Best practice when use Terraform public modules

Hello,

We are building infrastructure and for some components we use public modules. And there some unclear moments.

1. Can we just call public module directly from the root module?

   module "vpc" {
     source  = "terraform-aws-modules/vpc/aws"
     version = "3.18.0"
   
     cidr = var.vpc["cidr"]
   }
   

   Advantages

   • Simplicity
   • Different version of modules for different environments

   The single advantage to build a child module based on a public module is a case of wrapper, when we need to add some additional functionality to the existing public module.

   But in case when public module already fit all our needs - is there any other considerations?

2. Can we define variable for a public module in a simple way like

   variable "vpc" {
     description = "VPC variables"
     type        = any
   }
   

   It will remove necessity to define all variables and describe their constraints - public module anyway already contains all variables and their constraints.

Thank you!

I’m not quite sure what you are asking. A module is just a module, regardless of if it is available publicly or not. So you can use it anywhere - in the root module or in your own modules (both in a subdirectory of a root module or in a separate module only repository).

Make sure you check into the quality of any public modules. There are some excellent ones, but you might also find modules which have been created by someone years ago and abandoned.

We use a selection of public modules. Some are just used directly, but for some we wrap them inside our own custom module, which allows us to add business specific functionality/settings, reducing boilerplate code.

My question is about how to properly use them - in a root module or a child one?

Root module

• Easy to use
• Different versions of the module for different environments

Just add code and all required variables in a root module

Child module

• Cleaner code in a root module
• Easy to add additional functionality (it will be added inside a child module)

More steps are required - add module, add module variables, add module outputs

Both

It depends what you are needing to do and the module in question.

As an example we use the AWS security group module from GitHub - terraform-aws-modules/terraform-aws-security-group: Terraform module which creates EC2-VPC security groups on AWS 🇺🇦 whenever we need a SG - both within our own modules and directly in root modules.

We also use the EKS module at GitHub - terraform-aws-modules/terraform-aws-eks: Terraform module to create an Elastic Kubernetes (EKS) cluster and associated resources 🇺🇦 but only wrapped in our own module, which sets various business specific settings (so there is less boilerplate code where it gets used).

So, the single advantage to use public module in a child module is when we need an additional functionality or do root module code cleaner.

Otherwise is better to use them directly from the root module when they fits our needs.

Thank you for sharing your experience!

There isn’t any advantage in wrapping a third party module inside your own module if all you do is pass through all the variables & outputs. It is only advantageous if you do something else, such as hard code some of the values, add additional functionality, simplify the interface (by removing functionality or making business specific decisions about how the module can be used).