Hashicorp Terraform Cert Flashcards

1
Q

What is IaC?

A

Infrastructure as Code
- writing what you want to deploy as human readable code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the benefits of IaC?

A
  • Enabling DevOps
  • Declaring your Infrastructure
  • Speed, Cost, Reduced Risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the Terraform Workflow?

A
  • Write
  • Plan
  • Apply
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does “terraform plan” do?

A
  • reads code and creates and shows a “plan of execution/deployment”
  • does not actually deploy anything
  • allows the user to “review” the action plan before executing anything
  • Authentication Credentials are used to connect to your infrastructure if required
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

At what stage of the terraform workflow are Authentication Credentials used to connect to your infrastructure if required?

A

Terraform Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does “terraform apply” do?

A
  • Deploys the instructions and statements in the code
  • Updates the State File
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does “terraform destroy” do?

A
  • Looks at the recorded/stored State File created during deployment and destroys all resources created by your code
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True of False: “terraform destroy” is non-reversible

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does “terraform init” do?

A

-Initializes the working directory that contains your Terraform code
– downloads the ancillary/supporting components (providers, modules, plug ins)
– sets up the backend for storing the terraform state file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Resource Address?

A
  • a way to access a resources in terraform code
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What pattern does a Resource Address for the following look like?

resource “aws_instance” “web” {
ami = “ami-a1b2c3d4”
instance_type = “t2.micro”

A

aws_instance.web

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What pattern does a Resource Address for the following look like?

data “aws_instance” “my-vm” {
instance_id = “i-1234567890abcdef0”
}

A

data.aws_instance.my-vm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the main difference between a data block and a resource block?

A
  • Data blocks fetch and track details of already existing resources
  • Resource block create resources from scratch
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What file extension does terrafrom look for to execute terraform code?

A

.tf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Where does Terraform first look for providers?

A

In the Terraform Providers Registry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True or False: Providers can not be sourced locally and internally and referenced in your code

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the two methods for installing Terraform?

A

Method 1: Download, Unzip, and Use
Method 2: Set up a Terraform Repository on Linux

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are Providers?

A

Providers are Terraform’s way of abstracting integrations with API control layer of the infrastructure vendors
(i.e. Terraform abstracts away all the API calls it makes under the hood using Providers)
basically like plug ins
- Each provider is a precompiled chunk of code which defines resources for Terraform to interact with the respective vendor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

True or False: Providers are released on a separate rhythm from Terraform itself

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Select which one is False:
A - Each Provider has their own series of version numbers
B - You can only use providers from the Terraform Provider’s registry
C - It is a Best Practice to Fix the version of the providers in your code
D - Providers updates and releases are seperate from Terraform’s

A

B
You can create your own custom providers!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

where are providers stored?

A

in the hidden .terraform file
revelaed by ls -a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the purpose of provisioners?

A

Provisioners give users a way to execute custom scripts, commands, or actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the 2 types of provisioners

A

Creation-time
Destruction-time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How can Terraform provisioners be run?

A

locally on the same system
or
remotely on resources spun up through the Terraform deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

True or False: Provisioners should be used as a last resort

A

true.
It is recommended to use inherent mechanisms within your infrastructure deployment to carry out custom tasks when possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Fill in the blank:
“If the command within a provisioner returns a value other than _ , it’s considered failed and the underlying resource is tainted”

A

0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What happens when a provisioner’s underlying resource is tainted?

A

Terraform marks the resource against which the provisioner was to be run so it can be created again on the next run

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

By Default provisioners are:
A. Creation TIme
B. Destruction time

A

A Creation Time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is the difference between a Creation Time and Destruction time provisioner in code?

A

destruction - time provisioners can be determined because they have the “when” condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

True or False: You can use multiple provisioners in the same resource

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What order are provisioners run in?

A

The order they are listed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the de fault name of the Terraform State FIle?
a. terraform.statetf
b. terraform.tfstate
c. state.tf
d. state.terraform

A

b. terraform.tfstate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

how do you reference the following terraform variable:
variable “my-var” {
description = “My Test Variable”
type = string
default = “Hello”
}

A

var.my-var

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Where is the best practice to store terraform variables?
a. in the main code files
b. in vars.tf
c. in terraform.vars
d. in terraform.tfvars

A

d. in terraform.tfvars

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

what parameter helps to hide sensitive info durinf runs?
a. secret
b. safe
c. sensitive
d. redacted

A

c. sensitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What are the Base type variables in Terraform?

A
  • string
  • number
  • boolean
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What are the Complex variable types in Terraform

A
  • list
  • set
  • map
  • object
  • tuple
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

When are Output Variables shown

A

Output variables values are shown on the shell after running terraform apply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is the purpose of terraform state?

A

It maps real world resources to Terraform configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

By Default, where is the terraform state file called?

A

terraform.tfstate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Terraform refreshes the state:
a. before each opening of the state file
b. after a terraform plan
c. prior to any modification operation

A

C. prior to any modification operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

True or False: Resource dependency metadata is also tracked via the state file

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

True or false: the terraform state file does not effect deployment performance

A

False:
Terraform state helps boost deployment performance by caching resource attributes for subsequent use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is the purpose of the Terraform state command?

A

The terraform state command is a utility for manipulating and reading the terraform state file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

True or False: Under most circumstances, one does not need to modify the Terraform State File

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What are three scenarios where it is appropriate to use Terraform state commands?

A
  1. Advanced State Management
  2. Manually removing a resource from the Terraform State file so it is not managed by terraform
  3. Listing out tracked resources and their details
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What terraform command lists out all resources tracked by the terraform state file?

A

terraform state list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What command deletes a resource from the terraform state file?

