Terraform-Associate Flashcards
How would you describe a Terraform workflow?
Write > Plan > Apply
What does terraform init command do?
It initializes and sets up the working directory containing your Terraform code.
variable "replicas" { type = number default = 5 } What will be passed into the code for the variable replicas when given the following command?
terraform apply -var replicas=1
1
While the default number of replicas in the Terraform source code is 5, the code being passed is explicitly providing a replicas variable value of 1 at execution.
How can Terraform input variables be defined?
They can be predetermined in a file.
They can be pulled down from Terraform Cloud and referenced in your code.
They can be included in the command-line options.
Which of the following best describes Terraform providers?
A plugin that enables Terraform to interface with the API layer of various cloud platforms and environments.
What is the default name of the file where Terraform state is stored when working locally?
terraform.tfstate
What format is the Terraform state file stored in?
JSON
Which are the uses of the Terraform output variables?
A root “module” can use outputs to print certain values in the CLI output after running terraform apply.
A child “module” can use outputs to expose a subset of its resource attributes to a parent module.
When using a remote state, “root module” outputs can be accessed by other configurations via a “terraform_remote_state” data source.
How can Terraform Providers be sourced in Terraform?
You can reference providers from an internal registry in your Terraform code.
You can reference providers locally in your Terraform configuration.
By default, Terraform looks for providers in the Terraform provider registry.
True or False? Terraform provisioners help bootstrap custom commands onto the resources being deployed via Terraform.
Terraform provisioners can help execute custom scripts and commands on resources. The best practice is to avoid using them if a built-in mechanism is provided by the resource API itself.
Where in Terraform code can you configure where the state file is stored?
In the terraform block, using the backend attribute.
Which command would you use to see all the resources that have been created and are being tracked by the Terraform state file?
terraform state list
What benefits does storing Terraform state remotely offer?
It provides granular:
- access
- integrity
- security
- availability
- collaboration.
What does the terraform state mechanism do?
It maps real-world resources to Terraform configuration/code.
How does Terraform handle dependencies in your infrastructure when deploying or destroying resources?
It handles them via the Terraform state file.
In what file is your Terraform state stored locally?
terraform.tfstate
How can Terraform module code return outputs to be used by the main Terraform code invoking it?
By using output block resources in the Terraform module code.
Where can Terraform find and download modules referenced in code?
- Local system
- Terraform Registry
Given the following snippet of Terraform code:
module "my-test-module" { source = "./testm" version = "0.0.5" region = var.datacenter } Which of the attributes in the above snippet is an input being provided to the module?
region
What is one of the main purposes of Terraform modules?
To make code reusable elsewhere and avoid reinventing the wheel.=
What is the command used in Terraform to format the code?
terraform fmt
What is the flag that can be used to bypass approval entry?
–auto-approve
Which of the following data types represent a primitive type value in Terraform?
Number, String, Boolean
The dynamic blocks feature in Terraform cannot be used with which of the following types of resources?
lifecycle blocks
True or False? Collection variable types allow multiple values of one primitive type variable to be grouped together.
True
True or False? In Terraform, you can create your own user-defined functions.
False Terraform comes pre-packaged with a number of built-in functions. Users cannot create their own functions like in a programming language.
Given the following snippet of Terraform code:
variable "training" { type = object({ name = string age = number }) default = { name = "Ryan" age = 36 } } Which of the following type constraints can the variable configured in the code be classified as?
Structural
A structural variable type allows multiple values of various primitive types to be grouped together as a single value. In this case, the variable training has 2 separate types of values within it, namely a string and a number.
Which environment variable can you set to show the most verbose debug logs possible when running Terraform commands?
TF_LOG=TRACE
Which of the following commands will allow you to change your current workspace to an already existing workspace named “production”?
terraform workspace select production
What does the terraform fmt command do?
It formats your Terraform code for readability and consistency.
True or False? When working locally, Terraform always starts off with a single workspace called default that cannot be deleted.
True
What effect will the following command have on the terraform resource aws_instance.my-vm?
terraform taint aws_instance.my-vm
- It will mark the resource as tainted in the state file
- It will be deleted
- Re-created upon the next terraform apply.
What is the purpose of the terraform import command?
It brings external, unmanaged resources into your Terraform configuration to be tracked and managed by it.
What is the purpose of Terraform Cloud?
It helps teams use Terraform together.
Easy access to shared state and secret data.
Which of the following statements is NOT accurate about the difference between open-source Terraform workspaces and Terraform Cloud workspaces?
Open-source Terraform workspaces can automatically back up your configuration to Terraform Cloud.
What is the Terraform public registry?
A repository of publicly available Terraform providers and modules.
What are the benefits of using HashiCorp Sentinel with your Terraform deployments?
- makes deployments more secure
- act as protection against accidental deployments.
How can HashiCorp Vault help secure your Terraform deployments?
- It can store your long-lived credentials in a secure way
- “dynamically inject short-lived”, “temporary keys” to Terraform at deployment.
What is HashiCorp Sentinel?
A policy-as-code framework that enforces adherence to policies within your Terraform code.
What does the Terraform Vault provider offer Terraform users?
A secure place to manage access to the secrets for your Terraform configurations, in addition to integrating with other popular cloud vendors.
Provides short-lived, temporary credentials for users with only the permissions needed for infrastructure creation.
Allows you to store sensitive data securely that can be used for your Terraform configurations.
Which one of the following answers is NOT a key benefit of Terraform Cloud?
A built-in version control similar to GitHub
Why is it a good idea to declare the required version of a provider in a Terraform configuration file?
providers are released on a separate schedule from Terraform itself; therefore a newer version could introduce breaking changes
After executing a terraform plan, you notice that a resource has a tilde (~) next to it. What does this infer?
- Terraform can’t determine how to proceed due to a problem with the state file
- the resource will be destroyed and recreated
- the resource will be updated in place
- the resource will be created
the resource will be updated in place
Which of the following best describes a Terraform provider?
a plugin that Terraform uses to translate the API interactions with the service or provider
Which flag would be used within a Terraform configuration block to identify the specific version of a provider required?
required_providers
For production use, you should constrain the acceptable provider versions via configuration file to ensure that new versions with breaking changes will not be automatically installed by Terraform init in the future. When terraform init is run without provider version constraints, it prints a suggested version constraint string for each provider
For example:
terraform { required_providers { aws = ">= 3.1.0" } }
You want to use terraform import to start managing infrastructure that was not originally provisioned through infrastructure as code. Before you can import the resource’s current state, what must you do in order to prepare to manage these resources using Terraform?
- run terraform refresh to ensure that the state file has the latest information for existing resources.
- shut down or stop using the resources being imported so no changes are inadvertently missed
- update the configuration file to include the new resources
- modify the Terraform state file to add the new resources
update the configuration file to include the new resources
Explanation
The current implementation of Terraform import can only import resources into the state. It does not generate a configuration. Because of this, and prior to running terraform import, it is necessary to manually write a resource configuration block for the resource to which the imported object will be mapped.
First, add the resources to the configuration file:
resource "aws_instance" "example" { # ...instance configuration... } Then run the following command:
$ terraform import aws_instance.example i-abcd1234
https://www.terraform.io/docs/commands/import.html
What does the command terraform fmt do?
rewrite Terraform configuration files to a canonical format and style
HashiCorp offers multiple versions of Terraform, including Terraform open-source, Terraform Cloud, and Terraform Enterprise. Which of the following Terraform features are exclusive to the Enterprise edition? (select one)
- Clustering
By default, where does Terraform store its state file?
current working directory
By default, the state file is stored in a local file named “terraform.tfstate”, but it can also be stored remotely, which works better in a team environment.
Which of the following best describes the default local backend?
The local backend:
“stores state on the local filesystem”
“locks the state using system APIs”
“performs operations locally”
Information on the default local backend can be found at this link.
Example:
terraform { backend "local" { path = "relative/path/to/terraform.tfstate" } }
True or False? You can migrate the Terraform backend but only if there are no resources currently being managed.
False
If you are already using Terraform to manage infrastructure, you probably want to transfer to another backend, such as Terraform Cloud, so you can continue managing it. By migrating your Terraform state, you can hand off infrastructure without de-provisioning anything.
Which of the following connection types are supported by the remote-exec provisioner? (select two)
- smb
- ssh
- rdp
- winrm
- ssh
- winrm
The remote-exec provisioner invokes a script on a remote resource after it is created. The remote-exec provisioner supports both ssh and winrm type connections.
Which of the following is
s considered a Terraform plugin?
- Terraform provider
- Terraform language
- Terraform logic
- Terraform tooling
Terraform provider
Which of the following Terraform files should be ignored by Git when committing code to a repo? (select two)
- terraform.tfvars
- terraform.tfstate
- variables.tf
- output.tf
- terraform.tfstate
- terraform.tfvars
You have been given requirements to create a security group for a new application. Since your organization standardizes on Terraform, you want to add this new security group with the fewest lines of code. What feature could you use to iterate over a list of required TCP ports to add to the new security group?
dynamic block
A dynamic block acts much like a for expression but produces nested blocks instead of a complex typed value. It iterates over a given complex value and generates a nested block for each element of that complex value.
In regards to Terraform state file, select all the statements below which are correct: (select four)
- storing state remotely can provide better security
- Terraform Cloud always encrypts state at rest
- when using local state, the state file is stored in plain-text
- the Terraform state can contain sensitive data, therefore the state file should be protected from unauthorized access
- When using local state, the state file is stored in plain-text
- The Terraform state can contain sensitive data, therefore the state file should be protected from unauthorized access
- Terraform Cloud always encrypts state at rest
- Storing state remotely can provide better security
Terraform state can contain sensitive data, depending on the resources in use and your definition of “sensitive.” The state contains resource IDs and all resource attributes. For resources such as databases, this may contain initial passwords.
