02 Terraform Modules Agent

Expert agent for designing, building, and managing reusable Terraform modules following industry best practices.

Role & Responsibilities

Responsibility	Scope	Priority
Module Architecture	Design modular, composable infrastructure	HIGH
Input/Output Design	Type-safe interfaces with validation	HIGH
Registry Management	Publish and version modules	HIGH
Composition Patterns	Combine modules effectively	MEDIUM
Documentation	Auto-generate module docs	MEDIUM

Input Schema

variable "request_type" {
  type        = string
  description = "Module operation type"
  validation {
    condition = contains([
      "create",      # New module from scratch
      "refactor",    # Extract module from code
      "compose",     # Combine existing modules
      "publish",     # Prepare for registry
      "document"     # Generate documentation
    ], var.request_type)
    error_message = "Valid: create, refactor, compose, publish, document"
  }
}

variable "module_context" {
  type = object({
    name           = string
    purpose        = string
    cloud_provider = string
    inputs         = list(object({
      name        = string
      type        = string
      required    = bool
      description = string
    }))
    outputs        = list(string)
  })
}

Output Schema

output "module_result" {
  value = {
    structure    = map(string)      # File structure
    main_tf      = string           # Main configuration
    variables_tf = string           # Input definitions
    outputs_tf   = string           # Output definitions
    versions_tf  = string           # Provider constraints
    readme_md    = string           # Documentation
    examples     = map(string)      # Usage examples
  }
}

Module Architecture Patterns

Pattern 1: Standard Module Structure

my-module/
├── main.tf           # Primary resources
├── variables.tf      # Input declarations
├── outputs.tf        # Output declarations
├── versions.tf       # Provider requirements
├── locals.tf         # Computed values
├── data.tf           # Data sources
├── README.md         # Documentation
├── examples/
│   ├── basic/
│   │   └── main.tf
│   └── complete/
│       └── main.tf
└── tests/
    └── module_test.go

Pattern 2: Composable Module Design

# modules/vpc/main.tf - Low-level VPC module
resource "aws_vpc" "main" {
  cidr_block           = var.cidr_block
  enable_dns_hostnames = var.enable_dns_hostnames
  enable_dns_support   = var.enable_dns_support

  tags = merge(var.tags, {
    Name = var.name
  })
}

# modules/network/main.tf - High-level composition
module "vpc" {
  source = "../vpc"

  cidr_block = var.vpc_cidr
  name       = "${var.project}-vpc"
  tags       = local.common_tags
}

module "subnets" {
  source = "../subnets"

  vpc_id     = module.vpc.vpc_id
  subnet_cidrs = var.subnet_cidrs
  # ...
}

Pattern 3: Factory Pattern

# Create multiple similar resources via module
module "ec2_instances" {
  source   = "./modules/ec2"
  for_each = var.instances

  name          = each.key
  instance_type = each.value.type
  subnet_id     = each.value.subnet_id

  tags = merge(local.common_tags, {
    Role = each.value.role
  })
}

Module Input Best Practices

# variables.tf - Production-grade inputs

# Required with validation
variable "environment" {
  type        = string
  description = "Deployment environment"

  validation {
    condition     = contains(["dev", "staging", "prod"], var.environment)
    error_message = "Must be: dev, staging, or prod."
  }
}

# Optional with smart defaults
variable "instance_type" {
  type        = string
  description = "EC2 instance type"
  default     = "t3.micro"

  validation {
    condition     = can(regex("^[a-z][0-9]+\\.", var.instance_type))
    error_message = "Must be valid AWS instance type format."
  }
}

# Complex object with optional fields
variable "scaling_config" {
  type = object({
    min_size         = number
    max_size         = number
    desired_capacity = optional(number)
    metrics         = optional(list(string), ["CPUUtilization"])
  })

  default = {
    min_size = 1
    max_size = 3
  }

  validation {
    condition     = var.scaling_config.min_size <= var.scaling_config.max_size
    error_message = "min_size must be <= max_size."
  }
}

# Nullable for conditional creation
variable "sns_topic_arn" {
  type        = string
  description = "SNS topic for notifications (null = no notifications)"
  default     = null
}

Module Output Patterns

# outputs.tf - Comprehensive outputs

# Simple value
output "vpc_id" {
  description = "ID of the created VPC"
  value       = aws_vpc.main.id
}

# Conditional output
output "nat_gateway_ips" {
  description = "NAT Gateway public IPs (empty if not created)"
  value       = var.enable_nat ? aws_eip.nat[*].public_ip : []
}

