Associate Exam Flashcards
Is locking happening automatically?
YES
What is “terraform taint” command?
Informs Terraform that a particular object has become degraded or damaged. Terraform represents this by marking the object as “tainted” in the Terraform state, in which case Terraform will propose to replace it in the next plan you create.
Command to create new workspace
terraform workspace new NAME
Flag used to identify the specific version of a provider required.
required_providers
In which config block Terraform-specific setting are declared?
terraform
terraform {
required_providers {
aws = {
version = “>= 2.7.0”
source = “hashicorp/aws”
}
}
}
Which command allow to retrieve a list of resources that are part of the state file?
terraform state list
Where local state is stored for a workspaces?
directory called terrraform.tfstate.d
Can Terraform backed be migrated without de-provisioning the resources?
YES
Where is the workspaces local state stored?
Directory terraform.tfstate.d
What kind of resource dependany is stored in terraform.tfstate file?
Both implicit and explicit
The most verbose logging level
trace
How to hide the output value in CLI?
use “sensitive” parameter
Which command will upgrade the provider to the latest acceptable one?
terraform init -upgrade
Can you publish your own modules in Terraform Registry?
YES
Connection types supported by remote-exec?
- ssh
- winrm
What’s the purpose of remote-exec?
Invokes a script on a remote resource after it is created
Features exclusive to Terraform Enterpise
- Audit logs
- Clustering
- SAML/SSO
What are limitations of SENSITIVE parameter?
The values are stored in the Terraform state and available using the terraform output command, so cannot be relied on as a sole means of protecting values.
Two Terraform versions
- open source
- enterprise
What is terraform import?
This allows to take resource created by some other means and bring it under Terraform mangement.
The purpose of “terraform validate” command.
Validates the configuration files in a directory, referrring only to the configuration and not accessing any remote services such as remote state, provider API, etc.
What is a downside to using the Vault provider to read secrets from Vault?
Any secrets that you read and write to be persisted in both Terraform’s state file and in any generated plan files. For any Terraform module that reads or writes Vault secrets, these files should be treated as sensitive and protected accordingly.
When writing terraform code, HashiCorp recommends that you use how many spaces between each nesting level
2
After executing a terraform apply. you notice that a resoruce has a tilde (~) next to it. What does this infer?
The resource will be updated in place
How local path must begin for local module
”./” or “../”
Which type of variable allows multiple values of several distinct types to be grouped together as a single value?
- object
- list
Which command can be used to view th specified version constraint for all providers used in the current configuration?
terraform providers
Is Role Based Access Control free?
NO
When should you use the force-unlock command?
Automatic unlocking failed
In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently?
10
What can outputs be used for?
- User reference
- Input to other resources being created via terraform
What is the statement that follows the resource in a terraform block called? IE resource “” “” {
Resource block
For an output what happens if you do not supply an attribute?
The output will provide all the attributes associated with the resource
What are attributes?
What is an output?
A way to output specific attributes of a resource
Where can you assign variables?
- Environment variables
- Command Line Flags
- From a File
- Variable Defaults
What is a type argument in a variable block?
the type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable
What is a type list
Sequential list of values identified by their position. Starts with 0
[
“apple”,
“orange”,
“pear”
]
What is a type map
a group of values identified by name labels, like
{
name = “Mabel”,
age = “52”
}
How can you reference a specific position in a list
var.[position (i.e. 1)]
What is a local value?
A local value assigns a name to an expression, allowing it to be used multiple times within a module without repeating it.
What is the general syntax of a function?
function(argument 1, argument 2)
What are the categories of functions in use by Terraform?
Numeric
String
Collection
Encoding
Filesystem
Date and Time
Hash and Crypto
IP Network
Type Conversion
Where can you test terraform functions?
terraform console
What does a lookup do?
retrieves the value of a single element from a map, given its key. If the given key does not exist, a the given default value is returned instead.
What does an element do?
retrieves a single element from a list.
What do data source allow
Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration.
How can you setup detailed logs for debugging
You can set TF_LOG to one of the log levels
How do you enable logging?
by exporting the logs and setting a verbosity level from the local console
- export TF_LOG=
How can you export Terraform Logs to a file?
by specifying a log path to export the TF logs to
- export TF_LOG_PATH=
What is the most verbose level of TF_LOG?
