Using Published Modules
ใช้ module สำเร็จรูปจาก Terraform Registry — ไม่ต้องเขียนเอง
Terraform Registry Modules
registry.terraform.io/browse/modules — มี 17,000+ modules
Categories:
- AWS —
terraform-aws-modules/* - Google Cloud —
terraform-google-modules/* - Azure —
Azure/* - Generic — utilities, networking patterns
Popular Modules
AWS
| Module | สิ่งที่ทำ |
|---|---|
terraform-aws-modules/vpc/aws | VPC + subnets + NAT + routing |
terraform-aws-modules/eks/aws | EKS cluster + node groups |
terraform-aws-modules/rds/aws | RDS instance + security |
terraform-aws-modules/security-group/aws | Security group with rules |
terraform-aws-modules/iam/aws | IAM users, roles, policies |
terraform-aws-modules/lambda/aws | Lambda function + IAM + logs |
terraform-aws-modules/cloudfront/aws | CloudFront distribution |
terraform-aws-modules/alb/aws | Application Load Balancer |
GCP
| Module | สิ่งที่ทำ |
|---|---|
terraform-google-modules/network/google | VPC + subnets |
terraform-google-modules/kubernetes-engine/google | GKE cluster |
terraform-google-modules/sql-db/google | Cloud SQL |
Azure
| Module | สิ่งที่ทำ |
|---|---|
Azure/aks/azurerm | AKS cluster |
Azure/vnet/azurerm | Virtual Network |
Azure/network-security-group/azurerm | NSG |
ตัวอย่างใช้งาน: AWS VPC Module
main.tf
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.13.0"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["ap-southeast-1a", "ap-southeast-1b", "ap-southeast-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = true # cheaper for dev
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Environment = "production"
Terraform = "true"
}
}
# ใช้ output ของ module
resource "aws_instance" "web" {
ami = "ami-12345"
instance_type = "t3.micro"
subnet_id = module.vpc.public_subnets[0]
vpc_security_group_ids = [module.vpc.default_security_group_id]
}
ตัวอย่าง: EKS Cluster
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "20.24.0"
cluster_name = "my-cluster"
cluster_version = "1.30"
cluster_endpoint_public_access = true
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
eks_managed_node_groups = {
default = {
min_size = 1
max_size = 5
desired_size = 2
instance_types = ["t3.medium"]
capacity_type = "ON_DEMAND"
}
}
tags = {
Environment = "production"
}
}
ตัวอย่าง: RDS PostgreSQL
module "db" {
source = "terraform-aws-modules/rds/aws"
version = "6.10.0"
identifier = "my-postgres"
engine = "postgres"
engine_version = "15.4"
instance_class = "db.t3.micro"
allocated_storage = 20
db_name = "mydb"
username = "admin"
port = 5432
vpc_security_group_ids = [aws_security_group.db.id]
db_subnet_group_name = module.vpc.database_subnet_group
backup_retention_period = 7
backup_window = "03:00-06:00"
performance_insights_enabled = true
create_monitoring_role = true
monitoring_interval = 60
deletion_protection = true
}
วิธีหา Module ที่เหมาะ
1. Search ใน Registry
https://registry.terraform.io/search?q=eks
2. ดูเกณฑ์
- ⭐ Downloads — ยิ่งเยอะยิ่ง mature
- 📅 Last updated — recent = active maintenance
- 🏷️ Verified badge (จาก HashiCorp Partner)
- 📖 Documentation ครบไหม
- 🐛 Issues ใน GitHub — open vs closed ratio
3. ตัวอย่าง: เลือกระหว่าง 2 modules
Module A: terraform-aws-modules/vpc/aws
- Downloads: 600M+
- Verified ✓
- Last update: 2 weeks ago
- Issues: 50 open, 2000 closed
→ ใช้ตัวนี้
Module B: random-user/aws-vpc-thing
- Downloads: 100
- Last update: 2 ปีที่แล้ว
- Issues: 30 open, 5 closed
→ Avoid
อ่าน Module Documentation
ทุก module ใน Registry มีหน้า docs:
https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest
ตรวจ:
- Inputs — variables ที่ต้องส่ง
- Outputs — ค่าที่ module return
- Examples — ตัวอย่างใช้งานจริง
- Submodules — module ย่อย (บาง module มี)
Submodules
บาง module มี submodules:
# Main module
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.13.0"
