Associate Exam

Question 1

Is locking happening automatically?

Answer 1

YES

Question 2

What is “terraform taint” command?

Answer 2

Informs Terraform that a particular object has become degraded or damaged. Terraform represents this by marking the object as “tainted” in the Terraform state, in which case Terraform will propose to replace it in the next plan you create.

Question 3

Command to create new workspace

Answer 3

terraform workspace new NAME

Question 4

Flag used to identify the specific version of a provider required.

Answer 4

required_providers

Question 5

In which config block Terraform-specific setting are declared?

Answer 5

terraform

terraform {

required_providers {

aws = {

version = “>= 2.7.0”

source = “hashicorp/aws”

}

}

}

Question 6

Which command allow to retrieve a list of resources that are part of the state file?

Answer 6

terraform state list

Question 7

Where local state is stored for a workspaces?

Answer 7

directory called terrraform.tfstate.d

Question 8

Can Terraform backed be migrated without de-provisioning the resources?

Answer 8

YES

Question 9

Where is the workspaces local state stored?

Answer 9

Directory terraform.tfstate.d

Question 10

What kind of resource dependany is stored in terraform.tfstate file?

Answer 10

Both implicit and explicit

Question 11

The most verbose logging level

Answer 11

trace

Question 12

How to hide the output value in CLI?

Answer 12

use “sensitive” parameter

Question 13

Which command will upgrade the provider to the latest acceptable one?

Answer 13

terraform init -upgrade

Question 14

Can you publish your own modules in Terraform Registry?

Answer 14

YES

Question 15

Connection types supported by remote-exec?

Answer 15

• ssh
• winrm

Question 16

What’s the purpose of remote-exec?

Answer 16

Invokes a script on a remote resource after it is created

Question 17

Features exclusive to Terraform Enterpise

Answer 17

• Audit logs
• Clustering
• SAML/SSO

Question 18

What are limitations of SENSITIVE parameter?

Answer 18

The values are stored in the Terraform state and available using the terraform output command, so cannot be relied on as a sole means of protecting values.

Question 19

Two Terraform versions

Answer 19

• open source
• enterprise

Question 20

What is terraform import?

Answer 20

This allows to take resource created by some other means and bring it under Terraform mangement.

Question 21

The purpose of “terraform validate” command.

Answer 21

Validates the configuration files in a directory, referrring only to the configuration and not accessing any remote services such as remote state, provider API, etc.

Question 22

What is a downside to using the Vault provider to read secrets from Vault?

Answer 22

Any secrets that you read and write to be persisted in both Terraform’s state file and in any generated plan files. For any Terraform module that reads or writes Vault secrets, these files should be treated as sensitive and protected accordingly.

Question 23

When writing terraform code, HashiCorp recommends that you use how many spaces between each nesting level

Answer 23

2

Question 24

After executing a terraform apply. you notice that a resoruce has a tilde (~) next to it. What does this infer?

Answer 24

The resource will be updated in place

Question 25

How local path must begin for local module

Answer 25

”./” or “../”

Question 26

Which type of variable allows multiple values of several distinct types to be grouped together as a single value?

Answer 26

• object
• list

Question 27

Which command can be used to view th specified version constraint for all providers used in the current configuration?

Answer 27

terraform providers

Question 28

Is Role Based Access Control free?

Answer 28

NO

Question 29

When should you use the force-unlock command?

Answer 29

Automatic unlocking failed

Question 30

In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently?

Answer 30

10

Question 31

What can outputs be used for?

Answer 31

• User reference
• Input to other resources being created via terraform

Question 32

What is the statement that follows the resource in a terraform block called? IE resource “” “” {

Answer 32

Resource block

Question 33

For an output what happens if you do not supply an attribute?

Answer 33

The output will provide all the attributes associated with the resource

Question 34

What are attributes?

Question 35

What is an output?

Answer 35

A way to output specific attributes of a resource

Question 36

Where can you assign variables?

Answer 36

• Environment variables
• Command Line Flags
• From a File
• Variable Defaults

Question 37

What is a type argument in a variable block?

Answer 37

the type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable

Question 38

What is a type list

Answer 38

Sequential list of values identified by their position. Starts with 0
[
“apple”,
“orange”,
“pear”
]

Question 39

What is a type map

Answer 39

a group of values identified by name labels, like
{
name = “Mabel”,
age = “52”
}

Question 40

How can you reference a specific position in a list

Answer 40

var.[position (i.e. 1)]

Question 41

What is a local value?

Answer 41

A local value assigns a name to an expression, allowing it to be used multiple times within a module without repeating it.

Question 42

What is the general syntax of a function?

Answer 42

function(argument 1, argument 2)

Question 43

What are the categories of functions in use by Terraform?

