Given the Terraform module source declaration below, what version of the module will Terraform use when you run terraform init?
module "network" {
source = "terraform-aws-modules/vpc/aws"
version = ">= 2.0, < 3.0"
name = "my-vpc"
cidr = "10.0.0.0/16"
}Think about how version constraints work in Terraform module sources.
Terraform respects semantic version constraints and picks the latest module version that fits the specified range. Here, it will pick the newest version >= 2.0 and < 3.0.
You have a Terraform configuration using a module pinned to version 1.5.0. You update the version to 1.6.0 and run terraform plan. What will happen?
Consider how Terraform handles module upgrades during planning.
Changing the module version causes Terraform to download the new module code and compare resource definitions. It will show any changes in resources during the plan phase.
You manage a large Terraform codebase with multiple teams. Some teams require different versions of the same module. What is the best architecture to support this?
Think about how Terraform modules and versioning can coexist in one codebase.
Using separate module blocks with explicit version pins allows teams to use different module versions safely without conflicts.
What is a key security risk of using Terraform modules without specifying a fixed version?
Consider what happens if a module changes unexpectedly.
Without version pinning, Terraform may download a newer module version that contains unreviewed or malicious changes, risking infrastructure security.
In a CI/CD pipeline deploying Terraform infrastructure, what is the best practice regarding module versioning to ensure stable and repeatable deployments?
Think about stability and repeatability in automated deployments.
Pinning exact module versions ensures the same code is used every time, preventing unexpected changes during automated runs.