Git and version control systems serve as powerful module sources in Terraform, enabling teams to share, version, and manage reusable infrastructure code effectively. When referencing modules from Git repositories, Terraform supports various protocols including HTTPS, SSH, and the generic Git protoc…Git and version control systems serve as powerful module sources in Terraform, enabling teams to share, version, and manage reusable infrastructure code effectively. When referencing modules from Git repositories, Terraform supports various protocols including HTTPS, SSH, and the generic Git protocol.
To source a module from Git, you use a special URL format in your module block. For GitHub repositories, you can use the shorthand syntax: source = "github.com/organization/repository". For generic Git repositories, use: source = "git::https://example.com/repo.git".
Version control module sources offer several key advantages. First, you can pin specific versions using ref arguments, such as ?ref=v1.0.0 for tags, ?ref=branch-name for branches, or ?ref=commit-sha for specific commits. This ensures infrastructure consistency across environments and prevents unexpected changes from affecting your deployments.
SSH authentication is commonly used for private repositories. The syntax follows: source = "git::ssh://git@github.com/org/repo.git". Terraform uses your local SSH configuration and keys for authentication, making it seamless to access private modules.
You can also reference subdirectories within repositories using double-slash notation: source = "git::https://example.com/repo.git//modules/networking". This allows multiple modules to exist in a single repository while enabling selective usage.
Best practices include always specifying a version reference for production environments, using semantic versioning tags for clear version management, and documenting module dependencies. Organizations often maintain private module repositories to standardize infrastructure patterns across teams.
When Terraform initializes, it downloads modules from Git sources to the .terraform/modules directory. The terraform init command handles this process, and subsequent runs use the cached modules unless you run terraform init -upgrade to fetch newer versions matching your constraints.
Git Module Sources in Terraform
Why Git Module Sources Are Important
Git module sources are a fundamental aspect of Terraform infrastructure management because they enable teams to share, version, and reuse infrastructure code across projects. By storing Terraform modules in Git repositories, organizations can implement proper version control, collaborate effectively, and maintain consistent infrastructure patterns throughout their environment.
What Are Git Module Sources?
Git module sources allow Terraform to fetch modules from Git repositories such as GitHub, GitLab, Bitbucket, or any generic Git repository. This means you can reference modules stored in version control systems and incorporate them into your Terraform configurations.
The basic syntax for referencing a Git module source is:
For private repositories, Terraform uses: • SSH keys configured in your environment • Git credential helpers • Personal access tokens embedded in URLs (not recommended for security reasons)
Exam Tips: Answering Questions on Git and Version Control Module Sources
1. Remember the git:: prefix: Generic Git repositories require the git:: prefix before the URL. GitHub, GitLab, and Bitbucket have shorthand formats that do not require this prefix.
2. Know the ref syntax: The question mark followed by ref= is used to specify branches, tags, or commit SHAs. Example: ?ref=v1.0.0
3. Understand double-slash notation: When a module exists in a subdirectory, use // to separate the repository URL from the path within the repository.
4. Recognize valid source formats: Be able to identify whether a given module source string is valid. Look for proper URL structure, correct use of ref parameters, and appropriate path separators.
5. SSH vs HTTPS: Know that both protocols are supported. SSH uses git::ssh:// while HTTPS uses git::https://.
6. Pinning versions is best practice: Using specific tags or commit SHAs ensures reproducible infrastructure. Using branch names like main or master can lead to unexpected changes.
7. terraform init behavior: Remember that terraform init downloads modules from Git sources. If the source changes, you need to run terraform init again or use terraform init -upgrade.
8. Private repository access: Questions may ask about accessing private repos. Terraform relies on the Git configuration and credentials available in the execution environment.