Answer 43

Numeric
String
Collection
Encoding
Filesystem
Date and Time
Hash and Crypto
IP Network
Type Conversion

Question 44

Where can you test terraform functions?

Answer 44

terraform console

Question 45

What does a lookup do?

Answer 45

retrieves the value of a single element from a map, given its key. If the given key does not exist, a the given default value is returned instead.

Question 46

What does an element do?

Answer 46

retrieves a single element from a list.

Question 47

What do data source allow

Answer 47

Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration.

Question 48

How can you setup detailed logs for debugging

Answer 48

You can set TF_LOG to one of the log levels

Question 49

How do you enable logging?

Answer 49

by exporting the logs and setting a verbosity level from the local console
- export TF_LOG=

Question 50

How can you export Terraform Logs to a file?

Answer 50

by specifying a log path to export the TF logs to
- export TF_LOG_PATH=

Question 51

What is the most verbose level of TF_LOG?

Answer 51

Trace

Question 52

How can you validate the terraform configuration files for systematic validation?

Answer 52

terraform validate

Question 53

What is the Terraform State File?

Answer 53

The state allows terraform to map real world resources to existing configuration. Terraform stores the state of the infrastructure in TF files

Question 54

What is a desired state?

Answer 54

The specific configuration defined in a resource block is what creates a desired state

Question 55

What is terraform refresh

Answer 55

Terraform refresh fetches the latest information about the current state of your infrastructure.

Question 56

What does Terraform plan do?

Answer 56

Match the desired state with the current state

Question 57

What does terraform show do?

Answer 57

Shows all information within the terraform state file

Question 58

Can Terraform providers have a different provider plugin version that Terraform?

Answer 58

Yes

Question 59

Where are terraform plugins installed?

Answer 59

.terraform/plugins directory

Question 60

Can you specify a specific version number or a base version number for installing a provider?

Answer 60

Yes by providing a version statement in the provider configuration block

Question 61

How can you obtain HashiCorp Distributed providers?

Answer 61

They are automatically downloaded during terraform init

Question 62

How can you obtain non distributed providers?

Answer 62

Manually installed locally

Question 63

Where do you download and install plugins for manual installation?

Answer 63

• ~/.terraform.d/plugins directory
• All manual plugins should be copied into the above directory
• Terraform init will read from the ~/.terraform/plugins directory

Question 64

What are terraform provisioners?

Answer 64

Provides the ability to configure an added resource using a defined script

Question 65

How many types of provisioners are there?

Answer 65

2

Question 66

What are the types of provisioners?

Answer 66

• local-exec
• remote-exec

Question 67

What does a local-exec provisioner allow?

Answer 67

local-exec provisioners allow us to invoke local executable after resource is created

Question 68

What does a remote-exec provisioner allow?

Answer 68

Remote-exec provisioners allow to invoke scripts directly on the remote server

Question 69

What is required for a provisioner to run scripts on the remote server?

Answer 69

connection block with login information

Question 70

What are the two types of provisioners?

Answer 70

• Creation-Time Provisioner
• Destroy-Time Provisioner

Question 71

What is a creation-time provisioner?

Answer 71

• creation time provisioners are only run during creation, not during updating or any other lifecycle
• If a creation-time provisioner fails, the resource is marked as tainted

Question 72

What is a destroy-time provisioner?

Answer 72

destroy provisioners are run before the resource is destroyed

Question 73

When is a destroy provisioner invoked?

Answer 73

when = destroy is added to the provisioner block

Question 74

What does the on_failure setting do?

Answer 74

Ignore the error and continue with creation or destruction

Question 75

What is the DRY Principle

Answer 75

Dont Repeat Yourself

Question 76

What is the terraform registry?

Answer 76

modules that have already been written by the TF community

Question 77

How do you know if the input is required?

Answer 77

check the registry Note and Inputs section of the resource group

Question 78

What does multiple workspaces allow for in Terraform?

Answer 78

Terraform allows us to have multiple workspaces, with each of the workspaces we can have different set of environment variables associated.

Question 79

What command allows me to switch between workspaces?

Answer 79

terraform workspace

Question 80

What are the sub commands for terraform workspace?

Answer 80

• delete
• list
• new
• select
• show

Question 81

What does the start denote when you run a terraform workspace show

Answer 81

what environment you are in

Question 82

What is terraform state file locking?

Answer 82

Whenever you are performing a write operation, terraform would lock the state file.

Question 83

Is locking available in S3?

Answer 83

No

Question 84

How can you create a locking mechanism for tfstate files stored in s3?

Answer 84

integrate dynamodb

Question 85

The current implementation of Terraform import can only import resources into the state. It does not generate configuration.

Answer 85

true

Question 86

You want to use terraform import to start managing infrastructure that was not originally provisioned through infrastructure as code. Before you can import the resource’s current state, what must you do in order to prepare to manage these resources using Terraform?

