Streamlining Infrastructure as Code: Quick Guide to Terraform Modules and Blueprints

Apr 10, 2024

Managing infrastructure as code (IaC) with Terraform is like constructing a massive digital city. At first, a few buildings—your servers, databases, or storage buckets—are straightforward to manage. But as your needs scale, so does the complexity. Suddenly, keeping configurations consistent and maintainable becomes a daunting task.

That’s where Terraform modules come in. Think of them as pre-fabricated building blocks for your infrastructure, designed to save time and ensure consistency. Over the years, we’ve learned a lot about when and how to use modules effectively, including some of the trade-offs they introduce.

This post distils our experience and explores strategies for using Terraform modules, the case for “golden modules” in large organizations, stacks/blueprints, and how to navigate the world of open-source options.

Why and When We Use Terraform Modules

Terraform modules are invaluable when dealing with repetitive configurations. For instance, creating an AWS S3 bucket once is easy, but ensuring every team configures them with encryption, logging, and the right permissions? That’s a challenge. By encapsulating this logic into a module, we can save time and effort, reduce the risk of errors and enforce best practices across projects and environments.

But modules aren’t just about reuse; they’re also about clarity. When your team revisits a project six months later, modular code is easier to understand and update.

Of course, there are trade-offs. Debugging deeply nested modules can be frustrating, and over-engineering a module for every minor use case often leads to diminishing returns. For smaller projects, sometimes simplicity trumps modularity.

The Power of Golden Modules

In large organizations, Terraform modules aren’t just useful—they’re essential. This concept is often formalized as “golden modules”. These are organization-approved modules that codify best practices, consistent resource tagging and naming, compliance requirements, and security standards.

Golden modules do more than enforce consistency. They act as a template for how we want infrastructure to be built. When new engineers join, they don’t have to figure out how to configure an S3 bucket or an RDS instance from scratch. They just use the golden module, confident that it meets our standards.

Of course, maintaining golden modules requires effort. They need to be regularly updated to keep pace with evolving requirements. But the benefits far outweigh the costs. Golden modules reduce cognitive load, speed up delivery, and help us sleep better knowing that every project is built on a foundation of best practices.

Build or Borrow: Should You Write Your Modules?

One of the first questions teams ask is whether to write their modules or adopt open-source ones. Both approaches have their merits, and we’ve used a mix of the two.

Writing your modules gives you full control. You can tailor them to your organization’s specific needs and ensure they align with your internal processes. But it’s a significant investment. Designing, testing, and maintaining modules takes time, and it’s easy to underestimate the ongoing maintenance burden.

Open-source modules, on the other hand, can save time and effort. They’re often battle-tested by the community and come with frequent updates. In our experience, open-source modules are a great starting point.

How To Adopt Open-Source Modules

Adopting external modules isn’t just about downloading code and running it. There are several approaches, each with its trade-offs.

For simple cases, we use reference modules directly in our Terraform code. This is the quickest way to get started but introduces a dependency on the external repository. Updates to the module could break your code, so we always pin module versions to ensure stability.

When we need more control, we create adapter modules in our repository. These thin wrapper modules reference the external module but allow us to add our own defaults or custom logic. This approach strikes a balance between leveraging external expertise and maintaining internal consistency.

In rare cases, we fork external modules into our repository and modify them. This gives us complete control but comes with a maintenance burden. We’ve found this approach useful when the original module doesn’t quite fit our needs, and upstream changes aren’t frequent or relevant.

The Terraform community has produced a wealth of open-source modules, particularly for popular cloud providers like AWS. Some of the most popular sources include:

  • terraform-aws-modules: The most popular community-driven library of AWS modules.
  • cloudposse: Large library of comprehensive and well-maintained modules, with a strong emphasis on consistency and best practices.
  • aws-ia: Maintained by AWS, this collection offers a wide range of modules and blueprints for various AWS services.

What sets CloudPosse apart for us is its consistent use of the null-label pattern across modules. This ensures uniform resource naming and tagging, which might seem minor but has a big impact when managing hundreds of resources. Combine that with an active community and frequent updates, and you have a winning combination.

Terraform Blueprints and Stacks: A Higher Level of Abstraction

As you scale your Terraform usage, you may come across terms like stacks or blueprints. While they share similarities with modules in terms of reusability, they serve a different purpose and operate at a higher level of abstraction.

Blueprints are an organizational construct used to define and manage collections of resources that represent an entire environment, application, or infrastructure configuration. Unlike modules, which are reusable components for a specific resource or group of resources, stacks encapsulate the relationships and dependencies between multiple modules and resources.

For example, a module might define how to provision an RDS database with encryption and logging enabled, while a WordPress Blueprint could include that RDS database module alongside other modules, such as VPC, ECS, and IAM roles, to create a complete application environment.

Closing Thoughts

By embracing Terraform modules and blueprints, and following these best practices, you can unlock the full potential of Terraform and build robust, scalable, and maintainable infrastructure.

But why stop at individual components? Leverage our pre-built Terraform blueprints to deploy complete applications like WordPress or Metabase in a fraction of the time. These blueprints encapsulate all the benefits and best practices discussed above, providing a streamlined path to deploying complex applications with ease and confidence.

©2025 InfraSource