AWS Module Reference
All modules are published under the clouddrove GitHub org, Apache 2.0 licensed, and follow the same naming convention driven by the terraform-aws-labels module.
Networking
| Module | Stars | Description |
|---|---|---|
| terraform-aws-vpc | ★37 | VPC with optional Flow Logs (CloudWatch or S3), IPv6, DHCP options, and Network ACLs |
| terraform-aws-subnet | ★42 | Public and private subnets with NAT Gateway, ACLs, and route tables across any number of AZs |
| terraform-aws-security-group | ★22 | Security group rules with CIDR blocks, self-references, source SG IDs, and prefix lists |
| terraform-aws-alb | ★17 | Application Load Balancer with target groups, listeners, and HTTPS redirect |
| terraform-aws-route53 | ★16 | Route 53 hosted zones — public and private |
| terraform-aws-route53-record | ★9 | Route 53 record sets (A, CNAME, TXT, MX, etc.) |
| terraform-aws-acm | ★9 | ACM certificate request with DNS or email validation |
| terraform-aws-waf | ★5 | WAF Web ACL with managed rule groups |
| terraform-aws-vpc-peering | ★18 | VPC peering between two VPCs in the same account |
| terraform-aws-multi-account-peering | ★9 | VPC peering across different AWS accounts |
| terraform-aws-transit-gateway | ★4 | Transit Gateway with attachments and route tables |
| terraform-aws-vpn | ★12 | Site-to-site VPN connection |
| terraform-aws-client-vpn | ★9 | AWS Client VPN for internal resource access |
Compute
| Module | Stars | Description |
|---|---|---|
| terraform-aws-ec2 | ★55 | EC2 instances with Elastic IP, EBS volumes, and instance profile |
| terraform-aws-eks | ★17 | EKS cluster with managed node groups, Fargate profiles, OIDC/IRSA, and aws-auth ConfigMap |
| terraform-aws-eks-addons | ★22 | 31 EKS add-ons via Helm — see EKS Addons docs |
| terraform-aws-lambda | ★22 | Lambda functions with IAM role, layers, environment variables, and VPC config |
| terraform-aws-ecs | ★3 | ECS cluster with task definitions and services |
| terraform-aws-ec2-autoscaling | ★4 | EC2 Auto Scaling groups with launch templates |
| terraform-aws-karpenter | ★1 | Karpenter node provisioner resources (IAM, SQS, EventBridge) |
| terraform-aws-lightsail | ★22 | Lightsail instances, key pairs, static IPs, and metric alarms |
Storage
| Module | Stars | Description |
|---|---|---|
| terraform-aws-s3 | ★33 | S3 buckets with KMS encryption, access logging, versioning, and lifecycle rules |
| terraform-aws-efs | ★10 | EFS file system with mount targets and access points |
| terraform-aws-ecr | ★26 | ECR repositories with lifecycle policies and replication |
| terraform-aws-backup | — | AWS Backup vaults and plans |
| terraform-aws-s3-multiaccount-replication | — | S3 cross-account replication |
Databases
| Module | Stars | Description |
|---|---|---|
| terraform-aws-aurora | ★25 | Aurora PostgreSQL and MySQL clusters with encryption, backups, and parameter groups |
| terraform-aws-elasticache | ★46 | ElastiCache Redis and Memcached clusters with replication groups |
| terraform-aws-elasticsearch | ★13 | Amazon OpenSearch (Elasticsearch) domain |
| terraform-aws-dynamodb | ★5 | DynamoDB tables with GSIs, LSIs, and auto-scaling |
| terraform-aws-documentdb | — | DocumentDB cluster |
| terraform-aws-redshift | — | Redshift cluster |
| terraform-aws-mysql | — | RDS MySQL instance |
| terraform-aws-msk | ★2 | MSK (Managed Kafka) cluster |
Messaging & Events
| Module | Stars | Description |
|---|---|---|
| terraform-aws-sns | ★19 | SNS topics with KMS encryption and subscriptions |
| terraform-aws-sqs | ★7 | SQS queues with dead-letter queues and KMS encryption |
| terraform-aws-mq | ★1 | Amazon MQ (ActiveMQ/RabbitMQ) broker |
| terraform-aws-eventbridge | — | EventBridge rules and targets |
| terraform-aws-cloudwatch-event-rule | ★8 | CloudWatch event rules |
Security & IAM
| Module | Stars | Description |
|---|---|---|
| terraform-aws-kms | ★21 | KMS customer-managed keys with aliases, key policy, and automatic rotation |
| terraform-aws-iam-role | ★11 | IAM roles with trust policies and attached managed/inline policies |
| terraform-aws-iam-user | ★8 | IAM users with access keys and group memberships |
| terraform-aws-cross-account-role | ★13 | IAM role for cross-account access |
| terraform-aws-secure-baseline | ★14 | Security baseline — CloudTrail, Config, CloudWatch alarms |
| terraform-aws-cloudtrail | ★11 | CloudTrail with encrypted S3, log validation, and CloudWatch integration |
| terraform-aws-security-hub | ★2 | Security Hub with standards and findings aggregation |
| terraform-aws-macie | ★1 | Macie account and classification jobs |
| terraform-aws-secrets-manager | ★1 | Secrets Manager secrets with KMS encryption and rotation |
Observability
| Module | Stars | Description |
|---|---|---|
| terraform-aws-cloudwatch-alarms | ★44 | CloudWatch metric alarms with SNS actions |
| terraform-aws-cloudwatch-dashboard | ★1 | CloudWatch dashboards |
| terraform-aws-cloudwatch-synthetics | ★1 | CloudWatch synthetic canaries for endpoint monitoring |
| terraform-aws-cloudtrail-slack-notification | ★8 | Lambda-based Slack alerts for AWS console activity |
API, Serverless & Integrations
| Module | Stars | Description |
|---|---|---|
| terraform-aws-api-gateway | ★75 | API Gateway REST and HTTP APIs with Lambda integrations |
| terraform-aws-ses | ★28 | SES email identity with DKIM, SPF, and IAM |
| terraform-aws-sftp | ★36 | AWS Transfer Family SFTP server backed by S3 |
| terraform-aws-cognito | ★2 | Cognito user pools and identity pools |
| terraform-aws-amplify | — | Amplify apps and branch deployments |
Foundation
| Module | Stars | Description |
|---|---|---|
| terraform-aws-labels | ★43 | Generates consistent resource names and tags — used internally by all modules |
| terraform-aws-keypair | ★12 | EC2 key pairs (generate or import) |
| terraform-aws-active-directory | ★2 | AWS Managed Microsoft Active Directory |
| terraform-aws-control-tower | ★1 | Control Tower baseline resources |