IaC Module Library
Composable, production-ready Terraform modules for AWS, Azure, and GCP. Built for real infrastructure — not demos. Use them in your projects or as part of our managed hosting service.
Multi-cloud
21 AWS, 16 Azure, and 17 GCP modules covering networking, compute, DNS, security, and more.
Security-first
Every module follows cloud security best practices — encryption, least-privilege IAM, audit logging.
Composable
Use modules individually or compose them into full environments. Works with any Terraform workflow.
AWS Modules
Amazon Web Services — 21 modules
VPC
VPC with public/private subnets, NAT Gateway, and optional EKS tagging
EKS
Elastic Kubernetes Service cluster with managed node groups and OIDC provider
ECR
Elastic Container Registry with lifecycle policies and vulnerability scanning
S3 Static Site
S3 + CloudFront + ACM certificate for static website hosting
Route53 Zone
Route53 hosted zone for DNS management
OIDC
GitHub OIDC provider and IAM role for GitHub Actions deployments
Terraform Backend
S3 + DynamoDB for Terraform state management and locking
Security Baseline
CloudTrail, GuardDuty, AWS Config, and Security Hub
Monitoring
CloudWatch alarms and SNS topics for billing/cost monitoring
IAM Identity Center
IAM Identity Center account assignments for SSO role management
CloudFormation Host
Public S3 bucket for hosting CloudFormation templates
ACM
SSL/TLS certificate with DNS validation via Route 53 and auto-renewal
CloudFront + S3
S3 static site with CloudFront CDN, Origin Access Control, and optional WAF
CloudWatch
Log groups, metric alarms, and SNS notification topics with KMS encryption
ElastiCache
Valkey/Redis replication group with encryption, Multi-AZ, and Graviton nodes
IRSA
IAM Role for Kubernetes Service Accounts with OIDC federation
KMS
Customer Managed Key with auto-rotation, alias, and configurable key policy
RDS
PostgreSQL on Graviton with managed secrets, encryption, and Performance Insights
SCP
Service Control Policies for AWS Organizations with target attachments
Secrets Manager
Secret storage with KMS encryption and optional cross-region replication
WAF
WAFv2 Web ACL with managed rules, rate limiting, and IP allowlisting
Azure Modules
Microsoft Azure — 16 modules
VNet
Virtual Network with public/private subnets and resource group
AKS
Azure Kubernetes Service with managed node pools and OIDC integration
ACR
Azure Container Registry for Docker image management
Static Site
Azure Storage static website with optional CDN
DNS Zone
Azure DNS zone for domain management
OIDC
Azure AD application and role assignments for GitHub Actions OIDC
Terraform Backend
Azure Storage blob container for Terraform state management
Security Baseline
Log Analytics workspace and Defender for Cloud setup
Monitoring
Action groups and budget alerts for cost monitoring
Certificate
App Service and Key Vault managed certificates with auto-renewal
Key Vault
Key Vault for secrets, keys, and certificates with access policies or RBAC
Management Group Policy
Azure Policy definitions and assignments at the management group level
PostgreSQL
Flexible Server for PostgreSQL with HA, VNet integration, and extensions
Redis Cache
Azure Cache for Redis with TLS, private endpoint, and VNet integration
WAF
Web Application Firewall policy with OWASP rules, rate limiting, and bot protection
Workload Identity
Managed identity with federated credentials for AKS workload identity
GCP Modules
Google Cloud Platform — 17 modules
VPC
VPC network with subnets, Cloud NAT, firewall rules, and IAP access
GKE
Google Kubernetes Engine with Autopilot or Standard mode, Workload Identity
Artifact Registry
Container and package repository with lifecycle policies and IAM
Cloud DNS
DNS managed zone with DNSSEC, private zones, and record management
Cloud CDN
Cloud CDN with Cloud Storage backend, HTTPS load balancer, and caching
Certificate Manager
Google-managed SSL certificates with DNS authorization
GCS Backend
GCS bucket for Terraform state with versioning and lifecycle rules
Cloud Monitoring
Alert policies, notification channels, uptime checks, and budget alerts
Security Command Center
Security posture management with custom modules and notifications
Memorystore
Managed Redis with HA, AUTH, TLS, and VPC peering
Workload Identity
GKE Workload Identity binding between K8s and Google service accounts
Workload Identity Federation
OIDC federation for CI/CD pipelines with GitHub Actions or other providers
Cloud KMS
Key ring and crypto key with auto-rotation and IAM bindings
Cloud SQL
PostgreSQL with HA, private networking, query insights, and automated backups
Secret Manager
Secret storage with replication, CMEK encryption, and IAM bindings
Cloud Armor
WAF with rate limiting, preconfigured OWASP rules, and adaptive protection
Organization Policies
Organization policy constraints for boolean, allow-list, and deny-list rules
Need a custom module?
We build custom Terraform modules for teams with specific cloud requirements. Any provider, any service, production-ready.
Talk to us