Mike Knepper




Encapsulation with Terraform

It can help to think of Terraform modules as “classes” from object-oriented languages. One of the best aspects of classes is encapsulation—implementation details stay private, while public methods expose functionality to clients.

A Terraform module can be structured similarly. Consider a module that provisions an S3 bucket. This module could output details like the ARNs of the bucket and the KMS key encrypting it; clients would need these values to create read and write policies. Alternatively, the module itself can define those policies and expose them (as resources or just JSON) to clients.

Advantages include: