Platform Questions Flashcards
(44 cards)
What is the difference between a provider and a resource in Terraform?
A provider is the cloud platform e.g. Azure, AWS and the resource is the services that you can access for that platform e.g. EC2, Users, RDS etc.
Why would you use Terraform over Ansible? Three strengths of Terraform
Terraform’s strength is in the infrastructure provisioning (like to AWS, Azure etc).
- Declarative
- State
- Idem-potency (it won’t run things over again that it knows its already executed)
Is Terraform declarative or imperative and what is the difference?
Terraform is declarative which means you just update your config file with your desired state and Terraform will figure out how to get there. E.g. if you want to update a firewall config Terraform might remove the old one then add a new one.
What is Ansible good for?
Ansible - config management, includes things like application deployment. Working with resources that are already created.
Define VPC
A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a public cloud.
What is a dependency in Terraform?
Dependencies control the order in which Terraform creates, updates or destroys resources.
You can enforce dependencies explicitly using the ‘depends_on’ keyword.
What is a provisioner in Terraform?
Provisioners are used to run scripts or commands on a resource after it’s created or before it is destroyed.
Use sparingly because they introduce dependencies outside of Terraform’s control.
What is state locking in Terraform?
State locking is a mechanism to prevent multiple users from making concurrent changes to the same infrastructure, which could lead to conflicts or corruption in the state file.
What is a state file in Terraform?
Terraform keeps a state file with the current setup saved as a snapshot.
Where is the state file saved/where should it be saved?
By default Terraform saves the state file locally but it should be saved in a backend like AWS S3 with DynamoDB.
S3 stores the state file itself, making it accessible to team members. DynamoDB provides a locking mechanism to prevent concurrent modifications.
What are four common Terraform errors? And how to fix
State lock errors - if no one else if running a Terraform command you can manually release the lock by deleting the locking entry in DynamoDB.
Provider version mismatches.
Missing dependency - run Terraform refresh and see what is missing.
Config syntax/logic errors - fix then run Terraform validate
What should you do if there is a failed Terraform deployment?
- Understand what happened - check the logs, review partial changes that Terraform has applied.
- Refresh and check the current state - run Terraform refresh, identify remaining changes.
- Decide on rolling back or moving forward - if rolling back then identify partially created resources and remove them manually, revert to an earlier commit then refresh, plan, apply. If moving forward, you can fix the config error/permission issue then rerun terraform apply.
Where do you store AWS creds when using Terraform with GitHub Actions?
GitHub secrets.
What are the two key files for using Terraform with GitHub Actions?
Terraform config file and GitHub Actions workflow file.
What should be in the Terraform config file for building a review environment?
Define AWS provider
Variable for commit sha passed from GitHub actions
Create EC2 instance resource with config to install Docker, login to ECR, docker pull image from ECR, docker run.
Add tags to resource with name and commit SHA.
What should be in the GitHub Actions workflow file for creating a review environment?
on: push: branches: ‘feature’
jobs:
- Checkout code
- Set up AWS CLI
- Install dependencies like node etc and run unit tests on GitHub runner
- Terraform init
- Delete old image from ECR
- Terraform destroy (kill any existing EC2 instances)
- Terraform plan
- Terraform apply
- Load sample data (via bash script)
- Run E2E tests in parallel on GitHub runner
Why is the commit SHA used for review envs?
It is used as part of the Docker image tag to ensure that each branch/commit gets its own unique environment.
What if someone wanted to update 100 AWS security groups as a once off?
Prep Terraform config file with 100 sec groups and details.
Run Terraform locally or in GitHub runner:
- terraform init
- terraform plan
- terraform apply
What would be in the config file for updating 100 AWS security groups?
Define AWS provider
Define a list of security groups and their properties
Create security groups resources dynamically from list
What would be in the GitHub Actions workflow file for updating 100 AWS security groups?
on: push
jobs:
- checkout code
- set up AWS CLI
- terraform init
- terraform plan
- terraform apply
What if someone wanted to have their Terraform plan checked before applying it?
Plan on push and apply on merge.
2 separate actions:
on: push: branches: ‘feature’
jobs:
- checkout code
- set up AWS CLI
- terraform init
- terraform plan
Reviewed and approved then:
on: push: branches: ‘main’
jobs:
- checkout code
- set up AWS CLI
- terraform init
- terraform apply
What are 5 popular pipeline tools and their Terraform integration?
GitHub Actions - .github/workflows/terraform_plan.yml
Jenkins - Jenkinsfile
GitLab - .gitlab_ci.yml
Azure DevOps - azure-pipelines.yml
AWS CodePipeline - used with AWS CodeBuild
What are the two methods for running a GitHub Actions workflow (timing)?
On a schedule:
- on: schedule: cron: ‘00*0’
On a trigger:
- on: push: branches: main/feature
What is an AWS Security Group?
Acts as a virtual firewall to control incoming and outgoing traffic.
Security groups allow you to specify rules to allow or block traffic based on IP addresses, ports and protocols.
