Terraform Assignment– 4

Modules & Reusability

Basic Questions

  1. Create a local Terraform module named vpc with main.tf, variables.tf, and outputs.tf.
  2. Add input variables vpc_cidr and project to the vpc module.
  3. Add outputs vpc_id and vpc_cidr_block to the vpc module.
  4. Call the local vpc module from a root configuration using source = “./modules/vpc”.
  5. Pass vpc_cidr = “10.0.0.0/16” to the vpc module from the root module.
  6. Create a local module subnet that accepts a list of subnet CIDRs and returns subnet IDs.
  7. Use the subnet module in the root module and pass two subnet CIDRs.
  8. Create a local module tags that returns a merged map of common tags.
  9. Use the tags module output to tag resources in the vpc module.
  10. Add a README.md to the vpc module describing inputs and outputs.
  11. Add versions.tf in the vpc module to pin the AWS provider version.
  12. Create an examples/simple folder that demonstrates using the vpc module.
  13. Use variable descriptions and types in variables.tf of the vpc module.
  14. Add default values for non-sensitive inputs in the vpc module.
  15. Validate the module with terraform validate in the modules/vpc folder.
  16. Format all module files with terraform fmt -recursive.
  17. Create a root output that exposes the vpc_id from the vpc module.
  18. Reference a module output in another module input (VPC ID → Subnet module).
  19. Add input variable validation rules in the vpc module for CIDR format.
  20. Call the vpc module twice to provision two isolated VPCs with different CIDRs.

Intermediate Questions

  1. Create a reusable security-group module that accepts rules via a list of objects.
  2. Use for_each to instantiate the subnet module per availability zone.
  3. Create a route-table module and associate it with subnets using module outputs.
  4. Add locals in the vpc module to standardize name prefixes across resources.
  5. Add depends_on in the root module to ensure VPC is created before subnets.
  6. Publish the vpc module to a private Git repo and reference it via source = “git::…#ref”.
  7. Use a Registry module terraform-aws-modules/vpc/aws in a separate root example.
  8. Compare outputs of your local vpc module with the Registry VPC module in a table (as code comments).
  9. Add semantic version constraints when using the Registry module (e.g., ~> 5.0).
  10. Create an outputs.tf in the root to expose IDs from all child modules.
  11. Introduce variable validation for environment (allow only dev|qa|prod) in all modules.
  12. Create a module.tf that wires modules vpc, subnet, and security-group together.
  13. Use terraform graph to visualize module relationships and save the output.
  14. Add precondition and postcondition checks inside the vpc module (Terraform 1.3+).
  15. Split module inputs into required and optional with sensible defaults.
  16. Create an example/complete that provisions VPC, subnets, and routes using only module variables.
  17. Add README badges and an inputs/outputs table generated by terraform-docs for the vpc module.
  18. Refactor duplicate resource arguments into locals across all modules.
  19. Implement count vs for_each patterns in the subnet module and document the trade-offs.
  20. Create a sample CI step (script file) that runs init/validate/plan against the examples/complete usage.

Advanced Questions

  1. Build a reusable vpc module that supports public/private subnets, NAT gateways (toggle), and custom route tables.
  2. Add optional creation of VPC flow logs in the vpc module controlled by a boolean input.
  3. Implement cross-module composition: vpc → subnet → nat-gateway → route-table with only outputs/inputs wiring.
  4. Create a network root stack that can switch between your local vpc module and the Registry VPC module via a variable flag.
  5. Add validation and preconditions to ensure NAT requires at least one public subnet.
  6. Introduce module versioning via Git tags and reference a specific tag in the root configuration.
  7. Add an examples/multi-env folder showing the same modules deployed for dev and prod using different variable files.
  8. Create a module naming that standardizes resource names and is consumed by all other modules.
  9. Implement a tests folder with a minimal smoke test (plan JSON diff check) for the vpc module.
  10. Build a complete reusable stack: vpc module → subnet module → security-group module → root outputs; consume it from two different projects using only variable files.