Answer 86

Update the configuration file to include the new resources.

Question 87

Usage of “terraform refresh” command

Answer 87

The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. This can be used to detect any drift from the last-known state, and to update the state file. This does not modify infrastructure, but does modify the state file.

Question 88

During a terraform plan, a resource is successfully created but eventually fails during provisioning. What happens to the resource?

Answer 88

the resource is marked as tainted

Question 89

You want to evaluate an expression in terraform before appying it. What command do you use?

Answer 89

Console

Question 90

Command to unlock the locked state file

Answer 90

force-unlock

Question 91

Command used to automatically obtain and save an API token for Terraform Cloud, Terraform Enterprise, or any other host that offers Terraform services

Answer 91

terraform login

Question 92

Command to inspect the current state files

Answer 92

terraform show

Question 93

Databse used by backend terraform enterpsie

Answer 93

postgresql

Question 94

Environment variables format

Answer 94

TF_VAR_name

Question 95

Command to Force plugin installation to read plugins only from the specified directory

Answer 95

terraform init -plugin-dir=PATH

Question 96

Terraform Plugins language

Answer 96

Go

Question 97

Command to manually unlock the state for the defined configuration.

Answer 97

terraform force-unlock [options] LOCK_ID [DIR]

Question 98

Which backen has default state locking?

Answer 98

• azurerm
• gcs

Question 99

Which terraform command reads the current settings from all managed remote objects and updates the Terraform state to match

Answer 99

tarraform refresh

Question 100

You wanted to play with terraform to check what it has to offer. After a while you remembered that you didn’t specify any configuration for the backend. What default behaviour is expected here of terraform?

Answer 100

Terraform uses local backend.

Question 101

Terraform Cloud workspaces and Terraform CLI workspaces are not the same, though they share similar concepts. What’s different?

Answer 101

**Purpose and Scope:
**Terraform CLI Workspaces: These are used to manage multiple state files within a single working directory, providing isolated environments for different configurations or stages of an infrastructure project (e.g., development, staging, production) [3].
Terraform Cloud Workspaces: These are designed for managing infrastructure in a more collaborative and scalable way, offering additional features such as remote state management, VCS integration, and policy enforcement. Terraform Cloud workspaces are better suited for long-lived environments and team collaboration [1, 5].
State Management:
Terraform CLI Workspaces: State is stored locally or remotely (e.g., in an S3 bucket) but managed from the local CLI environment.
Terraform Cloud Workspaces: State is stored and managed remotely in Terraform Cloud, providing built-in state locking and history for enhanced safety and collaboration [1].

Question 102

To begin writing a Terraform configuration while adhering to the best practices, we create the files below in the project’s root directory

Answer 102

provider.tf – containing the terraform block, s3 backend definition, provider configurations, and aliases.
main.tf – containing the resource blocks which define the resources to be created in the target cloud platform.
variables.tf – containing the variable declarations used in the resource blocks.
output.tf – containing the output that needs to be generated on successful completion of “apply” operation.
*.tfvars – containing the environment-specific default values of variables.

Question 103

slicing the main.tf files into different layers - what would you find?

Answer 103

By services – the team may include all the components required to support a particular business service in one file. This file includes all the databases, compute resources, network configs, etc., in a single file. The file is named as per the service being supported. Thus, while doing the root cause analysis (RCA), we already know which Terraform file needs to be investigated.
By components – it may be decided to segregate the resource blocks based on the nature of the components used. A Terraform project may have a single file to manage all the databases. Similarly, all network configurations, compute resources, etc., are managed in their individual files.

Question 104

What types of provisioners are available?

Answer 104

Terraform supports three primary types of provisioners:

File Provisioner:

Used for copying files from the local machine to the newly created resource.
Example use case: Deploying a configuration file to a remote server [3].

**Local-Exec Provisioner:
**Executes commands on the local machine where Terraform is run.
Example use case: Running a script to configure infrastructure after creation [3].

**Remote-Exec Provisioner:
**Runs commands on the remote resource after it is created.
Example use case: Running configuration management tools on a remote server [5].
Provisioners are typically used for tasks that cannot be accomplished directly through Terraform’s resource model, such as running custom scripts or commands during the provisioning process

Question 105

What can you use for any name for a variable except?

Answer 105

We can use any name for a variable except for: source, version, providers, count, for_each, lifecycle, depends_on and locals.

We have used the variable name as “providers”. This is not a valid identifier

Question 106

Passing an object containing a sensitive input variable to the keys() function will result in a list that is _ .

Answer 106

Sensitive

Question 107

Can you delete the default Terraform workspace.

