Terraform Configuration Language Tutorials

Question 1

resource block

Answer 1

Resource blocks declare a resource type and name.

Together, the type and name form a resource identifier (ID) in the format resource_type.resource_name

Question 2

Resource types always start with the _________ followed by an underscore.

Answer 2

provider name

Question 3

Resource Arguments

Answer 3

configure a particular resource; because of this, many arguments are resource-specific.

Question 4

Resource Attributes

Answer 4

Attributes are values exposed by an existing resource.

References to resource attributes take the format resource_type.resource_name.attribute_name

Question 5

Resource Meta-arguments

Answer 5

Meta-arguments change a resource’s behavior, such as using a count meta-argument to create multiple resources.

Meta-arguments are a function of Terraform itself and are not resource or provider-specific.

Question 6

Terraform Core

Answer 6

reads the configuration and builds the resource dependency graph.

Question 7

Terraform Plugins

Answer 7

(providers and provisioners) bridge Terraform Core and their respective target APIs.

Terraform provider plugins implement resources via basic CRUD (create, read, update, and delete) APIs to communicate with third party services.

Question 8

Sensitive values in state file

Answer 8

Terraform stores the state as plain text, including variable values, even if you have flagged them as sensitive.

Since Terraform state can contain sensitive values, you must keep your state file secure to avoid exposing this data.

Question 9

locals

Answer 9

named values that you can refer to in your configuration

Unlike input variables, locals are not set directly by users of your configuration!

Question 10

Data sources

Answer 10

Data sources allow Terraform to use information defined outside of Terraform, defined by another separate Terraform configuration, or modified by functions.

Question 11

A data block requests that Terraform ….

Answer 11

read from a given data source and export the result under the given local name

data "data_source" "local_name" {
 #Most arguments in this section depend on the data source
}

e.g.,

data “azurerm_virtual_machine” “example” {
name = “production”
resource_group_name = “networking”
}

output “virtual_machine_id” {
value = data.azurerm_virtual_machine.example.id
}

Question 12

Managed resources (resource {}) vs. data resources (data {})

Answer 12

Both kinds of resources take arguments and export attributes

Managed resources cause Terraform to create, update, and delete infrastructure objects

Data resources cause Terraform only to read objects.

Question 13

terraform_remote_state data source

Answer 13

Retrieves state data from a Terraform backend.

Allows you to use the root-level outputs of one or more Terraform configurations as input data for another configuration.

Question 14

Backends

Answer 14

Backends define where Terraform’s state snapshots are stored.

Question 15

Resource Dependencies

Answer 15

Terraform infers the dependencies between resources in most cases.

Occasionally, an dependency will need be defined explicitly with the depends_on argument

Question 16

depends_on

Answer 16

An argument to define explicit dependencies

Accepted by any resource of module block

You can specify multiple resources in the depends on argument

e.g.,
resource "aws_instance" "example"{
    ...
    depends_on = [aws_s3_bucket.example]
}

module “example_sqs_queue” {
…
depends_on = [aws_s3_bucket.example, aws_instance.example]
}

Question 17

The count argument

Answer 17

replicates the given resource or module a specific number of times with an incrementing counter. It works best when resources will be identical, or nearly so.

resource "azurerm_virtual_network" "example" {
 #create 6 instances of a vnet
  count = 6
  name                = "example-vnet0${count.index}"
  ...
}

Question 18

The for_each argument

Answer 18

meta-argument accepts a map or a set of strings, and creates an instance for each item in that map or set. Each instance has a distinct infrastructure object associated with it, and each is separately created, updated, or destroyed when the configuration is applied.

Question 19

The each object

Answer 19

In blocks where for_each is set, an additional each object is available in expressions, so you can modify the configuration of each instance.

This object has two attributes:

each. key — The map key (or set member) corresponding to this instance.
each. value — The map value corresponding to this instance. (If a set was provided, this is the same as each.key.)

Question 20

Limitations on values used in for_each

Answer 20

The keys of the map (or all the values in the case of a set of strings) must be known values

Sensitive values cannot be used as arguments to for_each

Question 21

Referring to instances (within the config file) that were declared using for_each

Answer 21

TYPE.NAME refers to the block (e.g., azure_resource_group.rg)
TYPE.NAME.[KEY] refers to individual instances (e.g., azure_resource_group.rg[“rg01”], azure_resource_group.rg[“rg02”])

Question 22

the templatefile Function

Answer 22

reads the file at the given path and renders its content as a template using a supplied set of template variables.

templatefile(path, vars)

*.tftpl is the recommended naming pattern to use for your template files

Question 23

the file function

Answer 23

reads the contents of a file at the given path and returns them as a string.

