Day 71 - Let's Prepare for Some Terraform Interview Questions ๐Ÿ”ฅ

Nilkanth MistryNilkanth Mistry
5 min read

Today, we dive into some common interview questions about Terraform. Whether you're prepping for an interview or just brushing up on your Terraform knowledge, these questions will help you solidify your understanding of this powerful Infrastructure as Code (IaC) tool. Let's get started! ๐Ÿ’ช

1. What is Terraform and how is it different from other IaC tools? ๐ŸŒ

Terraform is an open-source IaC tool developed by HashiCorp that allows you to define and provision infrastructure using a high-level configuration language called HCL (HashiCorp Configuration Language).

Differences from other IaC tools:

  • Declarative Language: Terraform uses a declarative approach, meaning you define the desired end state, and Terraform determines how to achieve it. ๐Ÿ“œ

  • State Management: Terraform maintains a state file that keeps track of the infrastructure, enabling it to know the current state versus the desired state. ๐Ÿ—‚๏ธ

  • Provider Ecosystem: Terraform supports a wide range of cloud providers and services, making it highly versatile. ๐ŸŒ

  • Plan and Apply: Terraform has a two-step process (terraform plan and terraform apply), allowing you to review changes before applying them. โœ…

2. How do you call a main.tf module? ๐Ÿ“ž

To call a module defined in main.tf, you need to use the module block in your root configuration file:

module "example_module" {
  source = "./path_to_module_directory"

  variable1 = "value1"
  variable2 = "value2"
}

3. What exactly is Sentinel? Can you provide a few examples where we can use Sentinel policies? ๐Ÿ›ก๏ธ

Sentinel is a policy-as-code framework used to enforce rules and guidelines in your Terraform configurations. It allows you to create policies that define what is allowed or disallowed in your infrastructure.

Examples:

  • Cost Control: Ensure that only certain instance types are used to control costs. ๐Ÿ’ฐ

  • Security: Enforce policies that restrict the use of certain ports or enforce encryption. ๐Ÿ”’

  • Compliance: Ensure that all resources are tagged with necessary metadata for compliance tracking. ๐Ÿท๏ธ

4. You have a Terraform configuration file that defines an infrastructure deployment. However, there are multiple instances of the same resource that need to be created. How would you modify the configuration file to achieve this? ๐Ÿ”„

You can use the count or for_each meta-argument to create multiple instances of the same resource.

Using count:

resource "aws_instance" "example" {
  count = 3
  ami = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}

Using for_each:

resource "aws_instance" "example" {
  for_each = toset(["instance1", "instance2", "instance3"])
  ami = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
  tags = {
    Name = each.key
  }
}

5. You want to know from which paths Terraform is loading providers referenced in your Terraform configuration (*.tf files). You need to enable debug messages to find this out. Which of the following would achieve this? ๐Ÿ›

A. Set the environment variable TF_LOG=TRACE

export TF_LOG=TRACE
terraform apply

6. Below command will destroy everything that is being created in the infrastructure. Tell us how would you save any particular resource while destroying the complete infrastructure. ๐Ÿ”ฅ

To prevent a particular resource from being destroyed, you can use the lifecycle block with the prevent_destroy attribute.

resource "aws_instance" "example" {
  ami = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  lifecycle {
    prevent_destroy = true
  }
}

7. Which module is used to store .tfstate file in S3? ๐Ÿ—‚๏ธ

The backend "s3" block is used to configure remote state storage in an S3 bucket.

terraform {
  backend "s3" {
    bucket = "my-terraform-state-bucket"
    key    = "path/to/my/key"
    region = "us-east-1"
  }
}

8. How do you manage sensitive data in Terraform, such as API keys or passwords? ๐Ÿ”‘

Sensitive data can be managed using Terraform's built-in mechanisms and external tools:

  • Environment Variables: Use environment variables to pass sensitive information. ๐ŸŒฑ

  • Terraform Cloud/Enterprise: Use the secure variable storage provided by Terraform Cloud/Enterprise. โ˜๏ธ

  • External Secret Management: Use tools like AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault. ๐Ÿฆ

variable "api_key" {
  description = "API Key"
  type = string
  sensitive = true
}

9. You are working on a Terraform project that needs to provision an S3 bucket, and a user with read and write access to the bucket. What resources would you use to accomplish this, and how would you configure them? ๐Ÿชฃ

You would use the aws_s3_bucket and aws_iam_user resources.

resource "aws_s3_bucket" "example" {
  bucket = "my-bucket"
  acl    = "private"
}

resource "aws_iam_user" "example" {
  name = "example-user"
}

resource "aws_iam_policy" "example" {
  name        = "example-policy"
  description = "A policy for S3 bucket access"
  policy      = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action   = ["s3:GetObject", "s3:PutObject"]
        Effect   = "Allow"
        Resource = "arn:aws:s3:::my-bucket/*"
      }
    ]
  })
}

resource "aws_iam_user_policy_attachment" "example" {
  user       = aws_iam_user.example.name
  policy_arn = aws_iam_policy.example.arn
}

10. Who maintains Terraform providers? ๐Ÿ‘ท

Terraform providers are maintained by either HashiCorp, the community, or third-party vendors. Providers maintained by HashiCorp are officially supported, while community and third-party providers are often supported by the respective organizations or community members. ๐Ÿ› ๏ธ

11. How can we export data from one module to another? ๐Ÿ”„

You can export data from one module to another using outputs in the source module and referencing those outputs in the destination module.

In the source module (outputs.tf):

output "bucket_id" {
  value = aws_s3_bucket.example.id
}

In the destination module:

module "source_module" {
  source = "./source_module"
}

resource "aws_s3_bucket_object" "example" {
  bucket = module.source_module.bucket_id
  key    = "example-key"
  content = "example-content"
}

Waiting for your responses ๐Ÿ˜‰.....Till then Happy learning! ๐Ÿ˜Š

0
Subscribe to my newsletter

Read articles from Nilkanth Mistry directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Nilkanth Mistry
Nilkanth Mistry

Embark on a 90-day DevOps journey with me as we tackle challenges, unravel complexities, and conquer the world of seamless software delivery. Join my Hashnode blog series where we'll explore hands-on DevOps scenarios, troubleshooting real-world issues, and mastering the art of efficient deployment. Let's embrace the challenges and elevate our DevOps expertise together! #DevOpsChallenges #HandsOnLearning #ContinuousImprovement