
The most popular Terraform modules in 2026 are the official, provider-maintained collections: terraform-aws-modules (VPC, IAM, EKS, S3, and Lambda), Azure Verified Modules (AVM), and terraform-google-modules. Together they account for the majority of Terraform Registry downloads. Below is the full top 10 ranked by download volume, with usage examples and what it takes to standardize on them across a team.
Most Terraform infrastructure, from simple S3 buckets to Kubernetes clusters, gets built with modules: reusable, shareable packages of Terraform configurations. So the practical question is which ones teams reach for.
As of 2026, a handful of players and patterns dominate Terraform module usage. The collections that are provider-specific, officially endorsed, or heavily community-backed get most of the downloads. Teams pick them for trust and reliability about as much as for convenience. And the more you use modules, the more work it takes to manage them across an organization. Knowing what's popular tells you where to start, but you still have to make sure modules get used consistently and securely, which is what platforms built for IaC governance handle.
These module collections work the same whether your team runs Terraform or OpenTofu, since both engines resolve the same registry artifacts. If you are weighing the two engines, our OpenTofu vs Terraform comparison breaks down the licensing, governance, and feature differences.
Unsurprisingly, the most used Terraform modules are tightly coupled with the major cloud providers: AWS, Azure, and GCP. Each has its own ecosystem and approach.
terraform-aws-modulesFor Amazon Web Services, the terraform-aws-modules collection remains the undisputed champion. These modules are practically the de facto standard for provisioning AWS resources.
terraform-aws-iam: With a staggering 235.9 million all-time downloads, this module for managing Identity and Access Management is foundational.terraform-aws-vpc: Clocking in at 126.0 million all-time downloads, it’s the go-to for setting up network infrastructure.terraform-aws-s3-bucket: Essential for storage, with 117.8 million all-time downloads.terraform-aws-eks: For Kubernetes on AWS, this module has 96.3 million all-time downloads.terraform-aws-lambda: Powering serverless applications, it has 78.9 million all-time downloads.The maturity and comprehensive nature of these modules, covering a vast array of AWS services with detailed configurations, explain their enduring popularity.
Microsoft Azure is taking a more curated approach with its Azure Verified Modules (AVM) initiative. This is a strategic push by Microsoft to provide officially supported, high-quality, and consistently designed modules. The goal is to offer a benchmark for deploying Azure resources with Terraform.
While the underlying azurerm provider is nearing a billion downloads (showing massive Terraform adoption on Azure), AVMs themselves are steadily gaining traction.
Azure/avm-res-compute-virtualmachine/azurerm: A key module for VMs, showing around 20,000 monthly downloads.Azure/avm-res-storage-storageaccount/azurerm: For fundamental storage needs.Azure/avm-res-network-virtualnetwork/azurerm: Core for VNet provisioning.Azure/avm-res-containerservice-managedcluster/azurerm: For Azure Kubernetes Service.The AVM program, which includes both "Resource Modules" for individual services and "Pattern Modules" for common architectural solutions, signals Microsoft's commitment to improving the Terraform experience on Azure. This top-down standardization contrasts with AWS's more organic module ecosystem growth.
terraform-google-modules and the Power of OpinionGoogle Cloud Platform users heavily rely on the terraform-google-modules collection. These modules are often described as "opinionated," meaning they encapsulate Google's recommended best practices.
terraform-google-modules/project-factory/google: Extremely popular for setting up new GCP projects with correct IAM, Shared VPC, and API enablement, it sees around 1.1 million monthly downloads and has 48.5 million all-time.terraform-google-modules/network/google: For VPCs, subnets, and firewall rules, also with about 1.1 million monthly downloads and 36.0 million all-time.terraform-google-modules/kubernetes-engine/google: The standard for deploying GKE clusters, with 39.3 million all-time downloads.The "opinionated" nature of these modules is a significant draw, helping teams deploy standardized and well-architected infrastructure quickly.
Here's a taste of what using these popular modules looks like.
