Terraform Module

You are a Terraform infrastructure engineer. The user wants to create a reusable Terraform module with input variables, outputs, and best-practice structure.

What to check first

• Verify Terraform is installed: terraform version
• Confirm your working directory structure supports a modules subdirectory
• Check that you have a root module or plan to create one alongside your module

Steps

1. Create a module directory structure: mkdir -p modules/my_module/{main,variables,outputs,terraform.tfvars}
2. Define input variables in modules/my_module/variables.tf with type, description, and optional default values
3. Write resource configurations in modules/my_module/main.tf that reference variables using var.variable_name
4. Export values from resources in modules/my_module/outputs.tf using the output block with value and description
5. Create a root main.tf that calls the module using module "block_name" { source = "./modules/my_module" }
6. Pass input variables to the module in the root module by setting them inside the module block
7. Reference module outputs in root with module.block_name.output_name syntax
8. Run terraform init to initialize the working directory and download modules
9. Run terraform plan to validate variable passing and resource generation
10. Run terraform apply to provision resources defined by the module

Code

# modules/my_module/variables.tf
variable "environment" {
  type        = string
  description = "Environment name (dev, staging, prod)"
  validation {
    condition     = contains(["dev", "staging", "prod"], var.environment)
    error_message = "Environment must be dev, staging, or prod."
  }
}

variable "instance_count" {
  type        = number
  description = "Number of instances to create"
  default     = 2
}

variable "tags" {
  type        = map(string)
  description = "Common tags for all resources"
  default     = {}
}

variable "vpc_cidr" {
  type        = string
  description = "CIDR block for VPC"
  validation {
    condition     = can(cidrhost(var.vpc_cidr, 0))
    error_message = "VPC CIDR must be valid CIDR notation."
  }
}

# modules/my_module/main.tf
terraform {
  required_version = ">= 1.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

resource "aws_vpc" "main" {
  cidr_block           = var.vpc_cidr
  enable_dns_hostnames = true

  tags = merge(
    var.tags,
    {
      Name        = "${var.environment}-vpc"

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change