# Review of Terraform Modules

Terraform Module Review Process for the Azure Verified Modules (AVM) program

The AVM module review is a critical step before an AVM Terraform module gets published to the Terraform Registry and made publicly available for customers, partners and wider community to consume and contribute to. It serves as a quality assurance step to ensure that the AVM Terraform module complies with the Terraform specifications of AVM. The below process outlines the steps that both the module owner and module reviewer need to follow.
The module owner completes the development of the module in their branch or fork.
The module owner submits a pull request (PR) titled AVM-Review-PR and ensures that all checks are passing on that PR as that is a pre-requisite to request a review.
The module owner assigns the avm-core-team-technical-terraform GitHub team as reviewer on the PR.
The module owner leaves the following comment as it is on the module proposal in the AVM - Module Triage project by searching for their module proposal by name there.
➕ AVM Terraform Module Review Request I have completed my initial development of the module and I would like to request a review of my module before publishing it to the Terraform Registry. The latest code is in a PR titled [AVM-Review-PR](REPLACE WITH URL TO YOUR PR) on the module repo and all checks on that PR are passing. The AVM team moves the module proposal from “In Development” to “In Review” in the AVM - Module Triage project.
The AVM team will assign a module reviewer who will open a blank issue on the module titled “AVM-Review” and populate it with the below mark down. This template already marks the specs as compliant which are covered by the checks that run on the PR. There are some specs which don’t need to be checked at the time of publishing the module therefore they are marked as NA.
➕ AVM Terraform Module Review Issue Dear module owner,
As per the module ownership requirements and responsibilities at the time of [assignment](REPLACE WITH THE LINK TO THE AVM MODULE PROPOSAL), the AVM Team is opening this issue, requesting you to validate your module against the below AVM specifications and confirm its compliance.
Please don’t close this issue and merge your AVM-Review-PR until advised to do so. This review is a prerequisite for publishing your module’s v0.1.0 in the Terraform Registry. The AVM team is happy to assist with any questions you might have.
Requested Actions
Complete the below task list by ticking off the tasks. Complete the below table by updating the Compliant column with Yes, No or NA as possible values. Please use the comments columns to provide additional details especially if the Compliant column is updated to No or NA.
Tasks Address comments on AVM-Review-PR if any Ensure that all checks on AVM-Review-PR are passing Make sure you have run grept and pre-commit and pr-check. Tick this to acknowledge specs with comment “Module Owner to action this spec post-publish as appropriate” in the table below. Please update the _header.md file as it contains instructions which - once actioned - need to be replaced with Module Name and Description. ID Spec Compliant Comments 1 ID: SFR1 - Category: Composition - Preview Services NA if no preview services are used 2 ID: SFR2 - Category: Composition - WAF Aligned Ensure only high priority reliability & security recommendations are implemented if any 3 ID: SFR3 - Category: Telemetry - Deployment/Usage Telemetry 4 ID: SFR4 - Category: Telemetry - Telemetry Enablement Flexibility Yes Yes if AVM Template Repo has been used 5 ID: SFR5 - Category: Composition - Availability Zones 6 ID: SFR6 - Category: Composition - Data Redundancy 7 ID: SNFR25 - Category: Composition - Resource Naming 8 ID: SNFR1 - Category: Testing - Prescribed Tests Yes Yes if all e2e test, version-check & linting checks passed 9 ID: SNFR2 - Category: Testing - E2E Testing Yes Yes if e2e tests passed 10 ID: SNFR3 - Category: Testing - AVM Compliance Tests Yes Yes if all e2e test, version-check & linting checks passed 11 ID: SNFR4 - Category: Testing - Unit Tests NA if no tests created in tests folder 12 ID: SNFR5 - Category: Testing - Upgrade Tests NA Module Owner to action this spec post-publish as appropriate 13 ID: SNFR6 - Category: Testing - Static Analysis/Linting Tests Yes Yes if all linting checks passed 14 ID: SNFR7 - Category: Testing - Idempotency Tests Yes Yes if e2e tests passed 15 ID: SNFR24 - Category: Testing - Testing Child, Extension & Interface Resources Yes Yes if e2e tests passed 16 ID: SNFR8 - Category: Contribution/Support - Module Owner(s) GitHub 17 ID: SNFR20 - Category: Contribution/Support - GitHub Teams Only 18 ID: SNFR9 - Category: Contribution/Support - AVM & PG Teams GitHub