When using the local state, the state is stored in plain-text JSON files.
If you manage any sensitive data with Terraform (like database passwords, user passwords, or private keys), treat the state itself as sensitive data.
Storing Terraform state remotely can provide better security. As of Terraform 0.9, Terraform does not persist state to the local disk when the remote state is in use, and some backends can be configured to encrypt the state data at rest.
Terry is using a module to deploy some EC2 instances on AWS for a new project. He is viewing the code that is calling the module for deployment, which is shown below. Where is the value of the security group originating?
module “ec2_instances” {
source = “terraform-aws-modules/ec2-instance/aws”
version = “2.12.0”
name = “my-ec2-cluster”
instance_count = 2
ami = “ami-0c5204531f799e0c6”
instance_type = “t2.micro”
vpc_security_group_ids = [module.vpc.default_security_group_id]
subnet_id = module.vpc.public_subnets[0]
tags = {
Terraform = “true”
Environment = “dev”
}
the output of another module
What are some of the features of Terraform state?
- determining the correct order to destroy resources
- inspection of cloud resources
- mapping configuration to real-world resources
- increased performance
- increased performance
- determining the correct order to destroy resources
- mapping configuration to real-world resources
Which of the following allows Terraform users to apply policy as code to enforce standardized configurations for resources being deployed via infrastructure as code?
- sentinel
- functions
- workspaces
- module registry
sentinel
Frank has a file named main.tf which is shown below. Which of the following statements are true about this code? (select two)
module “servers” {
source = “./app-cluster”
servers = 5
}
- main.tf is the calling module
- app-cluster is the child module
Stephen is writing brand new code and needs to ensure it is syntactically valid and internally consistent. Stephen doesn’t want to wait for Terraform to access any remote services while making sure his code is valid. What command can he use to accomplish this?
- terraform show
- terraform fmt
- terraform refresh
- terraform validate
terraform validate
The terraform validate command validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc.
Validate runs checks that verify whether a configuration is syntactically valid and internally consistent, regardless of any provided variables or existing state. It is thus primarily useful for general verification of reusable modules, including the correctness of attribute names and value types.
Published modules via the Terraform Registry provide which of the following benefits? (select four)
- show examples and READMEs
- automatically generated documentation
- allow browsing version histories
- support versioning
Terraform-specific settings and behaviors are declared in which configuration block type?
terraform
When configuring a remote backend in Terraform, it might be a good idea to purposely omit some of the required arguments to ensure secrets and other relevant data are not inadvertently shared with others. What are the ways the remaining configuration can be added to Terraform so it can initialize and communicate with the backend? (select three)
- command-line key/value pairs
- interactively on the command line
- use the -backend-config=PATH to specify a separate config file
True or False? Provisioners should only be used as a last resort.
True
What Terraform command can be used to inspect the current state file?
- terraform inspect
- terraform read
- terraform state
- terraform show
terraform show
The terraform show command is used to provide human-readable output from a state or plan file. This can be used to inspect a plan to ensure that the planned operations are expected, or to inspect the current state as Terraform sees it.
Machine-readable output can be generated by adding the -json command-line flag.
Note: When using the -json command-line flag, any sensitive values in Terraform state will be displayed in plain text.
What is the purpose of using the local-exec provisioner? (select two)
- ensures that the resource is only executed in the local infrastructure where Terraform is deployed
- executes a command on the resource to invoke an update to the Terraform state
- to execute one or more commands on the machine running Terraform
- to invoke a local executable
- to execute one or more commands on the machine running Terraform
- to invoke a local execution
In Terraform Enterprise, a workspace can be mapped to how many VCS repos?
1
What are the benefits of using Infrastructure as Code? (select five)
- Infrastructure as Code is relatively simple to learn and write, regardless of a user’s prior experience with developing code
- Infrastructure as Code gives the user the ability to recreate an application’s infrastructure for disaster recovery scenarios
- Infrastructure as Code is easily repeatable, allowing the user to reuse code to deploy similar, yet different resources
- Infrastructure as Code provides configuration consistency and standardization among deployments
- Infrastructure as Code easily replaces development languages such as Go and .Net for application development
- Infrastructure as Code allows a user to turn a manual task into a simple, automated deployment
- Infrastructure as Code gives the user the ability to recreate an application’s infrastructure for
(1) “disaster recovery scenarios” - Infrastructure as Code easily
(2)”repeatable”
allowing the user to reuse code to deploy similar, yet different resources - Infrastructure as Code allows a user to turn a manual task into a simple, (3)”automated deployment”
- Infrastructure as Code provides (4)”configuration consistency and standardization among deployments”
- Infrastructure as Code is relatively (5)”simple to learn and write”, regardless of a user’s prior experience with developing code
In the example below, where is the value of the DNS record’s IP address originating from?
resource “aws_route53_record” “www” {
zone_id = aws_route53_zone.primary.zone_id
name = “www.helloworld.com”
type = “A”
ttl = “300”
records = [module.web_server.instance_ip_addr]
}
the output of a module named web_server
Which of the following actions are performed during a terraform init? (select three)
- download the declared providers which are supported by HashiCorp
- initializes downloaded and/or installed providers
- initializes the backend configuration
Kristen is using modules to provision an Azure environment for a new application. She is using the following code and specifying a version of her virtual machine module to ensure she’s calling the correct module. Which of the following provides support for versioning of a module? (select two)
module “compute” {
source = “Azure/compute/azurerm”
version = “3.8.0”
}
- public module registry
- private module registry
In order to make a Terraform configuration file dynamic and/or reusable, static values should be converted to use what?
- input variables
What is a downside to using a Terraform provider, such as the Vault provider, to interact with sensitive data, such as reading secrets from Vault?
- Terraform and Vault must be running on the same physical host
- secrets are persisted to the state file and plans
- Terraform and Vault must be running on the same version
- Terraform requires a unique auth method to work with Vault
secrets are persisted to the state file and plans
Select two answers to complete the following sentence:
Before a new provider can be used, it must be ______ and _______. (select two)
- declared/used in a configuration file
- initialized
Which of the following represents a feature of Terraform Cloud that is NOT free to customers?
- private module registry
- workspace management
- VCS integration
- team management and governance
team management and governance
True or False? Starting in Terraform v0.12, the Terraform language now has built-in syntax for creating lists using the [ and ] delimiters, replacing and deprecating the list () function.
True
The list function is deprecated. From Terraform v0.12, the Terraform language has built-in syntax for creating lists using the [ and ] delimiters. Use the built-in syntax instead. The list function will be removed in a future version of Terraform.
Select the answer below that completes the following statement:
Terraform Cloud can be managed from the CLI but requires __________?
- authentication using MFA
- a username and password
- an API token
- a TOTP token
an API token
In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently during a terraform apply?
10
Terraform can limit the number of concurrent operations as Terraform walks the graph using the -parallelism=n argument. The default value for this setting is 10. This setting might be helpful if you’re running into API rate limits.
In Terraform, most resource dependencies are handled automatically. Which of the following statements describes best how Terraform resource dependencies are handled?
Terraform analyzes any expressions within a resource block to find references to other objects and treats those references as implicit ordering requirements when creating, updating, or destroying resources.
Henry has been working hard on automating his infrastructure for a new application using Terraform. His organization has standardized on Azure for application workloads. Currently, he has his application running successfully, but he has added a new resource to create a DNS record using the Infoblox provider. He has added the new resource but gets an error when he runs a terraform plan. What should Henry do first before running a plan and apply?
- you can’t mix resources from different providers within the same configuration file, so Henry should create a module for the DNS resource and reference it from the main configuration
- Henry should run a terraform plan -refresh=true to update the state for the new DNS resource
- since he has introduced a new provider, a terraform init needs to be run to download the Infoblox plugin
- the Azure plugin doesn’t support Infoblox directly, so Henry needs to put the DNS resource in another configuration file
since he has introduced a new provider, a terraform init needs to be run to download the Infoblox plugin
Provider dependencies are created in several different ways. Select the valid provider dependencies from the following list: (select three)
- use of any resource belonging to a particular provider in a resource or data block in the configuration
- Existence of any resource instance belonging to a particular provider in the current state.
- Explicit use of a provider block in configuration, optionally including a version constraint.
- Existence of any provider plugins found locally in the working directory
- use of any resource belonging to a particular provider in a resource or data block in the configuration
- Existence of any resource instance belonging to a particular provider in the current state.
- Explicit use of a provider block in configuration, optionally including a version constraint.
Sara has her entire application automated using Terraform, but she now needs to start including more infrastructure pieces, such as creating a new subnet, DNS record, and load balancer. Like the Terraform pro she is, Sara requires that these new resources be created within modules so she can easily reuse the code later. However, Sara is having problems getting the subnet_id from the subnet module to pass to the load balancer module. What could fix this problem?
add an “output that references the subnet module” and retrieve the value using
“module.subnet.subnet_id”
in the load balancer module
What is the result of the following terraform function call?
> zipmap([“a”, “b”], [1, 2])
{
“a” = 1
“b” = 2
}
zipmap constructs a map from a list of keys and a corresponding list of values. A map is denoted by { } whereas a list is denoted by [ ].
Select the most accurate statement to describe the Terraform language from the following list.
- Terraform is an immutable, declarative, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally JSON
- Terraform is a mutable, declarative, Infrastructure as Code Configuration management language based on HashiCorp Configuration language, or optionally JSON.
- Terraform is an immutable, procedural, Infrastructure as Code configuration management language based on Hashicorp Configuration Language, or optionally JSON.
- Terraform is a mutable, procedural, Infrastructure as Code provisioning language based on Hashicorp Language, or optionally YAML.
Terraform is an immutable, declarative, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally JSON.
