Terraform模块开发与使用Skill terraform-modules

Terraform模块技能用于创建和使用可重用的基础设施即代码模块,以组织和管理云计算资源如AWS VPC,支持DevOps流程,提高代码复用性、可维护性和团队协作效率。关键词:Terraform、模块、基础设施即代码、DevOps、云计算、AWS、Azure、VPC、代码复用、基础设施管理。

DevOps 0 次安装 0 次浏览 更新于 3/25/2026

名称: terraform-modules 用户可调用: false 描述: 用于创建和使用可重用的 Terraform 模块,以组织和共享基础设施代码。 允许工具: []

Terraform 模块

创建和使用可重用的 Terraform 模块。

模块结构

modules/vpc/
├── main.tf
├── variables.tf
├── outputs.tf
└── README.md

创建模块

main.tf

resource "aws_vpc" "main" {
  cidr_block           = var.cidr_block
  enable_dns_hostnames = var.enable_dns_hostnames
  
  tags = merge(var.tags, {
    Name = var.name
  })
}

resource "aws_subnet" "public" {
  count             = length(var.public_subnets)
  vpc_id            = aws_vpc.main.id
  cidr_block        = var.public_subnets[count.index]
  availability_zone = var.availability_zones[count.index]
  
  tags = merge(var.tags, {
    Name = "${var.name}-public-${count.index + 1}"
  })
}

variables.tf

variable "name" {
  description = "VPC 名称"
  type        = string
}

variable "cidr_block" {
  description = "VPC CIDR 块"
  type        = string
}

variable "public_subnets" {
  description = "公共子网 CIDR 块"
  type        = list(string)
  default     = []
}

variable "tags" {
  description = "资源标签"
  type        = map(string)
  default     = {}
}

outputs.tf

output "vpc_id" {
  description = "VPC ID"
  value       = aws_vpc.main.id
}

output "public_subnet_ids" {
  description = "公共子网 IDs"
  value       = aws_subnet.public[*].id
}

使用模块

本地模块

module "vpc" {
  source = "./modules/vpc"
  
  name        = "production-vpc"
  cidr_block  = "10.0.0.0/16"
  public_subnets = [
    "10.0.1.0/24",
    "10.0.2.0/24",
  ]
  
  tags = {
    Environment = "production"
  }
}

# 访问模块输出
resource "aws_instance" "web" {
  subnet_id = module.vpc.public_subnet_ids[0]
}

注册表模块

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.0.0"
  
  name = "my-vpc"
  cidr = "10.0.0.0/16"
  
  azs             = ["us-east-1a", "us-east-1b"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24"]
  
  enable_nat_gateway = true
  enable_vpn_gateway = false
}

Git 模块

module "vpc" {
  source = "git::https://github.com/org/terraform-modules.git//vpc?ref=v1.0.0"
  
  name = "my-vpc"
  # ...
}

模块组合

module "network" {
  source = "./modules/network"
  name   = var.name
}

module "compute" {
  source    = "./modules/compute"
  vpc_id    = module.network.vpc_id
  subnet_id = module.network.subnet_ids[0]
}

module "database" {
  source     = "./modules/database"
  vpc_id     = module.network.vpc_id
  subnet_ids = module.network.private_subnet_ids
}

使用 for_each 与模块

variable "applications" {
  type = map(object({
    instance_type = string
    ami_id        = string
  }))
}

module "application" {
  for_each = var.applications
  source   = "./modules/application"
  
  name          = each.key
  instance_type = each.value.instance_type
  ami_id        = each.value.ami_id
}

使用 count 与模块

module "worker" {
  count  = var.worker_count
  source = "./modules/worker"
  
  name  = "worker-${count.index + 1}"
  index = count.index
}

模块最佳实践

版本锁定

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "~> 5.0"  # 允许补丁更新
}

输入验证

variable "environment" {
  type = string
  
  validation {
    condition     = contains(["dev", "staging", "prod"], var.environment)
    error_message = "环境必须是 dev、staging 或 prod。"
  }
}

输出所有有用信息

output "vpc_id" {
  value = aws_vpc.main.id
}

output "vpc_cidr" {
  value = aws_vpc.main.cidr_block
}

output "subnet_ids" {
  value = aws_subnet.main[*].id
}

使用一致的命名

variable "name_prefix" {
  type = string
}

locals {
  name = "${var.name_prefix}-${var.environment}"
}

发布模块

模块注册表格式

terraform-<PROVIDER>-<NAME>
terraform-aws-vpc
terraform-google-network

语义化版本控制

v1.0.0 - 主要发布
v1.1.0 - 次要发布
v1.1.1 - 补丁发布