1. What is Terraform and what are its main features?
Answer: Terraform is an open-source Infrastructure as Code (IaC) tool developed by
HashiCorp. It allows you to define, provision, and manage infrastructure across
various cloud providers and services using a declarative configuration language
known as HashiCorp Configuration Language (HCL).
Main Features:
Infrastructure as Code (IaC): Manage infrastructure using code, enabling version control, reuse, and sharing.
Provider Agnostic: Supports multiple providers like AWS, Azure, GCP, and others, allowing for a consistent workflow.
Execution Plans: Generates and shows execution plans before applying changes, helping you understand what Terraform will do.
Resource Graph: Builds a graph of all resources and their dependencies, optimizing resource creation and modification.
Change Automation: Automates complex changesets to your infrastructure with minimal human interaction.
2. Can you explain the difference between Terraform and other configuration management tools like Ansible, Puppet, or Chef?
Answer:
o Terraform: Primarily an infrastructure provisioning tool. It focuses on creating, updating, and versioning infrastructure
safely and efficiently.
o Ansible/Puppet/Chef: Primarily configuration management tools. They are used to install and manage software on existing
servers.
Approach:
o Terraform: Declarative. You describe the desired state, and Terraform figures out how to achieve it.
o Ansible/Puppet/Chef: Can be both declarative and procedural, depending on how you write your configurations
or playbooks.
Infrastructure Lifecycle:
o Terraform: Manages the entire lifecycle of infrastructure, including creation, scaling, and destruction.
o Ansible/Puppet/Chef: Manages the software and settings on already provisioned infrastructure.
3. What is state in Terraform, and why is itimportant?
Answer:
Terraform State: A persistent data store that maps Terraform configurations to real-world resources. It’s typically stored in a
file named terraform.tfstate.
Importance:
o Mapping: Keeps track of resource IDs and metadata, enabling Terraform to manage resources effectively.
o Planning and Execution: Allows Terraform to generate accurate execution plans by knowing the current state of
resources.
o Collaboration: When stored remotely (e.g., in AWS S3 or Terraform Cloud), it enables team collaboration by sharing the state.
4. How do you manage multiple environments (e.g., development,staging, production) in Terraform?
Answer:
Workspaces:
o Use Terraform workspaces to maintain separate state files
within the same configuration for different environments.
o Example:
terraform workspace new development terraform
workspace select development
Directory Structure:
o Organize configurations into separate directories for
each environment, each with its own state.
o Example:
├── environments
├── dev
├── staging
└── prod
Variable Files:
o Use different .tfvars files for each environment to
parameterize configurations.
o Example:
terraform apply -var-file=”dev.tfvars”
Backend Configuration:
o Use different backend configurations to store state files
separately for each environment.
5. What is a Terraform provider, and how do you use it?
Answer:
Terraform Provider:
o A plugin that interacts with APIs of cloud platforms and services (e.g., AWS, Azure, Google Cloud).
o Providers define resources and data sources for a service.
Usage:
o Declaration:
provider “aws” {
region = “us-west-2”
}
o Version Pinning:
provider “aws” {
version = “~> 3.0”
region = “us-west-2”
}
o Multiple Providers:
You can configure multiple providers to manage
resources across different platforms.
6. Explain the difference between Terraform modules andresources ?
Answer:
Resources:
o Basic building blocks in Terraform.
o Represent infrastructure objects like virtual networks, compute
instances, or databases.
o Example:
resource “aws_instance” “web_server” {
ami = “ami-0c55b159cbfafe1f0”
instance_type = “t2.micro”
}
Modules:
o Containers for multiple resources that are used together.
o Promote code reuse and organization.
o Can be shared and versioned.
o Example of using a module:
module “vpc” {
source = “terraform-aws-modules/vpc/aws”
version = “2.77.0”
name = “my-vpc”
cidr = “10.0.0.0/16”
}
7. How can you import existing infrastructure into Terraform?
Answer:
Step 1: Write Resource Configuration
o Define the resource in your .tf files without any parameters
that Terraform can’t infer.
resource “aws_instance” “existing” {
# Configuration will be populated after import
}
Step 2: Run Import Command
o Use terraform import to map the existing resource to
the Terraform resource.
bash
Copy code
terraform import aws_instance.existing i-0abcdef1234567890
Step 3: Refresh and Update Configuration
o Run terraform plan to see differences and update
the configuration to match the actual settings.