A

terraform state rm <resource></resource>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What command shows the details of a resource tracked in the terraform state file?

A

terraform state show

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is the Default behavior for Terraform state storage?

A

to save / store terraform state locally on your system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What does State Locking do?

A

locks state file so parallel executions don’t coincide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

State locking is initiated as a default after terraform apply for ___ storage

A

Local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

True or False: State locking is a default behavior for remote state storage

A

False
State locking is not supported by all remote state storage backends

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is a Terraform Module?

A

A Terraform Module is a container for multiple resources that are used together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What is the main purpose of a Terraform Module?

A

To make the terraform code reusable so it can be used elsewhere again and again

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

True or false: every Terraform configuration has at least one module.

A

True
It is called the Root Module and consists of code files in your main working directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What are 3 places Terraform modules can be downloaded or referenced from?

A
  1. Terraform Public Registry
  2. A Private Registry
  3. Your Local System
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

True or False: It is a best practice to not list a specific terraform version on terraform modules

A

False
It is a best practice to require a specific version for the module to ensure that there aren’t breaking changes when updating the modules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What Terraform Module Parameter denotes where the module is being references from?

A

source

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What terraform module parameter allows for spawning multiple separate instances of modules resources?

A

count

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What terraform module parameter allows iterating over complex variables?

A

for_each

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What terraform module parameter allows one to tie down specific providers to a module?

A

providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What Terraform module parameter allows you to set dependencies for the module?

A

depends_on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

How do you reference a variable inside a module?
a. var.module.<var>
b. var.<var>
c. module.var.<var></var></var></var>

A

B. var.<var></var>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

How do you reference a module variable in main code?
a. var.<var>
b. var.module.<var>
c. module.<module>.<var>
d. module.var.<modulename>.<var></var></modulename></var></module></var></var>

A

C. module.<module>.<var></var></module>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

True or False: User-defined functions are are extremely useful in making terraform code dynamic and flexible

A

FALSE
Terraform does not allow for User-defined functions, however this does apply to Built-In functions!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What is the output of join?
variable “project-name” {
type = string
default = “prod”
}
resource “aws_vpc” “my-vpc” {
cidr_block = “10.0.0.0/16”
tags = {
Name = join(“-”, [“terraform”, var.project-name])
}
}

A

terraform-prod

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What does the file function do?

A

helps insert files into resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What does the max function do?

A

determines the max integer value from a provided list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

what does the flatten function do?

A

Creates a singular list out of a provided set of lists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

what does the contains function do?

A

searches for whatever you’ve passed in a list of elements you pass in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

What are Dynamic Blocks?

A

Dynamic Blocks are constructed repeatable nested configuration blocks inside terraform resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

What can Dynamic blocks be used with?

A

Resource, Data, Provider, and Provisioner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Why should you use Dynamic Blocks?

A

They make your code look cleaner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Why should you be careful when it comes to Dynamic Blocks?

A

If you overuse them they can make your code hard to read and maintain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

How do you configure dynamic blocks?

A

They expect a complex variable type to iterate over

They act like for loops and output a nested block for each element in your variable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

What is the Best Practice for Dynamic Blocks?

A

Only use Dynamic B locks when you need to hide detail in order to build a clearer user interface when writing reusable modules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What does terraform fmt do?

A

Formats code for readability
Helps in keeping code consistent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

What command should you use:
- Before pushing your code to version control (github, etc.)
- After upgrading your Terraform or tis modules
- Any time you’ve made changes to your code

A

terraform fmt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What does terraform taint RESOURCE_ADDRESS do?

A

Marks an existing resource, forcing it to be destroyed and recreated
Modifies the state file which causes the recreation workflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

True or False: Tainting a resource may cause other resources to be modified

A

True

82
Q

What command should you use:
- To cause provisioners to run
- To Replace misbehaving resources forcefully
- To mimic side effects of recreation not modeled by any attributes of the resource

A

terraform taint RESOURCE_ADDRESS

83
Q

What does terraform import RESOURCE_ADDRESS ID do?

A

Maps existing resources to Terraform using an “ID”
Note: “ID” is dependent on the underlying vendor
For example, to import an AWS EC2 instance you’ll need to provide its instance ID

84
Q

What command should you use:
- When you need to work with existing resources
- you’re not allowed to create new resources
- When you’re not in control of creation process of infrastructure

A

terraform import RESOURCE_ADDRESS ID

85
Q

What are Terraform Workspaces (CLI)?

A

Terraform Workspaces are alternate state files within the same working directory

86
Q

Terraform starts with a single workspace that is always called ______

A

default

87
Q

True or False: The initial terraform workspace cannot be deleted

A

True

88
Q

What does terraform workspace new <WORKSPACE-NAME> do?

A

creates a new terraform workspace

89
Q

What does terraform workspace select <WORKSPACE-NAME> do?

A

Selects a terraform workspace

90
Q

Why would you use Terraform Workspaces?

A
  • Test changes using a parallel, distinct copy of infrastructure
  • It can be modeled against branches in version control such as Git
91
Q

True or false: Terraform Workspaces enables distributes team

A

True

92
Q

What does this variable represent: ${terraform.workspace}

A

A workspace name

93
Q

State Files that workspaces create are stored in what directory ?

A

terraform.tfstate.d

94
Q

What environment variable enables verbose logging in Terraform?

A

TF_LOG

95
Q

By default, where are logs from TF_LOG sent?

A

stderr

96
Q

What is the most verbose and reliable level of TF_LOG?

A

TRACE

97
Q

What are the different levels of TF_LOG?

