// Use when creating new Terraform/OpenTofu components or modifying existing ones. Covers required files, catalog defaults, stack configuration, and naming conventions.
| name | developing-components |
| description | Use when creating new Terraform/OpenTofu components or modifying existing ones. Covers required files, catalog defaults, stack configuration, and naming conventions. |
Scope: This skill is generic and applies to any Cloud Posse reference architecture project. It covers patterns for vendoring and creating Terraform components that are consistent across all customers.
Components are opinionated Terraform root modules that implement a specific AWS resource with predefined conventions.
Always check for existing components first. Creating new components adds maintenance burden.
ls components/terraform/
Many use cases can be solved by configuring existing generic components via catalog:
iam-role - Any IAM role. Create stacks/catalog/iam-role/my-role.yaml instead of a new component.s3-bucket - Any S3 bucket with standard configurations.lambda - Lambda functions with common patterns.Browse https://docs.cloudposse.com/components/library/ for pre-built components. Common ones:
eks/cluster - Kubernetesaurora-postgres, rds - Databaseselasticache-redis - Cachingecs, ecs-service - Container workloadss3-bucket, dynamodb, sqs-queue - Storage and messagingcloudwatch-logs, sns-topic - Monitoring and notifications| Resource | Location |
|---|---|
| Component Library Docs | https://docs.cloudposse.com/components/library/ |
| Component Repositories | github.com/cloudposse-terraform-components/aws-<service> |
| Mixins Repository | github.com/cloudposse-terraform-components/mixins |
Find latest version:
gh release view --repo cloudposse-terraform-components/aws-<component> --json tagName
component.yaml:mkdir -p components/terraform/<component-name>
components/terraform/<component-name>/component.yaml:apiVersion: atmos/v1
kind: ComponentVendorConfig
spec:
source:
uri: github.com/cloudposse-terraform-components/aws-<component>.git//src?ref={{ .Version }}
version: <latest-version> # Use gh release view to find this
included_paths:
- "**/**"
excluded_paths:
- "providers.tf"
mixins:
# Use provider mixin without account-map dependency (for single-account deployments)
- uri: https://raw.githubusercontent.com/cloudposse-terraform-components/mixins/{{ .Version }}/src/mixins/provider-without-account-map.tf
version: v0.3.2
filename: providers.tf
atmos vendor pull -c <component-name>
Create a new component when:
Teralithic components (all-in-one) are appropriate when:
Avoid custom components when:
Every new component requires three parts:
components/terraform/<component-name>/)Required files (copy from an existing component like ecs):
context.tf - Always identical across all components. Copy from any existing component. Provides Cloud Posse's
null-label context for consistent naming.providers.tf - Standard provider configuration. Copy from an existing component. Includes the
account_map_enabled variable and dummy iam_roles module for compatibility.versions.tf - OpenTofu/Terraform and provider version constraintsvariables.tf - Component-specific input variablesmain.tf - Main resource definitionsoutputs.tf - Output valuesNote on remote-state.tf: Avoid creating remote-state.tf files for new components. Instead, use Atmos functions
(!terraform.state) in stack YAML to pass values from other components. This keeps components simpler and moves
cross-component wiring to the stack configuration layer.
stacks/catalog/<component-name>/defaults.yaml)Define organization-wide default values for the component, including dependency lookups:
components:
terraform:
<component-name>/defaults:
metadata:
component: <component-name>
type: abstract # Makes this a base configuration, not directly deployable
vars:
enabled: true
name: <component-name>
# Static defaults
some_setting: "default-value"
# Dynamic lookups - resolved at plan time based on current stack
vpc_id: !terraform.state vpc vpc_id
subnet_ids: !terraform.state vpc private_subnet_ids
stacks/orgs/acme/<tenant>/<stage>/<region>/<layer>.yaml)Import the catalog - often no component block is needed if catalog defaults are complete:
import:
- orgs/acme/plat/dev/_defaults
- mixins/region/us-east-1
- catalog/<component-name>/defaults
If overrides are needed:
import:
- catalog/<component-name>/defaults
components:
terraform:
<component-name>:
vars:
# Account/region-specific overrides only
some_setting: "override-value"
ecs-adot-collector not just adot-collector)iam-role/grafana-cloudwatch-access,
grafana/datasource/cloudwatch)Stack files in stacks/orgs/acme/ mirror the AWS account structure:
orgs/acme/core/ - Core accounts (root, audit, security, network, auto, artifacts)orgs/acme/plat/ - Platform accounts (sandbox, dev, staging, prod)Within each stage, organized by region:
global-region/ - Global (us-east-1) resources like IAMus-east-2/ - Regional resourcesRegional stack files are typically split by layer:
foundation.yaml - VPC, networking, base infrastructureplatform.yaml - Shared platform services (ECS clusters, databases)app.yaml - Application-specific resources
Use when authenticating with AWS via Atmos. Covers ATMOS_PROFILE setup, SSO login, and how Atmos automatically assumes the correct identity per stack. Use for authentication setup, SSO login issues, and permission errors.
Use when deploying components via Atmos stacks, configuring stack YAML, or understanding inheritance patterns. Covers catalog defaults, abstract components, stack imports, and how to wire components into target stacks.
Building, rendering library docs, and deploying docs.cloudposse.com. Use when working with the Docusaurus build process or regenerating auto-generated content.
Writing standards, React components, and MDX patterns for docs.cloudposse.com. Use when creating or editing documentation content.
CSS styles, color themes, and visual conventions for docs.cloudposse.com. Use when styling components, mermaid diagrams, or working with site theming.
Use when fixing legacy account-map component references or creating new components. Covers migration from dynamic account-map lookups to static account_map variable. Use when you see account-map remote-state references or need to set up provider configuration for a new component.