terraform-module-library

Overview of terraform-module-library skill

What terraform-module-library does

The terraform-module-library skill helps you design reusable Terraform modules for cloud infrastructure instead of producing one-off .tf files. It is aimed at teams building internal module catalogs for AWS, Azure, GCP, or OCI and wanting a consistent module structure, example layout, and testing pattern.

Who should use terraform-module-library

Best-fit users are platform engineers, cloud architects, DevOps teams, and consultants who need repeatable Terraform building blocks such as VPC/VNet, Kubernetes, database, storage, or load balancer modules. It is especially useful when you want output shaped like a maintainable module repository, not just a single environment stack.

The real job-to-be-done

Most users are not looking for “Terraform code” in the abstract. They need a module that another team can safely consume later, with clear inputs, outputs, versions, examples, and tests. The terraform-module-library skill is valuable because it pushes the conversation toward module interfaces, defaults, composition, and provider-specific best practices.

What makes this skill different

The main differentiator is structure. The source material explicitly centers a standard module pattern with main.tf, variables.tf, outputs.tf, versions.tf, README.md, examples/complete, and tests. It also includes cloud-specific reference guidance for AWS and OCI, which gives the skill more concrete direction than a generic “write Terraform” prompt.

When this skill is a strong fit

Use terraform-module-library when you want to:

• create a reusable module from scratch
• standardize module layout across teams
• capture cloud-provider conventions in one module interface
• add examples and tests alongside module code
• build a module library for Cloud Architecture work across multiple environments

When it is not the right tool

This skill is a weaker fit if you only need:

• a quick one-file Terraform proof of concept
• a full environment composition with many live dependencies
• provider-specific implementation depth beyond the included references
• deployment automation, CI/CD, or release engineering guidance for modules

How to Use terraform-module-library skill

Install context for terraform-module-library

Install the skill from the wshobson/agents repository:

npx skills add https://github.com/wshobson/agents --skill terraform-module-library

Then invoke it from your agent environment by clearly asking for a reusable Terraform module, not just infrastructure code. The skill does not ship as a Terraform provider or CLI plugin; it is promptable guidance and patterns for producing module-oriented output.

Read these files first before prompting

Start with:

1. plugins/cloud-infrastructure/skills/terraform-module-library/SKILL.md
2. plugins/cloud-infrastructure/skills/terraform-module-library/references/aws-modules.md
3. plugins/cloud-infrastructure/skills/terraform-module-library/references/oci-modules.md

SKILL.md gives the target module structure. The reference files add practical module candidates and best practices, especially around AWS defaults and OCI interface design.

What input the skill needs to work well

The terraform-module-library skill performs best when you provide:

• cloud provider: AWS, Azure, GCP, or OCI
• module type: VPC, EKS, RDS, object storage, load balancer, etc.
• intended consumers: platform team, app teams, shared services
• required inputs and outputs
• security expectations: encryption, IAM, logging, backups
• naming and tagging standards
• Terraform and provider version constraints
• whether you need examples and Terratest scaffolding

Without this, the model will often generate a plausible module shape but weak interfaces.

Turn a rough goal into a strong terraform-module-library prompt

Weak prompt:

Create a Terraform module for AWS networking.

Stronger prompt:

Use terraform-module-library to design a reusable AWS VPC module for internal platform teams. Include main.tf, variables.tf, outputs.tf, versions.tf, README.md, examples/complete, and tests/module_test.go. Support public and private subnets, NAT gateways, route tables, VPC flow logs, standard tags, and encryption where applicable. Target Terraform 1.x and aws provider ~> 5.0. Expose outputs needed by EKS and RDS modules. Keep the interface stable and avoid environment-specific values.

The stronger version improves output because it defines consumers, compatibility, scope boundaries, and composition targets.

Suggested workflow for real projects

A practical terraform-module-library usage flow is:

1. choose one module boundary
2. define the public interface first
3. specify provider/version constraints
4. ask for the module folder structure
5. generate variables.tf and outputs.tf before implementation details
6. add examples/complete for consumer clarity
7. add tests/module_test.go for basic validation
8. iterate on defaults, optional features, and outputs

This order prevents sprawling modules with unstable inputs.

Start with interface design, not resource count

A common mistake is asking the skill to “include everything.” For reusable modules, what matters more is a clean API:

• which inputs are required
• which options are safe defaults
• which outputs support downstream composition
• which features should remain out of scope

For example, an AWS VPC module should expose subnet IDs and VPC ID cleanly. An OCI networking module should model compartment inputs explicitly and return OCIDs needed by other modules.

Use the built-in provider references well

The AWS reference is useful for modules such as:

• vpc
• eks
• rds
• s3
• alb
• lambda
• security-group

It also highlights defaults users care about in production: provider ~> 5.0, encryption by default, least-privilege IAM, tagging, logging, backups, and alignment with AWS Well-Architected guidance.