A
  • Trace
  • DEBUG
  • INFO
  • WARN
  • ERROR
98
Q

What env variable persists logging output?
i.e.(redirects logs to a file, takes file as an input)

A

TF_LOG_PATH

99
Q

True or False: Sentinel is not meant to enforce policies on your code

A

False

100
Q

True or False: Sentinel has its own language

A

True, its a policy language called Sentinel Language

101
Q

Sentinel is designed to…
A. Break into terraform code
B. specifically for expereinced programmers
C. Be approachable by non-programmers

A

C. Be approachable by non-programmers

102
Q

Where in the Terraform workflow does Sentinel Integration take place within Terraform Enterprise?

A

after terraform plan and before terraform apply

103
Q

What do Sentinel Policies NOT have access to:
A. The data in the curated plan
B. State of the resources at the time of the plan
C. The configuration at the time of the plan
D. The state of the resources before the plan

A

D

104
Q

What are the benefits of using Sentinel?

A
  • Sandboxing or Guardrails for Automation
    — You can apply Sentinel policies against your Terraform code to sandbox your deployments
  • Codification or Easier Understanding, better collaboration
    — it codifies the process of security enforcement in Terraform code
  • Version Control
    — Shared across the organization
  • Testing and Automation
    — Can help standardize security testing and automation right into your Terraform deployment pipeline as Sentinel automatically runs before your Terraform deployments
105
Q

How can you apply Sentinel for sandboxing?

A

Essentially as Guardrails for Automation
- You can apply Sentinel policies against your Terraform code to sandbox your deployments

106
Q

How can Sentinel help with Testing and Automation?

A

It can help standardize security testing and automation right into your Terraform deployment pipeline as Sentinel automatically runs before your Terraform deployments

107
Q

How can Sentinel help with Testing and Automation?

A

It can help standardize security testing and automation right into your Terraform deployment pipeline as Sentinel automatically runs before your Terraform deployments

108
Q

What are some Use Cases for Sentinel?

A
  • For enforcing CIS standards across AWS accounts
  • Checking to make sure only y3.micro instance types are used
  • Ensuring Security Groups do not allow traffic on Port 22
109
Q

What is Hashicorp Vault>

A

Its a Secrets Management Software that dynamically provisions credentials and rotates them.
It encrypts sensitive data in transit and at rest and provides fine-grained access to secrets using ACLs

110
Q

Why should you use Terraform Vault Provider?

A

Crednetials Sprawl.
They can be in multiple places, some not secure at all.
Through vault you can manage and protect them very well.

111
Q

What are the benefits of Vault?

A
  • Developers don’t need to manage long-lived credentials, making it more secure
  • You can Inject secrets into your Terraform deployment at runtime
  • Fine-grained ACLs for access to temporary credentials
112
Q

What’s the Big Exam Takeaway for Terraform Vault Provider?

A

Vault allows for storing your secrets in a centralized way and allows you to provide both temporary credentials for usage in your deployments, as well as provide encryption of data at rest and in transit

113
Q

What is the Terraform Registry?

A

A repository of publicly available Terraform providers and modules

114
Q

True or False: You can publish and share your own Terraform modules and providers to the Terraform Registry.

A

True

115
Q

True or false: You can directly reference the Terraform Registry in your Terraform code

A

True, You cad declare a provider and it will automatically go grab it from the registry

116
Q

What is Terraform Cloud Workspaces?

A

Directories hosted in Terraform Cloud, think of it as directories for distinct deployments hosted in Cloud
- no worrying about storage, segregation, or even security of your workspaces.

117
Q

What Does Terraform Cloud Workspaces do?

A
  • Stores old versions of state files by default and can be shared between organizations
  • Maintains a record of all execution activity (allows for auditing and investigating deployments easier)
  • All Terraform commands are executed on “managed” Terraform Cloud VMs ( you can trigger deployments via a workspace’s API or version control system triggers, like Github Actions, or even the Terraform Cloud user interface, and HashiCorp will execute your plan, apply, and init commands on their own hosted and managed VMs)
118
Q

What are the benefits of Terraform Cloud Workspace? - long

A

A Collaboration oriented Terraform Workflow:
- remote Terraform Execution
- Workspace based org model
- Integration with Version Control Systems
- Remote State management and CLI Integration
- Private Terraform Module registry
- Cost estimation and Sentinel Integration features

119
Q

What is the difference in the Terraform Configuration between Terraform OSS and Terraform Cloud Workspaces?

A
  • The Terraform Configuration is on Disk for OSS Workspaces
  • The Terraform Configuration is In a linked version control repository or periodically uploaded via API/CLI
120
Q

What is the difference in the way Variable Values are stored between Terraform OSS and Terraform Cloud Workspaces?

A

The Variable Values are stored as .tfvars, as CLI arguments, or in a shell env for OSS Workspace
- The Variable Values are stored In the TF Cloud Workspace for Cloud Workspace

121
Q

What is the difference in State Storage between Terraform OSS and Terraform Cloud Workspaces?

A
  • The State is stored on disk or in a remote backend for OSS Workspace
  • The State is stored In the TF Cloud Workspace for Cloud Workspace
122
Q

What is the difference in Credentials and Secrets Storage between Terraform OSS and Terraform Cloud Workspaces?

