Best practice when use Terraform public modules


We are building infrastructure and for some components we use public modules. And there some unclear moments.

  1. Can we just call public module directly from the root module?

    module "vpc" {
      source  = "terraform-aws-modules/vpc/aws"
      version = "3.18.0"
      cidr = var.vpc["cidr"]


    • Simplicity
    • Different version of modules for different environments

    The single advantage to build a child module based on a public module is a case of wrapper, when we need to add some additional functionality to the existing public module.

    But in case when public module already fit all our needs - is there any other considerations?

  2. Can we define variable for a public module in a simple way like

    variable "vpc" {
      description = "VPC variables"
      type        = any

    It will remove necessity to define all variables and describe their constraints - public module anyway already contains all variables and their constraints.

Thank you!

Iโ€™m not quite sure what you are asking. A module is just a module, regardless of if it is available publicly or not. So you can use it anywhere - in the root module or in your own modules (both in a subdirectory of a root module or in a separate module only repository).

Make sure you check into the quality of any public modules. There are some excellent ones, but you might also find modules which have been created by someone years ago and abandoned.

We use a selection of public modules. Some are just used directly, but for some we wrap them inside our own custom module, which allows us to add business specific functionality/settings, reducing boilerplate code.

1 Like

My question is about how to properly use them - in a root module or a child one?

Root module

Just add code and all required variables in a root module

Child module

  • Cleaner code in a root module
  • Easy to add additional functionality (it will be added inside a child module)

More steps are required - add module, add module variables, add module outputs


It depends what you are needing to do and the module in question.

As an example we use the AWS security group module from GitHub - terraform-aws-modules/terraform-aws-security-group: Terraform module which creates EC2-VPC security groups on AWS ๐Ÿ‡บ๐Ÿ‡ฆ whenever we need a SG - both within our own modules and directly in root modules.

We also use the EKS module at GitHub - terraform-aws-modules/terraform-aws-eks: Terraform module to create an Elastic Kubernetes (EKS) cluster and associated resources ๐Ÿ‡บ๐Ÿ‡ฆ but only wrapped in our own module, which sets various business specific settings (so there is less boilerplate code where it gets used).

1 Like

So, the single advantage to use public module in a child module is when we need an additional functionality or do root module code cleaner.

Otherwise is better to use them directly from the root module when they fits our needs.

Thank you for sharing your experience!

There isnโ€™t any advantage in wrapping a third party module inside your own module if all you do is pass through all the variables & outputs. It is only advantageous if you do something else, such as hard code some of the values, add additional functionality, simplify the interface (by removing functionality or making business specific decisions about how the module can be used).

1 Like