Three Principles to keep in mind
Encapsulation
Group infrastructure that is always deployed together.
Including more infrastructure in a module makes it easier for an end user to deploy that infrastructure but makes the module’s purpose and requirements harder to understand.
Privileges
Restrict modules to privilege boundaries.
If infrastructure in the module is the responsibility of more than one group, using that module could accidentally violate segregation of duties. Only group resources within privilege boundaries to increase infrastructure segregation and secure your infrastructure.
Volatility
Separate long-lived infrastructure from short-lived.
For example, database infrastructure is relatively static while teams could deploy application servers multiple times a day. Managing database infrastructure in the same module as application servers exposes infrastructure that stores state to unnecessary churn and risk.