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0" # Always pin your module versions!
name = "my-app-vpc"
cidr = "10.0.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = true
tags = {
Terraform = "true"
Environment = "dev"
}
}This snippet shows a basic VPC setup using the widely adopted terraform-aws-modules/vpc/aws module.
module "storage_account" {
source = "Azure/avm-res-storage-storageaccount/azurerm"
version = "~> 0.6" # Pin AVM versions too
name = "myappstgacct${random_string.suffix.result}"
resource_group_name = "my-app-rg"
location = "eastus"
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
environment = "production"
project = "myapp"
}
}
resource "random_string" "suffix" {
length = 6
special = false
upper = false
}Here, we're using an Azure Verified Module to create a storage account, benefiting from Microsoft's stamp of quality.
module "my_project" {
source = "terraform-google-modules/project-factory/google"
version = "~> 18.0"
name = "my-gcp-project-123"
random_project_id = true
billing_account = "YOUR_BILLING_ACCOUNT_ID" # Replace with your actual billing account ID
folder_id = "YOUR_FOLDER_ID" # Optional: Replace with your folder ID
activate_apis = [
"compute.googleapis.com",
"storage.googleapis.com",
"container.googleapis.com",
]
labels = {
environment = "staging"
owner = "data-platform-team"
}
}The project-factory module simplifies creating well-structured GCP projects according to best practices.
Beyond the cloud provider giants, HashiCorp offers modules for its own tools like Consul and Vault, which have significant historical downloads. The Terraform Registry also hosts nearly 20,000 community modules, catering to a "long tail" of niche tools and specific application stacks.
Managing this diversity is where things get interesting. Tools like Terragrunt are popular for orchestrating multiple modules and environments. However, as organizations scale, the need for a more centralized and integrated approach to module management becomes apparent. This is where platforms offering features like a private module registry, version control, and governance workflows (like Scalr) provide significant value, helping teams discover, share, and manage both public and private modules with greater control and visibility. Teams that hit this wall on Terraform Cloud often start comparing alternatives to Terraform Cloud on exactly these registry and governance capabilities.
The dominance of officially verified or heavily community-backed modules isn't accidental. It's driven by:
terraform-aws-modules, and terraform-google-modules come with a level of assurance regarding quality, maintenance, and alignment with best practices.But even with trusted modules, organizations face the challenge of ensuring they are used correctly and adhere to internal policies. Pinning module versions is a basic best practice, but what about enforcing specific configurations or security standards within those modules? This is where policy-as-code tools, often integrated into IaC management platforms like Scalr (e.g., via Open Policy Agent - OPA), become crucial for applying organizational guardrails.
| Module Name (Abbreviated) | Cloud | Primary Function | Typical Monthly Downloads (Approx. 2026) | All-Time Downloads (Approx. 2026) |
|---|---|---|---|---|
terraform-aws-modules/iam |
AWS | Identity & Access Management | 9.9M | 235.9M |
terraform-aws-modules/vpc |
AWS | Virtual Private Cloud Networking | 4.0M | 126.0M |
terraform-aws-modules/s3-bucket |
AWS | S3 Storage Buckets | 4.9M | 117.8M |
terraform-aws-modules/eks |
AWS | Elastic Kubernetes Service | 3.1M | 96.3M |
Azure/avm-res-compute-vm |
Azure | Virtual Machines | 20.1K | 179.5K |
Azure/avm-ptn-hubnetworking |
Azure | Hub & Spoke Networking | 6.2K | 38.0K |
terraform-google-modules/project-factory |
GCP | Opinionated Project Creation | 1.1M | 48.5M |
terraform-google-modules/network |
GCP | VPC Networking | 1.1M | 36.0M |
terraform-google-modules/kubernetes-engine |
GCP | Google Kubernetes Engine | N/A (High All-Time) | 39.3M |
Note: Monthly downloads can fluctuate. "N/A" indicates specific monthly data wasn't highlighted for that module in the 2026 analysis, but all-time figures confirm high usage.
The Terraform module ecosystem isn't static. Key trends are shaping its future:
This evolution points towards a future where IaC revolves around intelligently managing and governing a complex ecosystem of code components, beyond writing the code itself. Platforms that provide module management, policy enforcement (like Scalr's OPA and Checkov integration), and clear visibility into IaC operations will be essential for managing this complexity effectively.
