🧩 Terraform Nested Modules: Build Complex Infrastructure with Modularity

As your infrastructure grows, so does the complexity of managing it. Defining all your resources in one large Terraform configuration file quickly becomes hard to maintain, test, and reuse.

This is where Terraform Nested Modules come into play — a powerful way to organize, scale, and simplify your infrastructure as code (IaC).

💡 Simple Definition

Terraform Nested Modules are modules inside other modules that allow you to structure complex infrastructure into smaller, reusable, and organized building blocks.

Think of it like a folder structure:

• A root module acts as the entry point
• It can call multiple child modules
• Those child modules can call submodules (nested modules) for deeper modularity

🔹 Example Analogy

Imagine building a car:

• The root module = entire car
• The nested modules = engine, wheels, electronics
• Each subcomponent (like the engine) has its own modules (fuel system, pistons, cooling system)

This layered design ensures organization, reusability, and maintainability.

🔹 Terraform Module Hierarchy

Explanation: The Root Module (main.tf) calls Network, Compute, and Storage modules. Each of those modules further calls nested modules (e.g., Subnet, Security Group, Instance).

🔹 Why Nested Modules Are Important

🔹 Advantages of Nested Modules

1. Improved Modularity – Each submodule handles a specific task (networking, compute, security).
2. Code Reuse – Write once, reuse across projects.
3. Ease of Maintenance – Changes in one nested module don’t break others.
4. Better Collaboration – Teams can work on separate modules concurrently.
5. Consistency – Enforces uniform patterns across environments.

🔹 Structure of Nested Modules

A typical Terraform project with nested modules looks like this:

terraform-project/
│
├── main.tf
├── variables.tf
├── outputs.tf
│
└── modules/
    ├── network/
    │   ├── main.tf
    │   ├── variables.tf
    │   ├── outputs.tf
    │   └── submodules/
    │       ├── subnet/
    │       │   ├── main.tf
    │       │   └── variables.tf
    │       └── security-group/
    │           ├── main.tf
    │           └── variables.tf
    │
    ├── compute/
    │   ├── main.tf
    │   └── variables.tf
    │
    └── storage/
        ├── main.tf
        └── variables.tf

🔹 Example 1: AWS VPC with Nested Modules

This example demonstrates a root module calling a network module, which then calls submodules for subnets and security groups.

📁 Folder Structure

main.tf
modules/
 └── network/
      ├── main.tf
      ├── variables.tf
      ├── outputs.tf
      └── submodules/
           ├── subnet/
           │   └── main.tf
           └── security-group/
               └── main.tf

✅ main.tf (Root Module)

provider "aws" {
  region = "us-east-1"
}

module "network" {
  source = "./modules/network"
  vpc_cidr = "10.0.0.0/16"
}

✅ modules/network/main.tf

resource "aws_vpc" "main" {
  cidr_block = var.vpc_cidr
}

module "subnet" {
  source = "./submodules/subnet"
  vpc_id = aws_vpc.main.id
}

module "security_group" {
  source = "./submodules/security-group"
  vpc_id = aws_vpc.main.id
}

output "vpc_id" {
  value = aws_vpc.main.id
}

✅ modules/network/submodules/subnet/main.tf

resource "aws_subnet" "public" {
  vpc_id                  = var.vpc_id
  cidr_block              = "10.0.1.0/24"
  map_public_ip_on_launch = true
}

✅ modules/network/submodules/security-group/main.tf

resource "aws_security_group" "allow_ssh" {
  vpc_id = var.vpc_id
  name   = "allow_ssh"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Result: This nested structure builds a complete VPC setup with subnets and security groups.