The OCI reference is useful when your terraform-module-library for Cloud Architecture work includes:

• explicit compartment modeling
• NSGs over broad security lists
• dynamic groups and least-privilege IAM
• exposed OCIDs for composition
• default logging, metrics, and backup settings

Ask for the exact module scaffold

The skill is most useful when you ask it to produce the standard pattern explicitly:

• main.tf
• variables.tf
• outputs.tf
• versions.tf
• README.md
• examples/complete/main.tf
• examples/complete/variables.tf
• tests/module_test.go

If you do not ask for the scaffold, many agents will skip docs, examples, or tests, which reduces reuse.

Practical prompt patterns that improve output quality

Use prompts like:

• Generate only the module interface first: variables, outputs, versions, and README table.
• Keep environment values out of the module and move them to examples.
• Mark optional features clearly and prefer secure defaults.
• Show how this module composes with EKS, RDS, or OKE consumers.
• Explain which features should be separate modules instead of inlining everything.

These patterns force better boundaries and reduce overbuilt modules.

What to inspect in the first draft

Before adopting the output, check:

• are variable names stable and readable?
• are outputs sufficient for downstream modules?
• are secure defaults enabled where practical?
• is the example actually consumable?
• are tests aligned with the module interface?
• did the agent mix environment stack logic into the reusable module?

This review catches the most common early adoption blockers.

terraform-module-library skill FAQ

Is terraform-module-library good for beginners?

Yes, if your goal is to learn how Terraform modules are structured. It gives a clear layout and concrete module examples. But beginners still need basic Terraform knowledge to validate provider arguments, resource behavior, and test execution.

How is this different from asking an AI to write Terraform?

A generic prompt often returns resource code with weak module boundaries. The terraform-module-library skill is better when you need reusable interfaces, examples, tests, and a library-friendly structure. It adds more value to maintainability than to raw code volume.

Does terraform-module-library install anything into Terraform?

No. A terraform-module-library install step adds the skill to your agent workflow, not to Terraform itself. You still run normal Terraform tooling such as terraform fmt, terraform validate, testing, and provider initialization in your own environment.

Which cloud providers are best supported?

The skill explicitly targets AWS, Azure, GCP, and OCI at a high level. In the repository evidence, AWS and OCI have concrete reference files, so those providers currently have the strongest guidance signal.

Is terraform-module-library suitable for production work?

It is suitable as a design and generation aid for production-oriented modules, especially because it emphasizes testing, examples, versions, and secure defaults. You should still review provider docs, run validation, and apply your organization's policy and CI checks.

When should I avoid terraform-module-library?

Skip it when you need:

• a full live environment root module
• deep policy-as-code or CI pipeline design
• advanced provider edge cases not covered by the references
• opinionated release/version publishing workflows for a module registry

How to Improve terraform-module-library skill

Give narrower module scope

The fastest way to improve terraform-module-library results is to define one module boundary. Ask for “an AWS ALB module” or “an OCI Object Storage module,” not “a full networking and app platform library.” Narrow scope produces cleaner interfaces and fewer broken assumptions.

Specify downstream consumers

Tell the skill what will depend on the module. For example:

• This VPC module must support EKS and RDS consumers.
• This OCI VCN module must expose subnet and security outputs for OKE.

This changes output quality because outputs become intentional instead of generic.

State non-negotiable standards up front

Include standards such as:

• provider versions
• tag schema
• encryption defaults
• backup/logging requirements
• IAM least-privilege expectations
• compartment or account boundary rules

The skill already leans toward these concerns, but explicit standards reduce cleanup later.

Separate reusable logic from examples

A common failure mode is leaking environment-specific values into the reusable module. Improve the first draft by asking:

• move literal CIDRs, names, and environment labels into examples/complete
• keep module variables generic and typed
• reserve outputs for composition, not debugging noise

This makes the module easier to publish and reuse.

Ask for omissions, not just additions

Better terraform-module-library guide usage includes asking what should stay out of scope. For example:

• keep security groups separate from the VPC module
• avoid bundling database configuration into network modules
• separate IAM-heavy logic if it creates too many responsibilities

This prevents giant “kitchen sink” modules.

Improve testing and documentation on the second pass

After the first output, ask for:

• a concise README.md with usage and inputs/outputs
• one realistic examples/complete
• a minimal tests/module_test.go
• notes on edge cases and upgrade-safe defaults

These artifacts are often what determine whether a generated module is adoptable by a team.

Validate cloud-specific assumptions

For AWS, confirm the output follows patterns like encryption, logging, tagging, and provider ~> 5.0. For OCI, confirm explicit compartment handling, OCID outputs, NSG preference, and observability defaults. This is one of the highest-leverage ways to improve terraform-module-library usage quality.

Iterate with diff-oriented requests

Instead of regenerating everything, ask targeted follow-ups:

• Tighten variable types and validations.
• Reduce required inputs to the true minimum.
• Add outputs needed by downstream EKS consumers.
• Refactor optional features behind booleans or maps.
• Split this into two modules if responsibilities are mixed.

This produces steadier improvements than repeated full rewrites.