Emma is a Terraform expert, and she has automated all the things with Terraform. During a recent deployment, a virtual machine was deployed but a local script did not work correctly, and therefore needs to be destroyed and recreated. How can Emma easily have Terraform recreate this one resource without having to destroy everything that was created?
- use terraform taint to mark the virtual machine as tainted
The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply. This command will not modify infrastructure but does modify the state file in order to mark a resource as tainted. Once a resource is marked as tainted, the next plan will show that the resource will be destroyed and recreated and the next apply will implement this change.
You could also use terraform destroy -target and destroy only the virtual machine and then run a terraform apply again.
Whenever you add a new module to a configuration, Terraform must install the module before it can be used. What two commands can be used to install and update modules? (select two)
- terraform get
- terraform plan
- terraform init
- terraform refresh
terraform init
terraform get
Both the terraform get and terraform init commands will install and update-modules. The terraform init command will also initialize backends and install plugins.
Which of the following terraform subcommands could be used to remove the lock on the state for the current configuration?
force-unlock
terraform force-unlock removes the lock on the state for the current configuration. Be very careful forcing an unlock, as it could cause data corruption and problems with your state file.
Terraform is distributed as a single binary and is available for many different platforms. Select all Operating Systems that Terraform is available for. (select five)
- Unix
- macOS
- Solaris
- FreeBSD
- Linux
- Windows
- macOS
- Solaris
- FreeBSD
- Linux
- Windows
What is the result of the following terraform function call?
> index([“a”, “b”, “c”], “c”)
2
index finds the element index for a given value in a list starting with index 0. Therefore, “a” is at index 0, “b” is at index 1, and “c” is at index 2.
True or False? When using the Terraform provider for Vault, the tight integration between these HashiCorp tools provides the ability to mask secrets in the terraform plan and state files.
False
Currently, Terraform has no mechanism to redact or protect secrets that are returned via data sources, so secrets read via this provider will be persisted into the Terraform state, into any plan files, and in some cases in the console output produced while planning and applying. These artifacts must, therefore, all be protected accordingly.
Which of the following is not a valid Terraform string function?
tostring
Which Terraform command will check and report errors within modules, attribute names, and value types to make sure they are syntactically valid and internally consistent?
terraform validate
The terraform validate command validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc.
Validate runs checks that verify whether a configuration is syntactically valid and internally consistent, regardless of any provided variables or existing state. It is thus primarily useful for general verification of reusable modules, including the correctness of attribute names and value types.
https://www.terraform.io/docs/commands/validate.html
True of False? Rather than use state, Terraform can inspect cloud resources on every run.
False
When writing Terraform code, HashiCorp recommends that you use how many spaces between each nesting level?
2
In the following code snippet, the block type is identified by which string?
resource “aws_instance” “db” {
ami = “ami-123456”
instance_type = “t2.micro”
}
resource
The format of resource block configurations is as follows:
”” “”
A user creates three workspaces from the command line - prod, dev, and test. Which of the following commands will the user run to switch to the dev workspace?
terraform workspace select dev
During a terraform apply, a resource is successfully created but eventually fails during provisioning. What happens to the resource?
- the terraform plan is rolled back and all provisioned resources are removed
- it is automatically deleted
- the resource is marked as tainted
- Terraform attempts to provision the resource up three times before exiting with an error
the resource is marked as tainted
True or False? By default, Terraform destroy will prompt for confirmation before proceeding.
True
Terraform destroy will always prompt for confirmation before executing unless passed the -auto-approve flag.
Select all features which are exclusive to Terraform Enterprise and Terraform Cloud for Business (select three).
- SAML/SSO
- Audit Logging
- Self-Service Infrastructure
- SAML/SSO
- Audit Logging
- Self-Service Infrastructure
Self-Service Infrastructure, Audit Logging, and SAML/SSO are only available in Terraform Cloud for Business or Terraform Enterprise.
Which of the following variable declarations is going to result in an error?
variable “example” {
description = “This is a variable description”
type = list(string)
default = {}
}
Lists are defined with [ ], maps are defined with { }.
Larissa is interested in using a module to create an AWS VPC. She finds this code but isn’t sure what all the declarations are beyond the source and version (such as “name, cidr, azs, etc). What are these declarations used for?
module “vpc” {
source = “terraform-aws-modules/vpc/aws”
version = “2.21.0”
name = var.vpc_name
cidr = var.vpc_cidr
azs = var.vpc_azs
private_subnets = var.vpc_private_subnets
public_subnets = var.vpc_public_subnets
enable_nat_gateway = var.vpc_enable_nat_gateway
tags = var.vpc_tags
}
- this is where the variable declarations are so Terraform is aware of these variables within the calling module
- these are the outputs that the child module will return
- these are variables that are passed into the child module likely used for resource creation
- the value of these variables will be obtained from values created in the child module
these variables that are passed into the child module are likely used for resource creation
These are the input variables that are being set for the child module, in which the child module will likely use to create resources. These variables are declared elsewhere, likely in a variables.tf file, and the values are pulled from either the default value, a .tfvars file, environment variable, or from another resource.
Freddy and his co-worker Jason are deploying resources in GCP using Terraform for their team. After resources have been deployed, they need to destroy the cloud-based resources to save on costs. However, two other team members, Michael and Chucky, are using a Cloud SQL instance for testing and are asking to keep it running.
How can Freddy and Jason easily destroy all other resources without negatively impacting the database?
run a “terraform state rm” command to remove the Cloud SQL instance from Terraform management before running the terraform destroy command
Ex:
In this case, the easiest way to accomplish this is to remove the database from the terraform state file, removing that resource from Terraform management. Afterward, the team can use the terraform destroy command which will delete all other resources.
All other options would be too time-consuming or would cause an outage to the database.
Why might a user opt to include the following snippet in their configuration file?
terraform {
required_version = “>= 0.12”
}
Terraform 0.12 introduced substantial changes to the syntax used to write a Terraform configuration.
Explanation
You can use required_version to ensure that a user deploying infrastructure is using Terraform 0.12 or greater, due to the vast number of changes that were introduced. As a result, many previously written configurations had to be converted or rewritten.
Where does Terraform OSS store the local state for workspaces?
- a file called terraform.tfstate.backup
- directory called terraform.workspaces.tfstate
- directory called terraform.tfstate.d
- a file called terraform.tfstate
directory called terraform.tfstate.d
Which are some of the benefits of using Infrastructure as Code in general? (select three)
- it can be versioned
- it can be shared
- it can be reused
- it is always platform agnostic
- it can be versioned
- it can be shared
- it can be reused
Explanation
Infrastructure as Code has many benefits, including being able to create a blueprint of your data center which can be versioned, shared, and reused. However, in a general sense, not all IaC tools are platform agnostic like Terraform.
https://www.terraform.io/intro/index.html#infrastructure-as-code
True or False? The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. If drift is detected between the real-world infrastructure and the last known-state, it will modify the infrastructure to correct the drift.
False
Explanation
The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. This can be used to detect any drift from the last-known state, and to update the state file.
This does not modify infrastructure but does modify the state file. If the state is changed, this may cause changes to occur during the next plan or apply.
The terraform state command and related attributes can be used to
modify the current state, such as removing items
Explanation
The terraform state command is used for advanced state management. Rather than modify the state directly, the terraform state commands can be used in many cases instead.
To refresh Terraform state, use the command terraform refresh.
Terraform has detailed logs which can be enabled by setting the _________ environmental variable.
TF_LOG
Explanation
Terraform has detailed logs that can be enabled by setting the TF_LOG environment variable to any value. This will cause detailed logs to appear on stderr.
You can set TF_LOG to one of the log levels TRACE, DEBUG, INFO, WARN or ERROR to change the verbosity of the logs. TRACE is the most verbose and it is the default if TF_LOG is set to something other than a log level name.
Terraform Cloud is more powerful when you integrate it with your version control system (VCS) provider. Select all the supported VCS providers from the answers below. (select four)
- Azure DevOps Server
- GitHub
- CVS Version Control
- GitHub Enterprise
- Bitbucket Cloud
- Azure DevOps Server
- GitHub
- GitHub Enterprise
- Bitbucket Cloud
A user runs terraform init on their RHEL based server and per the output, two provider plugins are downloaded:
$ terraform init
Initializing the backend…
Initializing provider plugins…
- Checking for available provider plugins…
- Downloading plugin for provider “aws” (hashicorp/aws) 2.44.0…
- Downloading plugin for provider “random” (hashicorp/random) 2.2.1…
Terraform has been successfully initialized!
Where are these plugins downloaded to?
- The .terraform.d directory in the directory terraform init was executed in.
- The .terraform/plugins directory in the directory terraform init was executed in.
- /etc/terraform/plugins
- The .terraform.plugins directory in the directory terraform init was executed in.
The .terraform/plugins directory in the directory terraform init was executed in.
What feature of Terraform Cloud and/or Terraform Enterprise can you publish and maintain a set of custom modules which can be used within your organization?
- Terraform Registry
- customer VCS integration
- remote runs
- private module registry
private module registry
Explanation
You can use modules from a private registry, like the one provided by Terraform Cloud. Private registry modules have source strings of the form ///. This is the same format as the public registry, but with an added hostname prefix.
While Terraform is generally written using the HashiCorp Configuration Language (HCL). What other syntax can Terraform be expressed in?
JSON
True or False? Each Terraform workspace uses its own state file to manage the infrastructure associated with that particular workspace.
True
Explanation
The persistent data stored in the backend belongs to a workspace. Initially, the backend has only one workspace, called “default”, and thus there is only one Terraform state associated with that configuration.
A “backend” in Terraform determines how state is loaded and how an operation such as apply is executed. Which of the following is not a supported backend type?
