Exam Prep

Question 1

What does terraform init do?

Answer 1

The terraform init command initializes a working directory.

Initialization includes installing provider plugins, backend initialization, copy source modules, etc.

This is the first command that should be run after writing a new terraform config, its safe to run multiple times.

Question 2

Terraform init -upgrade

Answer 2

The terraform init -upgrade installs the latest module and provider versions allowed within the configured constraints.

If you have the latest provider plugin already installed and define a new version constraint that matches different version you will need to run terraform init -upgrade.

Question 3

Terraform plan

Answer 3

It allows you to create an execution plan.

The infrastructure is not modified as part of this plan.

The state file is not modified even when it detects drift in real-world and current infrastructure.

Question 4

How to save the plan to a file?

Answer 4

-out=FILE option to save the generated plan to a file on disk, which can later execute by passing the file to terraform apply as an extra argument (terraform apply ec2.plan, for ex).

Question 5

Terraform apply

Answer 5

Used to apply the changes required to reach the desired state of the config.

The state file gets modified in this command

Name of state file = terraform.tfstate.

Terraform apply can change, destroy, and provision resources but cannot import any resources.

Question 6

Terraform destroy

Answer 6

Used to destroy the terraform-managed infrastructure

terraform destroy command is not the only command through which infrastructure can be destroyed.
* You can also either comment out the code in the code or delete the code entirely.

Question 7

Terraform fmt

Answer 7

Used to rewrite terraform config files to a canonical format/style. It will directly perform “write” operation and not “read” as in it will not ask for confirmation and just format.

Two flags:
1. -check | Checks if input is formatted, files not modified.
2. -recursive, also process files in subdirectories, by default only the given directory (or current directory) is processed.

Question 8

Terraform validate

Answer 8

It validates the config files in a directory.

It requires an initialized working directory with any referenced plugins/modules installed, i.e n

Terraform plan uses implied validation check (even if you don’t perform a terraform validate)

Question 9

Whats a resource block?

Answer 9

A resource block declares a resource of a given type (“aws_instance) with a given local name (“web”)

Resource type and name together serve as an identifier for a given resource and so must be unique.

Address of the resource is resource type.localname
Ex: aws_instance.web

The statements inside the resource is made up of the argument name and argument value.
Ex: ami = “ami-123”

Question 9

Terraform refresh? whats it do again?

Answer 9

The terraform refresh command reads the current settings from all managed remote objects and updates the terraform state to match.

This wont modify your real remote objects, but it will modify the terraform state.

This command is DEPRACATED, because its default behavior is unsafe.

Question 10

Are arrays possible in Terraform?

Answer 10

No

Question 11

Why is the terraform state command used?

Answer 11

Its used for advanced state management

Question 12

Terraform import

Answer 12

You can use import blocks to import more than one resource at a time

Question 12

Local values

Answer 12

Locals are used whne you want to avoid repeating the same expression multiple times

Local values are created by a locals block (plural), but you reference them as attributes on an object named local (singular)

Local values can reference values from other variables, locals, etc.

Question 13

Terraform Modules

Answer 13

Terraform modules allow us to centralize the resource config, and it makes it easier for multiple projects to re-use the terraform code.

Instead of writing code from scratch, we can re-use.

Modules source code can be present in a wide variety of locations.
Github, local pths, terraform reg, s3 buckets.

To reference a module, you need to make use of module block and source.

Terraform uses this during the module installation step of terraform init to download the source code to a directory on local disk so that other terraform commands cna use it.

Question 14

Module local paths

Answer 14

A local path must begin with either ./ or ../ to indicate a local path.

Module sourced from local paths do NOT support versions

Question 15

Git repository module

Answer 15

Arbitrary Git repositories can be used by prefixing the address with the special git:: prefix.

Question 16

Root vs child modules

Answer 16

Root modules reside in the main working directory of terraform config. This is the entry point of infrastructure definition.

A module that has been called by another module is referred to as the child module.

Question 17

Module outputs

Answer 17

A child module can use outputs to expose a subset of its resource attributes to a parent module.

Format: <MODULE>.<OUTPUT></OUTPUT></MODULE>

Question 18

Module versioning

Answer 18

When using modules installed from a module registry, Hashicorp recommends explicitly constraining the acceptable version #’s to avoid unexpected or unwanted changes.

It is not mandatory to specify a version argument

Question 19

Terraform registry

Answer 19

Hosts a broad collection of public terraform modules

Each terraform module has an associated address

A module address has the syntax hostname/namespace/name/system.

The hostname/ portion of a module is optional, and if omitted defaults to the namespace and beyond.

Ex: registry.terraform.io would drop off if not included and reduce to
source = “terraform-aws-modules/ec2-instance/aws”

Question 20

Functions in terraform

Answer 20

the terraform language includes a # of built-in functions that you can use to transform and combine values.