Answer 107

No, you cannot delete the default Terraform workspace. The default workspace is a special workspace that is always present and cannot be deleted. Terraform starts with a single workspace called “default,” and this workspace cannot be removed to ensure that there is always a workspace available for managing state [1].

If you attempt to delete the default workspace, Terraform will fail with an error, as it requires the default workspace to be present [3].

Question 108

For local state, Terraform stores the workspace states in a directory called :

Question 109

Terraform import command updates the configuration files as well as the state file, with the details of the infrastructure being imported?

Answer 109

For local state, Terraform stores the workspace states in a directory called terraform.tfstate.d. Within this directory, it creates sub-directories for each workspace to manage multiple states with a single configuration directory

Question 110

What are the valid sub-commands of the Terraform state command?

Answer 110

The valid sub-commands of the Terraform state command include:

terraform state list: Lists all resources in the state file or specific resources matching given addresses [1].
terraform state show: Displays detailed state information about a single resource [2].
terraform state mv: Moves an item in the state file [2].
terraform state pull: Pulls the current state and outputs it in JSON format [4].
terraform state push: Updates remote state from a local state file [2].
terraform state rm: Removes items from the state file [3].
terraform state replace-provider: Replaces provider references in the state [2].

Question 111

You were working with different terraform scripts which are provisioning various sets of resources , you need to look up for some additional details related to one specific resource from the state file. Which terraform command will help you achieve this?

Answer 111

Terraform state show “Address”

Question 112

What is Terraform Sentinel?

Answer 112

Terraform Sentinel is a policy-as-code framework developed by HashiCorp that allows you to enforce policies on Terraform configurations, states, and plans. It provides a way to define, enforce, and manage compliance and governance policies as code. Here are some key features of Terraform Sentinel:

Policy Enforcement: Sentinel can enforce rules on Terraform plans and configurations before any infrastructure changes are applied. This ensures that all changes comply with organizational policies and standards [1].
Integration with Terraform Enterprise: Sentinel is tightly integrated with Terraform Enterprise, enabling centralized policy management and enforcement across your infrastructure deployments [2].
Policy Language: Sentinel uses a custom policy language that allows you to create complex policies. It includes useful functions and imports to define rules and evaluate Terraform configurations [1].

Question 113

The label after the variable keyword should be unique among all

Answer 113

keywords in the same module

Question 114

The for_each Meta-Argument Accepts What Inputs?

Answer 114

The for_each meta-argument in Terraform accepts the following inputs:

Map: A collection of key-value pairs.
Set: A collection of unique values.

These inputs are used to iterate over a data structure to configure a set of similar resources, modules, or data blocks. Unlike most arguments, the value for for_each must be known before Terraform performs any remote operations [1].

Question 115

Which “terraform command” from the following downloads the latest version of the provider plugins?

Answer 115

terraform init

Question 116

Default Behavior of Terraform When Provider Version is Not Specified?
🗒️

Answer 116

When the provider version is not specified in the terraform block, Terraform will use the latest version available. This behavior can lead to unexpected changes in the provider version used by your configuration, potentially causing compatibility issues if the latest version introduces breaking changes. It’s recommended to always specify the provider version explicitly in the terraform block to ensure predictable behavior and avoid compatibility issues.

Question 117

Define and Describe the Optional Arguments That Are Available for the Output

Answer 117

description: This argument is used to provide a description of the output value. It is helpful for documenting the purpose and content of the output.
output “example” {
value = aws_instance.example.public_ip
description = “The public IP address of the example instance.”
}

sensitive: When set to true, this argument marks the output value as sensitive. Sensitive values will be hidden in the CLI output to avoid displaying sensitive information.
output “example_password” {
value = aws_db_instance.example.password
sensitive = true
}

**depends_on: **This argument allows you to specify dependencies explicitly. This ensures that the output value is only calculated after the specified dependencies are fully created or updated.

hcl
Copy code
output “example” {
value = aws_instance.example.public_ip
depends_on = [aws_instance.example]
}

Question 118

Using Dynamic Blocks for Meta-Argument Blocks

Answer 118

No, you cannot use dynamic blocks to generate meta-argument blocks such as lifecycle and provisioner blocks. Dynamic blocks are specifically designed to generate repeated nested blocks of configuration, like those for defining multiple AWS instances or Google Cloud Storage buckets. Meta-argument blocks, on the other hand, are used to configure special behaviors of resources (like lifecycle for resource lifecycle management or provisioner for defining provisioners) and are not supported for dynamic generation. These blocks must be explicitly defined in the resource configuration.

Question 119

In the UI and VCS workflow, every workspace is associated with a specific branch of a VCS repo of Terraform configurations. T/F?

Answer 119

True
In the UI and VCS workflow, every workspace is associated with a specific branch of a VCS repo of Terraform configurations. Terraform Cloud registers webhooks with your VCS provider when you create a workspace, then automatically queues a Terraform run whenever new commits are merged to that branch of workspace’s linked repository.

