Terraform Interview Questions and Answers

Define IAC?

IAC or Infrastructure as Code allows you to build, change, and manage your infrastructure through coding instead of manual processes. The configuration files are created according to your infrastructure specifications and these configurations can be edited and distributed securely within an organization.

What are the most useful Terraform commands?

Some of the most useful Terraform commands are:

terraform init - initializes the current directory

terraform refresh - refreshes the state file

terraform output - views Terraform outputs

terraform apply - applies the Terraform code and builds stuff

terraform destroy - destroys what has been built by Terraform

terraform graph - creates a DOT-formatted graph

terraform plan - a dry run to see what Terraform will do

Why is Terraform used for DevOps?

Terraform uses a JSON-like configuration language called the HashiCorp Configuration Language (HCL). HCL has a very simple syntax that makes it easy for DevOps teams to define and enforce infrastructure configurations across multiple clouds and on-premises data centers.

Define null resource in Terraform.

null_resource implements standard resource library, but no further action is taken. The triggers argument allows an arbitrary set of values that will cause the replacement of resources when changed.

What do you mean by Terraform cloud?

Terraform Cloud is a platform that enables teams to use Terraform together, either on-demand or in response to various events. It is deeply integrated with Terraform's workflows and data, unlike a general-purpose continuous integration system. It includes easy access to shared state and secret data, detailed policy controls for updating infrastructure and governing the contents of Terraform, a private registry for sharing Terraform modules, and lots more.

What do you understand by terraform backend?

Each Terraform configuration can specify a backend, which defines two main things:

1. Where operations are performed

2. Where the state is stored (Terraform keeps track of all the resources created in a state file)

What are modules in Terraform?

A jug for numerous resources that are used jointly is known as a module in Terraform. The root module includes resources mentioned in the .tf files and is required for every Terraform.

What is a Private Module Registry?

A Private Module Registry is a feature from Terraform Cloud that allows you to share Terraform modules across the organization. You can enforce rules or “sentinel policies” on the registry that specify how members of your organization can use the modules.

Is Terraform usable for an on-prem infrastructure?

Yes, Terraform can be used for on-prem infrastructure. As there are a lot of obtainable providers, we can decide which suits us the best. All that we need is an API.

How is duplicate resource error ignored during terraform apply?

We can try the following options:

1. Delete those resources from the cloud provider(API) and recreate them using Terraform

2. Delete those resources from Terraform code to stop its management with it Carry out a terraform import of the resource and remove the code that is trying to recreate them

What are some of the built-in provisioners available in Terraform?

Here is the list of built-in provisioners in Terraform:

Salt-masterless Provisioner

Remote-exec Provisioner

Puppet Provisioner

Local-exec Provisioner

Habitat Provisioner

File Provisioner

Chef Provisioner

How to Store Sensitive Data in Terraform?

Terraform requires credentials to communicate with your cloud provider's API. But most of the time, these credentials are saved in plaintext on your desktop. GitHub is exposed to thousands of API and cryptographic keys every day. Hence, your API keys should never be stored in Terraform code directly. You should use encrypted storage to store all your passwords, TLS certificates, SSH keys, and anything else that shouldn't be stored in plain text.

Explain State File Locking?

State file locking is Terraform mechanism in which operations on a specific state file are blocked to avoid conflicts between multiple users performing the same process. When one user releases the lock, then only the other one can operate on that state. This helps in preventing state file corruption. This is a backend operation.

What do you understand by a Tainted Resource?

A tainted resource is a resource that is forced to be destroyed and recreated on the next apply command. When a resource is marked as tainted, the state files are updated, but nothing changes on infrastructure. The terraform plan out shows that help will get destroyed and recreated. The changes get implemented when the next apply happens.

How to lock Terraform module versions?

A proven way of locking Terraform module version is using the Terraform module registry as a source. We can use the ‘version’ attribute in module of the Terraform configuration file. As the Github repository is being used as a source, we need to specify versions, branch, and query string with ‘?ref’.

What is Terraform?

Terraform is an open-source Infrastructure as Code (IaC) tool created by HashiCorp. It allows users to define and provision data center infrastructure using a high-level configuration language known as HCL (HashiCorp Configuration Language).