NO SUPPORT for user-defined functions

Question 21

Function categories

Answer 21

Numeric = abs, ceil, floor, max min

String = concat, replace, split, join, tolower, toupper

Collection - element, keys, length, merge, sort, slice

Fiesystem - file, filebase64, dirname

Question 22

Lookup function

Answer 22

Lookup retrieves the value of a single element from a map, given its key. If the given key does not exist, the given default value is returned instead.

Question 23

Zipmap function

Answer 23

zipmap constructs a map from a list of keys and a cooresponding list of values

Question 24

Index function

Answer 24

Index find the element index for a given value in a list.

Question 25

Element function

Answer 25

retrieves a single element from a list.

Question 26

Toset function

Answer 26

Converts the list of values to SET.

Question 27

Timestamp function

Answer 27

returns a UTC time stamp in RFC 3339 format

Question 28

File function

Answer 28

can reduce the overall TF code size by loading contents from external sources during TF operations.

Question 29

Meta arguments

Answer 29

Meta arguments are added within resource block, which allows some details of this standard resource behavior to be customized on a per-resource basis.

Question 30

Meta-arugments

Answer 30

depends on, count, for_each, lifecycle, provider

Question 31

Sentinal

Answer 31

Sentinal is an embedded policy-as-code framework integrated with hashicorp enterprise products. It's a proactive service, can be used for various use-cases like: Verify if EC2 instance has tags, verify if S3 bucket has encryption enabled. Sentinal runs after terraform plan but before terraform apply.

Question 32

Terraform graph

Answer 32

Refers to a visual representation of the dependency relationship b/w resources defined in TF config The output of TF graph is in the DOT format, which can be easily be converted to an image.

Question 33

Input variables

Answer 33

Terraform.tfvars can be used to define values to all variables. This approach leads to easier setup for multi-project deployments

Question 34

How to select specific .tfvars

Answer 34

-var-file="fname.tfvars"

Question 35

Declaring Variable Values.

Answer 35

1. Variable defaults in a .tf file 2. Variable Definition (*.tfvars) 3. Env variables 4. Setting variables as part of command line (-var=" argname=argvalue")

Question 36

Setting variable values through ENV variables?

Answer 36

Terraform searches the ENV of its own process for ENV variables named TF_VAR_ followed by the name of a declared variable. echo %TF_VAR_instance_type%

Question 37

Variable definition precedence

Answer 37

Later sources taking precedence over earlier ones. 1. ENV variables 2. .tfvars file, if present 3. .tfvars.json file, if present. 4. Any *.auto.tfvars or *.auto.tfvars.json file, processed in lexical order of filename 5.Any -var and -var-file options on CMD line.

Question 38

Variables with undefined values

Answer 38

If you have variables with undefined values, it will NOT directly result in an error, you'll get prompted to enter a value.

Question 39

Are there certain words you can not use as a variable name?

Answer 39

Yes, we cannot use all words within variable names. Ex: count, depends_on for_each lifecycle providers source

Question 40

Regarding input variables and state files

Answer 40

TF state files generally store details about the resource it manages. Various aspects like "input variables" are not stored. Output vales will be stored in state file but not the description.

Question 41

Whats the order of logging from most verbose to least verbose?

Answer 41

Terraform (Trace) Does (Debug) Improve (Info) With (Warnings) Excellence (Error)

Question 42

By default, how many resources will Terraform provision concurrently during a terraform apply? with reference to TF reducing time it takes to provision resources through the concept of parallelism?

Answer 42

By default, Terraform Enterprise allocates 512 MB of memory to each Terraform run, with a default concurrency of 10 parallel runs.

Question 43

What command replaced the depracated terraform refresh?

Answer 43

Terraform plan -refresh-only

Question 44

What does terraform plan -refresh-only do?

Answer 44

This command is used to create a plan whos goal is only to update the TF state to match any changes made toe remote objects outside of TF. It does NOT apply those changes to the state.

Question 45

When using variables in HCP Terraform, what level of scope can the variable be applied to?

Answer 45

1. Run-specific 2. Workspace-specific 3. Workspace-scoped variable set (apply to multiple workspaces w/in same org) 4. Project-scoped variable set (auto apply to all current/future workspaces w/in project 5. Global variable set (auto applied to all current/future workspaces w/in an org.

Question 46

What are the core Terraform workflow steps to use infrastructure as code?

Answer 46

Write, plan, apply.

Question 47

What Terraform command can be used to inspect the current state file?

Answer 47

Terraform show - The 'terraform show' command is used to inspect the current state file in Terraform. It displays the current state as Terraform sees it, including resource attributes and dependencies.

Question 48

In the terraform block, which configuration would be used to identify the specific version of a provider required?

Answer 48

required_providers. The correct configuration to identify the specific version of a provider required is the "required_providers" block in the terraform configuration. This block allows you to specify the provider name and version constraints, ensuring that the correct version of the provider is used for the Terraform configuration.