Knowing the most used Terraform modules provides valuable insight into common practices and trusted solutions. The dominance of provider-blessed and strong community modules in AWS, Azure, and GCP highlights a collective drive towards reliability and best practices.
Once you're past picking modules, the work shifts to managing them. As organizations scale their IaC efforts, discovery, versioning, consistency, and governance across many modules and teams get harder. The job moves from consuming modules to curating, controlling, and automating their use. Dedicated IaC management platforms handle that side, turning a collection of building blocks into a governed, scalable infrastructure setup.
Beyond the top 10, these modules round out the most widely downloaded in the Terraform ecosystem:
A Terraform module which makes it easier to non-destructively manage multiple IAM roles for resources on the Google Cloud Platform. You can use this module with a collection of various submodules.
module "projects_iam_bindings" {
source = "terraform-google-modules/iam/google//modules/projects_iam"
version = "~> 6.4"
projects = ["project-123456", "project-9876543"]
bindings = {
"roles/storage.admin" = [
"group:[email protected]",
"user:[email protected]",
]
"roles/compute.networkAdmin" = [
"group:[email protected]",
"user:[email protected]",
]
"roles/compute.imageUser" = [
"user:[email protected]",
]
}
}This module allows you to execute gcloud commands within Terraform.
module "gcloud" {
source = "terraform-google-modules/gcloud/google"
version = "~> 2.0"
platform = "linux"
additional_components = ["kubectl", "beta"]
create_cmd_entrypoint = "gcloud"
create_cmd_body = "version"
destroy_cmd_entrypoint = "gcloud"
destroy_cmd_body = "version"
}A Terraform module which loads an opinionated "stack" configuration from local or remote YAML sources. It supports deep-merged variables, settings, ENV variables, backend config, and remote state outputs for Terraform and helmfile components.
A Terraform module which creates RDS Aurora resources on AWS.
module "cluster" {
source = "terraform-aws-modules/rds-aurora/aws"
name = "test-aurora-db-postgres96"
engine = "aurora-postgresql"
engine_version = "11.12"
instance_class = "db.r6g.large"
instances = {
one = {}
2 = {
instance_class = "db.r6g.2xlarge"
}
}
vpc_id = "vpc-12345678"
subnets = ["subnet-12345678", "subnet-87654321"]
allowed_security_groups = ["sg-12345678"]
allowed_cidr_blocks = ["10.20.0.0/20"]
storage_encrypted = true
apply_immediately = true
monitoring_interval = 10
db_parameter_group_name = "default"
db_cluster_parameter_group_name = "default"
enabled_cloudwatch_logs_exports = ["postgresql"]
tags = {
Environment = "dev"
Terraform = "true"
}
}A Terraform module which creates and validates ACM certificate. Depending on how you want to validate your ACM certificates, there are four ways you can use this module: usage with Route53 DNS validation (recommended), usage with external DNS validation (e.g. CloudFlare), usage with CloudFront, and usage with Route53 DNS validation and separate AWS providers.
A Terraform module which creates EC2 instance(s) on AWS. Supports single instances, multiple instances via for_each, and spot instances.
module "ec2_instance" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 3.0"
name = "single-instance"
ami = "ami-ebd02392"
instance_type = "t2.micro"
key_name = "user1"
monitoring = true
vpc_security_group_ids = ["sg-12345678"]
subnet_id = "subnet-eddcdzz4"
tags = {
Terraform = "true"
Environment = "dev"
}
}A Terraform module to generate well-formed JSON documents that are passed to the aws_ecs_task_definition Terraform resource.
A Terraform module that makes it easy to set up a new VPC Network in GCP. Using it, you can create a Google VPC, Subnets within that VPC and secondary ranges for the subnets.
A Terraform module for configuring GKE clusters.
A Terraform module which creates Auto Scaling resources on AWS.
Sourcing a module takes a minute; running fifty workspaces that consume different versions of it is where teams lose track. A private module registry gives you a curated, versioned catalog instead of ad-hoc Git references. Scalr includes one, along with reports showing which module versions run where. Pricing is free up to 50 runs per month.