A
  • The Credentials and Secrets are store in shell env or entered at prompts for OSS Workspace
  • The Credentials and Secrets are stored In TF Cloud workspace stores as sensitive variables for Cloud Workspace
123
Q

What Terraform command can be used to remove the lock on the state for the current configuration

A

terraform force-unlock
or
Another option is to use the terraform state rm command followed by the terraform state push command to forcibly overwrite the state on the remote backend, effectively removing the lock

124
Q

Environment variables can be used to set the value of input variables. The environment variables must be in the format “____“_<variablename>.</variablename>

A

TF_VAR

125
Q

Provider dependencies are created in several different ways. Select the valid provider dependencies from the following list: (select three)
A. Existence of any provider plugins found locally in the working directory
B. Use of any resource belonging to a particular provider in a resource or data block in the configuration
C. Existence of any resource instance belonging to a particular provider in the current state
D. Explicit use of a provider block in configuration, optionally including a version constraint

A

B. Use of any resource belonging to a particular provider in a resource or data block in the configuration
C. Existence of any resource instance belonging to a particular provider in the current state
D. Explicit use of a provider block in configuration, optionally including a version constraint

126
Q

Henry has been working on automating his Azure infrastructure for a new application using Terraform. His application runs successfully, but he has added a new resource to create a DNS record using the new Infoblox provider. He has added the new resource but gets an error when he runs a terraform plan.

What should Henry do first before running a plan and apply?

A

Since a new provider has been introduced. terraform init needs to be run to download the infoblox plugin

127
Q

True or False? The terraform plan -refresh-only command is used to create a plan whose goal is only to update the Terraform state to match any changes made to remote objects outside of Terraform.

A

True

128
Q

Terraform is distributed as a single binary and available for many different platforms. What are all of the Operating Systems that Terraform is available for?

A

Windows
AIX
Linux
macOS
Solaris

129
Q

When using constraint expressions to signify a version of a provider, which of the following are valid provider versions that satisfy the expression found in the following code snippet: (select two)

terraform {
required_providers {
aws = “~> 1.2.0”
}
}

A. Terraform 1.3.0
B. Terraform 1.3.1
C. Terraform 1.2.3
D. Terraform 1.2.9

A

C. Terraform 1.2.3
D. Terraform 1.2.9

In a required_version parameter in Terraform, the tilde (~) symbol followed by the greater than symbol (>) specifies a “compatible with” version constraint.

For example, if your Terraform configuration specifies required_version = “~> 1.12.0”, Terraform will accept any version of Terraform 1.12 that is greater than or equal to version 1.12.0 and less than 1.13.0. In other words, Terraform will accept any version of Terraform 1.12 that is considered compatible with version 1.12.0.

130
Q

Why might a user opt to include the following snippet in their configuration file?

terraform {
required_version = “>= 1.3.8”
}

A

The user wants to specify the minimum version of Terraform that is required to run the configuration

131
Q

After many years of using Terraform Open Source (OSS), you decide to migrate to Terraform Cloud. After the initial configuration, you create a workspace and migrate your existing state and configuration. What Terraform version would the new workspace be configured to use after the migration?

A

The same Terraform version that was used to perform the migration

132
Q

When you add a new module to a configuration, Terraform must download it before it can be used. What two commands can be used to download and update modules? (select two)

A

terraform get
terraform init

133
Q

Anyone can publish and share modules on the Terraform Public Module Registry, and meeting the requirements for publishing a module is extremely easy.

What are some of the requirements that must be met in order to publish a module on the Terraform Public Module Registry? (select three)

A. The registry uses tags to identify module versions. Release tag names must be for the format x.y.z, and can optionally be prefixed with a v
B. The module must be on GitHub and must be a public repo
C. The module must be PCI/HIPPA compliant
D. Module repositories must use this three part name format `terraform-<PROVIDER>-<NAME></NAME></PROVIDER>

A

A. The registry uses tags to identify module versions. Release tag names must be for the format x.y.z, and can optionally be prefixed with a v
B. The module must be on GitHub and must be a public repo
D. Module repositories must use this three part name format `terraform-<PROVIDER>-<NAME></NAME></PROVIDER>

134
Q

From the code below, identify the implicit dependency:

resource “aws_eip” “public_ip” {
vpc = true
instance = aws_instance.web_server.id
}

resource “aws_instance” “web_server” {
ami = “ami-2757f631”
instance_type = “t2.micro”
depends_on = [aws_s3_bucket.company_data]
}

A

The EC2 Instance labeled web_server

The EC2 instance labeled web_server is the implicit dependency as the aws_eip cannot be created until the aws_instance labeled web_server has been provisioned and the id is available.

Note that aws_s3_bucket.company_data is an explicit dependency for the aws_instance.web_server

135
Q

You are performing a code review of a colleague’s Terraform code and see the following code. Where is this module stored?

module “vault-aws-tgw” {
source = “btkrausen/vault-aws-tgw/hcp”
version = “1.0.0”

client_id = “4djlsn29sdnjk20dn”
hvn_id = “a4c9357ead4de”
route_table_id = “rtb-a221958bc5892eade331”
}

A

In the Terraform public module registry

136
Q

Which Terraform command will check and report errors within modules, attribute names, and value types to ensure they are syntactically valid and internally consistent?

A

terraform validate

It’s recommended to run terraform validate before running terraform apply, to ensure that your Terraform code is valid and will not produce unexpected results.

137
Q

A “backend” in Terraform determines how state is loaded and how an operation such as apply is executed. Which of the following is not a supported backend type?

A. consul
B. local
C. s3
D. github

A

D. github

138
Q

In Terraform, variable names must follow a set of naming conventions to be considered valid. What are some examples of invalid variable names?

A

Names that start with a number: 1_invalid_variable_name

Names that contain spaces or special characters (other than underscores): invalid variable name

Names that contain only numbers: 12345

Names that are the same as Terraform reserved words, such as var, module, data, count, etc.

139
Q

Terraform Cloud is more powerful when you integrate it with your version control system (VCS) provider. Select all the supported VCS providers from the answers below. (select four)
A. CVS Version COntrol
B. Bitbucket Cloud
C. GitHub Enterprise
D. GitHub.com
E. Azure DevOps Server

A

B. Bitbucket Cloud
C. GitHub Enterprise
D. GitHub.com
E. Azure DevOps Server

140
Q

A user creates three workspaces from the command line: prod, dev, and test. What command will the user run to switch to the dev workspace?