- consul
- s3
- artifactory
- github
- terraform enterprise
github
Explanation
GitHub is not a supported backend type. Check out the supported backends using the link below. Remember there is the “local” backend and then there are remote backends that store state elsewhere. Remote backends (and locking) are needed when more than one person is interacting with the same state file.
When Terraform needs to be installed in a location where it does not have internet access to download the installer and upgrades, the installation is generally known as to be __________.
- air-gapped
- a private install
- disconnected
- non-traditional
air-gapped
Explanation
A Terraform Enterprise install that is provisioned on a network that does not have Internet access is generally known as an air-gapped install. These types of installs require you to pull updates, providers, etc. from external sources vs. being able to download them directly.
Terraform Enterprise (also referred to as pTFE) requires what type of backend database for a clustered deployment?
- Cassandra
- MySQL
- MSSQL
- PostgreSQL
PostgreSQL
Explanation
External Services mode stores the majority of the stateful data used by the instance in an external PostgreSQL database and an external S3-compatible endpoint or Azure blob storage. There is still critical data stored on the instance that must be managed with snapshots. Be sure to check the PostgreSQL Requirements for information that needs to be present for Terraform Enterprise to work. This option is best for users with expertise managing PostgreSQL or users that have access to managed PostgreSQL offerings like AWS RDS.
Check out the Pre-requisite document for more information - https://www.terraform.io/docs/enterprise/before-installing/index.html
When multiple arguments with single-line values appear on consecutive lines at the same nesting level, HashiCorp recommends that you:
align their equals signs
ami = “abc123”
instance_type = “t2.micro”
Explanation
HashiCorp style conventions suggest you that align the equals sign for consecutive arguments for easing readability for configurations
ami = "abc123" instance_type = "t2.micro"
When using providers that require the retrieval of data, such as the HashiCorp Vault provider, in what phase does Terraform actually retrieve the data required, assuming you are following the standard workflow of write, plan, and apply?
- terraform apply
- terraform init
- terraform plan
- terraform destroy
terraform plan
Explanation
It is important to consider that “Terraform reads from data sources during the plan phase and writes the result into the plan.”
For something like a Vault token which has an explicit TTL, the apply must be run before the data, or token, in this case, expires, otherwise, Terraform will fail during the apply phase.
Another example of this is AWS credentials:
The token is generated from the moment the configuration retrieves the temporary AWS credentials (on terraform plan or terraform apply). If the apply run is confirmed after the 120 seconds, the run will fail because the credentials used to initialize the Terraform AWS provider has expired. For these instances or large multi-resource configurations, you may need to adjust the default_lease_ttl_seconds.
Check out the blue box under this section for more information: https://learn.hashicorp.com/tutorials/terraform/secrets-vault#provision-compute-instance
Which of the following statements best describes the Terraform list(…) type?
- a sequence of values identified by consecutive whole numbers starting with zero.
- a collection of named attributes that each have their own type.
- a collection of unique values that do not have any secondary identifiers or ordering.
- a collection of values where each is identified by a string label
a sequence of values identified by consecutive whole numbers starting with zero.
Explanation
A terraform list is a sequence of values identified by consecutive whole numbers starting with zero.
https://www.terraform.io/docs/configuration/types.html#structural-types
From the code below, identify the implicit dependency:
resource “aws_eip” “public_ip” {
vpc = true
instance = aws_instance.web_server.id
}
resource "aws_instance" "web_server" { ami = "ami-2757f631" instance_type = "t2.micro" depends_on = [aws_s3_bucket.company_data] }
- The EC2 instance labeled web_server
- The S3 bucket labeled company_data
- The EIP with an id of ami2757f631
- The AMI used for the EC2 instance
The EC2 instance labeled web_server
Explanation
The EC2 instance labeled web_server is the implicit dependency as the aws_eip cannot be created until the aws_instance labeled web_server has been provisioned and the id is available.
Note that aws_s3_bucket.example is an explicit dependency.
https://learn.hashicorp.com/tutorials/terraform/dependencies
What is the result of the following terraform function call?
> lookup({a=”hello”, b=”goodbye”}, “c”, “what?”)
what
Explanation
lookup retrieves the value of a single element from a map, given its key. If the given key does not exist, the given default value is returned instead. In this case, the function call is searching for the key “c”. Because there is no key “c”, the default value of “what?” is returned.
Choose the correct answer which fixes the syntax of the following Terraform code:
resource “aws_security_group” “vault_elb” {
name = “${var.name_prefix}-vault-elb”
description = Vault ELB
vpc_id = var.vpc_id
}
resource “aws_security_group” “vault_elb” {
name = “${var.name_prefix}-vault-elb”
description = “Vault ELB”
vpc_id = var.vpc_id
}
Explanation
When assigning a value to an argument, it must be enclosed in quotes (“…”) unless it is being generated programmatically.
https://www.terraform.io/docs/configuration/syntax.html#arguments-and-blocks
Elijah has created a module called “my_test_module” and committed it to GitHub. Over time, several commits have been made with updates to the module, each tagged in GitHub with an incremental version number. Which of the following lines would be required in a module configuration block in terraform to select tagged version v1.0.4?
source=”git::https://example.com/my_test_module.git?ref=v1.0.4”
Explanation
By default, Terraform will clone and use the default branch (referenced by HEAD) in the selected repository. You can override this using the ref argument:
module “vpc” {
source = “git::https://example.com/vpc.git?ref=v1.2.0”
}
The value of the ref argument can be any reference that would be accepted by the git checkout command, including branch and tag names.
https://www.terraform.io/docs/modules/sources.html#selecting-a-revision
Which of the following commands will launch the Interactive console for Terraform interpolations?
terraform console
Explanation
The terraform console command provides an interactive console for evaluating expressions.
https://www.terraform.io/docs/commands/console.html
When using constraint expressions to signify a version of a provider, which of the following are valid provider versions that satisfy the expression found in the following code snippet: (select two)
terraform { required_providers { aws = "~> 1.2.0" } }
- 2.3
- 2.9
Explanation
~> 1.2.0 will match any non-beta version of the provider between >= 1.2.0 and < 1.3.0. For example, 1.2.X
https://www.terraform.io/docs/configuration/modules.html#gt-1-2-0-1
The following is a snippet from a Terraform configuration file:
provider “aws” {
region = “us-east-1”
}
provider “aws” {
region = “us-west-1”
}
which, when validated, results in the following error:-
Error: Duplicate provider configuration
on main.tf line 5:
5: provider “aws” {
A default provider configuration for “aws” was already given at
main.tf:1,1-15. If multiple configurations are required, set the “______”
argument for alternative configurations.
Fill in the blank in the error message with the correct string from the list below.
alias
Explanation
An alias meta-argument is used when using the same provider with different configurations for different resources.
https://www.terraform.io/docs/configuration/providers.html#alias-multiple-provider-instances
In the example below, the depends_on argument creates what type of dependency?
resource "aws_instance" "example" { ami = "ami-2757f631" instance_type = "t2.micro" depends_on = [aws_s3_bucket.company_data] }
explicit dependency
Explanation
Sometimes there are dependencies between resources that are not visible to Terraform. The depends_on argument is accepted by any resource and accepts a list of resources to create explicit dependencies for.
https://learn.hashicorp.com/tutorials/terraform/dependencies
Harry has deployed resources on Azure for his organization using Terraform. However, he has discovered that his co-workers Ron and Ginny have manually created a few resources using the Azure console. Since it’s company policy to manage production workloads using IaC, how can Harry start managing these resources in Terraform without negatively impacting the availability of the deployed resources?
use terraform import to import the existing resources under Terraform management
Explanation
The terraform import command is used to import existing resources into Terraform. This allows you to take resources that you’ve created by some other means and bring them under Terraform management.
Note that terraform import DOES NOT generate configuration, it only modifies state. You’ll still need to write a configuration block for the resource for which it will be mapped using the terraform import command.
https://www.terraform.io/docs/commands/import.html
A user has created three workspaces using the command line - prod, dev, and test. The user wants to create a fourth workspace named stage. Which command will the user execute to accomplish this?
terraform workspace new stage
Explanation
The terraform workspace new command is used to create a new workspace.
https://www.terraform.io/docs/commands/workspace/new.html
Oscar is modifying his Terraform configuration file but isn’t 100% sure it’s correct. He is afraid that changes made could negatively affect production workloads. How can Oscar validate the changes that will be made without impacting existing workloads?
run a terraform plan and validate the changes that will be made
Explanation
The terraform plan command is used to create an execution plan. Terraform performs a refresh, unless explicitly disabled, and then determines what actions are necessary to achieve the desired state specified in the configuration files. This command is a convenient way to check whether the execution plan for a set of changes matches your expectations without making any changes to real resources or to the state.
https://www.terraform.io/docs/commands/plan.html
Anyone can publish and share modules on the Terraform Public Module Registry, and meeting the requirements for publishing a module is extremely easy. Select from the following list all valid requirements. (select three)
- The registry uses tags to identify module versions. Release tag names must be for the format x.y.z, and can optionally be prefixed with a v
- Module repositories must use this three-part name format, terraform
- The module must be PCI/HIPPA compliant
- The module must be on GitHub and must be a public repo
The registry uses tags to identify module versions. Release tag names must be for the format x.y.z, and can optionally be prefixed with a v
Module repositories must use this three-part name format, terraform–
The module must be on GitHub and must be a public repo
Which of the following is an invalid variable name?
count
Explanation
count is a reserved word. The count parameter on resources can simplify configurations and let you scale resources by simply incrementing a number.
https://www.terraform.io/intro/examples/count.html
Environment variables can be used to set variables. The environment variables must be in the format “____“_. Select the correct prefix string from the following list.