Question 120

Referencing Attributes in Terraform Expression?

Answer 120

Resource Attributes: resource_type.resource_name.attribute_name, where resource_type is the type of the resource, resource_name is the name of the resource, and attribute_name is the attribute you want to reference.
Example: aws_instance.example.public_ip

Variable Attributes: var.variable_name, where variable_name is the name of the variable you want to reference.
Example: var.region

Output Attributes: output.output_name, where output_name is the name of the output you want to reference.
Example: output.ip_address

Data Source Attributes: data.data_source_name.attribute_name, where data_source_name is the name of the data source and attribute_name is the attribute you want to reference.

Example: data.aws_ami.ubuntu.id

Question 121

A simple terraform configuration file is given below. What is the name of the resource that will be created?

resource “local_file” “pet” {​
filename = “/root/pets.txt”​
content = “We love pets!”​ ​
}

Answer 121

pet

Question 122

What can a dynamic block generate?

Answer 122

A dynamic block can only generate arguments that belong to the resource type, data source, provider or provisioner being configured. It is not possible to generate meta-argument blocks such as lifecycle and provisioner blocks , since Terraform must process these before it is safe to evaluate expressions.

Question 123

terraform plan and terraform apply both refresh the state before their execution. Which option could be used to disable this default behaviour?

Answer 123

-refresh=false

Question 124

Describe the available arguments that are available for the lifecycle meta-argument:

Answer 124

The lifecycle meta-argument in Terraform allows users to control the behavior of resource creation, updates, and deletion. The available arguments within a lifecycle block are:

create_before_destroy: Ensures that a new resource is created before the old resource is destroyed. This is useful for resources where downtime needs to be minimized.
prevent_destroy: Prevents Terraform from destroying the resource. If a terraform destroy or any plan that would result in destruction is applied, it will fail.
ignore_changes: Specifies attributes of a resource that should be ignored during updates. This is useful when certain attributes are managed outside of Terraform.
replace_triggered_by: Forces resource replacement when a specified attribute or resource changes. This can include references to other resources or attributes within the same resource [1], [2], [6].
These arguments help manage the resource lifecycle more effectively, providing greater control over infrastructure changes and stability.

Question 125

Terraform language supports user-defined functions

Answer 125

False

Question 126

# What steps are needed in order to change the backend in terraform? For instance: local to remote

Answer 126

Update Backend Configuration:
Modify your Terraform configuration file to include the remote backend configuration. For example, if you are migrating to an S3 backend, your configuration might look like this:
terraform {
backend “s3” {
bucket = “my-terraform-state-bucket”
key = “path/to/my/key”
region = “us-west-2”
}
}

**Initialize the New Backend:
**Run terraform init -reconfigure. This command will prompt Terraform to initialize the new backend and migrate your existing state.
terraform init -reconfigure
Confirm State Migration:
During the terraform init -reconfigure process, you will be asked to confirm the migration of the existing state to the new backend. Confirm the prompt to proceed with the migration.
Verify the Migration:

After the initialization is complete, you can verify that the state has been successfully migrated to the remote backend. This can be done by checking the state file in the remote backend (e.g., S3 bucket) or by running terraform state list to ensure the state is consistent.
Cleanup:

Optionally, remove any local state files to avoid confusion, ensuring that your infrastructure state is managed exclusively by the remote backend.

Question 127

Can you export the debug logs from terraform only by setting the TF_LOG_PATH environment variable?

Answer 127

False

Question 128

This lifecycle meta-argument supports a list as a value ?

Answer 128

ignore_changes (list of attribute names) - By default, Terraform detects any difference in the current settings of a real infrastructure object and plans to update the remote object to match configuration.

Question 129

General syntax for function calls is :

Answer 129

The general syntax for function calls involves specifying the function’s name followed by parentheses (). If the function requires input values, known as parameters, they are placed within the parentheses. Here is the basic structure:

function_name(parameter1, parameter2, …);
Example
int result = add(5, 10);
In this example:

add is the function name.
5 and 10 are the parameters passed to the function

Question 130

“alias” and “version” are the meta-arguments which are available for all provider blocks?

Answer 130

True

Question 131

What happens when provisioners fail to execute successfully?

Answer 131

When provisioners fail to execute successfully in Terraform, several things can happen:

Terraform Apply Failure: The entire terraform apply process will fail. Terraform treats a failed provisioner as a failure for the resource creation or modification, which results in the apply operation being halted [1, 4].

Provisioner Error Reporting: Terraform will report the specific error encountered by the provisioner. This can include issues like the script not being readable, network connectivity problems, or script execution errors [2, 6].