🔹 Example 2: Azure Nested Module – Resource Group → VNet → Subnet

✅ main.tf

provider "azurerm" {
  features {}
}

module "network" {
  source = "./modules/network"
  resource_group = "tf-rg"
  location = "East US"
}

✅ modules/network/main.tf

resource "azurerm_resource_group" "rg" {
  name     = var.resource_group
  location = var.location
}

module "vnet" {
  source = "./submodules/vnet"
  rg_name = azurerm_resource_group.rg.name
  location = var.location
}

✅ modules/network/submodules/vnet/main.tf

resource "azurerm_virtual_network" "vnet" {
  name                = "tf-vnet"
  address_space       = ["10.1.0.0/16"]
  location            = var.location
  resource_group_name = var.rg_name
}

module "subnet" {
  source = "./subnet"
  vnet_name = azurerm_virtual_network.vnet.name
  rg_name   = var.rg_name
}

✅ modules/network/submodules/vnet/subnet/main.tf

resource "azurerm_subnet" "subnet" {
  name                 = "tf-subnet"
  resource_group_name  = var.rg_name
  virtual_network_name = var.vnet_name
  address_prefixes     = ["10.1.1.0/24"]
}

Result: This nested structure provisions an Azure Resource Group → Virtual Network → Subnet hierarchy seamlessly.

🔹 Example 3: GCP Nested Modules – Project → Network → Firewall

✅ main.tf

provider "google" {
  project = "gcp-demo"
  region  = "us-central1"
}

module "project_setup" {
  source = "./modules/project"
  project_name = "tf-nested-demo"
}

✅ modules/project/main.tf

module "network" {
  source = "./submodules/network"
  project = var.project_name
}

✅ modules/project/submodules/network/main.tf

resource "google_compute_network" "vpc_network" {
  name = "tf-network"
}

module "firewall" {
  source = "./firewall"
  network = google_compute_network.vpc_network.name
}

✅ modules/project/submodules/network/firewall/main.tf

resource "google_compute_firewall" "allow_ssh" {
  name    = "allow-ssh"
  network = var.network

  allow {
    protocol = "tcp"
    ports    = ["22"]
  }

  source_ranges = ["0.0.0.0/0"]
}

Result: Nested modules create a complete GCP project network with firewall configurations.

🔹 How to Remember Nested Modules (Mnemonic)

Use the mnemonic “NEST” 🧠

💡 Memory Trick:

“If your infrastructure is a tree, nested modules are its branches.”

🔹 Interview & Exam Preparation Tips

Common Questions

1. Q: What are nested modules in Terraform? A: Modules called inside other modules to build complex, modular infrastructure.

2. Q: Why use nested modules? A: To organize large configurations, reuse logic, and improve scalability.

3. Q: How do nested modules communicate? A: Through variables (inputs) and outputs (exports).

4. Q: Can nested modules be reused independently? A: Yes, each nested module can act as a standalone component.

5. Q: What’s the best practice for nested modules? A: Keep them simple, reusable, and parameterized.

🧠 Study Technique — “M.O.D.U.L.E”

🔹 Why It’s Important to Learn Nested Modules

1. Scalability: Enables managing hundreds of resources through structured, reusable components.

2. Maintainability: Teams can easily locate and update specific logic (like networking or security).

3. Reusability: Nested modules can be shared across projects — reducing development time.

4. Collaboration: Developers, DevOps, and SRE teams can work on separate parts simultaneously.

5. Best Practice Compliance: Terraform recommends modular architecture for large-scale infrastructure.

6. Certification Relevance: Terraform Associate Exam often asks how modules interact and how to structure nested modules.

🔹 Best Practices

🔹 Common Mistakes to Avoid

🔹 Real-World Use Cases

1. Enterprise Infrastructure: Nested modules manage compute, networking, and security layers independently.

2. Multi-Cloud Deployments: Shared nested structures simplify hybrid infrastructure.

3. CI/CD Pipelines: Nested modules integrate easily with automation tools (e.g., Jenkins, GitHub Actions).

4. Compliance Automation: Reusable modules ensure consistent security and governance policies.

🔹 Summary Table

🔹 Quick Demo Workflow

terraform init
terraform validate
terraform plan
terraform apply

🔹 Conclusion

Terraform Nested Modules are the cornerstone of building modular, maintainable, and reusable infrastructure-as-code architectures. They bring structure, scalability, and collaboration to complex environments — turning thousands of lines of code into elegant, manageable layers.

💬 “Nested modules don’t just build infrastructure — they build organization and clarity.”

Mastering this concept is crucial for:

• Enterprise DevOps Engineers
• Terraform Certification candidates
• Teams managing multi-environment cloud systems

By following best practices, using semantic structure, and applying consistent naming conventions, you’ll design Terraform projects that scale seamlessly and remain easy to understand — even years later.