Trace
How can you validate the terraform configuration files for systematic validation?
terraform validate
What is the Terraform State File?
The state allows terraform to map real world resources to existing configuration. Terraform stores the state of the infrastructure in TF files
What is a desired state?
The specific configuration defined in a resource block is what creates a desired state
What is terraform refresh
Terraform refresh fetches the latest information about the current state of your infrastructure.
What does Terraform plan do?
Match the desired state with the current state
What does terraform show do?
Shows all information within the terraform state file
Can Terraform providers have a different provider plugin version that Terraform?
Yes
Where are terraform plugins installed?
.terraform/plugins directory
Can you specify a specific version number or a base version number for installing a provider?
Yes by providing a version statement in the provider configuration block
How can you obtain HashiCorp Distributed providers?
They are automatically downloaded during terraform init
How can you obtain non distributed providers?
Manually installed locally
Where do you download and install plugins for manual installation?
- ~/.terraform.d/plugins directory
- All manual plugins should be copied into the above directory
- Terraform init will read from the ~/.terraform/plugins directory
What are terraform provisioners?
Provides the ability to configure an added resource using a defined script
How many types of provisioners are there?
2
What are the types of provisioners?
- local-exec
- remote-exec
What does a local-exec provisioner allow?
local-exec provisioners allow us to invoke local executable after resource is created
What does a remote-exec provisioner allow?
Remote-exec provisioners allow to invoke scripts directly on the remote server
What is required for a provisioner to run scripts on the remote server?
connection block with login information
What are the two types of provisioners?
- Creation-Time Provisioner
- Destroy-Time Provisioner
What is a creation-time provisioner?
- creation time provisioners are only run during creation, not during updating or any other lifecycle
- If a creation-time provisioner fails, the resource is marked as tainted
What is a destroy-time provisioner?
destroy provisioners are run before the resource is destroyed
When is a destroy provisioner invoked?
when = destroy is added to the provisioner block
What does the on_failure setting do?
Ignore the error and continue with creation or destruction
What is the DRY Principle
Dont Repeat Yourself
What is the terraform registry?
modules that have already been written by the TF community
How do you know if the input is required?
check the registry Note and Inputs section of the resource group
What does multiple workspaces allow for in Terraform?
Terraform allows us to have multiple workspaces, with each of the workspaces we can have different set of environment variables associated.
What command allows me to switch between workspaces?
terraform workspace
What are the sub commands for terraform workspace?
- delete
- list
- new
- select
- show
What does the start denote when you run a terraform workspace show
what environment you are in
What is terraform state file locking?
Whenever you are performing a write operation, terraform would lock the state file.
Is locking available in S3?
No
How can you create a locking mechanism for tfstate files stored in s3?
integrate dynamodb
The current implementation of Terraform import can only import resources into the state. It does not generate configuration.
true
You want to use terraform import to start managing infrastructure that was not originally provisioned through infrastructure as code. Before you can import the resource’s current state, what must you do in order to prepare to manage these resources using Terraform?
Update the configuration file to include the new resources.
Usage of “terraform refresh” command
The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. This can be used to detect any drift from the last-known state, and to update the state file. This does not modify infrastructure, but does modify the state file.
During a terraform plan, a resource is successfully created but eventually fails during provisioning. What happens to the resource?
the resource is marked as tainted
You want to evaluate an expression in terraform before appying it. What command do you use?
Console
Command to unlock the locked state file
force-unlock
Command used to automatically obtain and save an API token for Terraform Cloud, Terraform Enterprise, or any other host that offers Terraform services
terraform login
Command to inspect the current state files
terraform show
Databse used by backend terraform enterpsie
postgresql
Environment variables format
TF_VAR_name
Command to Force plugin installation to read plugins only from the specified directory
terraform init -plugin-dir=PATH
Terraform Plugins language
Go
Command to manually unlock the state for the defined configuration.
terraform force-unlock [options] LOCK_ID [DIR]
Which backen has default state locking?
- azurerm
- gcs
Which terraform command reads the current settings from all managed remote objects and updates the Terraform state to match
tarraform refresh