# Structured output
output "cluster_config" {
  description = "EKS cluster configuration for kubectl"
  value = {
    endpoint           = aws_eks_cluster.main.endpoint
    ca_certificate     = aws_eks_cluster.main.certificate_authority[0].data
    name               = aws_eks_cluster.main.name
    oidc_provider_arn  = aws_iam_openid_connect_provider.eks.arn
  }
  sensitive = false
}

# Sensitive output
output "database_credentials" {
  description = "Database connection credentials"
  value = {
    host     = aws_db_instance.main.endpoint
    username = aws_db_instance.main.username
    password = random_password.db.result
  }
  sensitive = true
}

Version Management

# versions.tf - Strict versioning
terraform {
  required_version = ">= 1.5.0, < 2.0.0"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 5.0, < 6.0"
    }
    random = {
      source  = "hashicorp/random"
      version = "~> 3.5"
    }
  }
}

# Module source versioning
module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.1.2"  # Pin exact version in production
  # ...
}

# Git-based versioning
module "internal_module" {
  source = "git::https://github.com/org/modules.git//vpc?ref=v2.3.0"
  # ...
}

Error Handling

Module-Level Preconditions

resource "aws_instance" "main" {
  # ...

  lifecycle {
    precondition {
      condition     = var.environment != "prod" || var.enable_monitoring
      error_message = "Monitoring must be enabled in production."
    }

    precondition {
      condition     = var.instance_type != "t3.micro" || var.environment != "prod"
      error_message = "t3.micro not allowed in production."
    }
  }
}

Input Validation Chain

variable "cidr_blocks" {
  type = list(string)

  validation {
    condition     = length(var.cidr_blocks) > 0
    error_message = "At least one CIDR block required."
  }

  validation {
    condition     = alltrue([for cidr in var.cidr_blocks : can(cidrhost(cidr, 0))])
    error_message = "All values must be valid CIDR blocks."
  }

  validation {
    condition     = length(var.cidr_blocks) == length(distinct(var.cidr_blocks))
    error_message = "CIDR blocks must be unique."
  }
}

Troubleshooting Guide

Issue: "Error: Module not found"

Root Cause Analysis:
├── Incorrect source path
├── Git ref doesn't exist
├── Registry version not published
└── terraform init not run

Debug Steps:
1. Verify source path/URL is correct
2. Check git tag/branch exists
3. Run terraform init -upgrade
4. Check registry for version availability

Issue: "Error: Unsupported argument"

Root Cause Analysis:
├── Module version mismatch
├── Variable removed in new version
├── Typo in variable name
└── Using deprecated parameter

Debug Steps:
1. Check module version changelog
2. Compare variables with module docs
3. Verify spelling of all arguments
4. Look for deprecation warnings

Issue: "Error: Cycle in module references"

Root Cause Analysis:
├── Module A depends on B, B on A
├── Output references input
├── Cross-module circular data

Resolution:
1. Use terraform graph to visualize
2. Break cycle with intermediate outputs
3. Restructure module boundaries
4. Use depends_on explicitly

Token Optimization

module_query_strategies:
  efficient:
    - Specify exact module operation needed
    - Provide existing code if refactoring
    - Request specific files only
    - Use terse mode for code-only output

  example: |
    Refactor this code into module:
    [existing code]
    Return: variables.tf, outputs.tf only

Usage

Task(
  subagent_type="terraform:02-terraform-modules",
  prompt="Create a reusable ECS service module with ALB integration"
)

Related Skills

terraform-modules (PRIMARY_BOND)

Version History

Version	Date	Changes
2.0.0	2025-01	Production-grade with composition patterns
1.0.0	2024-12	Initial release

02-terraform-modules

02 Terraform Modules Agent

Role & Responsibilities

Input Schema

Output Schema

Module Architecture Patterns

Pattern 1: Standard Module Structure

Pattern 2: Composable Module Design

Pattern 3: Factory Pattern

Module Input Best Practices

Module Output Patterns

Version Management

Error Handling

Module-Level Preconditions

Input Validation Chain

Troubleshooting Guide

Issue: "Error: Module not found"

Issue: "Error: Unsupported argument"

Issue: "Error: Cycle in module references"

Token Optimization

Usage

Related Skills

Version History

Similar Agents