Today, we dive into some common interview questions about Terraform. Whether you're prepping for an interview or just brushing up on your Terraform knowledge, these questions will help you solidify your understanding of this powerful Infrastructure as Code (IaC) tool. Let's get started! ๐ช
1. What is Terraform and how is it different from other IaC tools? ๐
Terraform is an open-source IaC tool developed by HashiCorp that allows you to define and provision infrastructure using a high-level configuration language called HCL (HashiCorp Configuration Language).
Differences from other IaC tools:
Declarative Language: Terraform uses a declarative approach, meaning you define the desired end state, and Terraform determines how to achieve it. ๐
State Management: Terraform maintains a state file that keeps track of the infrastructure, enabling it to know the current state versus the desired state. ๐๏ธ
Provider Ecosystem: Terraform supports a wide range of cloud providers and services, making it highly versatile. ๐
Plan and Apply: Terraform has a two-step process (
terraform plan
andterraform apply
), allowing you to review changes before applying them. โ
2. How do you call a main.tf
module? ๐
To call a module defined in main.tf
, you need to use the module
block in your root configuration file:
module "example_module" {
source = "./path_to_module_directory"
variable1 = "value1"
variable2 = "value2"
}
3. What exactly is Sentinel? Can you provide a few examples where we can use Sentinel policies? ๐ก๏ธ
Sentinel is a policy-as-code framework used to enforce rules and guidelines in your Terraform configurations. It allows you to create policies that define what is allowed or disallowed in your infrastructure.
Examples:
Cost Control: Ensure that only certain instance types are used to control costs. ๐ฐ
Security: Enforce policies that restrict the use of certain ports or enforce encryption. ๐
Compliance: Ensure that all resources are tagged with necessary metadata for compliance tracking. ๐ท๏ธ
4. You have a Terraform configuration file that defines an infrastructure deployment. However, there are multiple instances of the same resource that need to be created. How would you modify the configuration file to achieve this? ๐
You can use the count
or for_each
meta-argument to create multiple instances of the same resource.
Using count
:
resource "aws_instance" "example" {
count = 3
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}
Using for_each
:
resource "aws_instance" "example" {
for_each = toset(["instance1", "instance2", "instance3"])
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
tags = {
Name = each.key
}
}
5. You want to know from which paths Terraform is loading providers referenced in your Terraform configuration (*.tf files). You need to enable debug messages to find this out. Which of the following would achieve this? ๐
A. Set the environment variable TF_LOG=TRACE
export TF_LOG=TRACE
terraform apply
6. Below command will destroy everything that is being created in the infrastructure. Tell us how would you save any particular resource while destroying the complete infrastructure. ๐ฅ
To prevent a particular resource from being destroyed, you can use the lifecycle
block with the prevent_destroy
attribute.
resource "aws_instance" "example" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
lifecycle {
prevent_destroy = true
}
}
7. Which module is used to store .tfstate
file in S3? ๐๏ธ
The backend "s3"
block is used to configure remote state storage in an S3 bucket.
terraform {
backend "s3" {
bucket = "my-terraform-state-bucket"
key = "path/to/my/key"
region = "us-east-1"
}
}
8. How do you manage sensitive data in Terraform, such as API keys or passwords? ๐
Sensitive data can be managed using Terraform's built-in mechanisms and external tools:
Environment Variables: Use environment variables to pass sensitive information. ๐ฑ
Terraform Cloud/Enterprise: Use the secure variable storage provided by Terraform Cloud/Enterprise. โ๏ธ
External Secret Management: Use tools like AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault. ๐ฆ
variable "api_key" {
description = "API Key"
type = string
sensitive = true
}
9. You are working on a Terraform project that needs to provision an S3 bucket, and a user with read and write access to the bucket. What resources would you use to accomplish this, and how would you configure them? ๐ชฃ
You would use the aws_s3_bucket
and aws_iam_user
resources.
resource "aws_s3_bucket" "example" {
bucket = "my-bucket"
acl = "private"
}
resource "aws_iam_user" "example" {
name = "example-user"
}
resource "aws_iam_policy" "example" {
name = "example-policy"
description = "A policy for S3 bucket access"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = ["s3:GetObject", "s3:PutObject"]
Effect = "Allow"
Resource = "arn:aws:s3:::my-bucket/*"
}
]
})
}
resource "aws_iam_user_policy_attachment" "example" {
user = aws_iam_user.example.name
policy_arn = aws_iam_policy.example.arn
}
10. Who maintains Terraform providers? ๐ท
Terraform providers are maintained by either HashiCorp, the community, or third-party vendors. Providers maintained by HashiCorp are officially supported, while community and third-party providers are often supported by the respective organizations or community members. ๐ ๏ธ
11. How can we export data from one module to another? ๐
You can export data from one module to another using outputs
in the source module and referencing those outputs in the destination module.
In the source module (outputs.tf
):
output "bucket_id" {
value = aws_s3_bucket.example.id
}
In the destination module:
module "source_module" {
source = "./source_module"
}
resource "aws_s3_bucket_object" "example" {
bucket = module.source_module.bucket_id
key = "example-key"
content = "example-content"
}
Waiting for your responses ๐.....Till then Happy learning! ๐