Resource State Impact: The state of the resource can be impacted if the provisioner fails. Terraform may leave the resource in an incomplete or inconsistent state, requiring manual intervention to resolve the issue before re-running terraform apply [3].

Retry and Troubleshooting: Users may need to troubleshoot and retry the provisioner. This can involve checking the provisioner script for errors, ensuring the remote machine is accessible, and verifying any dependencies or prerequisites are met [1, 5].

To handle provisioner failures more gracefully, Terraform allows the use of on_failure argument in the provisioner block to specify how to handle failures, such as continuing the operation or attempting retries.

Question 132

Choose the suitable option that could be used to access one of the module’s output values.

Answer 132

module.<MODULE_NAME>.<OUTPUT_NAME></OUTPUT_NAME></MODULE_NAME>

Here’s a step-by-step guide:
Define the output in the module: Ensure the module has an output value defined in its outputs.tf file.

output “example_output” {
value = <some_value>
}
Reference the output in the parent module: In the configuration where the module is called, access the output value using the module's name and the output's name.</some_value>

module “example” {
source = “./path/to/module”
# module inputs
}

output “module_output_value” {
value = module.example.example_output
}

Question 133

Considering provisioners are the best way to solve your problem, in what way could you make use of provisioner block.

Answer 133

Inside resource block
Provisioners in Terraform are used to execute scripts or commands on a local or remote machine during resource creation or destruction. They are particularly useful for tasks that need to happen after the infrastructure is provisioned, such as configuring software, installing packages, or running configuration management tools.

Question 134

Describe terraform default workspace.

Answer 134

Terraform starts with a single workspace named “default”. This workspace is special both because it is the default and also because it cannot ever be deleted. If you’ve never explicitly used workspaces, then you’ve only ever worked on the “default” workspace.

Question 135

Describe local values

Answer 135

Local values are created by a locals block (plural), but you reference them as attributes on an object named local (singular). Make sure to leave off the “s” when referencing a local value!

Question 136

Which variable block argument prevents terraform from showing sensitive data in plan or apply output?

Answer 136

sensitive = true

Question 137

Which argument of the lifecycle meta-argument supports a list as a value ?

Answer 137

ignore_changes (list of attribute names) - By default, Terraform detects any difference in the current settings of a real infrastructure object and plans to update the remote object to match configuration.

Question 138

The default argument within the variable block should satisfy?

Answer 138

Provide a Sensible Default:

The default value should be a reasonable and sensible value that the variable can fall back on if no other value is provided. This ensures that the Terraform configuration can proceed without errors if the user doesn’t specify a value for the variable.
Match the Variable Type:

The default value must match the declared type of the variable. For instance, if the variable is of type string, the default value should also be a string.
Be Optional:

The presence of a default value makes the variable optional. Users can override the default value by providing their own value when calling the module or running a Terraform plan or apply.
Improve Usability:

Using default values can improve the user experience by reducing the number of required inputs and making the configuration more user-friendly.

variable “instance_type” {
description = “The type of instance to use”
type = string
default = “t2.micro”
}

Question 139

What steps are needed to enable state-locking to protect state file from concurrent operations against the same terraform configuration?

Answer 139

If supported by your backend, Terraform will lock your state for all operations that could write state. This prevents others from acquiring the lock and potentially corrupting your state.

Question 140

What are the common issues that come with configuration drift?

Answer 140

Configuration drift occurs when systems and configurations deviate from their established baseline or standard over time. This drift can lead to several common issues:

Application Failures:

Inconsistencies between environments can cause applications to fail due to differences in configurations that the application depends on [3].
Increased Downtime:

Unexpected changes or differences in configuration can lead to system outages or extended downtime as issues are diagnosed and resolved [3].
Security Vulnerabilities:

Deviations from the baseline configuration can introduce security holes, making systems more susceptible to attacks [1].
Prolonged Development Lifecycles:

Drift can cause delays in development and deployment processes, as developers spend more time troubleshooting and aligning environments [3].
Increased IT Support Tickets:

Drift often leads to more frequent issues, resulting in an increased volume of support tickets and a greater burden on IT teams [3].
Manual Configuration Errors:

Manual changes to configurations can introduce errors that lead to drift, making it harder to maintain consistent and reliable environments [5].
Inconsistent Performance:

Variations in configurations can lead to inconsistent performance across different environments, complicating performance tuning and reliability [4].

Question 141

The __ displays the current version of Terraform and of all installed plugins.

Answer 141

terraform version

Question 142

Terraform assumes an empty default configuration for any provider that is not explicitly configured.

Answer 142

True

Question 143

You recently joined an organization with the capacity of devops-engineer. Your team has been working on various projects and you were assigned one that involves heavy usage of terraform configuration files. You wanted to extract the list of resources that have been provisioned till date using this terraform configuration. What terraform command would you make use of to achieve this?