Repo Permissions 19 ID: SNFR10 - Category: Contribution/Support - MIT Licensing Yes Yes if AVM Template Repo has been used 20 ID: SNFR11 - Category: Contribution/Support - Issues Response Times NA Module Owner to action this spec post-publish as appropriate 21 ID: SNFR12 - Category: Contribution/Support - Versions Supported NA Module Owner to action this spec post-publish as appropriate 22 ID: SNFR23 - Category: Contribution/Support - GitHub Repo Labels 23 ID: SNFR14 - Category: Inputs - Data Types 24 ID: SNFR22 - Category: Inputs - Parameters/Variables for Resource IDs 25 ID: SNFR15 - Category: Documentation - Automatic Documentation Generation Yes Yes if linting / docs check passed 26 ID: SNFR16 - Category: Documentation - Examples/E2E Yes Yes if e2e tests passed 27 ID: SNFR17 - Category: Release - Semantic Versioning Yes Yes if version-check check passed 28 ID: SNFR18 - Category: Release - Breaking Changes NA Module Owner to action this spec post-publish as appropriate 29 ID: SNFR19 - Category: Publishing - Registries Targeted NA Module Owner to action this spec post-publish as appropriate 30 ID: SNFR21 - Category: Publishing - Cross Language Collaboration NA Module Owner to action this spec post-publish as appropriate 31 ID: RMFR1 - Category: Composition - Single Resource Only 32 ID: RMFR2 - Category: Composition - No Resource Wrapper Modules 33 ID: RMFR3 - Category: Composition - Resource Groups 34 ID: RMFR4 - Category: Composition - AVM Consistent Feature & Extension Resources Value Add Yes Yes if linting / terraform check passed 35 ID: RMFR5 - Category: Composition - AVM Consistent Feature & Extension Resources Value Add Interfaces/Schemas Yes Yes if linting / terraform check passed 36 ID: RMFR8 - Category: Composition - Dependency on child and other resources 37 ID: RMFR6 - Category: Inputs - Parameter/Variable Naming 38 ID: RMFR7 - Category: Outputs - Minimum Required Outputs Yes Yes if linting / terraform check passed 39 ID: RMNFR1 - Category: Naming - Module Naming 40 ID: RMNFR2 - Category: Inputs - Parameter/Variable Naming 41 ID: RMNFR3 - Category: Composition - RP Collaboration NA Module Owner to action this spec post-publish as appropriate 42 ID: PMFR1 - Category: Composition - Resource Group Creation NA if this is not a pattern module 43 ID: PMNFR1 - Category: Naming - Module Naming NA if this is not a pattern module 44 ID: PMNFR2 - Category: Composition - Use Resource Modules to Build a Pattern Module NA if this is not a pattern module 45 ID: PMNFR3 - Category: Composition - Use other Pattern Modules to Build a Pattern Module NA if this is not a pattern module 46 ID: PMNFR4 - Category: Hygiene - Missing Resource Module(s) NA if this is not a pattern module 47 ID: PMNFR5 - Category: Inputs - Parameter/Variable Naming NA if this is not a pattern module 48 ID: TFFR1 - Category: Composition - Cross-Referencing Modules 49 ID: TFFR2 - Category: Outputs - Additional Terraform Outputs Yes Yes if linting / terraform check passed 50 ID: TFNFR1 - Category: Documentation - Descriptions 51 ID: TFNFR2 - Category: Documentation - Module Documentation Generation Yes Yes if linting / docs check passed 52 ID: TFNFR3 - Category: Contribution/Support - GitHub Repo Branch Protection Yes Yes if AVM Template Repo has been used 53 ID: TFNFR4 - Category: Composition - Code Styling - lower snake_casing Yes Yes if linting / terraform check passed 54 ID: TFNFR5 - Category: Testing - Test Tooling Yes Yes if linting / terraform check passed 55 ID: TFNFR6 - Category: Code Style - Resource & Data Order 56 ID: TFNFR7 - Category: Code Style - count & for_each Use 57 ID: TFNFR8 - Category: Code Style - Resource & Data Block Orders Yes Yes if linting / avmfix check passed 58 ID: TFNFR9 - Category: Code Style - Module Block Order 59 ID: TFNFR10 - Category: Code Style - No Double Quotes in ignore_changes 60 ID: TFNFR11 - Category: Code Style - Null Comparison Toggle 61 ID: TFNFR12 - Category: Code Style - Dynamic for Optional Nested Objects 62 ID: TFNFR13 - Category: Code Style - Default Values with coalesce/try 63 ID: TFNFR14 - Category: Inputs - Not allowed variables 64 ID: TFNFR15 - Category: Code Style - Variable Definition Order Yes Yes if linting / avmfix check passed 65 ID: TFNFR16 - Category: Code Style - Variable Naming Rules Yes Yes if linting / terraform check passed 66 ID: TFNFR17 - Category: Code Style - Variables with Descriptions Yes Yes if linting / terraform check passed 67 ID: TFNFR18 - Category: Code Style - Variables with Types Yes Yes if linting / terraform check passed 68 ID: TFNFR19 - Category: Code Style - Sensitive Data Variables 69 ID: TFNFR20 - Category: Code Style - Non-Nullable Defaults for collection values 70 ID: TFNFR21 - Category: Code Style - Discourage