1. A platform team wants to allow application teams to use approved, internally curated Terraform modules without exposing them to the public internet. Which Terraform feature is best suited for this requirement?
- A. Publishing modules to the public Terraform Registry with a private flag enabled
- B. Using a private module registry in Terraform Cloud or Terraform Enterprise✓ Correct
- C. Storing modules in a shared S3 bucket and referencing them with an `s3::` source prefix
- D. Placing all modules in a single Git monorepo and sharing credentials with all teams
Explanation
Correct: Terraform Cloud and Terraform Enterprise both offer a private module registry that allows organizations to publish, version, and share modules internally, with access controls, without exposing them publicly. Incorrect: The public Terraform Registry does not support a 'private flag'; modules published there are publicly accessible by anyone. Incorrect: Terraform does not support an `s3::` source prefix; S3 is not a natively supported module source type (though HTTP archives and Git are). Incorrect: A Git monorepo is a workable but informal solution that lacks the versioning, search, and access-control features of a proper private registry; it is not the purpose-built Terraform feature for this need.