Answer 143

terraform state List

Question 144

Provisioners can only be used to model specific actions on a remote machine in order to prepare servers or other infrastructure objects for service.

Answer 144

Provisioners in Terraform are designed to execute scripts or commands on remote or local machines during the resource creation or destruction process. They are often used to prepare servers or other infrastructure objects for service. This includes tasks like installing software, configuring services, and setting up the environment. Provisioners can handle actions on both local and remote machines, contradicting the statement that they can only be used on remote machines.

Examples of Provisioners:
Remote-exec Provisioner: Executes commands on a remote machine using SSH or WinRM.
Local-exec Provisioner: Executes commands on the machine running Terraform.
These provisioners can perform various setup tasks necessary for the infrastructure to function correctly.

Key Use Cases:
Software Installation: Installing necessary software packages on servers.
Configuration Management: Applying configuration changes to servers.
Custom Scripts: Running custom scripts to perform specific actions during resource setup.
Provisioners should be used cautiously as they introduce additional complexity and potential failure points in Terraform configurations [1].

Question 145

The splat expression patterns shown below is not applicable for what?

Answer 145

The splat expression pattern var.list[*].id is not applicable in the following scenarios:

Null or Empty Lists: The splat operator cannot be applied to a null value or an empty list. If var.list is null or empty, attempting to use the splat operator will result in an error [1][3].

Non-List Types: The splat operator is designed to work with lists, sets, or tuples. If var.list is of a different type (e.g., a string or a map), the splat expression will not be applicable [1].

Incorrect Resource References: If the items in the list do not have an id attribute, the splat expression var.list[*].id will not work. Each item in the list must have the specified attribute for the splat operator to function correctly [5].

Question 146

What are the possible consequences of making heavy usage of provisioners within your Terraform script?

Answer 146

Heavy usage of provisioners within your Terraform script can lead to several potential consequences:

Resource Tainting: If a creation-time provisioner fails, the resource is marked as tainted. This means Terraform will plan to destroy and recreate the resource on the next apply, which can lead to unnecessary resource churn and potential downtime [2].

Error Handling Complexity: Provisioners add complexity in terms of error handling. If a provisioner fails during resource destruction, Terraform will continue with the destruction process, which might leave your infrastructure in an inconsistent state [3][4].

Operational Overhead: Provisioners can introduce operational overhead, as they require careful scripting and management. This overhead can lead to increased maintenance efforts and the potential for human error [1].

Performance Issues: Excessive usage of provisioners, especially with complex or long-running scripts, can negatively impact the performance of your Terraform runs. This can result in longer deployment times and a less efficient infrastructure management process [1].

Debugging Difficulties: Provisioners can make debugging Terraform configurations more difficult. Failures within provisioner scripts can be harder to diagnose and resolve compared to issues within Terraform’s declarative configuration [1].

Reduced Portability: Heavy reliance on provisioners can reduce the portability of your Terraform configurations. Provisioners often contain environment-specific scripts and commands, which can make it challenging to reuse configurations across different environments without modification [1].

🌐 Sources

https://spacelift.io/blog/terraform-provisioners
https://github.com/hash

Question 148

What will happen if Terraform isn’t able to obtain acceptable versions of external dependencies, or if it doesn’t have an acceptable version of itself?

Answer 148

Both the root module and any child module can constrain the acceptable versions of Terraform and any providers they use. Terraform considers these constraints equal, and will only proceed if all of them can be met.

Question 149

Which provider is used in the below code snippet:

resource “aws_instance” “foo” {
provider = aws.west

# …
}

Answer 149

aws.west
To use an alternate provider configuration for a resource or data source, set its provider meta-argument to a .

Question 150

Choose the correct command which is used to list all existing workspaces.

Answer 150

The correct command to list all existing workspaces in Terraform is:

terraform workspace list

This command will display all existing workspaces, and the current workspace will be indicated with an asterisk (*).

https://learning-ocean.com/tutorials/terraform/terraform-workspace/

Question 151

# The lifecycle block and its contents are available for all resource blocks regardless of type.

Answer 151

🗒️ Answer
The lifecycle block and its contents are indeed available for all resource blocks in Terraform, regardless of the resource type. This block allows you to control the creation, modification, and deletion of resources using various meta-arguments such as create_before_destroy, prevent_destroy, ignore_changes, and replace_triggered_by [1] [3].

https://developer.hashicorp.com/terraform/language/meta-arguments/lifecy

Question 152

What are the appropriate options for which we can make use of version constraints:

Answer 152

In Terraform, version constraints are used to specify the versions of Terraform, providers, and modules that are compatible with your configuration. The appropriate options for using version constraints include:

Terraform Version: Specify the version of Terraform itself to ensure compatibility with your configuration.