8. What are Terraform variables, and how do you use them?
Answer:
Terraform Variables:
o Input Variables: Parameters for Terraform modules,
making configurations flexible and reusable.
variable “instance_type” {
type = string
default = “t2.micro”
description = “EC2 instance type”
}
o Usage:
resource “aws_instance” “web” {
ami = “ami-0c55b159cbfafe1f0”
instance_type = var.instance_type
}
Setting Variables:
o Environment Variables: export TF_VAR_instance_type=”t2.small”
o Command-Line Flags: terraform apply
– var=”instance_type=t2.small”
o Variable Files: Create .tfvars files and pass them with -var-file flag.
Output Variables:
o Used to expose values to the user or other
configurations. output “instance_ip” {
value = aws_instance.web.public_ip
}
9. How do you handle secrets or sensitive data in Terraform?
Answer:
Sensitive Variables:
o Mark variables as sensitive to prevent them from being
displayed in logs.
variable “db_password” {
type = string
sensitive = true
}
Avoid Hardcoding:
o Do not store secrets in code or version control.
o Use environment variables or prompt for input.
Use Vault or Secret Management Services:
o Integrate with tools like HashiCorp Vault to fetch secrets
at runtime.
Secure State Storage:
o Use encrypted remote backends to store state files securely.
Example of Fetching a Secret from
Vault:
data “vault_generic_secret” “db_password” {
path = “secret/data/db_password”
}
resource “aws_db_instance” “example” {
password = data.vault_generic_secret.db_password.data[“password”]
# Other configurations
}
10. What is the purpose of the terraform init command?
Answer:
terraform init:
o Initializes a Terraform working directory by downloading
and installing the necessary providers and modules.
o Functions:
Plugin Installation: Downloads provider plugins required
for the configuration.
Backend Initialization: Sets up the backend for
state storage.
Module Installation: Downloads modules from sources
like GitHub or the Terraform Registry.
o When to Run:
First time setting up a configuration.
After adding or changing providers or modules.
After cloning a repository containing
Terraform configurations.
11) How does Terraform handle resource dependencies?
Answer:
Implicit Dependencies:
o Terraform automatically determines resource dependencies
by analyzing references in configurations.
resource “aws_instance” “example” {
ami = “ami-0c55b159cbfafe1f0”
instance_type = “t2.micro”
subnet_id = aws_subnet.example.id
}
resource “aws_subnet” “example” {
vpc_id = aws_vpc.example.id
cidr_block = “10.0.1.0/24”
}
Here, the aws_instance depends on aws_subnet because of the subnet_id
reference.
Explicit Dependencies:
o Use depends_on when a dependency isn’t detected
automatically. resource “null_resource” “example” {
depends_on = [aws_instance.example]
}
12. How do you manage remote state in Terraform?
Answer:
Remote state is used to share the state file among team members and secure it.
Example Using AWS S3:
terraform {
backend “s3” {
bucket = “my-terraform-state”
key = “global/s3/terraform.tfstate”
region = “us-west-2”
encrypt = true
dynamodb_table = “terraform-lock-table”
}
}
Features:
o Storage: Stores the state in a remote backend like S3, Azure
Blob, or Terraform Cloud.
o Locking: Prevents concurrent changes using mechanisms
like DynamoDB tables.
13. What are Terraform data sources, and how are they used?
Answer:
Data Sources:
o Allow you to fetch existing information or resources from
a provider.
Example:
data “aws_ami” “example” {
most_recent = true
owners = [“self”]
filter {
name = “name”
values = [“my-ami-*”]
}
}
resource “aws_instance” “example” {
ami = data.aws_ami.example.id
instance_type = “t2.micro”
}
14. What is the terraform apply command, and how does it differ from terraform plan?
Answer:
terraform plan:
o Shows the changes Terraform will make to your
infrastructure without actually applying them.
o Use for review and approval.
terraform apply:
o Executes the changes proposed in the plan, creating, modifying,
or destroying resources as necessary.