# ...
}
# Submodule (network ACL only)
module "vpc_acl" {
source = "terraform-aws-modules/vpc/aws//modules/network-acls"
version = "5.13.0"
vpc_id = module.vpc.vpc_id
private_subnets_cidrs = module.vpc.private_subnets_cidr_blocks
}
// คือ subdirectory ใน module repo
Module Constraints
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.13" # ⭐ pessimistic — allow patch + minor up to 5.x
}
Version Operators (recap)
| Operator | ตัวอย่าง |
|---|---|
= | 5.13.0 |
>= | >= 5.0 |
~> | ~> 5.13 (5.13.x or 5.x) |
< >= | >= 5.0, < 6.0 |
Update Module Version
# 1. แก้ version ใน .tf
# 2. Re-init
terraform init -upgrade
# 3. Plan ดู diff
terraform plan
Private Modules
GitHub Private Repo
module "internal" {
source = "git::ssh://[email protected]/myorg/private-modules.git//vpc?ref=v1.0"
}
ต้องมี SSH key ของ GitHub ที่ access repo ได้
Terraform Cloud / Enterprise (Private Registry)
module "internal" {
source = "app.terraform.io/my-org/vpc/aws"
version = "1.0.0"
}
S3 Bucket (private)
module "internal" {
source = "s3::https://s3-bucket.s3.amazonaws.com/modules/vpc-1.0.zip"
}
Override Module Source
ใช้ตอน develop module — ทดสอบ local copy:
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.13.0"
# ...
}
.terraformrc หรือ override.tf
provider_installation {
dev_overrides {
"terraform-aws-modules/vpc/aws" = "/Users/me/code/local-vpc-fork"
}
}
Best Practices
✅ DO:
- ใช้ verified modules ใน prod (HashiCorp Partner)
- Pin specific version (~> 5.13)
- อ่าน CHANGELOG ก่อน update
- ทดสอบใน dev ก่อน prod
- Reference module documentation ใน comments
❌ DON'T:
- ห้าม use module โดยไม่อ่าน docs
- ห้าม pin master/main branch
- ห้าม skip review เมื่อ update
- ห้ามใช้ unmaintained module (last update > 1 ปี)
ตัวอย่าง Real-World
main.tf
# Network
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.13.0"
name = "${var.env}-vpc"
cidr = var.vpc_cidr
azs = data.aws_availability_zones.available.names
private_subnets = var.private_subnets
public_subnets = var.public_subnets
database_subnets = var.database_subnets
enable_nat_gateway = true
single_nat_gateway = var.env != "prod"
tags = local.common_tags
}
# Security Group
module "web_sg" {
source = "terraform-aws-modules/security-group/aws"
version = "5.2.0"
name = "${var.env}-web-sg"
description = "Allow HTTP/HTTPS from internet"
vpc_id = module.vpc.vpc_id
ingress_cidr_blocks = ["0.0.0.0/0"]
ingress_rules = ["http-80-tcp", "https-443-tcp"]
egress_rules = ["all-all"]
tags = local.common_tags
}
# ALB
module "alb" {
source = "terraform-aws-modules/alb/aws"
version = "9.11.0"
name = "${var.env}-alb"
load_balancer_type = "application"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
security_groups = [module.web_sg.security_group_id]
tags = local.common_tags
}
สรุป
- Terraform Registry มี 17,000+ modules
- ใช้ terraform-aws-modules/* สำหรับ AWS เป็นมาตรฐาน
- Pin version (
~> 5.13) - ตรวจ downloads, last update, verified badge
- อ่าน Inputs / Outputs / Examples ใน docs ก่อนใช้
- Private module ผ่าน GitHub / TFC / S3
ต่อไป → Creating Local Modules