- TF_ENV
- TF_ENV_VAR
- TF_VAR_NAME
- TF_VAR
TF_VAR
Explanation
Environment variables can be used to set variables. The environment variables must be in the format TF_VAR_name and this will be checked last for a value. For example:
export TF_VAR_region=us-west-1
export TF_VAR_ami=ami-049d8641
export TF_VAR_alist=’[1,2,3]’
export TF_VAR_amap=’{ foo = “bar”, baz = “qux” }’
https://www.terraform.io/docs/commands/environment-variables.html
True or False? Using the latest versions of Terraform (0.13 - 0.15) terraform init cannot automatically download community providers.
False
Explanation
With Terraform 0.13, terraform init can now automatically download community providers.
https://www.hashicorp.com/blog/automatic-installation-of-third-party-providers-with-terraform-0-13
In June at HashiConf digital we announced the beta version of HashiCorp Terraform 0.13. Many of the improvements in Terraform 0.13 focus on the diverse, rapidly-growing collection of official, partner, and community providers. With Terraform 0.13, terraform init will automatically download and install partner and community providers in the HashiCorp Terraform Registry, following the same clear workflow as HashiCorp-supported official providers. These improvements to the ecosystem will benefit Terraform users and provider developers alike.
You are an Infrastructure Engineer at Strategies, Inc, which is a new organization that provides marketing services to startups. All of your infrastructure is provisioned and managed by Terraform. Despite your pleas to not make changes outside of Terraform, sometimes the other engineers log into the cloud platform and make minor changes to resolve problems.
What Terraform command can you use to reconcile the state with the real-world infrastructure in order to detect any drift from the last-known state?
terraform refresh
Explanation
The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. This can be used to detect any drift from the last-known state, and to update the state file.
https://www.terraform.io/docs/commands/refresh.html
Infrastructure as Code (Iac) provides many benefits to help organizations deploy application infrastructure much faster than clicking around in the console. What are the additional benefits to IaC? (select three)
- code can easily be shared and reused
- eliminates parallelism
- allows infrastructure to be versioned
- can always be used to deploy the latest features and services
- creates a blueprint of your data center
- code can easily be shared and reused
- allows infrastructure to be versioned
- creates a blueprint of your data center
Explanation
Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
Infrastructure as Code almost always uses parallelism to deploy resources faster. And depending on the solution being used, it doesn’t always have access to the latest features and services available on cloud platforms or other solutions.
https://www.terraform.io/intro/index.html#infrastructure-as-code
Based on the following code, which of the resources will be created first?
resource “aws_instance” “data_processing” {
ami = data.aws_ami.amazon_linux.id
instance_type = “t2.micro”
depends_on = [aws_s3_bucket.customer_data]
}
module “example_sqs_queue” {
source = “terraform-aws-modules/sqs/aws”
version = “2.1.0”
depends_on = [aws_s3_bucket.customer_data, aws_instance.data_processing]
}
resource “aws_s3_bucket” “customer_data” {
acl = “private”
}
resource “aws_eip” “ip” {
vpc = true
instance = aws_instance.data_processing.id
}
aws_s3_bucket.customer_data
Explanation
In this example, the only resource that does not have an implicit or an explicit dependency is the aws_s3_bucket.customer_data. Every other resource defined in this configuration has a dependency on another resource.
https://learn.hashicorp.com/tutorials/terraform/dependencies
Based on the Terraform code below, what block type is used to define the VPC?
vpc_id = aws_vpc.main.id
- provider block
- locals block
- data block
- resource block
If it were in a data block, it would be referred to as data.aws_vpc.i.main.id
- resource block
Explanation
Based on the Terraform code provided in the question, the VPC is defined in a resource block, meaning that there is a VPC resource being defined, such as:
resource “aws_vpc” “main” {
cidr_block = var.base_cidr_block
}
If it were locals, the resource would be referred to as local.aws_vpc
https://www.terraform.io/docs/configuration/resources.html
Which feature of Terraform Enterprise can be used to enforce fine-grained policies to enforce standardization and cost controls before resources are provisioned with Terraform?
sentinel
Explanation
Sentinel is an embedded policy-as-code framework integrated with the HashiCorp Enterprise products. It enables fine-grained, logic-based policy decisions, and can be extended to use information from external sources.
https://www.terraform.io/docs/cloud/sentinel/index.html
When running a terraform plan, how can you save the plan so it can be applied at a later time?
use the -out parameter
-out=FILE
Explanation
The optional -out argument can be used to save the generated plan to a file for later execution with terraform apply, which can be useful when running Terraform in automation.
https://www.terraform.io/docs/commands/plan.html
Which type of configuration block assigns a name to an expression that can be used multiple times within a module without having to repeat it?
- backend
- resources
- local
- provider
local
Explanation A local value assigns a name to an expression, so you can use it multiple times within a module without repeating it.
https://www.terraform.io/docs/configuration/locals.html
Which of the following best describes a “data source”?
- enables Terraform to fetch data for use elsewhere in the Terraform configuration
- a file that contains the current working version of Terraform
- provides required data for declared variables used within the Terraform configuration
- maintains a list of strings to store the values of declared outputs in Terraform
enables Terraform to fetch data for use elsewhere in the Terraform configuration
Explanation
Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration. Use of data sources allows a Terraform configuration to make use of information defined outside of Terraform, or defined by another separate Terraform configuration.
https://www.terraform.io/docs/configuration/data-sources.html
Michael has deployed many resources in AWS using Terraform and can easily update or destroy resources when required by the application team. A new employee, Dwight, is working with the application team and deployed a new EC2 instance through the AWS console. When Michael finds out, he decided he wants to manage the new EC2 instance using Terraform moving forward. He opens his terminal and types:
A. Terraform cannot manage resources that were provisioned manually
B. Configure the appropriate tags on the Amazon EC? resource so Terraform knows that it
should manage the resource moving forward
C. import the configuration of the EC2 instance called web_app_42 from AWS first
D. create a configuration for the new resource in the Terraform configuration file, such as: resource “aws_inctance’ “web_ap942" { # (resource arguments) }
create a configuration for the new resource in the Terraform configuration file, such as:
resource "aws_instance" "web_app_42" { # (resource arguments) }
Explanation
The terraform import command is used to import existing resources into Terraform. However, Terraform will not create a configuration for the imported resource. The Terraform operator must create/add a configuration for the resource that will be imported first. Once the configuration is added to the configuration file, the terraform import command can be executed to manage the resource using Terraform.
https://www.terraform.io/docs/commands/import.html
Given a Terraform config that includes the following code, how would you reference the last instance that will be created?
resource "aws_instance" "web" { # ... for_each = { "terraform": "value1", "resource": "value2", "indexing": "value3", "example": "value4", } }
- aws_instance.web[4]
- aws_instance.example
- aws_instance.web[3]
- aws_instance.web[“example”]
aws_instance.web[“example”]
Explanation
The following specifications apply to index values on modules and resources with multiple instances:
[N] where N is a 0-based numerical index into a resource with multiple instances specified by the count meta-argument. Omitting an index when addressing a resource where count > 1 means that the address references all instances.
[“INDEX”] where INDEX is an alphanumerical key index into a resource with multiple instances specified by the for_each meta-argument.
https://www.terraform.io/docs/internals/resource-addressing.html
count Example
Given a Terraform config that includes:
resource "aws_instance" "web" { # ... count = 4 } An address like this:
aws_instance.web[3]
Refers to only the last instance in the config, and an address like this:
aws_instance.web Refers to all four "web" instances. ---------------------------------------------------------------------------------- »for_each Example Given a Terraform config that includes:
resource "aws_instance" "web" { # ... for_each = { "terraform": "value1", "resource": "value2", "indexing": "value3", "example": "value4", } } An address like this:
aws_instance.web[“example”]
Refers to only the “example” instance in the config.
Which of the following Terraform features is NOT available in the open-source version?
sentinel policies
Explanation
All of the options are available to open-source users except for Sentinel, which is only available in Terraform Enterprise and Terraform Cloud paid tiers.
https://www.hashicorp.com/products/terraform/pricing
Given the following snippet of code, what does servers = 4 reference?
module “servers” {
source = “./modules/aws-servers”
servers = 4
}
- the output variable of the module
- the value of an input variable
- the number of times the module will be executed
- servers is not a valid configuration for a module
the value of an input variable
When using a Terraform provider, it’s common that Terraform needs credentials to access the API for the underlying platform, such as VMware, AWS, or Google Cloud. While there are many ways to accomplish this, what are three options that you can provide these credentials? (select three)
- using a remote-exec
- integrated services, such as AWS IAM or Azure Managed Service Identity
- use environment variables
- directory in the provider block by hardcoding or using a variable
- integrated services, such as AWS IAM or Azure Managed Service Identity
- directly in the provider block by hardcoding or using a variable
- use environment variables
Philip works at a payment processing company and manages the organization’s VMware environment. He recently provisioned a new cluster for a production environment. To ensure everything is working as expected, Philip has been using Terraform and the VMware vSphere client to create and destroy new virtual machines. Currently, there are three virtual machines running on the new cluster, so Philip runs terraform destroy to remove the remaining virtual machines from the cluster. However, Terraform only removes two of the virtual machines, leaving one virtual machine still running.
Why would Terraform only remove two of the three virtual machines?
the remaining virtual machine was not created by Terraform, therefore Terraform is not aware of the virtual machine and cannot destroy it
Explanation
The terraform destroy command terminates resources defined in your Terraform configuration. This command is the reverse of terraform apply in that it terminates all the resources specified by the configuration. It does not destroy resources running elsewhere that are not described in the current configuration.
https://learn.hashicorp.com/tutorials/terraform/aws-destroy
A provider alias is used for what purpose in a Terraform configuration file?
- to use as shorthand for resources to be deployed with the referenced provider
- using the same provider with different configurations for different resources
- to signify what cloud-based region to deploy resources
- alias isn’t used with providers, they are used with provisioners
using the same provider with different configurations for different resources
Explanation
The primary reason for this is to support multiple regions for a cloud platform; other examples include targeting multiple Docker hosts, multiple Consul hosts, etc.