Nullability by Default Yes Yes if linting / avmfix check passed 71 ID: TFNFR22 - Category: Code Style - Avoid sensitive = false Yes Yes if linting / avmfix check passed 72 ID: TFNFR23 - Category: Code Style - Sensitive Default Value Conditions Yes Yes if linting / terraform check passed 73 ID: TFNFR24 - Category: Code Style - Handling Deprecated Variables NA Module Owner to action this spec post-publish as appropriate 74 ID: TFNFR25 - Category: Code Style - Verified Modules Requirements Yes Yes if linting / terraform check passed 75 ID: TFNFR26 - Category: Code Style - Providers in required_providers Yes Yes if linting / terraform check passed 76 ID: TFNFR27 - Category: Code Style - Provider Declarations in Modules Yes Yes if linting / terraform check passed 77 ID: TFNFR29 - Category: Code Style - Sensitive Data Outputs Yes Yes if linting / avmfix check passed 78 ID: TFNFR30 - Category: Code Style - Handling Deprecated Outputs NA Module Owner to action this spec post-publish as appropriate 79 ID: TFNFR31 - Category: Code Style - locals.tf for Locals Only 80 ID: TFNFR32 - Category: Code Style - Alphabetical Local Arrangement Yes Yes if linting / avmfix check passed 81 ID: TFNFR33 - Category: Code Style - Precise Local Types 82 ID: TFNFR34 - Category: Code Style - Using Feature Toggles NA Module Owner to action this spec post-publish as appropriate 83 ID: TFNFR35 - Category: Code Style - Reviewing Potential Breaking Changes NA Module Owner to action this spec post-publish as appropriate 84 ID: TFNFR36 - Category: Code Style - Setting prevent_deletion_if_contains_resources 85 ID: TFNFR37 - Category: Code Style - Tool Usage by Module Owner The module reviewer can update the Compliance column for specs in line 42 to 47 to NA, in case the module being reviewed isn’t a pattern module.
The module reviewer reviews the code in the PR and leaves comments to request any necessary updates.
The module reviewer assigns the AVM-Review issue to the module owner and links the AVM-Review Issue to the AVM-Review-PR so that once the module reviewer approves the PR and the module owner merges the AVM-Review-PR, the AMV-Review issue is automatically closed. The module reviews responds to the module owner’s comment on the Module Proposal in AVM Repo with the following
➕ AVM Terraform Module Review Initiation Message Thank you for requesting a review of your module. The AVM module review process has been initiated, please perform the **Requested Actions** on the AVM-Review issue on the module repo. The module owner updates the check list and the table in the AVM-Review issue and notifies the module reviewer in a comment.
The module reviewer performs the final review and ensures that all checks in the checklist are complete and the specifications table has been updated with no requirements having compliance as ‘No’.
The module reviewer approves the AVM-Review-PR, and leaves the following comment on the AVM-Review issue with the following comment.
➕ AVM Terraform Module Review Completion Message Thank you for contributing this module and completing the review process per AVM specs. The AVM-Review-PR has been approved and once you merge it that will close this AVM-Review issue. You may proceed with [publishing](/Azure-Verified-Modules/contributing/terraform/terraform-contribution-flow/owner-contribution-flow/#7-publish-the-module) this module to the HashiCorp Terraform Registry with an initial pre-release version of v0.1.0. Please keep future versions also pre-release i.e. < 1.0.0 until AVM becomes generally available (GA) of which the AVM team will notify you. **Requested Action**: Once published please update your [module proposal](REPLACE WITH THE LINK TO THE MODULE PROPOSAL) with the following comment. "The initial review of this module is complete, and the module has been published to the registry. Requesting AVM team to close this module proposal and mark the module available in the module index. Terraform Registry Link: <REPLACE WITH THE LINK OF THE MODULE IN TERRAFORM REGISTRY> GitHub Repo Link: <REPLACE WITH THE LINK OF THE MODULE IN GITHUB>" Once the module owner perform the requested action in the previous step, the module reviewer updates the module proposal by performing the following steps:
Assign label Status: Module Available :green_circle: to the module proposal. Update the module index excel file and CSV file by creating a PR to update the module index and links the module proposal as an issue that gets closed once the PR is merged which will move the module proposal from “In Review” to “Done” in the AVM - Module Triage project. 

---
Source: https://raw.githubusercontent.com/Azure/Azure-Verified-Modules/refs/heads/main/docs/content/contributing/terraform/review.md
Last Modified: 0001-01-01