1. How does Terraform handle versioning for configurations and providers?
Answer:
Provider Versioning:
o Use the required_providers block to specify provider
versions. terraform {
required_providers {
aws = {
source = “hashicorp/aws”
version = “~> 3.0”
}
}
}
Terraform Versioning:
o Specify the required Terraform version in the
configuration. terraform {
required_version = “>= 1.1.0”
}
2. Can Terraform handle circular dependencies?
Answer:
Circular Dependencies:
o Terraform detects and reports circular dependencies during a plan or apply operation.
Solution:
o Refactor configurations to remove circular dependencies.
o Use depends_on to explicitly define dependencies.
3. What is the purpose of terraform workspace, and when would you use it?
Answer:
Purpose:
o Manage multiple instances of state files for different environments or teams.
Commands:
o List Workspaces:
terraform workspace list
o Create a Workspace:
terraform workspace new development
o Switch Workspaces:
terraform workspace select production
4. How do you use a backend configuration in Terraform?
Answer:
Backend Configuration:
o Defines where Terraform stores state.
Example Using AWS S3:
terraform {
backend “s3” {
bucket = “my-terraform-state”
key = “global/s3/terraform.tfstate”
region = “us-west-2”
}
}
Initializing Backend:
terraform init
5. How can you secure sensitive outputs in Terraform?
Answer:
Sensitive Outputs:
o Mark outputs as sensitive to hide them in the Terraform
CLI output.
output “db_password” {
value = aws_secretsmanager_secret.example.secret_string
sensitive = true
}
Best Practices:
o Store secrets in a secure vault like HashiCorp Vault.
o Use remote state with encryption for storing state files.
6. What is the purpose of the terraform output command?
Answer:
Purpose:
o Displays the values of outputs defined in the configuration after a
successful apply.
Usage:
terraform output
Access Specific Output:
terraform output instance_ip
Sensitive Outputs:
o If marked sensitive, outputs won’t be displayed in plain text.
7. How does Terraform handle concurrent operations in a team environment?
Answer:
State Locking:
o Terraform uses state locking to prevent simultaneous changes to the state file.
o Remote backends like S3 with DynamoDB for locking ensure safe operations.
Handling Lock Issues:
terraform force-unlock <LOCK_ID>
Terraform Cloud:
o Offers remote state management with built-in locking and collaboration features.
8. What are Terraform dynamic blocks, and how are they used?
Answer:
Dynamic Blocks:
o Allow programmatic generation of nested blocks.
Example:
resource “aws_security_group” “example” {
name = “example”
dynamic “ingress” {
for_each = var.ingress_rules
content {
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
}
}
}
9. What is the purpose of the terraform refresh command?
Answer:
Purpose:
o Updates the state file with the latest real-world infrastructure data without applying any changes.
Usage:
terraform refresh
Common Use Case
o To detect and update drift between the configuration and actual infrastructure.
10. What are the limitations of Terraform?
Answer:
State Management:
o The state file must be managed carefully to avoid conflicts or corruption.
No Native Rollback:
o Terraform does not have built-in rollback functionality.
Lack of Procedural Logic:
o Terraform is declarative and does not support complex procedural logic.
Limited Provider Support:
o New or niche providers may not be supported.
11. How do you handle Terraform state file locking in a remote backend?
Answer:
Using AWS S3 with DynamoDB Lock Table:
o Add DynamoDB as a locking mechanism for the state
file. terraform {
backend “s3” {
bucket = “my-terraform-state”
key = “terraform.tfstate”
region = “us-west-2”
dynamodb_table = “terraform-lock-table”
}
}
Why?
o Prevents concurrent state modifications in team environments.
12. What are Terraform local values, and how are they used?
Answer:
Local Values:
o Temporary variables to simplify complex expressions.
Example:
locals {
instance_count = length(var.instance_types)
ami_id = “ami-0c55b159cbfafe1f0”
}
resource “aws_instance” “example” {
count = local.instance_count
ami = local.ami_id
instance_type = var.instance_types[count.index]
}
13. How does Terraform support conditional resource creation?
Answer:
Using count:
o Set count to 0 to skip creating a
resource. resource “aws_instance” “example” {
count = var.create_instance ? 1 : 0
ami = “ami-0c55b159cbfafe1f0”
instance_type = “t2.micro”
}
Using for_each:
o Create resources based on conditions in a map or list.
