Terraform CLI Tutorials

Question 1

Terraform Variables vs Conventional Programming Language Variables

Answer 1

Terraform’s input variables don’t change values during a Terraform run such as plan, apply, or destroy.

Instead, they allow users to more safely customize their infrastructure by assigning different values to the variables before execution begins.

Question 2

Terraform Variables can be defined where…

Answer 2

Anywhere in a configuration file (not recommended)

In separate variables.tf file (recommended)

Question 3

A Variable Blocks three optional args

Answer 3

Description: A short description to document the purpose of the variable.

Type: The type of data contained in the variable.

Default: The default value.

e.g.,

variable "aws_region" {
  description = "AWS region"
  type        = string
  default     = "us-west-2"
}

Question 4

Referencing a variable in Terraform configuration file

Answer 4

var. variable_name
e. g.,

provider “aws” {
region = var.aws_region
}

Question 5

Terraform simple variable types

Answer 5

string, int, bool

Question 6

Terraform collection variable types

Answer 6

List: A sequence of values of the same type.

Map: A lookup table, matching keys to values, all of the same type.

Set: An unordered collection of unique values, all of the same type.

Question 7

Defining a List Type variable

Answer 7

e.g.,

variable "public_subnet_cidr_blocks" {
  description = "Available cidr blocks for public subnets."
  type        = list(string)
  default     = [
    "10.0.1.0/24",
    "10.0.2.0/24",
    "10.0.3.0/24",
    "10.0.4.0/24",
    "10.0.5.0/24",
    "10.0.6.0/24",
    "10.0.7.0/24",
    "10.0.8.0/24",
  ]
}

Question 8

Accessing multiple items in a list

Answer 8

slice() function

slice(list_object, start_index, end_index)

[‘a’, ‘b’] = slice([‘a’, ‘b’, ‘c’, ‘d’], 0, 2)

Question 9

Defining a Map Type variable

Answer 9

map(Type)

e.g. map(string) -> a map of strings. Keys are always strings.

Note: A map is like a python dict

Question 10

You will be prompted to assign a value to variable if…

Answer 10

there is no default value defined

Question 11

Variable string interpolation

Answer 11

“The value of the variable is ${var.var_name}”

Question 12

Variable string interpolation

Answer 12

“The value of the variable is ${var.var_name}”

Question 13

Variable validation

Answer 13

Use a validation block within the variable block to perform validation on the values provided for a variable.

Validation block contains a condition and an error message (string)

variable "example"{
 ...
 ...
 validation{
  condition           = length(var.example) < 10
  error_message = "Example is too long"
}

}

Question 14

terraform init

Answer 14

Command to initialize your terraform configuration.

Question 15

Terraform lock file

Answer 15

.terraform.lock.hcl

A file that records the versions and hashes of the providers used in this run. It ensures consistent Terraform runs in different environments.

Question 16

.terraform directory

Answer 16

an artifact of terraform init

Stores the providers and modules defined in the project.

Question 17

terraform plan

Answer 17

provides a preview of the actions Terraform would take to modify your infrastructure.

Question 18

Plan ( .configuration object )

Answer 18

is a snapshot of your configuration at the time of the terraform plan.

This configuration snapshot captures the versions of the providers recorded in your .terraform.lock.hcl

Question 19

Plan ( .resource_changes object )

Answer 19

action field= action taken for this resource
before field=resource state prior to this run
after field=state to define for the resource
after_unknown field=the list of values that will be computed or determined through the operation
before_sensitive and after_sensitive fields = list of any values marked sensitive

Question 20

Plan ( .planned_values object)

Answer 20

another view of the differences between the “before” and “after” values of your resources, showing you the planned outcome for a run that would use this plan file.

Question 21

Steps taken by Terraform when running terraform apply

1. Lock the Projects State.
2. ______
3. ______
4. ______
5. ______
6. Print out report of the changes made

Answer 21

1 Lock Projects state
2 Create a plan (same as terraform plan) and prompt your approval
3 Execute the steps defined in the plan
4 Update state file
5 Unlock the state file
6 Print out report of the changes made

Question 22

What does Terraform do when there are errors during terraform apply (4 events)

Answer 22

1 Errors are logged and reported to the console
2 Updates the state file with any changes to resources
3 Unlocks the state file
4 Exits

Question 23

State of infrastructure after a partially completed apply step (i.e. errors during terraform apply)

Answer 23

Infrastructure may be in an invalid state.