Question 49

Which Terraform features supports the versioning of a module?

Answer 49

1. Terraform registry 2. Private registry What does not support 3. modules stored in GitLab - it can store modules but doesnt support versioning.

Question 50

Infrastructure as code makes infrastructure changes that are

Answer 50

1. indempotent (the outcome of applying the same config multiple times will always result in the same desired state) 2. predictable 3. Consistent 4. repeatable

Question 51

The environment variables must be in the format of ...

Answer 51

TF_VAR_VARNAME=VALUE Ex: TF_VAR_region=us-west-1

Question 52

What are some of the benefits of using IaC code in an org?

Answer 52

1. IaC code can be used to manage infra on multiple cloud platforms. 2. IaC allows you to commit configs to version control to safely collab on infra 3. IaC uses a human-readable config language to help you write infra code quickly, enabling self-service for dev's/operators alike. 4. API-driven workflows are a key advantage, allows for automation/programmability of infra provision/mgmt

Question 53

What are the supported VCS providers for HCP Terraform?

Answer 53

1. Azure Devops (Server/Services) 2. Bitbucket (Cloud/Data Center) 3. Gitlab (.com/EE/CE) 4. Github (Enterprise/Oath/TFE.com)

Question 54

What tasks can the terraform state command be used for?

Answer 54

Modifying the current state, such as removing items (Ex: listing resources, removing resources from the state file, adjusting the provider, etc.) 1. Inspecting the state - Terraform state show 2. Updating the state - State MV and State RM 3. Pulling/pushing state - State Pull, State Push 4. Importing resources into TF - TF state import

Question 55

Whats the use of terraform apply -replace=name.web?

Answer 55

Using this command allows a specific resource to be marked for replacement without affecting the other resources that were created. This command is useful for quickly recreating a single resource.

Question 56

What backend options are supported by TF?

Answer 56

1. Local 2. remote - stores state in remote location, such as s3. bucket, Consul server, or TF enterprise instance. 3. consul -backend stores TF state in a Consul cluster. 4. S3 backend, stores TF state in an S3 bucket, making it highly available and durable storage solution.

Question 57

What command can be ran to validate the changes to infrastructure without impacting existing workloads?

Answer 57

Terraform plan is the best answer. Terraform validate isn't correct as it will check syntax and config of TF files, but it does not provide a preview of the changes.

Question 58

When you migrate a TF config from say a local setup (Terraform community) to HCP Terraform (and create a new workspace), what TF. version would the new workspace be configured to use after the migration?

Answer 58

HCP TF would configure the workspace to use the same version as the TF binary you used when migrating.

Question 59

When you add a new module to a configuration, Terraform must download it before it can be used. What two commands can be used to download and update modules?

Answer 59

Terraform init Terraform get - download/update modules declared in the root module. Modules are downloaded into a .terraform subdirectory.

Question 60

Whats the command to create a new workspace in TF

Answer 60

terraform workspace new

Question 61

What CLI commands will completely tear down and delete all resources that Terraform is currently managing?

Answer 61

1. Terraform destroy (This command is just a convenience alias for terraform apply -destroy) 2. terrform apply -destroy

Question 62

What are some of the benefits that Terraform providers offers to users?

Answer 62

1. Abstracts the target platform's API from the end-user 2. enables a plugin architecture that allows TF to be extensible w/o having to update Terraform core. 3. Enables the deployment of resources to multiple platforms, such as public cloud, private cloud, or other Saas, Pass, IaaS services.

Question 63

Whats true regarding Terraform variables?

Answer 63

1. the default value will be found in the state file if no other value was set for the variable. 2. Variables names themselves arent stored in the state file.

Question 64

When using TF, where can you install providers from?

Answer 64

1. official hashicorp release site 2. Terraform registry 3. Terraform plugin cache. 4. plugins directory

Question 65

Are official terraform providers and modules owned AND maintained by Hashicorp?

Answer 65

Yes, these providers/modules are developed and supported directly by Hashicorp to ensure compatibility, reliability, and security for TF users.

Question 66

How do you properly configure a Terraform backend?

Answer 66

Backends are configured with a nested backend block within the top-level terraform block. * A config can only provide one backend block *A backend block cannot refer to named values (like input varaibles, locals, or data source attributes), it REQUIRES constant values.

Question 67

How do you reference a value of a variable when using a for_each argument in a resource block?

Answer 67

A for _each argument will iterate over a map/set of strings and create a similar instance/resource for each item in the map/set. each.value.variable

Question 68

What are examples of collection/structural types that can be used when declaring a variable in order to group values together?

Answer 68

1. Object - allows you to create a complex data structure w/multiple attributes, useful for grouping related data together in a hierarchical manner. 2. Map 3. List. 4. Tuple - allows you to create an ordered collection of elements of different types.