Explain the difference between Terraform and other IaC tools like Ansible, Puppet, and Chef.

Terraform is primarily declarative and focuses on infrastructure provisioning. Ansible, Puppet, and Chef are procedural and typically used for configuration management and application deployment.

What is a Terraform provider?

Answer: A provider in Terraform is a plugin that allows Terraform to manage an external API. Each provider is responsible for understanding API interactions and exposing resources.

What is a Terraform module?

A module in Terraform is a container for multiple resources that are used together. Modules can be used to encapsulate and reuse code across different projects.

What are Terraform state files?

Terraform state files (terraform.tfstate) keep track of the infrastructure managed by Terraform, mapping the configuration to the actual resources in the cloud.

How does Terraform ensure that infrastructure changes are made safely?

Terraform uses a plan and apply process. The terraform plan command shows the changes that will be made, while the terraform apply command executes those changes. This two-step process helps avoid accidental changes.

What is a Terraform backend?

A backend in Terraform determines how state is loaded and how operations such as apply are executed. It also defines where state snapshots are stored.

How do you handle secret management in Terraform?

Secrets can be managed in Terraform using environment variables, secure storage solutions like AWS Secrets Manager, or Vault.

What is a Terraform workspace?

A workspace in Terraform is an isolated instance of state data, allowing the same configuration to be applied to different environments (e.g., development, staging, production).

Explain the difference between terraform import and terraform taint.

terraform import brings existing infrastructure into Terraform management. terraform taint marks a resource for destruction and recreation on the next apply.

What is the purpose of the terraform fmt command?

The terraform fmt command is used to format Terraform configuration files to a canonical format and style.

What is Terraform's plan command?

The terraform plan command creates an execution plan, showing the changes that will be applied without actually performing any actions.

How does Terraform handle dependencies between resources?

Terraform automatically understands dependencies between resources by analyzing resource attributes and using implicit and explicit dependencies.

What is the purpose of the terraform refresh command?

The terraform refresh command updates the state file with the real infrastructure values.

How do you manage infrastructure drift in Terraform?

Infrastructure drift is managed by using the terraform plan command to detect changes and the terraform apply command to correct them.

Explain the use of terraform validate.

The terraform validate command checks whether a configuration is syntactically valid and internally consistent.

What are the different types of variables in Terraform?

Terraform has input variables, output variables, and local variables.

How do you pass variables in Terraform?

Variables can be passed in Terraform via command-line flags, environment variables, or variable files.

What is the terraform output command?

The terraform output command displays the output values defined in the configuration.

How does Terraform handle resource naming conflicts?

Terraform uses unique resource identifiers (resource names) to avoid conflicts.

What are some common Terraform commands you should know?

Some common Terraform commands include init, plan, apply, destroy, fmt, validate, output, and refresh.

How do you destroy resources in Terraform?

Resources can be destroyed using the terraform destroy command, which removes all infrastructure managed by Terraform.

What is terraform graph used for?

The terraform graph command is used to generate a visual representation of the dependency graph of resources.

How does Terraform handle errors and retries?

Terraform has built-in mechanisms for retries and can automatically retry failed operations with exponential backoff.

What is a data source in Terraform?

A data source in Terraform allows you to fetch read-only information defined outside of Terraform for use in your Terraform configuration.

Explain the use of the terraform state command.

The terraform state command is used to view and manipulate the state file. It includes subcommands like list, show, mv, rm, and pull.

What is the difference between terraform apply and terraform destroy?

terraform apply creates or updates infrastructure based on the configuration, while terraform destroy removes all resources defined in the configuration.

What are the benefits of using Terraform?

Benefits include infrastructure as code, modularity, versioning, reusability, and support for multiple cloud providers.

What is remote state in Terraform?

Remote state refers to storing the state file in a remote location like AWS S3, Azure Blob Storage, or Terraform Cloud, enabling collaboration and state locking.

How do you handle provider versioning in Terraform?

Provider versioning is handled using the required_providers block in the configuration file, specifying the provider version constraints.