Infrastructure as Code (TF) Flashcards
How does leveraging modules to achieve code reusability and maintainability?
- encapsulate reusable components, such as networking setups and application stacks
- By abstracting these modules, it can reduce duplication and improve code consistency across environments
How do workspaces help achieve code reusability and maintainability?
- Workspaces enables management of multiple instances of our infrastructure with minimal duplicated code
How did you address state-related challenges?
- Use a remote backend
- Use state locking (e.g. Dynamo DB)
- For large state files, you can us “split state” approach, breaking down the state into smaller, manageable components while maintaining cross-references
Discuss strategies to integrate secrets management tools
- Used AWS Secrets Manager and Parameter store
- Automatically rotate secrets
- Mark secrets as sensitive in Terraform
- Secrets injected at runtime, not queried over the network
Describe a scenario where you’ve used Terraform’s service-specific providers, like the AWS ECS provider, to define application-level configurations alongside infrastructure provisioning?
- In a containerized application deployment, we used the AWS ECS provider within Terraform to define the application’s task definitions, services, and load balancers alongside the infrastructure components.
- This integrated approach ensured that both infrastructure and application configuration were versioned and deployed together, minimizing inconsistencies.
How would you use Infrastructure as Code (IaC) validation and policy enforcement?
- enforce compliance and naming conventions
- validate security group configurations
- catch errors before deployment
When designing a Terraform project structure, what are the key considerations you take into account to ensure maintainability and scalability?
- prioritize modularization to promote reusability and easier maintenance.
- each module encapsulates a specific piece of infrastructure
- use variables and outputs to abstract configuration details and create clear interfaces for module usage
- structure the project with directories for modules, environments, and global configurations
How do you structure your project to effectively manage environment-specific configurations while minimizing duplication and ensuring consistent infrastructure provisioning across environments?
- adopt a flexible approach to manage environments
- use workspaces or separate directories for each environment
- allow isolated state files and configuration files per environment if using directories
- environment-specific variables are managed in separate files or using Terraform’s variable overrides
- leverage Terraform’s ability to use module inheritance
- define shared modules in the root directory and use them across environments with environment-specific variable values
Discuss your approach to organizing and storing Terraform state files?
- use remote backends like Amazon S3 or HashiCorp Consul to store state files
- for isolation, create separate S3 buckets or Consul namespaces for each environment
- for collaborative settings, I emphasize the use of state locking mechanisms