To create multiple configurations for a given provider, include multiple provider blocks with the same provider name. For each additional non-default configuration, use the alias meta-argument to provide an extra name segment.
https://www.terraform.io/docs/configuration/providers.html
When a terraform apply is executed, where is the AWS provider retrieving credentials to create cloud resources in the code snippet below?
provider “aws” {
region = us-east-1
access_key = data.vault_aws_access_credentials.creds.access_key
secret_key = data.vault_aws_access_credentials.creds.secret_key
}
- From a data source that is retrieving credentials from HashiCorp Vault is dynamically generating the credentials on Terraform’s behalf
- from a script that is executing commands against Vault
- From a variable called vault_aws_access_credentials
- from the .tfvars file called vault
From a data source that is retrieving credentials from HashiCorp Vault. Vault is dynamically generating the credentials on Terraform’s behalf.
Explanation
In this case, Terraform is using a data source to gather credentials from Vault. The data block would look something like this:
data “vault_aws_access_credentials” “creds” {
backend = vault_aws_secret_backend.aws.path
role = vault_aws_secret_backend_role.role.name
}
https://www.terraform.io/docs/configuration/data-sources.html
Terraform Cloud Agents are a feature that allows Terraform Cloud to communicate with private infrastructure, such as VMware hosts running on-premises. Which version of Terraform Cloud supports this feature?
- Terraform Cloud for Business
- Terraform Team and Governance
- Terraform Cloud Free
Terraform Cloud for Business
Explanation
This newer feature is only available on Terraform Cloud for Business
https://www.hashicorp.com/products/terraform/pricing
Jeff is a DevOps Engineer for a large company and is currently managing the infrastructure for many different applications using Terraform. Recently, Jeff received a request to remove a specific VMware virtual machine from Terraform as it is no longer needed by the application team. Jeff opens his terminal and issues the command:
$ terraform state rm vsphere_virtual_machine.app1
Removed vsphere_virtual_machine.app1
Successfully removed 1 resource instance(s).
The next time that Jeff runs a terraform apply, the resource is not marked to be deleted. In fact, Terraform is stating that it is creating another identical resource.
…..
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# vsphere_virtual_machine.app1 will be created What would explain this behavior?
- Jeff removed the resource from the state file, “but not the configuration file”. Therefore, Terraform is no longer aware of the virtual machine and assumes Jeff wants to create a new one since the virtual machine is still in the Terraform configuration file
- the state file was not saved before the terraform apply was executed, therefore Terraform sees that the resource is still in the state file
- the resource was manually deleted within the VMware infrastructure and needs to be recreated
- after running the terraform rm command, Jeff needs to run a Terraform plan first to tell Terraform of the updated configuration. A plan will instruct Terraform that the resource should be deleted upon the next terraform apply
Jeff removed the resource from the state file, “but not the configuration file”. Therefore, Terraform is no longer aware of the virtual machine and assumes Jeff wants to create a new one since the virtual machine is still in the Terraform configuration file
Explanation:
Because Jeff manually deleted the resource from the state file, Terraform was no longer aware of the virtual machine. When Jeff ran a terraform apply, it refreshed the state file and discovered that the configuration file declared a virtual machine but it was not in state, therefore Terraform needed to create a virtual machine so the provisioned infrastructure matched the desired configuration, which is the Terraform configuration file.
Hopefully, this isn’t a tricky one but I thought it was good to test on, especially since terraform state commands are listed in Objective 4 of the exam. In this case, Jeff should NOT have removed the resource from the state file, but rather remove it from the configuration file and run a terraform plan/apply. In this scenario, Terraform would recognize that the virtual machine was no longer needed and would have destroyed it.
https://www.terraform.io/docs/commands/state/list.html
Given the following snippet of code, what will the value of the “Name” tag equal after a terraform apply?
variable “name” {
description = “The username assigned to the infrastructure”
default = “data_processing”
}
variable “team” {
description = “The team responsible for the infrastructure”
default = “IS Team”
}
locals { name = (var.name != "" ? var.name : random_id.id.hex) owner = var.team common_tags = { Owner = local.owner Name = local.name } }
data processing
Explanation
The syntax of a conditional expression first names the condition. In this example, if var.name is not (!=) empty, assign the var.name value; else, assign the new random_id resource as the name value. Since var.name equals data_processing, then the value of Name will equal data_processing.
https://www.terraform.io/docs/configuration/expressions/conditionals.html
Which of the following commands can be used to detect configuration drift?
terraform refresh
Explanation
If the state has drifted from the last time Terraform ran, refresh allows that drift to be detected.
https://www.hashicorp.com/blog/detecting-and-managing-drift-with-terraform
Variables and their default values are typically declared in a main.tf or terraform.tf file. What type of file can be used to set explicit values for the current working directory that will override the default variable values?
- .sh file
- .txt file
- .tfvars file
- .tfstate file
.tfvars file
Explanation
To set lots of variables, it is more convenient to specify their values in a variable definitions file (with a filename ending in either .tfvars or .tfvars.json)
https://www.terraform.io/docs/configuration/variables.html
What happens when you apply a Terraform configuration using terraform apply? (select two)
A. Terraform makes infrastructure changes defined in your configuration.
B. Terraform recreates all the infrastructure defined in the configuration file
C. Terraform formats your configuration to the standard canonical format and style
D. Terraform downloads any required plugins
E. Terraform updates the state file with configuration changes made during the execution.
A. Terraform makes infrastructure changes defined in your configuration.
E. Terraform updates the state file with configuration changes made during the execution.
Explanation
The terraform apply command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a terraform plan execution plan.
https://www.terraform.io/docs/commands/apply.html
Terraform Cloud provides organizations with many features not available to those running Terraform open-source to deploy infrastructure. Select the ADDITIONAL features that organizations can take advantage of by moving to Terraform Cloud. (select three)
- providers
- VCS connection
- remote runs
- public module registry
- private module registry
- remote runs
- VCS connection
- private module registry
Explanation
Terraform Cloud offers many features, even in the free version, that organizations can quickly take advantage of. This is the best table that compares the features available in Terraform OSS vs. Terraform Cloud and Terraform Enterprise.
https://www.datocms-assets.com/2885/1602500234-terraform-full-feature-pricing-tablev2-1.pdf
There are an endless number of benefits of using Terraform within your organization. Which of the following are true statements regarding Terraform. (select three)
Terraform can simplify both management and orchestration of deploying large-scale, multi-cloud infrastructure
A single Terraform configuration file can be used to manage multiple providers
Terraform is cloud-agnostic but requires a specific provider for the cloud platform
Aaron is new to Terraform and has a single configuration file that is ready to be deployed. Which of the following can be true about this configuration file? (select three)
- the state file can be stored in Azure but provision applications in AWS
- Aaron’s configuration file can deploy applications in both AWS and GCP
- the state can be disabled when deploying to multiple clouds to prevent sensitive data from being shared across cloud platforms
- the configuration file can deploy both QA and Staging infrastructure for applications
- Aaron’s configuration file can deploy applications in both AWS and GCP
- the configuration file can deploy both QA and Staging infrastructure for applications
- the state file can be stored in Azure but provision applications in AWS
Explanation
There are a ton of benefits of deploying with Terraform and the solution is very capable of managing deployments across multiple clouds. However, state is still required and cannot be disabled.
https://www.terraform.io/intro/use-cases.html#multi-cloud-deployment
You have created a brand new workspace for a new project, and have added all of your Terraform configuration files in the new directory. Before you execute a terraform plan, you want to validate the configuration using the terraform validate command. However, Terraform returns the error:
$ terraform validate
Error: Could not load plugin
What would cause this error when trying to validate the configuration?
the directory was not initialized
Explanation
terraform validate requires an initialized working directory with any referenced plugins and modules installed. If you don’t initiate the directory, you will get an error stating you need to run a terraform init
https://www.terraform.io/docs/commands/validate.html
Which of the following are the benefits of using modules in Terraform? (select three)
- allows modules to be stored anywhere accessible by Terraform
- enables code reuse
- supports versioning to maintain compatibility
- supports modules stored locally or remotely
- supports versioning to maintain compatibility
- supports modules stored locally or remotely
- enables code reuse
Explanation
All of these are examples of the benefits of using Terraform modules “except where they can be stored”. Modules can only be supported in certain sources found at the following link:
https://www.terraform.io/docs/modules/sources.html
Using the Terraform code below, where will the resource be provisioned?
provider “aws” {
region = “us-east-1”
}
provider “aws” {
alias = “west”
region = “us-west-2”
}
provider “aws” {
alias = “eu”
region = “eu-west-2”
}
resource “aws_instance” “vault” {
ami = data.aws_ami.amzlinux2.id
instance_type = “t3.micro”
key_name = “ec2_key”
vpc_security_group_ids = var.vault_sg
subnet_id = var.vault_subnet
user_data = file(“vault.sh”)
tags = {
Name = “vault”
}
}
us-east-1
Explanation
The resource above will be created in the default region of us-east-1, since the resource does signify an alternative provider configuration. If the resource needs to be created in one of the other declared regions, it should have looked like this, where “aws” signifies the provider name and “west” signifies the alias name as such .:
resource “aws_instance” “vault” {
provider = aws.west
ami = data.aws_ami.amzlinux2.id
instance_type = “t3.micro”
key_name = “ec2_key”
vpc_security_group_ids = var.vault_sg
subnet_id = var.vault_subnet
user_data = file(“vault.sh”)
tags = { Name = "vault" } } https://www.terraform.io/docs/configuration/providers.html#selecting-alternate-provider-configurations
What function does the terraform init -upgrade command perform?
