Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

4.3.2. Output Values

💡 First Principle: Outputs are the only sanctioned way for data to leave a module — a child module exposes nothing to its caller except through declared outputs, which is why outputs define a module's public surface.

An output block exposes a value for two audiences: at the root module, outputs are printed after apply and retrievable with terraform output; in a child module, outputs are how the parent reads the child's results (module.network.vpc_id). Outputs can carry a description, a sensitive flag (suppresses the value in CLI output), and depends_on for ordering edge cases.

output "instance_ip" {
  description = "Public IP of the web server"
  value       = aws_instance.web.public_ip
}

⚠️ Exam Trap: A child module's resources and variables are not directly readable by the parent — only its declared outputs are. If a scenario tries to reference module.network.aws_vpc.main.id directly, that's wrong; the child must expose vpc_id as an output first.

Reflection Question: Why does requiring child modules to expose data only through outputs make modules safer to reuse and refactor?

Start with 40 free practice questions
Alvin Varughese
Written byAlvin Varughese
Founder18 professional certifications