Vetted OpenTofu/Terraform modules for OE Platform clients.
Reference modules from client config repositories:
module "website" {
source = "github.com/ordinaryexperts/platform-modules//modules/static-website?ref=static-website-v1.3.0"
name = "my-app"
environment = "prod1"
domain = "www.example.com"
certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/abc123"
}| Module | Category | Description |
|---|---|---|
| artifact-bucket | Storage | S3 bucket for build artifacts with cross-account access |
| ecr-repository | Storage | ECR repository with cross-account pull and lifecycle cleanup |
| ecs-webapp | Compute | ECS Fargate app with ALB, optional RDS, Redis, S3, worker, SES |
| lza-foundation | Landing Zone | AWS Landing Zone Accelerator foundation and Platform integration |
| shared-services | Storage | Combined ECR + artifact bucket for SharedServices account |
| static-website | Compute | S3 + CloudFront static website with OAC and custom domains |
Each module includes:
README.md- Usage documentation and examplesmodule.json- Module metadata (synced to OE Platform)variables.tf- Input variables with descriptionsoutputs.tf- Output valuesmain.tf- Resource definitionsversions.tf- Provider version constraints
Each module has a module.json that defines metadata synced to OE Platform for the module catalog and AI agent context:
{
"display_name": "Static Website",
"description": "S3 + CloudFront static website with Origin Access Control",
"category": "compute",
"deployment_type": "s3_artifact",
"well_architected": ["security", "performance_efficiency", "cost_optimization"],
"features": ["cloudfront", "oac", "custom_domain", "https", "spa_support"]
}| Field | Required | Description |
|---|---|---|
display_name |
Yes | Human-readable name |
description |
Yes | One-line description of what the module does |
category |
Yes | One of: storage, networking, compute, security, database, observability, iam, landing_zone, application |
deployment_type |
No | "container" or "s3_artifact" if the module supports app code deployment |
well_architected |
No | AWS Well-Architected pillars this module addresses |
features |
No | List of features/capabilities for AI agent context |
Modules are versioned independently using git tags following Semantic Versioning:
<module-name>-v<major>.<minor>.<patch>
Examples:
static-website-v1.3.0ecs-webapp-v2.0.0shared-services-v1.1.0
- Major (v2.0.0): Breaking changes - removed variables, renamed outputs, changed behavior
- Minor (v1.1.0): New features - added variables, new resources, backwards compatible
- Patch (v1.0.1): Bug fixes - no interface changes
This repository uses trunk-based development:
main <-- trunk (always deployable)
^
feature/* <-- short-lived feature branches
|
+-- tags <-- module-name-v1.0.0 (release points)
-
Create a feature branch from main:
git checkout main git pull origin main git checkout -b feature/my-change
-
Make your changes and push:
# ... make changes ... git add . git commit -m "feat: add new capability" git push -u origin feature/my-change
-
Open PR to main and merge after review
-
Tag a release when ready:
git checkout main git pull origin main git tag -a "static-website-v1.4.0" -m "static-website v1.4.0: Add WAF support" git push origin "static-website-v1.4.0"
This triggers the release workflow which notifies OE Platform to update the module catalog.
Key principles:
- Keep feature branches short-lived (hours to days, not weeks)
- Merge to main frequently
- Main should always be deployable
- Dev environments track main directly
- Staging/prod environments use versioned tags
All modules must include:
-
README.mdwith usage example -
module.jsonwith metadata - All variables have
descriptionandtype - All outputs have
description -
versions.tfwith provider constraints - Pass
tofu fmtandtofu validate
Apache License 2.0 - See LICENSE