You must resolve the error then apply the config again to update your infrastructure to the desired state

Question 24

terraform apply -replace

Answer 24

when a resource has become unhealthy or stops working in ways that are outside of Terraform’s control.

You want to instruct Terraform to reprovision the resource using the same configuration.

The -replace argument requires a resource address. List the resources in your configuration with terraform state list.

Question 25

Output blocks

Answer 25

Output declarations can appear anywhere in your Terraform configuration files.

However, recommended putting them into a separate file called outputs.tf

output “vpc_id” {
description = “ID of project VPC”
value = module.vpc.vpc_id
}

Question 26

terraform output

Answer 26

terraform stores output values in its state file.

These values can be queried using the terraform output command

Question 27

Terraform version constraints

required_version = 0.15.0 ?
required_version >= 0.15 ?
required_version ~> 0.15.0 ?
required_version >= 0.15, < 2.0.0 ?

Answer 27

required_version = 0.15.0 means only version 0.15.0
required_version >= 0.15 version 0.15 or greater
required_version ~> 0.15.0 any version 0.15.x
required_version >= 0.15, < 2.0.0 ? version 0.15 or later, but less than version 2.0.0

Question 28

terraform [plan/apply/destroy] -target

Answer 28

You can use Terraform’s -target option to target specific resources, modules, or collections of resources when you plan, apply, or destroy your infrastructure.

Question 29

terraform show

Answer 29

command to review resources in state file.

Information is presented in JSON.

Question 30

terraform refresh

Answer 30

updates the state file when physical resources change outside of the terraform workflow

deprecated (use -refresh-only)

Question 31

terraform [plan/apply] -refresh-only

Answer 31

updates your state file without making modifications to your infrastructure

used for when physical resources change outside of the terraform workflow

Question 32

terraform login

Answer 32

In order to authenticate with Terraform Cloud, run the terraform login subcommand.

Terraform will prompt you to confirm that you want to authenticate by typing yes in your terminal.

Question 33

terraform validate

Answer 33

Validate runs checks that verify whether a configuration is syntactically valid and internally consistent, regardless of any provided variables or existing state. It is thus primarily useful for general verification of reusable modules, including correctness of attribute names and value types.

Question 34

Importing infrastructure form outside of Terraform (5 Steps)

Answer 34

Identify the existing infrastructure to be imported.
Import infrastructure into your Terraform state.
Write Terraform configuration that matches that infrastructure.
Review the Terraform plan to ensure the configuration matches the expected state and infrastructure.
Apply the configuration to update your Terraform state.

Question 35

Importing infrastructure into terraform overview

Answer 35

Currently state-only. Import resources into the state does not generate configuration.

It is necessary to manually write the configuration.

Question 36

terraform import

Answer 36

is used to import existing resources into Terraform.

Usage: terraform import [options] ADDRESS ID

ADDRESS must be a valid resource address.

ID is dependent on the resource type being imported.

Question 37

Provisioner

Answer 37

allow you to upload files, run shell scripts, install and trigger other software

resource “aws_instance” “example” {
ami = “ami-b374d5a5”
instance_type = “t2.micro”

provisioner “local-exec” {
command = “echo hello > hello.txt”
}
}

Question 38

local-exec provisioner

Answer 38

The local-exec provisioner executing a command locally on your machine running Terraform.

Question 39

remote-exec provisioner

Answer 39

Another useful provisioner is remote-exec which invokes a script on a remote resource after it is created.

Question 40

When do provisioners run?

Answer 40

Provisioners are only run when a resource is created or destroyed. Provisioners that are run while destroying are Destroy provisioners.

Question 41

tainted resource

Answer 41

A resource that is tainted has been physically created, but can’t be considered safe to use since provisioning failed.

Question 42

scope of terraform fmt command

Answer 42

scans the current directory for configuration files.

-recursive flag to scan subdirectories as well

Question 43

terraform taint

Answer 43

manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply.

Note: This command does NOT modify the infrastructure, it modifies the state file. the next plan will show that the tainted resource must be destroyed and recreated, the next apply will implement the change.

Question 44

What is a workspace

Answer 44

Persistent data stored in backend belongs to a workspace.