Question 24

template sequences

Answer 24

Within quoted and heredoc string expressions, the sequences ${ and %{ begin template sequences. Templates let you directly embed expressions into a string literal, to dynamically construct strings from other values.

Question 25

String Interpolation

Answer 25

A ${ … } sequence is an interpolation, which evaluates the expression given between the markers, converts the result to a string if necessary, and then inserts it into the final string:

“Hello, ${var.name}!”

Question 26

string directives

Answer 26

A %{ … } sequence is a directive, which allows for conditional results and iteration over collections, similar to conditional and for expressions.

Question 27

string directives: if else

Answer 27

The %{if }/%{else}/%{endif} directive chooses between two templates based on the value of a bool expression:

e.g., “Hello, %{ if var.name != “” }${var.name}%{ else }unnamed%{ endif }!”

Question 28

string directives: for

Answer 28

The %{for in } / %{endfor} directive iterates over the elements of a given collection

e.g., “%{ for ip in aws_instance.example.*.private_ip } server ${ip} %{ endfor }”

Question 29

whitespace stripping in template directives

Answer 29

template sequences can include strip markers ( ~ ) immediately after the opening chars or immediately before the end.

Question 30

heredoc style strings

Answer 30

A heredoc string consists of:

An opening sequence consisting of:
A heredoc marker (&laquo_space;or <

Question 31

the lookup function

Answer 31

lookup retrieves the value of a single element from a map, given its key. If the given key does not exist, the given default value is returned instead.

lookup(map, key, default)

Question 32

the concat function

Answer 32

The concat function takes two or more lists and combines them into a single list.

Question 33

conditional expressions syntax

Answer 33

condition ? true value : false value

name = (var.name != “” ? var.name : random_id.id.hex)

Question 34

the splat expression

Answer 34

The splat expression captures all objects in a list that share an attribute. The special * symbol iterates over all of the elements of a given list and returns information based on the shared attribute you define.

e.g.,

value = aws_instance.ubuntu[*].private_dns

Question 35

a dynamic block

Answer 35

A dynamic block acts much like a for expression, but produces nested blocks instead of a complex typed value.

Question 36

dynamic block syntax (for_each)

Answer 36

The for_each argument provides the complex value to iterate over.

resource "azurerm_virtual_network" "example" {
    ....
  dynamic "subnet"{
    for_each = var.subnets
    ...
  }
}

Question 37

dynamic block syntax (label)

Answer 37

The label of the dynamic block (e.g., subnet) specifies what kind of nested block to generate.

resource "azurerm_virtual_network" "example" {
  ...
  dynamic "subnet"{
    ...
    }
  }

Question 38

dynamic block syntax (iterator)

Answer 38

The iterator argument (optional) sets the name of a temporary variable that represents the current element of the complex value.

If omitted, the name of the variable defaults to the label of the dynamic block (“setting” in the example above).

resource "azurerm_virtual_network" "example" {
    ...
  dynamic "subnet"{
    for_each = var.subnets-iter
    #adding iterator to override the default label (i.e., "subnet") as iterator
    iterator = iter
    content{
        name = iter.value["name"]
        address_prefix = iter.value["address_prefix"]
        security_group = azurerm_network_security_group.example.id
    }
  }
}

Question 39

dynamic block syntax (content)

Answer 39

The nested content block defines the body of each generated block. You can use the temporary iterator variable inside this block or the default label ofthe dynamic block.

resource “azurerm_virtual_network” “example” {
…
dynamic “subnet”{
for_each = var.subnets
content{
name = subnet.value[“name”]
address_prefix = subnet.value[“address_prefix”]
security_group = azurerm_network_security_group.example.id
}
}
}

Question 40

lifecycle block

Answer 40

is nested block that can appear in a resource block

lifecycle block and its contents are meta-arguments

Question 41

lifecycle {} - create_before_destroy

Answer 41

The create_before_destroy (bool) meta-argument changes default behavior so that a new replacement object is created first, and the prior object is destroyed after the replacement is created.