A

terraform workspace select dev

141
Q

A user has created three workspaces using the command line - prod, dev, and test. The user wants to create a fourth workspace named stage.

Which command will the user execute to accomplish this task?

A

terraform workspace new stage

142
Q

In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently during a terraform apply?

A

10

143
Q

When writing Terraform code, how many spaces between each nesting level does HashiCorp recommends that you use?

A

2

144
Q

True or False? When using the Terraform provider for Vault, the tight integration between these HashiCorp tools provides the ability to mask secrets in the state file.

A

False

145
Q

What Terraform command will launch the Interactive console to evaluate and experiment with expressions?

A

terraform console

146
Q

What do the declarations, such as name, cidr, and azs, in the following Terraform code represent and what purpose do they serve?

module “vpc” {
source = “terraform-aws-modules/vpc/aws”
version = “2.21.0”

name = var.vpc_name
cidr = var.vpc_cidr

azs = var.vpc_azs
private_subnets = var.vpc_private_subnets
public_subnets = var.vpc_public_subnets

enable_nat_gateway = var.vpc_enable_nat_gateway

tags = var.vpc_tags
}

A

These are where the variable declarations are created so Terraform is aware of these variables within the calling module

147
Q

What 5 types of files should be ignored by Git when committing code to a repo?

A
  • .terraform directory: This directory contains local Terraform state files, which should not be committed to the repository.
  • terraform.tfstate and terraform.tfstate.backup: These files contain the current state of your infrastructure, and should not be committed to the repository.
  • tfvars files: These files may contain sensitive information, such as passwords or API keys, and should be kept out of version control. Instead, you can use environment variables or other secure methods to pass this information to Terraform.
  • *.tfplan files: These files contain the plan generated by Terraform when applying changes to your infrastructure, and may include sensitive information such as resource IDs. They should not be committed to the repository
148
Q

In Terraform Enterprise, a workspace can be mapped to how many VCS repos?

A

1

149
Q

In the terraform block, which configuration would be used to identify the specific version of a provider required?

A

required_providers

150
Q

Which of the following connection types are supported by the remote-exec provisioner? (select two)

A .ssh
B. wimrm
C. smb
D. rdp

A

A .ssh
B. wimrm

151
Q

True or False? Multiple providers can be declared within a single Terraform configuration file.

A

True

152
Q

What is the purpose of using the local-exec provisioner? (select two)

A. to execute one or more commands on the machine running Terraform
B. Ensures that the resource is only executed in the local infrastructure where Terraform is deployed
C. To invoke a local executable
D. Executes a command on the resource to invoke an update to the Terraform state

A

A. to execute one or more commands on the machine running Terraform
C. To invoke a local executable

153
Q

HashiCorp offers multiple versions of Terraform, including Terraform open-source, Terraform Cloud, and Terraform Enterprise. Which of the following Terraform feature is available in the Enterprise and Terraform Cloud for Business editions? (select four)
A. Provate Module Repo
B. Private Network Connectivity
C. Audit Loggs
D. Self Managed Installation
E. SAML/SSO

A

A. Provate Module Repo
B. Private Network Connectivity
C. Audit Loggs
E. SAML/SSO

154
Q

Which of the following represents a feature of Terraform Cloud that is NOT free to customers?
A. team management and governance
B. Private Module Registry
C. VCS Integration
D. Workspace Management

A

A. team management and governance

155
Q

True or False? You can migrate the Terraform backend but only if there are no resources currently being managed.

A

False

156
Q

True or False: Using the mask feature, you can instruct Terraform to mask sensitive data in the state file

A

False

157
Q

True or False: Terraform Cloud always encrypts state at rest

A

True

158
Q

Frank has a file named main.tf which is shown below. Which of the following statements are true about this code? (select two)

module “servers” {
source = “./app-cluster”

servers = 5
}
A. app-cluster is the child module
B. main.tf is the calling module
C. app-cluster is the calling module
D. main.tf is the child module

A

A. app-cluster is the child module
B. main.tf is the calling module

159
Q

When configuring a remote backend in Terraform, it might be a good idea to purposely omit some of the required arguments to ensure secrets and other relevant data are not inadvertently shared with others. What are the ways the remaining configuration can be added to Terraform so it can initialize and communicate with the backend? (select three)
A. interactively on the command line
B. use the -backend-config=PATH to specify a seperate config file
C. command-line key/value pairs
D. Direclt querying HashiCorp Vault for the secrets

A

A. interactively on the command line
B. use the -backend-config=PATH to specify a seperate config file
C. command-line key/value pairs

160
Q

Terraform Cloud can be managed from the CLI but requires __________?

A

An API token`

161
Q

After executing a terraform plan, you notice that a resource has a tilde (~) next to it. What does this mean?

A

the resource will be updated in place

162
Q

When multiple engineers start deploying infrastructure using the same state file, what is a feature of remote state storage that is critical to ensure the state does not become corrupt?

A

State locking

163
Q

Which type of configuration block assigns a name to an expression that can be used multiple times within a module without having to repeat it?

A

resources

A local value assigns a name to an expression, so you can use it multiple times within a module without repeating it.

164
Q

Aaron is new to Terraform and has a single configuration file that is ready to be deployed. Which of the following can be true about this configuration file? (select three)

A. Aaron’s configuration file can deploy applications in both AWS and GCP
B. The state can be disabled when deploying to multiple clouds to prevent sensitive data from being shared across cloud platforms
C. The configuration file can deploy both QA and Staging infrastructure for applications
D. the state file can be stores in Azure but provision applications in AWS

A

A. Aaron’s configuration file can deploy applications in both AWS and GCP
C. The configuration file can deploy both QA and Staging infrastructure for applications
D. the state file can be stores in Azure but provision applications in AWS

There are a ton of benefits of deploying with Terraform and the solution is very capable of managing deployments across multiple clouds. However, state is still required and cannot be disabled.