15. What is the difference between count and for_each in Terraform?
Answer:
count:
o Creates multiple resources by a specified
number. resource “aws_instance” “example” {
count = 3
instance_type = “t2.micro”
}
o Accessed using count.index.
for_each:
o Creates resources based on a map or a set.
resource “aws_instance” “example” {
for_each = {
server1 = “t2.micro”
server2 = “t2.small”
}
instance_type = each.value
ami = “ami-0c55b159cbfafe1f0”
}
o Accessed using each.key and each.value.
16. How do you debug errors in Terraform?
Answer:
Debugging Steps:
o Enable Debug Logs: Set the TF_LOG environment variable.
bash
Copy code
export TF_LOG=DEBUG
terraform apply
o Log Output File: Redirect logs to a file for detailed
review. export TF_LOG_PATH=”terraform.log”
ami = “ami-0c55b159cbfafe1f0”
o Validate Configurations: Use terraform validate to check for
syntax errors.
o Plan Execution: Run terraform plan to identify issues in
execution plans.
17. Explain the difference between local-exec and remote-exec provisioners?
Answer:
local-exec:
o Executes commands on the machine running
Terraform. resource “null_resource” “example” {
provisioner “local-exec” {
command = “echo ‘Hello, World!'”
}
}
remote-exec:
o Executes commands on a remote resource (e.g., an EC2
instance). resource “aws_instance” “example” {
provisioner “remote-exec” {
inline = [
“sudo apt-get update”,
“sudo apt-get install -y nginx”
]
}
}
18. What is a null_resource in Terraform, and when would you use it?
Answer:
null_resource:
o A resource that doesn’t directly manage infrastructure but
allows running provisioners and triggers.
Example:
resource “null_resource” “example” {
provisioner “local-exec” {
command = “echo ‘Triggered by change in variables!'”
}
triggers = {
variable = var.example_variable
}
}
Use Cases:
o Execute local commands or scripts based on conditions.
o Handle non-infrastructure workflows.
19. What is terraform fmt, and why is it important?
Answer:
terraform fmt:
o Formats Terraform configuration files to ensure consistent style.
o Run it in the directory containing .tf
files: terraform fmt
Importance:
o Improves readability and standardizes configuration files.
20. What is the purpose of the terraform taint command?
Answer:
terraform taint:
o Marks a resource as needing to be destroyed and recreated
during the next terraform apply.
Example:
terraform taint aws_instance.example
Use Case:
o When a resource is in an inconsistent state or needs to be
updated due to external changes.
21. What is the difference between terraform destroy and terraform apply -destroy?
Answer:
terraform destroy:
o Deletes all the resources defined in the current state file.
bash
terraform destroy
terraform apply -destroy:
o Combines terraform plan and terraform destroy into
one command, showing a plan before destruction.
terraform apply -destroy
22. How do you roll back changes in Terraform if something goes wrong?
Answer:
Options for Rollback:
o State Restoration: Restore a previous state backup if state
file corruption occurs.
cp terraform.tfstate.backup terraform.tfstate
o Revert Code Changes: Revert to a previous commit in version
control and reapply:
git checkout <commit-id>
terraform apply
o Manual Correction: Edit configurations and use terraform plan
to apply corrective changes.
23. What are Terraform modules, and how do you create a reusable module?
Answer:
Terraform Modules:
o A way to encapsulate resources for reuse.
Steps to Create a Module:
o Structure:
├── main.tf
├── variables.tf
├── outputs.tf
o Module Definition:
# main.tf
resource “aws_instance” “example” {
ami = var.ami
instance_type = var.instance_type
}
# variables.tf
variable “ami” {}
variable “instance_type” {
default = “t2.micro”
}
# outputs.tf
output “instance_id” {
value = aws_instance.example.id
}
o Use the Module:
module “example_instance” {
source = “./path/to/module”
ami = “ami-0c55b159cbfafe1f0”
instance_type = “t2.small”
}
24. What is drift detection in Terraform, and how do you handle drift?
Answer:
Drift Detection:
o Drift occurs when resources are modified outside
Terraform, causing the actual state to differ from the state
file.
How to Handle Drift:
o Run terraform plan to detect changes.
o Apply the plan to reconcile the
drift: terraform apply
25. What is the purpose of the terraform state command?
Answer:
Purpose:
}
o Manage Terraform’s state file.
Common Commands:
o List Resources:
terraform state list
o Show Resource Details:
terraform state show <resource_name>
o Move Resources:
terraform state mv old_resource new_resource
o Remove Resources:
terraform state rm <resource_name>