hcl
Copy code
terraform {
required_version = “>= 1.0.0”
}

Provider Versions: Define the acceptable versions of providers, such as AWS, Azure, or Google Cloud, that your configuration can use.

terraform {
required_providers {
aws = {
source = “hashicorp/aws”
version = “~> 3.0”
}
}
}

Module Versions: Restrict the versions of modules to ensure compatibility and stability within your infrastructure.

module “vpc” {
source = “terraform-aws-modules/vpc/aws”
version = “>= 2.0.0, < 3.0.0”
}

https://developer.hashicorp.com/terraform/language/expressions/version-c

Question 153

# What workflows that Terraform Cloud utilizes to manage Terraform runs:

Answer 153

Terraform Cloud utilizes three main workflows to manage Terraform runs:

CLI-driven run workflow: This workflow allows users to initiate Terraform runs directly from the command line interface (CLI), providing flexibility and control for advanced users and scripts [1].

API-driven run workflow: This workflow is designed for integration with other systems and automation tools. It enables users to trigger and manage Terraform runs programmatically via API calls [2].

UI/VCS-driven run workflow: The primary mode of operation for most users, this workflow involves initiating Terraform runs through the Terraform Cloud user interface (UI) or via version control system (VCS) integrations. It is user-friendly and integrates well with existing development workflows [3].

[https://developer.hashicorp.com/terraform/cloud-docs/run/cli]

https://developer.hashicorp.com/terraform/cloud-docs/run/ui

Question 154

# The main way to package and reuse resource configurations with Terraform is through ??.

Answer 154

Modules in Terraform are the main way to package and reuse resource configurations. Modules allow you to encapsulate related resources, variables, and outputs, making it easier to manage and reuse configurations across different parts of your infrastructure or in different projects. With modules, you can create reusable building blocks for your infrastructure, promote code reusability, and maintain a consistent infrastructure configuration across your organization.

https://blog.gruntwork.io/how-to-create-reusable-infrastructure-with-ter

https://developer.hashicorp.com/terraform/language/modules#:~:text=Modules%20are%20the%20main%20way,reuse%20resource%20configurations%20with%20Terraform.

Question 155

Is it possible to declare the dynamic block inside another dynamic block?

Answer 155

Some providers define resource types that include multiple levels of blocks nested inside one another. You can generate these nested structures dynamically when necessary by nesting dynamic blocks in the content portion of other dynamic blocks.

https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks#multi-level-nested-block-structures

Question 156

You can dynamically construct repeatable nested blocks using which special block type:

Answer 156

You can dynamically construct repeatable nested blocks like setting using a special “dynamic block” type, which is supported inside “resource”, “data”, “provider”, and “provisioner” blocks.

Question 157

What are the techniques that could be used to safely and securely manage secrets inside terraform?

Answer 157

Use a secure remote backend: Storing your Terraform state files in a secure remote backend such as AWS S3 with encryption and access controls helps protect sensitive data [2].
Use environment variables: Storing secrets as environment variables rather than hard-coding them in Terraform files helps keep them secure.

Store secrets in a secure external storage: Utilize secure secret management services like AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault to manage and access secrets securely [3].
Encrypt sensitive data: Encrypting sensitive data using tools like KMS, PGP, or other encryption methods ensures that even if the data is accessed, it remains protected [2].
Secure the Terraform host: Ensure that the machine running Terraform is secure and follows best practices for security, such as restricting access and using secure communication channels [2].

https://spacelift.io/blog/terraform-secrets

https://blog.gruntwork.io/a-comprehensive-guide-to-managing-secrets-in-your-terraform-code-1d586955ace1

Question 158

why we may need to specify the provider’s argument?

Answer 158

To override the default provider configuration. For example, the default configuration may be to deploy resources in the “us-east-1” region. If the requirement is to deploy resources in a different region, we can use the provider argument to override the default.

In some cases, a configuration may need to use multiple versions of the same provider. For example - a resource that deploys to the “us-east-1” and another resource within the same configuration that deploys to the “us-west-2” region.

https://developer.hashicorp.com/terraform/language/meta-arguments/module

Question 159

option for referencing local values from the below code snippet:

locals {
# Common tags to be assigned to all resources
common_tags = {
Service = local.service_name
Owner = local.owner
}
}

resource “aws_instance” “example” {
# …

tags = ____________
}

Answer 159

Local values are created by a locals block (plural), but you reference them as attributes on an object named local (singular). Make sure to leave off the “s” when referencing a local value!

Question 160

What environment variable needs to be defined in terraform for the persistence of the logged output?

Answer 160

To persist logged output you can set TF_LOG_PATH in order to force the log to always be appended to a specific file when logging is enabled. Note that even when TF_LOG_PATH is set, TF_LOG must be set in order for any logging to be enabled.