165
Q

Given the following snippet of code, what does servers = 4 reference?

module “servers” {
source = “./modules/aws-servers”

servers = 4
}

A

the value of an input variable

166
Q

What function does the terraform init -upgrade command perform?

A. upgrades the backend to the latest supported version
B. update all previously installed plugins to the newest version that compiles with the configuration’s version constraints
C. upgrades the terraform configuration file(s) to use the referenced terraform version
D.upgrades all of the reference modules and providers to the latest version of terraform.

A

B. update all previously installed plugins to the newest version that compiles with the configuration’s version constraints

The -upgrade will upgrade all previously-selected plugins to the newest version that complies with the configuration’s version constraints. This will cause Terraform to ignore any selections recorded in the dependency lock file, and to take the newest available version matching the configured version constraints.

167
Q

A provider alias is used for what purpose in a Terraform configuration file?

A

using the same provider with different configurations for different resources

To create multiple configurations for a given provider, include multiple provider blocks with the same provider name. For each additional non-default configuration, use the alias meta-argument to provide an extra name segment.

168
Q

There are multiple ways to provide sensitive values when using Terraform. However, sensitive information provided in your configuration can be written to the state file, which is not desirable. Which method below will not result in sensitive information being written to the state file?

A. using a declared variable
B. retrieving the credentials from a data source, such as HashiCorp Vault
C. none of the above
D.using a .tfvars file

A

C. none of the above

When using sensitive values in your Terraform configuration, all of the configurations mentioned above will result in the sensitive value being written to the state file. Terraform stores the state as plain text, including variable values, even if you have flagged them as sensitive. Terraform needs to store these values in your state so that it can tell if you have changed them since the last time you applied your configuration.

169
Q

Infrastructure as Code (IaC) makes infrastructure changes _______, ________, ________, and __________. (select four)

A. consistent
B. predictable
C. idempotent
D. highly-available
E. repeatable

A

A. consistent
B. predictable
C. idempotent
E. repeatable

170
Q

Ralphie has executed a terraform apply using a complex Terraform configuration file. However, a few resources failed to deploy due to incorrect variables. After the error is discovered, what happens to the resources that were successfully provisioned?

A

the resources that were successfully provisioned will remain as deployed

During a terraform apply, any resources that are successfully provisioned are maintained as deployed.

On the other hand, resources that failed during the provisioning process, such as a provisioned, will be tainted to be recreated during the next run.

171
Q

Based on the Terraform code below, what block type is used to define the VPC?
vpc_id = aws_vpc.main.id

A

resource block

Based on the Terraform code provided in the question, the VPC is defined in a resource block, meaning that there is a VPC resource being defined, such as:

resource “aws_vpc” “main” {
cidr_block = var.base_cidr_block
}
If it were locals, the resource would be referred to as local.aws_vpc

If it were in a data block, it would be referred to as data.aws_vpc.i.main.id

172
Q

When running a terraform plan, how can you save the plan so it can be applied at a later time?

A

use the -out flag

173
Q

You have a Terraform configuration file with no defined resources. However, there is a related state file for resources that were created on AWS. What happens when you run a terraform apply?

A

Terraform will destroy all of the resources

In this case, since there is a state file with resources, Terraform will match the desired state of no resources since the configuration file doesn’t include any resources. Therefore, all resources defined in the state file will be destroyed.

174
Q

Margaret is calling a child module to deploy infrastructure for her organization. Just as a good architect does (and suggested by HashiCorp), she specifies the module version she wants to use even though there are newer versions available. During a terrafom init, Terraform downloads v0.0.5 just as expected.

What would happen if Margaret removed the version parameter in the module block and ran a terraform init again?

module “consul” {
source = “hashicorp/consul/aws”
version = “0.0.5”

servers = 3
}

A

Terraform would use the existing module already downloaded.

175
Q

Which of the following are the benefits of using modules in Terraform? (select three)

A. allows modules to be stored anywhere accessible by Terraform
B. enables code reuse
C. supports modules stored locally or remotely
D. supports versioning to maintain compatibility

A

B. enables code reuse
C. supports modules stored locally or remotely
D. supports versioning to maintain compatibility

176
Q

You are working with a cloud provider to deploy resources using Terraform. You’ve added the following data block to your configuration. When Terraform the data block is executed, what value is the data source returning?

data “aws_ami” “amzlinux2” {
most_recent = true
owners = [“amazon”]

filter {
name = “name”
values = [“amzn2-ami-hvm-*-x86_64-ebs”]
}
}

resource “aws_instance” “vault” {
ami = data.aws_ami.amzlinux2.id
instance_type = “t3.micro”
key_name = “vault-key”
vpc_security_group_ids = var.sg
subnet_id = var.subnet
associate_public_ip_address = “true”
user_data = file(“vault.sh”)

tags = {
Name = “vault”
}
}

A

All possible data of a specific Amazon Machine Image(AMI) from AWS

When you add a data block to your configuration, Terraform will retrieve all of the available data for that particular resource. It is then up to you to reference a specific attribute that can be exported from that data source. For example, if you include a data block for the aws_ami resource, Terraform will get a ton of attributes about that AMI that you can use elsewhere in your code

Within the block body (between { and }) are query constraints defined by the data source. Most arguments in this section depend on the data source, and indeed in this example most_recent, owners and tags are all arguments defined specifically for the aws_ami data source.

