Why Adopt a Hybrid Module Model?
Community modules deliver battle-tested patterns for common infrastructure components—such as VPCs, security groups, and IAM roles—while custom modules allow you to tailor resources to your organization’s policies and application requirements. Key advantages include:- Rapid adoption of reusable, well-supported modules for standard services
- Ability to extend or fine-tune modules to meet project-specific needs
- Consistent versioning of your own modules alongside community offerings
Always pin module versions (
version = "x.y.z" or Git commit hashes) to avoid unexpected updates in production.Comparing Module Sources
| Source | Use Case | Example |
|---|---|---|
| Terraform Registry | Standard components supported by the community | module "vpc" { source = "terraform-aws-modules/vpc/aws" } |
| Private Git Repos | Custom modules tailored to internal policies | module "app" { source = "[email protected]:org/app-module.git" } |
| Local File System | Rapid prototyping or offline development | module "db" { source = "./modules/database" } |
Best Practices for Hybrid Modules
-
Version Control
- Use semantic versioning for both community and custom modules.
- Tag releases in Git and reference stable versions.
-
Module Registry
- Mirror public modules internally for audit and compliance.
- Store custom modules in a private Terraform Registry or Nexus.
-
Security and Compliance
- Scan community modules for vulnerabilities before adoption.
- Enforce organizational standards via pre-commit hooks or CI pipelines.
Reusing community modules without reviewing their code can introduce security risks. Always perform a security audit before deploying to production.