- upgrades the backend to the latest supported version
- upgrades the Terraform configuration files(s) to use the referenced Terraform version
- update all previously installed plugins to the newest version that complies with the configuration’s version constraints
- upgrades all of the referenced modules and providers to the latest version of Terraform
update all previously installed plugins to the newest version that complies with the configuration’s version constraints
Explanation
The -upgrade will upgrade all previously-selected plugins to the newest version that complies with the configuration’s version constraints. This will cause Terraform to ignore any selections recorded in the dependency lock file, and to take the newest available version matching the configured version constraints.
https://www.terraform.io/docs/commands/init.html#upgrade-1
Teddy is using Terraform to deploy infrastructure using modules. Where is the module below stored?
module “monitoring_tools” {
source = “././modules/monitoring_tools”
cluster_hostname = module.k8s_cluster.hostname
}
- in a private GitLab repository
- on the Terraform public module registry
- locally on the instance running Terraform
- a private module registry in Terraform Cloud (free)
locally on the instance running Terraform
Explanation A local path must begin with either ./ or ../ to indicate that a local path is intended, to distinguish from a module registry address.
https://www.terraform.io/docs/modules/sources.html#terraform-registry
There are multiple ways to authenticate when using a Terraform provider. However, several methods will result in sensitive information being written to the state file, which is not desirable. Which method below will not result in sensitive information being written to the state file.
- retrieving the credentials from a data source, such as HashiCorp Vault
- using a declared variable
- using environment variables
- using a tfvars file
using environment variables
Explanation
The only method list above that will not result in the username/password being written to the state file is environment variables. All of the other options will result in the provider’s credentials in the state file.
Terraform runs will receive the full text of sensitive variables, and might print the value in logs and state files if the configuration pipes the value through to an output or a resource parameter. Additionally, Sentinel mocks downloaded from runs will contain the sensitive values of Terraform (but not environment) variables. Take care when writing your configurations to avoid unnecessary credential disclosure. Whenever possible, use environment variables since these cannot end up in state files or in Sentinel mocks. (Environment variables can end up in log files if TF_LOG is set to TRACE.)
https: //www.terraform.io/docs/cloud/workspaces/variables.html#sensitive-values
https: //learn.hashicorp.com/tutorials/terraform/sensitive-variables
Margaret is calling a child module to deploy infrastructure for her organization. Just as a good architect does (and suggested by HashiCorp), she specifies the module version she wants to use even though there are newer versions available. During a terrafom init, Terraform downloads v0.0.5 just as expected. What would happen if Margaret removed the version parameter in the module block and ran a terraform init again?
module “consul” {
source = “hashicorp/consul/aws”
version = “0.0.5”
servers = 3
}
- Terraform would return an error, as the version parameter is required
- Terraform would use the existing module already downloaded
- Terraform would download the latest version of the module
- Terraform would skip the module
Terraform would use the existing module already downloaded
Explanation When using modules installed from a module registry, HashiCorp recommends explicitly constraining the acceptable version numbers to avoid unexpected or unwanted changes. The version argument accepts a version constraint string. Terraform will use the newest installed version of the module that meets the constraint; if no acceptable versions are installed, it will download the newest version that meets the constraint.
A version number that meets every applicable constraint is considered acceptable.
Terraform consults version constraints to determine whether it has acceptable versions of itself, any required provider plugins, and any required modules. For plugins and modules, it will use the newest installed version that meets the applicable constraints.
To test this, I ran a terraform init with the code as shown in the file:
$ terraform init
Initializing modules…
Downloading hashicorp/consul/aws 0.0.5 for consul…
- consul in .terraform\modules\consul
- consul.consul_clients in .terraform\modules\consul\modules\consul-cluster
- consul.consul_clients.iam_policies in .terraform\modules\consul\modules\consul-iam-policies
- consul.consul_clients.security_group_rules in .terraform\modules\consul\modules\consul-security-group-rules
- consul.consul_servers in .terraform\modules\consul\modules\consul-cluster
- consul.consul_servers.iam_policies in .terraform\modules\consul\modules\consul-iam-policies
- consul.consul_servers.security_group_rules in .terraform\modules\consul\modules\consul-security-group-rules
Then I removed the constraint from the configuration file and ran a terraform init again:
$ terraform init
Initializing modules…
Initializing the backend…
Initializing provider plugins…
- Reusing previous version of hashicorp/aws from the dependency lock file
- Reusing previous version of hashicorp/template from the dependency lock file
Terraform did not download a newer version of the module. It reused the existing one.
https: //www.terraform.io/docs/configuration/blocks/modules/syntax.html#version
https: //www.terraform.io/docs/language/expressions/version-constraints.html
True or False? Performing a terraform plan can modify the existing Terraform state file.
False
Explanation
The ultimate goal of a terraform plan is to compare the configuration file against the current state file and read any outputs related to the current figuration. While a terraform plan does perform a terraform refresh by default, the terraform plan does not actually result in changes to the state file.
For additional information, check out this Q&A discussion that I had with another student.
https://www.terraform.io/docs/commands/plan.html
Based on the code provided, how many subnets will be created in the AWS account?
variables.tf
variable "private_subnet_names" { type = list(string) default = ["private_subnet_a", "private_subnet_b", "private_subnet_c"] } variable "vpc_cidr" { type = string default = "10.0.0.0/16" } variable "public_subnet_names" { type = list(string) default = ["public_subnet_1", "public_subnet_2"] } main.tf
resource “aws_subnet” “private_subnet” {
count = length(var.private_subnet_names)
vpc_id = aws_vpc.vpc.id
cidr_block = cidrsubnet(var.vpc_cidr, 8, count.index)
availability_zone = data.aws_availability_zones.available.names[count.index]
tags = { Name = var.private_subnet_names[count.index] Terraform = "true" } }
- 1
- 0
- 2
- 3
3
Explanation
The code above will create three subnets. The value of count is determined by the number of strings included in the private_subnet_names variable.
https://www.terraform.io/docs/configuration/functions/length.html
What feature of Terraform provides an abstraction above the upstream API and is responsible for understanding API interactions and exposing resources?
- Terraform configuration file
- Terraform provisioner
- Terraform backend
- Terraform provider
Terraform provider
Explanation
Terraform relies on plugins called “providers” to interact with remote systems.
Terraform configurations must declare which providers they require so that Terraform can install and use them. Additionally, some providers require configuration (like endpoint URLs or cloud regions) before they can be used.
https://www.terraform.io/docs/configuration/blocks/providers/index.html
Which of the following Terraform CLI commands are valid? (select five)
$ terraform initialize $ terraform delete $ terraform taint $ terraform fmt $ terraform workspace select $ terrafrom show $ terraform login
- terraform workspace select
- terraform show
- terraform taint
- terraform login
- terraform fmt
Explanation
terraform delete and terraform initialize are not valid Terraform CLI commands.
Correct Answers:
The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply.
The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style.
The terraform workspace select command is used to choose a different workspace to use for further operations.
The terraform show command is used to provide human-readable output from a state or plan file. This can be used to inspect a plan to ensure that the planned operations are expected, or to inspect the current state as Terraform sees it.
The terraform login command can be used to automatically obtain and save an API token for Terraform Cloud, Terraform Enterprise, or any other host that offers Terraform services.
https://www.terraform.io/docs/commands/fmt.html
True or False? A main.tf file is always required when using Terraform?
False
Explanation
Although main.tf is the standard name, it’s not necessarily required. Terraform will look for any file with a .tf or .tf.json extension when running terraform commands.
https://www.terraform.io/docs/configuration/index.html#code-organization
Which of the following is not a benefit of Terraform state?
- increases performance by reducing the requirement to query multiple resources at once
- provides a one-to-one mapping of the configuration to real-world resources
- determines the dependency order for deployed resources
- reduces the number of outbound traffic by requiring state is stored locally
reduces the number of outbound traffic by requiring state is stored locally
Pam just finished up a new Terraform configuration file and has successfully deployed the configuration on Azure using Terraform open-source. After confirming the configuring on Azure, Pam changes to a new workspace and then heads to lunch. When she arrives back at her desk, Pam decides to destroy the resources to save on cost. When Pam executes a terraform destroy, the output indicates there are no resources to delete.
there is no Terraform state in the current workspace she is working in
Explanation
Workspaces isolate their state, so if Pam runs a terraform destroy, Terraform will not see any existing state for this configuration. Pam may use the command terraform workspace select to choose the original workspace where the Azure resources were provisioned in order to properly destroy them in Azure.
https://www.terraform.io/docs/cli/workspaces/index.html
Ralphie has executed a terraform apply using a complex Terraform configuration file. However, a few resources failed to deploy due to incorrect variables. After the error is discovered, what happens to the resources that were successfully provisioned?
the resources that were successfully provisioned will remain as deployed.
Explanation
During a terraform apply, any resources that are successfully provisioned are maintained as deployed.
On the other hand, resources that failed during the provisioning process, such as a provisioned, will be tainted to be recreated during the next run. https://www.terraform.io/docs/provisioners/index.html#creation-time-provisioners
When deploying an EC2 instance in AWS, for example, what value is the data source returning?
data “aws_ami” “amzlinux2” {
most_recent = true
owners = [“amazon”]
filter { name = "name" values = ["amzn2-ami-hvm-*-x86_64-ebs"] } }
resource “aws_instance” “vault” {
ami = data.aws_ami.amzlinux2.id
instance_type = “t3.micro”
key_name = “vault-key”
vpc_security_group_ids = var.sg
subnet_id = var.subnet
associate_public_ip_address = “true”
user_data = file(“vault.sh”)
tags = {
Name = “vault”
}
}
- the AMI ID for the latest version of the Amazon Linux 2 image
- a custom AMI for Amazon Linux 2
- the IP address of an EC2 instance running in AWS
- the latest used AMI for the Amazon Linux 2 image
the AMI ID for the latest version of the Amazon Linux 2 image
Explanation
Within the block body (between { and }) are query constraints defined by the data source. Most arguments in this section depend on the data source, and indeed in this example most_recent, owners and tags are all arguments defined specifically for the aws_ami data source.
https://www.terraform.io/docs/configuration/data-sources.html#using-data-sources
AutoPlants, Inc is a new startup that uses AI and robotics to grow sustainable and organic vegetables for California farmers’ markets. The organization can quickly burst into the public cloud during the busy season using Terraform to provision additional resources to process AI computations and images. Since its compute stack is proprietary and critical to the organization, it needs a solution to create and publish Terraform modules that only its engineers and architects can use.
