Pragmatic Rule
Do not create modules just because you can. A tiny wrapper around one resource is often noise. Create a module when it expresses a repeatable design or policy boundary.
Modules & Reuse
Learn how to split Terraform into reusable building blocks so teams can standardize network, AKS, storage, and identity patterns without copy-paste chaos.
🧒 Simple Explanation (ELI5)
A module is a reusable Terraform package. Instead of rewriting the same infrastructure recipe over and over, you create a block you can call multiple times with different inputs.
🤔 Why Do We Need It?
- Copy-paste infrastructure becomes inconsistent fast.
- Teams want standard building blocks with approved defaults.
- Modules reduce duplication and make large estates maintainable.
🔧 Technical Explanation
A Terraform module is any folder containing Terraform configuration. The root module is the one you run directly. Child modules are called using the module block.
hcl
module "network" {
source = "../modules/network"
environment = var.environment
location = var.location
address_space = ["10.10.0.0/16"]
app_subnet_cidr = "10.10.1.0/24"
}| Good Module Trait | Reason |
|---|---|
| Clear inputs | Callers understand what to provide |
| Stable outputs | Other modules and pipelines can depend on it safely |
| Focused responsibility | Avoids giant modules that do everything poorly |
| Opinionated defaults | Encodes platform standards without excessive complexity |
Module Composition
Root Module
→
Child Modules
network
aks
monitoring
→
Platform Stack
💡
🌍 Real-World Use Case
An organization may publish modules for resource groups, network foundations, AKS clusters, and Log Analytics. Application teams then consume those modules with environment-specific inputs while the platform team keeps the shared patterns consistent.
🛠️ Hands-on
Basic Module Structure
text
modules/
network/
main.tf
variables.tf
outputs.tfSimple Module Output
hcl
output "subnet_id" {
value = azurerm_subnet.app.id
}🐛 Debugging Scenario
Problem: A caller module fails because an expected value is missing.
- Check the child module outputs.
- Verify the root module is referencing the correct output name.
- Confirm the child module actually creates the resource under the conditions you provided.
⚠️
Module Smell
If a module has so many optional flags that nobody can predict what it will create, it is probably trying to do too many jobs.
📋 Interview Questions
Beginner
What is a Terraform module?
A reusable collection of Terraform configuration files that packages infrastructure logic behind inputs and outputs.
What is the root module?
The configuration in the directory where Terraform commands are run directly.
Why use modules?
To reuse patterns, reduce duplication, and enforce standard infrastructure design across teams and environments.
How does a caller pass data into a module?
By setting input arguments in the module block that map to variables defined inside the module.
How does a module return data?
Through outputs that the caller can reference.
Intermediate
When should you avoid making a module?
When there is no real reuse or abstraction benefit and the module would only add indirection.
What makes a module interface good?
Clear required inputs, sensible defaults, stable outputs, and a focused responsibility aligned with platform boundaries.
How can modules support enterprise governance?
They centralize approved patterns for naming, tagging, networking, security settings, and environment design.
Why are outputs part of the module contract?
Because other modules, stacks, or pipelines may depend on them, so changing outputs can break consumers.
What is the downside of giant all-in-one modules?
They become hard to reason about, hard to test, and difficult to reuse in slightly different situations.
Scenario-Based
Your team copied the same VNet code into six repos. What should change?
I would extract the repeated pattern into a network module with a stable interface and migrate callers gradually.
An AKS module also tries to build the entire corporate network. Why is that a problem?
It mixes responsibilities and creates a large blast radius. A better pattern is a separate network module consumed by the AKS layer.
A module upgrade breaks three environments. What likely happened?
The module interface or behavior changed incompatibly, so versioning, changelog discipline, and staged rollout were insufficient.
Why is module versioning important in shared Terraform estates?
It lets teams adopt improvements intentionally rather than all consumers being surprised by sudden behavior changes.
How would you connect this topic to CI/CD?
CI/CD pipelines can validate module changes, run example plans, and publish versioned modules so infrastructure consumers get controlled upgrades.
🧾 Summary
Modules are how Terraform scales from one-off files to a reusable platform engineering system. Good modules reduce copy-paste, encode standards, and create maintainable interfaces between teams.