Terraform modules are a way to encapsulate and organize reusable sets of resources and Terraform configurations, making it easier to manage infrastructure and promote Terraform code reusability. When creating modules, generally they should be stored in a version control system, like Github to allow for version constraints through git tags. Most Terraform users are familiar with the public Terraform registry as the way to start sourcing modules.
Private module registries offer an alternative to the public registry by providing greater control, security, and customization options for managing your Terraform & OpenTofu code. They are particularly valuable in enterprise settings where multiple teams collaborate on complex and critical infrastructure projects that require private modules. Many solutions will charge you for the use of a private registry, but Scalr includes the use of it on the free plan and it is not required to execute the runs through Scalr. For example, Terraform Cloud offers a free registry, but you don't have team management, model sharing across organizations, or the ability to deploy the private modules into a workspace through no code provisioning on the free plan. Scalr includes all of that on the free plan.
There are many benefits to using a module registry, but here are a few of the primary benefits that our customers get using the registry:
Security & Compliance: A private module registry allows you to enforce standards instead of having your Terraform users use public modules. The public registry does not have any guardrails or verification of code before Terraform modules are posted.
Reusable code: Creating and maintaining reusable modules is one of the key principles of Terraform. A private module registry allows for the distribution of Terraform modules across projects within a small or large organization. This promotes consistency through module sharing and reduces duplication of the Terraform configurations.
Access Control: A private module registry allows you to control who can access and modify modules. This is crucial in larger organizations where multiple teams or individuals are working on the code. You can restrict access to specific modules to only authorized Terraform users or teams, ensuring that your infrastructure remains secure and compliant.
Import the module into Scalr once you have connected the VCS provider and created a module in a repo. A module can be created in the Scalr module registry in two places, the account or environment scope. Read more about the Scalr scopes here.
If a module is created at the account scope, all Scalr environments will automatically inherit it and all teams will be able to consume it. If a module is created at the environment scope, only that environment and its teams can use it.
To publish private modules, go to the module registry, select publish module, and then select the VCS provider and the repo that contains the module:
If you have multiple modules in the same repo you can define the path to the root.
Using the modules in the registry is simple, you just need to make sure you’re authenticated to Scalr. If you’re using the module in a Scalr workspace that is using Scalr as the remote backend, the authentication is taken care of for you.
If you’re using the module outside of Scalr or in a run that is using local execution, you’ll need to make sure your user is authenticated to Scalr. To authenticate, you can run the following:
This will create and store the credentials in a credentials.tfrc.json locally.
Next, you’ll want to grab the module code from Scalr. Go to the registry in Scalr, click on the module that was published, and copy the code:
As seen above, the module is now being pulled from the Scalr private module registry. You can now proceed to run Terraform plan and apply.
The public registry is the heart of the terraform community. This is where all Terraform users likely start out when creating their Terraform code and it's great for the distribution of Terraform modules, but it lacks the controls and visibility any large organization would need when deploying Terraform code.
The private module registry is a great way to easily implement module sharing and ensure your infrastructure code is being deployed safely. Scalr’s private module registry is completely free to use and is a great alternative to trying other products like Terraform Enterprise or Cloud, which lack other functionality on their free tier. Give it a try in Scalr today! Give it a try today!