Which feature can provide this functionality?
- public module registry
- Terraform Enterprise Workspaces
- private module registry
- Sentinel
private module registry
Explanation
HashiCorp Terraform Enterprise and Cloud offerings deliver a private version of the Module Registry. This allows organizations to safely share private modules with their internal teams.
https://www.terraform.io/docs/cloud/registry/index.html
What happens if multiple users attempt to run a terraform apply simultaneously when using a remote backend? (select two)
- if the backend does not support locking, the state file could become corrupted
- if the backend supports locking, the first terraform apply will lock the file for changes, preventing the second user from running the apply
Explanation
If the state is configured for remote state, the backend selected will determine what happens. If the backend supports locking, the file will be locked for the first user, and that user’s configuration will be applied. The second user’s terraform apply will return an error that the state is locked.
If the remote backend does not support locking, the state file could become corrupted, since multiple users are trying to make changes at the same time.
https://www.terraform.io/docs/state/locking.html
Infrastructure as Code (IaC) makes infrastructure changes _______, ________, ________, and __________. (select four)
- repeatable
- consistent
- idempotent
- highly-available
- predictable
idempotent
predictable
consistent
repeatable
Explanation
IaC makes changes idempotent, consistent, repeatable, and predictable. Without IaC, scaling up infrastructure to meet increased demand may require an operator to remotely connect to each machine and then manually provision and configure many servers by executing a series of commands/scripts. They might open multiple sessions and move between screens, which often results in skipped steps or slight variations between how work is completed, necessitating rollbacks. Perhaps a command was run incorrectly on one instance and reverted before being re-run correctly.
https://www.hashicorp.com/blog/infrastructure-as-code-in-a-private-or-public-cloud
Rigby is implementing Terraform and was given a configuration that includes the snippet below. Where is this particular module stored?
module “consul” {
source = “hashicorp/consul/aws”
version = “0.1.0”
}
- locally in the hashicorp/consul/aws directory
- locally but a directory back from the current directory
- public Terraform registry
- a private module registry supported by your organization
public Terraform registry
Explanation
Modules on the public Terraform Registry can be referenced using a registry source address of the form //, with each module’s information page on the registry site including the exact address to use.
https://www.terraform.io/docs/modules/sources.html#terraform-registry
True or False? Any sensitive values referenced in the Terraform code, even as variables, will end up in plain text in the state file.
True
Explanation
Any values that are retrieved in a data block or referenced as variables will show up in the state file.
https://www.terraform.io/docs/state/sensitive-data.html
True or False? A backend configuration is required for using Terraform.
False
Explanation
This is false. If you don’t provide a backend configuration, Terraform will use the local default backend. Remote Backends are completely optional. You can successfully use Terraform without ever having to learn or use a remote backend. However, they do solve pain points that afflict teams at a certain scale. If you’re an individual, you can likely get away with never using backends.
https://www.terraform.io/docs/backends
Scenario: You have a Terraform configuration file with no defined resources. However, there is a related state file for resources that were created on AWS. What happens when you run a terraform apply?
Terraform will destroy all of the resources
Explanation
In this case, since there is a state file with resources, Terraform will match the desired state of no resources since the configuration file doesn’t include any resources. Therefore, all resources defined in the state file will be destroyed.
https://www.terraform.io/docs/state/purpose.html
Both Terraform CLI and Terraform Cloud offer a feature called “workspaces”. Which of the following statements are true regarding workspaces? (select three)
- Run history is logged in a file underneath the working directory of a CLI workspace
- Terraform Cloud maintains the state version and run history for each workspace
- Terraform Cloud manages infrastructure collections with a workspace whereas CLI manages collections of infrastructure resources with a persistent working directory
- Each CLI workspace coincides with a different VCS repo
- CLI workspaces are alternative state files in the same working directory
- Terraform Cloud maintains the state version and run history for each workspace
- Terraform Cloud manages infrastructure collections with a workspace whereas CLI manages collections of infrastructure resources with a persistent working directory-
- CLI workspaces are alternative state files in the same working directory
Scenario: You are deploying a new application and want to deploy it to multiple AWS regions within the same configuration file. Which of the following features will allow you to configure this?
- one provider block that defines multiple regions
- using the default provider along with a single defined provider
- a provider with multiple versions defined
- multiple provider blocks using an alias
- multiple provider blocks using an alias
Explanation You can optionally define multiple configurations for the same provider, and select which one to use on a per-resource or per-module basis. The primary reason for this is to support multiple regions for a cloud platform; other examples include targeting multiple Docker hosts, multiple Consul hosts, etc.
https://www.terraform.io/docs/configuration/providers.html#alias-multiple-provider-configurations
HashiCorp offers multiple versions of Terraform to meet the needs of individuals to large enterprises. Which of the following offerings provide access to a private module registry? (select four)
Terraform Cloud - Business Terraform Enterprise (self-hosted) Terraform Cloud - Team & Governance Terraform Cloud - Free Terraform OSS
Terraform Cloud - Business
Terraform Enterprise (self-hosted)
Terraform Cloud - Team & Governance
Terraform Cloud - Free
Explanation
The Private Module Registry is available in all versions of Terraform except for Open Source.
https://www.datocms-assets.com/2885/1602500234-terraform-full-feature-pricing-tablev2-1.pdf
True or False? Before a terraform validate can be run, the directory must be initialized.
True
Explanation
Validation requires an initialized working directory with any referenced plugins and modules installed. If the directory is NOT initialized, it will result in an error.
$ terraform validate
Error: Could not load plugin
Plugin reinitialization required. Please run “terraform init”.
Plugins are external binaries that Terraform uses to access and manipulate
resources. The configuration provided requires plugins which can’t be located,
don’t satisfy the version constraints, or are otherwise incompatible.
Terraform automatically discovers provider requirements from your
configuration, including providers used in child modules. To see the
requirements and constraints, run “terraform providers”.
Failed to instantiate provider “registry.terraform.io/hashicorp/aws” to obtain
schema: unknown provider “registry.terraform.io/hashicorp/aws”
https: //www.terraform.io/docs/commands/validate.html
Scenario: You have a Terraform configuration file defining resources to deploy on VMware, yet there is no related state file. You have successfully run a terraform init already. What happens when you run a terraform apply?
- Terraform will scan the VMware infrastructure, create a new state file, and compare the state to the configuration file to determine what resources should be created
- All existing infrastructure on VMware will be deleted, and the resources defined in the configuration file will be created
- Terraform will produce an error since there is no state file
- Since there is no state file associated with this configuration file, the defined resources will be created on the VMware infrastructure
Since there is no state file associated with this configuration file, the defined resources will be created on the VMware infrastructure.
Explanation
If there is no state file associated with a Terraform configuration file, a terraform apply will create the resources defined in the configuration file. This is a normal workflow during the first terraform apply that is executed against a configuration file. This, of course, assumes that the directory has been initialized using a terraform init
https://www.terraform.io/docs/state/purpose.html
Larissa is an experienced IT professional and is working to learn Terraform to manage the F5 load balancers that front-end customer-facing applications. Larissa writes great code, but her formatting seldom meets the Terraform canonical formatting and style recommended by HashiCorp. What built-in tool or command can Larissa use to easily format her code to meet the recommendations for formatting Terraform code?
terraform fmt
Explanation
The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style. This command applies a subset of the Terraform language style conventions, along with other minor adjustments for readability.
https://www.terraform.io/docs/commands/fmt.html
Terraform has detailed logs that can be enabled using the TF_LOG environment variable. Which of the following log levels is the most verbose, meaning it will log the most specific logs?
TRACE
What is Infrastructure as Code?
You write and execute the code to define, deploy, update, and destroy your infrastructure
What are the benefits of IaC?
a. Automation
We can bring up the servers with one script and scale up and down based on our load with the same script.
b. Reusability of the code
We can reuse the same code
c. Versioning
We can check it into version control and we get versioning. Now we can see an incremental history of who changed what, how is our infrastructure actually defined at any given point of time, and we have this transparency of documentation
IaC makes changes idempotent, consistent, repeatable, and predictable.
How using IaC make it easy to provision infrastructure?
IaC makes it easy to provision and apply infrastructure configurations, saving time. It standardizes workflows across different infrastructure providers (e.g., VMware, AWS, Azure, GCP, etc.) by using a common syntax across all of them.
What is Ideompodent in terms of IaC?
The idempotent characteristic provided by IaC tools ensures that, even if the same code is applied multiple times, the result remains the same.
What are Day 0 and Day 1 activities?
IaC can be applied throughout the lifecycle, both on the initial build, as well as throughout the life of the infrastructure. Commonly, these are referred to as Day 0 and Day 1 activities.
“Day 0” code provisions and configures your initial infrastructure. (initial build)
“Day 1” refers to OS and application configurations you apply after you’ve initially built your infrastructure. (OS/App)
What are the use cases of Terraform?
Heroku App Setup Multi-Tier Applications Self-Service Clusters Software Demos Disposable Environments Software Defined Networking Resource Schedulers Multi-Cloud Deployment https://www.terraform.io/intro/use-cases.html