Terraform Interview Questions
Below are the terraform topics for interviews:
1. Introduction | 7. Terraform Structures and Syntax |
2. Variables | 8. Modules |
3. Data Sources | 9. Version Control |
4. Lifecycle | 10. Validations |
5. Provisioners | 11. Secrets |
6. State | 12. Production |
Beginner
- What is Terraform?
- “HashiCorp Terraform is an infrastructure as code tool that lets you define both cloud and on-prem resources in human-readable configuration files that you can version, reuse, and share.
- You can then use a consistent workflow to provision and manage all of your infrastructure throughout its lifecycle.
- Terraform can manage low-level components like compute, storage, and networking resources, as well as high-level components like DNS entries and SaaS features.”
- What are the advantages in using Terraform or IaC in general?
- Full automation: In the past, resource creation, modification and removal were handled manually or by using a set of tooling. With Terraform or other IaC technologies, you manage the full lifecycle in an automated fashion.
- Modular and Reusable: Code that you write for certain purposes can be used and assembled in different ways. You can write code to create resources on a public cloud and it can be shared with other teams who can also use it in their account on the same (or different) cloud>
- Improved testing: Concepts like CI can be easily applied on IaC based projects and code snippets. This allow you to test and verify operations beforehand
- Does Terraform use declarative or imperative approach?
- Declarative: Terraform uses the declarative approach (rather than the procedural one) in order to define end-status of the resources
- What language does Terraform uses?
- A DSL called “HCL” (Hashicorp Configuration Language). A declarative language for defining infrastructure.
What’s a typical Terraform workflow? | Init | Write Terraform definitions using .tf files written in HCL that describes the desired infrastructure state | | Plan | Review the plan generated by Terraform which lists all the changes that will be made to the environment | | Apply | Terraform will apply the given definitions, by adding, modifying or removing the resources |
- What’s the difference between Terraform and technologies such as Ansible, Puppet, Chef, etc.
- Terraform is considered to be an IaC technology. It’s used for provisioning resources, for managing infrastructure on different platforms.
- Ansible, Puppet and Chef are Configuration Management technologies. They are used once there is an instance running and you would like to apply some configuration on it like installing an application, applying security policy, etc.
What are different variable types that you have used so far?
string number bool list(<TYPE>) set(<TYPE>) map(<TYPE>) object({ = \<TYPE\>, ... }) tuple([<TYPE>, …]) What are different loops available in terraform?
count for for_each What is the difference between lists, tuples and set type in terraform?
Set Similar to lists and tuples, but does not contains duplicate values and ordering of elements is lost List Lists are mutable, which means you can add, remove, or modify elements after the list is created Tuples Tuples are immutable, which means they cannot be changed once created - What’s Terraform State? Where is it stored?
- Terraform state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.
- Local or remote storage - Depends upon the requirement.
- What is Terraform state locking?
- If there are two users or processes concurrently editing the state file it can result in invalid state file that doesn’t actually represents the state of resources.
- To avoid it, terraform applies lock on the state file.
Intermediate
- Explain the background tasks that are executed after running the command ‘terraform init’ on a new machine?
- Terraform will search for the provider locally. If not present, it will download and install the provider from the public terraform registry.
- Syntax
- Authentication
- Create empty state file
- How to define dependencies between resources in terraform? Which terraform command is used to check the dependencies between resources?
- depends_on
- terraform graph
- What are terraform providers? Can we create our own terraform provider?
- “Terraform relies on plugins called “providers” to interact with cloud providers, SaaS providers, and other APIs which help terraform to manage resources or data sources.
- Yes, and it can stored in the terraform public registry.
- What is the effect of setting variable as “sensitive”?
- It doesn’t show its value when you run terraform apply or terraform plan but eventually it’s still recorded in the state file.
- If the same variable is defined in the following places, which source will be used first? The file terraform.tfvars Environment variable Using -var or -var-file
- The current order based on the variable prefrences is:
- Environment variable
- The file terraform.tfvars
- Using -var or -var-file
- The current order based on the variable prefrences is:
- What are locals? and why are they used instead of variables?
- Similarly to variables they serve as placeholders for data and values.
- Differently from variables, users can’t override them by passing different values.
- What are “Provisioners”? What are different types?
- Provisioners can be described as plugin to use with Terraform, usually focusing on the aspect of service configuration and make it operational.
- local-exec and remote-exec
- What is terraform backend? What are best practices for creating a terraform backend?
- Terraform backend determines how the Terraform state is stored and loaded. It can be local (default) or remote.
- Best Pratices:
- Add lifecycle of “prevent_destroy” to it so it’s not accidentally deleted.
- Enable versioning
- Encrypt the bucket
- Block public access
Advanced
Can we use a single terraform state file to store resources from multiple cloud providers? If yes, how does the authentication works for each cloud provider?
How are secrets managed in terraform? Where are they stored and how are they accessed from terraform?
- What is the resource recreation lifecycle? and can we control the resource recreation lifecyle?
- By default the current resource is deleted, a new one is created and any references pointing the old resource are updated to point the new resource.
- Yes, below options are availble: 1. create_before_destroy 2. prevent_destroy 3. ignore_changes 4. replace_triggered_by
- Explain the folder structure that you will be creating in order to deploy individual env(webapp+db) for 10 customers.
- There are several approaches to define the folder structure:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
--modules --webapp --database --env -- main.tf -- providers.tf --prod -- variables.tf # Containing details of all the customers -- backend.tf --qa -- variables.tf # Containing details of the QA environment -- backend.tf --dev -- variables.tf # Containing details of the Dev environment -- backend.tf
- What are the locations where the terraform would search for providers if the internet is not accessible from a machine?
- Below is the order: a. The current working directory. b. The .terraform directory in your current working directory. This is where Terraform stores the plugins it downloads. c. The user plugins directory. The location of this directory varies by operating system: On Unix-like systems (including Linux and macOS), the directory is $HOME/.terraform.d/plugins. On Windows, the directory is %APPDATA%\terraform.d\plugins. d. The system plugins directory. The location of this directory also varies by operating system: On Unix-like systems, the directory is /usr/local/share/terraform/plugins. On Windows, the directory is %PROGRAMDATA%\terraform.d\plugins. e. Any directories specified by the plugin_cache_dir configuration in the Terraform CLI configuration file.
- What is Terraform Plugin Cache? How do we manage it in an controlled environment where internet is not accessible?
- The Terraform plugin cache is a directory (defined by env variable plugin_cache_dir )where Terraform stores downloaded provider plugins.
- When you run Terraform commands that require a specific provider, Terraform checks if the provider plugin is already installed in the plugin cache. If it is not found, Terraform automatically downloads the plugin and stores it in the cache for future use.
- In a controlled environment, the providers needs to be already downloaded to the machine/container/image
- How to import resources into terraform state when using modules? for_each? terragrunt?
- Modules:
1 2
terraform import module.module_name.resource_tye.resource_name resource_id terraform import module.iam.aws_iam_user.user john
- For_each with modules
1
terraform import module.iam.aws_iam_user.user[\"john\"] john
- Foreach with modules and using Terragrunt
- Navigate to the directory where the terragrunt.hcl file is present for the resource and run the below command:
1
terragrunt import azurerm_resource_group.rg[\"dev-rg\"] resource_id
- Count with modules
1
terraform import module.iam.aws_iam_user.user[0] john