introduces dependency management overhead (e.g., versioning, updates).

3.3. Comparative Analysis

  1. Scope: The root module is singular and project-specific, while child modules are plural and reusable across contexts.
  2. Execution: Terraform operates from the root module, recursively processing child modules during planning and application.
  3. State Management: The root module’s state file encompasses all resources, whereas child modules contribute to this state without maintaining their own independent state files.

3.4. Terraform module sources:

Terraform modules derive their flexibility and reusability from their ability to be sourced from various locations, enabling practitioners to leverage both local and remote repositories for infrastructure as code (IaC). The source attribute in a module block specifies the origin of a module’s configuration files, supporting a range of storage options from local directories to cloud-hosted services. This section delineates the primary module source types, their syntax, and their operational implications in Terraform workflows.

3.4.1 Local directory

References a module stored in a subdirectory relative to the root module’s working directory. For example :

module "networking" {
  source = "./modules/networking"
}

Terraform directly reads the files from the specified path during execution, requiring no external network access. Ideal for development, testing, or project-specific modules maintained within the same repository as the root module. But it's imited to the local filesystem, making it less suitable for sharing across teams or projects unless bundled in a version-controlled repository.

3.4.2 Terraform Registry

Sources a module from the public Terraform Registry or a private registry hosted via Terraform Cloud/Enterprise. For example :

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.1.0"  # Optional but recommended
}

Terraform downloads the module from registry.terraform.io (or a custom registry) during terraform init, caching it locally. Perfect for leveraging pre-built, community-vetted modules (e.g., AWS VPC, Azure AKS) to accelerate development with proven configurations. You should consider the dependency on external availability, as private registries require authentication setup.

3.4.3 GitHub Repository

Retrieves a module directly from a GitHub repository, supporting public or private access. For example :

module "custom_module" {
  source = "github.com/user/module"
}

Terraform clones the repository during terraform init, using the specified reference (defaulting to the main branch if omitted). Suitable for sharing custom modules across teams or organizations via a familiar Git workflow. Although it requires network access and, for private repos, authentication (e.g., SSH keys or GitHub tokens via git:: prefix, like git::ssh://...).

3.4.4 Bitbucket, S3, GCS, etc.

Extends module sourcing to alternative platforms like Bitbucket, AWS S3, Google Cloud Storage (GCS), or HTTP endpoints. Terraform fetches the module archive or directory from the specified service during initialization, often requiring credentials for private storage.

4. Using Modules in Terraform

Terraform modules empower practitioners to instantiate reusable infrastructure components within a configuration, streamlining the deployment process and promoting consistency across projects. By invoking a module via a module block, users can provision predefined resource sets with customized parameters, leveraging the modularity and abstraction inherent in Terraform’s design. This section elucidates the mechanics of module usage, illustrated through a practical example, and outlines best practices for effective implementation in infrastructure as code (IaC) workflows.

4.1. Module Invocation Mechanics

A module is incorporated into a Terraform configuration using the module block, which specifies the module’s source and passes input variables to tailor its behavior. The root module—or another child module—serves as the caller, orchestrating the instantiation of the referenced module’s resources. The source attribute identifies the module’s location, while additional arguments supply values to its defined input variables.

4.2. Example: Provisioning an EC2 Instance Module

Consider a scenario where a reusable module provisions an AWS EC2 instance. The root module invokes this module as follows:

module "web_server" {
  source        = "./modules/ec2-instance"
  instance_type = "t2.micro"
  ami_id        = "ami-123456"
}

The corresponding module (modules/ec2-instance/main.tf) might look like:

variable "instance_type" {
  type = string
}
 
variable "ami_id" {
  type = string
}
 
resource "aws_instance" "server" {
  ami           = var.ami_id
  instance_type = var.instance_type
}

When terraform apply is executed in the root module, Terraform processes the module, provisioning an EC2 instance with the specified AMI and instance type.

5. Input Variables & Meta-Arguments in Modules

Terraform modules leverage input variables and meta-arguments to customize behavior and manage dependencies effectively.

5.1. Passing Input Variables

Input variables are passed to modules to tailor their resource configurations:

module "vpc" {
  source       = "./modules/vpc"
  vpc_cidr     = "10.0.0.0/16"
  subnet_count = 3
}

Here, vpc_cidr and subnet_count configure the VPC module’s CIDR block and subnet quantity, enhancing flexibility.

5.2. Using Meta-Arguments

Meta-arguments like depends_on and providers control module execution and provider context:

module "eks_cluster" {
  source       = "./modules/eks"
  cluster_name = "my-cluster"
  depends_on   = [module.vpc]
}

depends_on ensures the VPC module completes before the EKS cluster, enforcing dependency order.

6. What Makes a Good Terraform Module?

A well-designed Terraform module enhances usability, maintainability, and interoperability. Key characteristics include:

  • Abstracts Low-Level Resources: Encapsulates resource details, simplifying high-level infrastructure management.
  • Logically Groups Resources: Organizes related components (e.g., VPC or EC2 modules) for coherence and clarity.
  • Exposes Configurable Inputs: Offers input variables for flexible customization without altering core logic.
  • Provides Useful Defaults: Supplies sensible default values to streamline adoption and reduce configuration overhead.
  • Returns Outputs for Integration: Delivers key resource attributes (e.g., IDs, IPs) to enable seamless chaining with other modules.

7. Terraform modules registry

Beyond providers, Terraform supports a rich ecosystem of modules, reusable configurations tailored to specific providers like AWS, Azure, and others. The Terraform Registry hosts a variety of modules, including the widely-used AWS Security Group module. This module simplifies security group management by offering pre-configured settings for common use cases. For example:

module "security_group" {
  source  = "terraform-aws-modules/security-group/aws"
  version = "5.1.0"
  name    = "web-sg"
  vpc_id  = "vpc-12345678"
  ingress_rules = ["http-80-tcp", "ssh-tcp"]
  ingress_cidr_blocks = ["0.0.0.0/0"]
}

This configuration provisions an AWS security group with HTTP and SSH access, demonstrating the module’s ability to abstract complex resource definitions into a streamlined, customizable format.

Demo

You can find the complete Terraform configurations for this tutorial in the GitHub repository below. Feel free to explore, fork, and experiment! 🚀

🔗 GitHub Repo: [https://github.com/rahimbtc1994/terraform-intermediate/tree/main/part-6]

Now that you've mastered Terraform modules and learned how to build reusable, scalable infrastructure, it's time to tackle environment management! In Terraform for DevOps: Managing Infrastructure Across Multiple Environments (Part 6), we'll explore best practices for structuring your Terraform code to handle development, staging, and production environments efficiently. From organizing your file structure to managing remote state and minimizing duplication, this guide will help you streamline deployments across multiple environments. Let’s take your Terraform skills to the next level! 🚀

If you have any questions or run into issues, drop a comment—I’m happy to help! 😊

Rahim's Newsletter

I write monthly Tech, Web Development and chrome extension that will improve your productivity. Trust me, I won't spam you.

Share on Social Media: