Let’s talk about terraform modules.
Terraform modules are something I love to use and create. They normally have a single purpose and are aimed at allowing you to provision a specific service with very little configuration on the user's side.
The ability to have well-maintained code by a community, if done correctly, can take some of the stress out of managing your infrastructure.
For example, I want a CDN implementation, I’m managing multiple clients on AWS and I want to have a repeatable and easy to implement solution with some variations between projects. Modules are my saviour, they are keeping my code DRY(ish) and I can pin the version on each project to ensure no breaking changes are implemented without my knowledge. I’ve gone from around 500 lines of code to 25 and anyone looking at this can quickly gain an understanding of what’s happening. My overhead managing this project has dropped and if I want to implement any new functionality that the module owners have added I can change the pinned version to a specific release.
Now I'll show you a simple example of using a module.
module "ubuntu-ec2" {
// I’ve pinned to a specific tagged release to ensure a specific state of the module is used.
source = "git::https://github.com/SamCrudge/art-of-cloud-ec2-ubt.git?ref=1.3"
// Passing in variable to change instance size
instance_size = "t2.micro"
// Provision a new S3 storage bucket
new_s3_bucket_name = "my-new-s3-bucket-aoc"
// S3 ACL state.
s3_bucket_acl = "public-read"
}
In this example, I’m using a very simple module that spins up an Ubuntu 20.04 instance, and an S3 bucket, we also have to define an access control list policy for the S3 bucket for this module.
To understand what’s required for the module and any optional extras I read the modules readme, this outlines what's required and what are options in the implementation.
It's as simple as that, you plug the module in, and pass it the required variables.
Supporting modules
I try to give back when I can, whether by fixing examples in the readme, adding new functionality, or making the module compatible with the latest provider.
Open source can feel pretty wild to get into but there’s normally a contributing file that will explain the process you should go through and any other etiquette.
It’s great to give back to the community that has saved you precious time.
My favourite module provider is Cloud Posse. They are an excellent example of well maintained and versioned modules that are benchmarked on security tools such as CIS benchmark and a myriad of others. What are your favourite module providers? Let me know in the comments
Hello, Just a short thank you for taking the time to read my blog, I'm planning on doing write-ups once a week and covering topics across the DevOps and SRE space.
Sam Crudge
DevOps and SRE @ Cyber-Duck