	In Browser
	StumbleUpon
	del.icio.us
	Google
	Google Buzz
	reddit
	LinkedIn

	Facebook
	Twitter
	Linkedin
	E-Mail

Terraform and IaC > Terraform Modules > Reusable Terraform Modules

Reusable Terraform Modules

Author: Venkata Sudhakar

A Terraform module is a self-contained package of Terraform configuration files in a directory that represents a reusable unit of infrastructure. Instead of copy-pasting the same Cloud SQL or GKE configuration across multiple projects, you write it once as a module with well-defined input variables and output values, then call the module from different root configurations with different arguments. This is the infrastructure equivalent of writing a library function instead of duplicating code.

Every Terraform configuration is technically a module - the "root module" is the directory where you run terraform apply. Child modules are referenced with the module block. Modules can be sourced from a local directory path, a Git repository URL, a Terraform Registry URL (registry.terraform.io), or a GitHub/GitLab URL. The official Terraform Registry hosts hundreds of community modules for common patterns, but for enterprise teams it is best practice to maintain internal private module registries (in Terraform Cloud, Spacelift, or a Git repository) to enforce company standards on tagging, networking, and security settings.

The below example shows how to build a reusable GCS data lake module and then call it from two different environments (dev and prod) with different variable values.

# Directory structure for a module-based Terraform project:
#
# modules/
#   gcs_data_lake/          <-- reusable module
#     main.tf
#     variables.tf
#     outputs.tf
# environments/
#   dev/
#     main.tf               <-- calls the module for dev
#     terraform.tfvars
#   prod/
#     main.tf               <-- calls the module for prod
#     terraform.tfvars

# ---- modules/gcs_data_lake/variables.tf ----
variable "project_id"   { type = string }
variable "environment"  { type = string }
variable "region"       { type = string; default = "us-central1" }
variable "retention_days" {
  type        = number
  default     = 90
  description = "Days before objects transition to NEARLINE storage"
  validation {
    condition     = var.retention_days >= 30 && var.retention_days <= 365
    error_message = "retention_days must be between 30 and 365."
  }
}
variable "enable_versioning" { type = bool; default = true }
variable "labels"             { type = map(string); default = {} }

# ---- modules/gcs_data_lake/main.tf ----
locals {
  bucket_name   = "${var.project_id}-${var.environment}-data-lake"
  merged_labels = merge(var.labels, { managed_by = "terraform", environment = var.environment })
}

resource "google_storage_bucket" "this" {
  name          = local.bucket_name
  location      = var.region
  storage_class = "STANDARD"
  force_destroy = var.environment != "prod"
  labels        = local.merged_labels

dynamic "versioning" {
    for_each = var.enable_versioning ? [1] : []
    content   { enabled = true }
  }

lifecycle_rule {
    condition { age = var.retention_days }
    action    { type = "SetStorageClass"; storage_class = "NEARLINE" }
  }
}

resource "google_storage_bucket_iam_member" "data_engineer_read" {
  bucket = google_storage_bucket.this.name
  role   = "roles/storage.objectViewer"
  member = "group:data-engineers@${var.project_id}.iam.gserviceaccount.com"
}

# ---- modules/gcs_data_lake/outputs.tf ----
output "bucket_name" { value = google_storage_bucket.this.name }
output "bucket_url"  { value = "gs://${google_storage_bucket.this.name}" }
output "bucket_id"   { value = google_storage_bucket.this.id }

# ---- environments/dev/main.tf ----
terraform {
  required_providers {
    google = { source = "hashicorp/google", version = "~> 5.0" }
  }
}

provider "google" {
  project = var.project_id
  region  = "us-central1"
}

variable "project_id" { type = string }

# Call the module - all the complexity is hidden inside
module "dev_data_lake" {
  source = "../../modules/gcs_data_lake"

project_id        = var.project_id
  environment       = "dev"
  retention_days    = 30           # Shorter retention in dev to save cost
  enable_versioning = false        # No versioning needed in dev
  labels            = { team = "platform", cost_center = "dev-engineering" }
}

output "dev_bucket_url" { value = module.dev_data_lake.bucket_url }

# ---- environments/prod/main.tf ----
module "prod_data_lake" {
  source = "../../modules/gcs_data_lake"

project_id        = var.project_id
  environment       = "prod"
  retention_days    = 365          # Full year retention in prod
  enable_versioning = true         # Versioning required in prod
  labels            = { team = "platform", cost_center = "prod-data" }
}

output "prod_bucket_url" { value = module.prod_data_lake.bucket_url }

# Run for dev
cd environments/dev
terraform init
terraform apply -var="project_id=my-gcp-project"

# Run for prod
cd environments/prod
terraform apply -var="project_id=my-gcp-project"

It gives the following output,

# Dev apply:
module.dev_data_lake.google_storage_bucket.this: Creating...
module.dev_data_lake.google_storage_bucket.this: Creation complete after 2s
module.dev_data_lake.google_storage_bucket_iam_member.data_engineer_read: Creating...

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Outputs:
dev_bucket_url = "gs://my-gcp-project-dev-data-lake"

# Prod apply:
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Outputs:
prod_bucket_url = "gs://my-gcp-project-prod-data-lake"

# Same module, different configs - zero code duplication.
# Updating the module once updates both dev and prod on next apply.

Module best practices:

One resource type per module - Keep modules focused. A gcs_data_lake module should only create GCS resources. Combining GCS, Cloud SQL, and GKE in one module makes it hard to use partially. Version your modules - Use Git tags (v1.0.0, v1.1.0) and reference modules by tag: source = "git::https://github.com/myorg/terraform-modules.git//gcs_data_lake?ref=v1.2.0". This prevents unintended changes when the module is updated. Always define outputs - Every module should output the IDs, names, and connection strings of the resources it creates, so callers can chain modules together. Use for_each with modules - You can call a module multiple times in a loop: for_each = var.environments creates one bucket per environment from a single module call.

Send your comments, suggestions or queries regarding this site to [email protected].