177
Q

You have a Terraform configuration file defining resources to deploy on VMware, yet there is no related state file. You have successfully run terraform init already. What happens when you run a terraform apply ?

A

Terraform will scan the VMware infrastructure, create a new state file, and compare the state to the configuration file to determine what resources should be created

178
Q

Your team is using Terraform and multiple team members need to be able to manage the infrastructure. You need to ensure state locking is supported to reduce the chance of corrupting the state file. What backends can you use to meet these requirements? (select three)

A. kubernetes backend
B. s3 backend (with DynamoDB)
C. consul backend
D. local backend
E. etcd backend

A

A. kubernetes backend
B. s3 backend (with DynamoDB)
C. consul backend

The etcd backend doesn’t support state locking. While the local backend does support locking via system APIs, you can’t use the local backend to share the state across your team.

179
Q

Your co-worker has decided to migrate Terraform state to a remote backend. They configure Terraform with the backend configuration, including the type, location, and credentials. However, you want to better secure this configuration. Rather than storing them in plaintext, where should you store the credentials? (select two)

A. use a variable
B. credentials file
C. environment variable
D on the remote system

A

B. credentials file
C. environment variable

Use a variable? Well, you could use a variable but that wouldn’t really improve security here, since variable defaults or configurations are also stored in plaintext.

On the remote system? I don’t think this is even a viable option. The creds would need to be read by the local system that is executing Terraform

180
Q

You are worried about unauthorized access to the Terraform state file since it might contain sensitive information. What are some ways you can protect the state file? (select two)

A. replicate the state file to an encrypted storage device
B. store in a remote backend that encrypts state at rest
C. enable native encryption in Terraform as configured in the terraform block
D. use the S3 backend using the encrypt option to ensure state is encrypted

A

B. store in a remote backend that encrypts state at rest
D. use the S3 backend using the encrypt option to ensure state is encrypted

Replication? replicating the state file to another location won’t prevent the original file from being accessed.

Encryption? As of today, Terraform doesn’t support any type of native encryption capability when writing and managing state.

181
Q

Which of the following are advantages of using infrastructure as code (IaC) for your day-to-day operations? (select three)

A. provides the ability to version control the infrastructure and application architecture
B. API-driven workflows
C. ensure the security of applications provisioned on managed infrastructure
D. enables self-service for developers and operators alike

A

A. provides the ability to version control the infrastructure and application architecture
B. API-driven workflows
D. enables self-service for developers and operators alike

While Terraform can indeed help with the security of your applications, it won’t guarantee it

182
Q

You are using modules to deploy various resources in your environment. You want to provide a “friendly name” for the DNS of a new web server so you can simply click the CLI output and access the new website. Where should you put the following code snippet to satisfy these requirements?

output “website” {
description = “Outputs the URL of the provisioned website”
value = “https://${module.web.public_dns}:800/index.html”
}

A

if the resource was created inside of a module, then the module will require an output block to export that value. That said, output blocks that are created in a module aren’t displayed on the Terraform CLI. Therefore, you need to create an output block in the parent/calling module to output the value while referencing the output in the module. Because of this, the correct answer requires you to create an output in the parent module and reference the output value from the module.

183
Q

You want to use Terraform to deploy resources across your on-premises infrastructure and a public cloud provider. However, your internal security policies require that you have full control over both the operating system and deployment of Terraform binaries. What versions of Terraform can you use for this? (select two)

A. Terraform Enterprise
B. Terraform Cloud for Business
C. Terraform OSS/CLI
D. Terraform CLoud(free)

A

A. Terraform Enterprise
C. Terraform OSS/CLI

Terraform OSS and Terraform Enterprise are versions of Terraform that can be installed locally on your own servers, therefore giving you the ability to manage both the Terraform binary and the underlying operating system where Terraform runs.

WRONG ANSWERS:
Although Terraform Cloud for Business does offer Cloud Agents that could be used to provision resources on your local infrastructure on-premises, it is a hosted solution and you would NOT have full control over the operating system that runs the Terraform platform.

Terraform Cloud (free) does not meet either of these use cases since you can’t deploy to on-premises nor can you manage the underlying operating system since it’s a hosted service.

184
Q

True or False? You can move Terraform state between supported backends at any time, even after running your first terraform apply.

A

True

You can change your backend configuration at any time. You can change both the configuration itself as well as the type of backend (for example from “consul” to “s3”).

Terraform will automatically detect any changes in your configuration and request a reinitialization. As part of the reinitialization process, Terraform will ask if you’d like to migrate your existing state to the new configuration. This allows you to easily switch from one backend to another.

185
Q

Which of the following is not true about Terraform providers? (

A. Some Providers are community-supported
B. all providers are automatically included when downloading Terraform
C. providers can be written and maintained by an outside organizations, such as AWS, F5, or Microsoft
D. They allow anybody to write a provider and publish it to the registry
E. some providers are maintained by hashicorp

A

B. all providers are automatically included when downloading Terraform

Providers are treated as plugins for Terraform, and during a terraform init process, the required providers are downloaded to the local machine that is executing Terraform so they can be used. Therefore, not all providers are included with Terraform when you download the latest version from terraform.io.

186
Q

True or False? The terraform graph command can be used to generate a visual representation of a configuration or execution plan.

A

True

The terraform graph command is used to generate a visual representation of either a configuration or execution plan. The output is in the DOT format, which can be used by GraphViz to generate charts.

187
Q

You have a module named prod_subnet that outputs the subnet_id of the subnet created by the module. How would you reference the subnet ID when using it for an input of another module?

A

subnet = module.prod_subnet.subnet_id

Using interpolation, you can reference the output of an exported value by using the following syntax: module.<module>.<output></output></module>

Don’t forget that before you can reference data/values from a module, the module has to have an output declared that references the desired value(s).

