Exam 1 Review

Question 1

Using terraform apply -replace is how you

Answer 1

tag a resource for replacement.

Question 2

True or False? A provider block is required in every configuration file so Terraform can download the proper plugin.

Answer 2

You don’t have to specify a provider block since Terraform is smart enough to download the right provider based on the specified resources.

Question 3

Can the child modules refer to any of the variables declared in the parent module?

Answer 3

Child modules can only access variables that are passed in the calling module block

Question 4

If an engineer makes a change outside of Terraform, what command can you run to detect drift and update the state file?

Answer 4

terraform apply -refresh-only

Note that terraform refresh used to be the correct command here, but that command is deprecated. It might show up on the exam though.

Question 5

Which of the features below is not available in the free version of Terraform Cloud?

Private Module Registry
State Management
Remote Operations
Single Sign-On

Answer 5

Single Sign-On is a feature of Terraform Enterprise and Terraform Cloud for Business. It is NOT available in Terraform Cloud (free tier)

Question 6

A child module created a new subnet for some new workloads. What Terraform block type would allow you to pass the subnet ID back to the parent module?

Answer 6

You need to use an output block to be able to export any data back to the parent/calling module

Question 7

A user manually logged into the AWS console and updated a resource managed by Terraform, but you also updated that same resource using the code. What will happen when you run Terraform apply since the change was already made?

Answer 7

A terraform apply will run its own state refresh and TF will see the configuration matches the deployed infrastructure. Nothing will happen as a result.

Question 8

What is a Private Module Registry and what are its features? (2)

Answer 8

• You can store and distribute Terraform modules within an organization, making it easier to share code and ensure consistency across multiple projects.
• Some of its features include versioning, access controls, and integration with existing CI/CD pipelines.

Question 9

When you run a terraform init, where does Terraform OSS download and store the modules locally?

Answer 9

When plugins and modules are downloaded, they are stored under their respective directory in the .terraform/modules folder within the current working directory.

Question 10

What is the syntax to refer to a resource?

Answer 10

To refer to a resource, you’d use
<block type>.<resource type>.<name>

Question 11

What is the syntax to set the value of an input variable using environment variables?

Answer 11

You need to use TF_VAR_ to set an environment variable for use with Terraform
export TF_VAR_<variable name>=<desired_input>
export TF_VAR_user=dbadmin101

Question 12

Workspaces in OSS are often used within the ____ _______ _________ while workspaces in Enterprise/Cloud are often (but not required) mapped to _____ ______

Answer 12

Workspaces in OSS are often used within the same working directory while workspaces in Enterprise/Cloud are often (but not required) mapped to specific repos.

Question 13

True or False? When you are referencing a module, you must specify the version of the module in the calling module block.`

Answer 13

While it’s not required, it is highly recommended to specify the version for each module to avoid issues with newer versions of the module that could break your configuration

Question 14

Explain how the local-exec provisioner works.

Answer 14

The local-exec provisioner executes a local command after creating a resource. It runs on the machine where Terraform is running, not on the resource itself.

Question 15

Explain parallelism in Terraform.

Answer 15

Parallelism is the way Terraform can deploy many resources at the same time to speed up the deployment

Question 16

You have a configuration file that you’ve deployed to one AWS region already but you want to deploy the same configuration file to a second AWS region without making changes to the configuration file. What feature of Terraform can you use to accomplish this?

Answer 16

Use Terraform’s workspaces feature.

Workspaces allow you to manage multiple instances of the same infrastructure with different variables or states. By creating a new workspace for the second AWS region, you can deploy the same configuration file without making any changes.

Question 17

To use Terraform’s workspaces feature to deploy the same configuration file to a second AWS region without making changes to the configuration file, follow these three steps:

Answer 17

1. Create a new workspace for the second AWS region using the terraform workspace new <workspace_name> command.
2. Switch to the new workspace using the terraform workspace select <workspace_name> command.
3. Apply the configuration file using the terraform apply command.

Question 18

When enabled at what point in the terraform workflow does Sentinel run?

Answer 18

Sentinel runs after a terraform plan, but before a terraform apply.

Question 19

What should the code look like to ensure you’re using a specific version of the AWS provider?

Answer 19

To specify the version of Terraform provider that is required, you need to use the required_providers block parameter under the terraform block

terraform {
  required_version = ">= 1.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.0"
   }
}

Question 20

You are managing multiple resources using Terraform running in AWS. You want to destroy all the resources except for a single web server. How can you accomplish this?

Answer 20

To accomplish this, you need to delete a resource from state, you can use the terraform state rm <address> command, which will effectively make Terraform “forget” the object while it continues to exist in the remote system.

Then you can run a terraform destroy to destroy the remaining resources.

To