0
14. What is the purpose of the terraform console command?
Answer:
Purpose:
o Opens an interactive shell to experiment with
Terraform expressions.
Usage Example:
terraform console
> length([1, 2, 3])
3
Use Case:
o Debugging and testing expressions without applying changes.
15. What are resource taints in Terraform, and how do you manually taint a resource?
Answer:
Resource Tainting:
o Marks a resource for destruction and recreation during the next apply.
Command:
terraform taint <resource_name>
Removing Taint:
terraform untaint <resource_name>
Use Case:
o Forcefully replace resources when updates are not supported.
16. What are Terraform backends, and why are they important?
Answer:
Backends:
o Define where Terraform stores the state file (local or remote).
o Support features like remote state storage, locking, and collaboration.
Example: S3 Backend
terraform {
backend “s3” {
bucket = “my-terraform-state”
key = “path/to/statefile”
region = “us-west-2”
}
}
Importance:
o Enable secure, shared state management.
o Prevent state corruption in team environments.
17. What is the purpose of the terraform import command?
Answer:
Purpose:
o Imports existing infrastructure into Terraform’s state file.
Steps:
1. Write the resource block in your configuration.
2. Run the import command:
terraform import aws_instance.example i-0abcdef1234567890
Limitations:
o Only updates the state file, not the configuration.
18. How does Terraform manage resource lifecycles?
Answer:
Resource Lifecycle Meta-Arguments:
o create_before_destroy: Ensures a new resource is created before deleting the old one.
o prevent_destroy: Prevents accidental resource deletion.
o ignore_changes: Ignores changes to specific attributes.
Example:
resource “aws_instance” “example” {
ami = “ami-0c55b159cbfafe1f0”
instance_type = “t2.micro”
lifecycle {
create_before_destroy = true
prevent_destroy = true
ignore_changes = [tags]
}
}
19. How can you manage secrets securely in Terraform?
Answer:
Options:
1. Environment Variables:
export TF_VAR_db_password=”secure_password”
2. Secret Management Tools: Use HashiCorp Vault, AWS
Secrets Manager, or Azure Key Vault.
data “vault_generic_secret” “example” {
path = “secret/data/db_password”
}
Sensitive Variables:
variable “db_password” {
type = string
sensitive = true
}
20. What is the difference between terraform validate and terraform plan?
Answer:
terraform validate:
o Checks the syntax and correctness of the configuration files.
o Does not interact with providers or the state.
terraform plan:
o Simulates infrastructure changes by interacting with the provider and state.
o Generates an execution plan.
21. Can you explain Terraform provider version constraints?
Answer:
Purpose:
o Ensures the correct version of a provider is used.
Examples:
o Exact Version:
provider “aws” {
version = “= 3.5.0”
}
o Range:
provider “aws” {
version = “~> 3.0”
}
Why?
o Prevents breaking changes when updating providers.
22. How does Terraform handle zero-downtime deployments?
Answer:
Strategies:
o Use create_before_destroy in the lifecycle
block. resource “aws_instance” “example” {
ami = “ami-0c55b159cbfafe1f0”
instance_type = “t2.micro”
lifecycle {
create_before_destroy = true
}
}
o Leverage external tools like Terraform Enterprise or third- party orchestration for canary deployments.
23. What is the difference between provider and provisioner in Terraform?
Answer:
Provider:
o Integrates with APIs to manage infrastructure (e.g., AWS, Azure, GCP).
o Example:
provider “aws” {
region = “us-west-2”
}
Provisioner:
o Executes scripts or commands on resources during creation or destruction.
o Example:
provisioner “remote-exec”
{
inline = [“sudo apt-get update”]
}
24. How do you manage shared modules in Terraform?
Answer:
Options:
o Module Registry: Use Terraform Module
Registry. module “vpc” {
source = “terraform-aws-modules/vpc/aws”
version = “2.77.0”
}
o Git Repository: Source modules from Git.
module “example” {
source = “git::https://github.com/user/repo.git//module-path”
}
o Local Directory: Store modules
locally. module “local_module” {
o Example:
provider “aws” {
region = “us-west-2”
}
source = “./path/to/module”