Question 42

lifecycle {} - prevent_destroy

Answer 42

prevent_destroy (bool) - This meta-argument, when set to true, will cause Terraform to reject with an error any plan that would destroy the infrastructure object associated with the resource, as long as the argument remains present in the configuration.

Question 43

lifecycle {} - ignore_changes

Answer 43

The ignore_changes list (list of attribute names) is intended to be used when a resource is created with references to data that may change in the future, but should not affect said resource after its creation.

Question 44

debugging in terraform

Answer 44

set the TF_LOG environment variable to any value.

This will cause detailed logs to appear on stderr.

Question 45

location of terraform crash logs

Answer 45

crash.log

Question 46

Directory-separated vs workspace-separated environments?

Answer 46

Directory separated environments rely on duplicate Terraform code

Workspace-separated environments use the same Terraform code but have different state files

Question 47

terraform state pull

Answer 47

command to pull the remote state

will download the state from its current location and output the raw format to stdout.

Question 48

terraform state push

Answer 48

command to upload the remote state

Question 49

When you are using workspaces where does the Terraform save the state file for the local state?

Answer 49

terraform.tfstate.d

Question 50

When you are using workspaces where does the Terraform save the state file for the remote state?

Answer 50

For remote state, the workspaces are stored directly in the configured backend.

Question 51

How do you remove items from the Terraform state?

Answer 51

terraform state rm command is used to remove items from the Terraform state. This command can remove single resources, single instances of a resource, entire modules, and more.

Question 52

When you are doing initialization with terraform init, you want to skip backend initialization. What should you do?

Answer 52

terraform init -backend=false

Question 53

When you are doing initialization with terraform init, you want to skip child module installation. What should you do?

Answer 53

terraform init -get=false

Question 54

When you are doing initialization with terraform init, you want to skip plugin installation. What should you do?

Answer 54

terraform init -get-plugins=false

Question 55

What does the command terraform validate do?

Answer 55

terraform validate command validates the configuration files in a directory

runs checks that verify whether a configuration is syntactically valid and internally consistent

Question 56

You are applying the infrastructure with the command apply and you don’t want to do interactive approval. Which flag should you use?

Answer 56

terraform apply -auto-approve

Question 57

How do you preview the behavior of the command terraform destroy?

Answer 57

terraform plan -destroy

Question 58

How do you save the execution plan?

Answer 58

terraform plan -out=tfplan

Question 59

the try function

Answer 59

try evaluates all of its argument expressions in turn and returns the result of the first one that does not produce any errors.

local.foo
{
  "bar" = "baz"
}
> try(local.foo.bar, "fallback")
baz
> try(local.foo.boop, "fallback")
fallback

Question 60

A locals block

Answer 60

defines local variables

locals{
name_suffix = “${var.project_name}-${var.environment}”
}

Note: Unlike input variables locals are not directly set by the user

Question 61

Terraform command to create new workspace

Answer 61

terraform workspace new [workspace-name]

Question 62

how to run provisioners that are not associated with any resource

Answer 62

Null_resource

Question 63

When writing Terraform code, HashiCorp recommends that you use how many spaces between each nesting level?

Answer 63

2

Question 64

In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently during a terraform apply?

Answer 64

10

Question 65

When using providers that require the retrieval of data, such as the HashiCorp Vault provider, in what phase does Terraform actually retrieve the data required, assuming you are following the standard workflow of write, plan, and apply?

Answer 65

terraform plan

It is important to consider that Terraform reads from data sources during the plan phase and writes the result into the plan

Question 66

the lookup function

Answer 66

lookup(map, key, default)

> lookup({a=”ay”, b=”bee”}, “a”, “what?”)
ay
lookup({a=”ay”, b=”bee”}, “c”, “what?”)
what?

Question 67

what command removes the lock on the state for the current configuration. Be very careful forcing an unlock, as it could cause data corruption and problems with your state file.

Answer 67

terraform force-unlock

Question 68

Where does Terraform OSS store the local state for workspaces?

Answer 68

For local state, Terraform stores the workspace states in a directory called terraform.tfstate.d.

Question 69

In Terraform Enterprise, a workspace can be mapped to how many VCS repos?

Answer 69

A workspace can only be configured to a single VCS repo, however, multiple workspaces can use the same repo, if needed.

Question 70

In the terraform block, which configuration would be used to identify the specific version of a provider required?

Answer 70

required_providers