188
Q

Which of the following are true regarding Terraform variables? (select two)

A. the default value will be found in the state file if no other value was set for the variable
B. the variables marked as sensitive are still stored in the state file, even though the values are obfuscated form the CLI Output
C. the variable name can be found in the state file for easy searching
D. the description of a variable will be written to the state to help describe the contents of the state file

A

A. the default value will be found in the state file if no other value was set for the variable
B. the variables marked as sensitive are still stored in the state file, even though the values are obfuscated form the CLI Output

Beyond the value, you won’t find the variable name or description in the state file because they are simply used on the development side of Terraform, and not the backend operational aspect of how Terraform works.

189
Q

You have declared a variable named db_connection_string inside of the app module. However, when you run a terraform apply, you get the following error message:

Error: Reference to undeclared input variable

on main.tf line 35:
4: db_path = var.db_connection_string

An input variable with the name “db_connection_string” has not been declared. This variable can be declared with a variable “db_connection_string” {} block.
Why would you receive such an error?

A

Since the variable was declared within the module, it cannot be referenced outside of the module

When using modules, it’s common practice to declare variables outside of the module and pass the value(s) to the child module when it is called by the parent/root module. However, it’s perfectly acceptable to declare a variable inside of a module if you needed. Any variables declared inside of a module are only directly refrencable within that module. You can’t directly reference that variable outside of the module. You can, however, create an output in the module to export any values that might be needed outside of the module.

190
Q

Given the code snippet below, how would you refer to the value of ip for the dev environment if you are using a for_each argument?

variable “env” {
type = map(any)
default = {
prod = {
ip = “10.0.150.0/24”
az = “us-east-1a”
}
dev = {
ip = “10.0.250.0/24”
az = “us-east-1e”
}
}
}

A

each.value.ip

Sort of testing two different things here - a complex map variable plus the for_each argument.

A for_each argument will iterate over a map or set of strings and create a similar instance/resource for each item in the map or set. In our case, the map is the input variable and the “each” would be the higher-level map, so prod and dev. Underneath each value, there are two arguments, both az and ip that you can choose from.

The input variable that is shown in this example is essentially a map of maps.

191
Q

Which common action does not cause Terraform to refresh its state?

A. terraform state list
B. terraform plan
C. terraform apply
D. terraform destroy

A

A. terraform state list`

Running a terraform state list does not cause Terraform to refresh its state. This command simply reads the state file but it will not modify it.

192
Q

True or False? Official Terraform providers and modules are owned and maintained by HashiCorp.

A

True

If a module or provider is marked as official, it is owned and maintained by HashiCorp themselves.

There are other modules/providers available in the registry that are maintained by third-party partners, or even individuals. This also means that not all of the modules published to the Terraform registry are validated or verified by HashiCorp. Many folks will use the public module registry as a starting place to create their own custom modules needed to meet requirements.

193
Q

True or False? In order to use the terraform console command, the CLI must be able to lock state to prevent changes

A

True

When you execute a terraform console command, you’ll get this output:

$ terraform console
Acquiring state lock. This may take a few moments…
>

194
Q

Beyond storing state, what capability can an enhanced storage backend, such as the remote backend, provide your organization?

A. provides versioning capabilities on your state file in the event it becomes corrupted
B. execute your Terraform on infrastructure either locally or in Terraform Cloud
C. replicate your state to a secondary location for backup
D. allow multiple people to execute operations on the state file at the same time

A

B. execute your Terraform on infrastructure either locally or in Terraform Cloud

Using an enhanced storage backend allows you to execute your Terraform on infrastructure either locally or in Terraform Cloud. Note that this enhanced storage backend term has now been deprecated by Terraform but it’s likely to show up in the test for a while. See the note below from this site:

195
Q

Which of the features below is available in the free version of Terraform Cloud? (select three)

A. State Management
B. Private Module Registry
C. Single Sign-On
D. Remote Operations

A

A. State Management
B. Private Module Registry
D. Remote Operations

Single Sign-On is a feature of Terraform Enterprise and Terraform Cloud for Business.

196
Q

Where is the most secure place to store credentials when using a remote backend?

A

Defined outside of Terraform

Anytime you can configure these credentials outside of Terraform is your best choice. Environment variables would be the second most-secure choice here.

197
Q

You want Terraform to redeploy a specific resource that it is managing. What command should you use to mark the resource for replacement?

A

terraform apply -replace

198
Q

What command can you use to display details about the resource as shown below?

resource “aws_internet_gateway” “demo” {
vpc_id = aws_vpc.vpc.id
tags = {
Name = “demo_igw”
}
}

A

terraform state show aws_internet_gateway.demo

199
Q

What two options are available to delete all of your managed infrastructure?

A

terraform apply -destroy
terraform destroy

200
Q

What command can be used to ensure your code is syntactically valid and internally consistent?

A

terraform validate

201
Q

You have recently added new resource blocks to your configuration from a different provider. What command do you need to run before you can run a terraform plan/apply?

A

terrafrom init

202
Q

Deploy the private subnets

How can you reference all of the subnets that are created by this resource block?

resource “aws_subnet” “private_subnets” {
for_each = var.private_subnets
vpc_id = aws_vpc.vpc.id
cidr_block = cidrsubnet(var.vpc_cidr, 8, each.value)
availability_zone = tolist(data.aws_availability_zones.available.names)[each.value]

tags = {
Name = each.key
Terraform = “true”
}
}

A

aws_subnet.private_subnets[*]

You can reference all of the subnets created by this for_each by using a [] at the end of the resource address like this aws_subnet.private_subnets[]