Terraform Basics Flashcards by Isaac Hann

Write a basic **provider block **for AWS for region “eu-west-2”

provider "aws" {
    region = "eu-west-2"
}

How well did you know this?

Not at all

Perfectly

What are “1” and “2” in the resource block? Provide examples for creating an EC2 instance.

resource "1" "2" {
...
}

1: Resource Type
ex: “aws_instance”

2: Resource Name
ex: “my_instance”

How well did you know this?

Not at all

Perfectly

terraform init creates a ____ file called ____

State file

terraform.tfstate

How well did you know this?

Not at all

Perfectly

What happens if you:
1. terraform apply
2. Delete the terraform.tfstate file
3. terraform apply again

Why does this happen?

The resources are created a second time.

This is because there is no state file to tell Terraform which resources already exist.

How well did you know this?

Not at all

Perfectly

One way to avoid hard-coding variables into Terraform is by using ____ variables that are set in the Windows CLI with the ____ command or in Linux with the ____ command

Env variables

Linux: export

Windows CLI: setx

How well did you know this?

Not at all

Perfectly

Another way to avoid hard-coding variables into Terraform, specifically for AWS, is to use ____, which stores credentials in a ____ folder.

AWS CLI

Stores variables in a hidden folder

How well did you know this?

Not at all

Perfectly

Declare a** string** variable called “vpcname” with a default value “myvpc”

variable "vpcname" {
    type = "string"
    default = "myvpc"
}

How well did you know this?

Not at all

Perfectly

Declare a number variable called “sshport” with a default value 22

variable "sshport" {
    type = "number"
    default = 22
}

How well did you know this?

Not at all

Perfectly

Declare a boolean variable called “enableDebug” that defaults to false

variable "enableDebug" {
    type = bool
        default = false
}

How well did you know this?

Not at all

Perfectly

What behavior does a list variable mimic from other languages?

Declare a list of strings variable called “mylist” with default entries of “First” and “Second”

List is like an array.

variable "mylist" {
    type = list(string)
    default = ["First", "Second"]
}

How well did you know this?

Not at all

Perfectly

What is a map variable?

Declare a map variable called “mymap” with default values of your choice.

A map is a set of one or more key-value pairs.

variable "mymap" {
    type = "map"
    default = {
        Key1 = "Value1"
        Key2 = "Value 2"
    }
}

How well did you know this?

Not at all

Perfectly

Declare a string variable called “vpcname” with default value “myvpc”
Declare a list variable called “mylist” with default values “First” and “Second”
Declare an aws_vpc resource called “myvpc” with CIDR block “10.0.0.0/16”, a tag called “Name” equal to the value of the vpcname variable, and a tag called “Item” equal to the value of the first item in “mylist”.

variable "vpcname" {
    type = "string"
		default = "myvpc"
}

variable "mylist" {
    type = "list"
		default = ["First", "Second"]
}

aws_vpc "myvpc" {
    cidr_block = "10.0.0.0/16"
		tags = {
		    Name = var.vpcname
				Item = var.mylist[0]
		}
}

How well did you know this?

Not at all

Perfectly

What is string interpolation? How do you do it in terraform?

Replace the value inside of a string with a variable.

“My name is ${var.name}”

How well did you know this?

Not at all

Perfectly

variable "mymap" {
    type = map
		default = {
		    Key1 = "Value1"
				Key2 = "Value2"
		}
}

How do you reference the value of Key1 from this variable?

var.mymap[“Key1”]

How well did you know this?

Not at all

Perfectly

What denotes a variable as being set by user input?

What are the rules for when Terraform prompts for this input?

A variable that lacks a default value.

Always prompted with plan

Only prompted with apply if there is no saved value from plan

How well did you know this?

Not at all

Perfectly

Declare a string variable called “instance_name” that prompts the user “Set the name of the Instance”.

variable "instance_name" {
    type = string
    description = "Set the name of the Instance"
}

How well did you know this?

Not at all

Perfectly

How would you reference the “id” attribute of a resource that is created?

Give an example for an EC2 instance called “myinstance”

Hint: ____.____.id

resource type.resource name.id

ex: aws_instance.myinstance.id

How well did you know this?

Not at all

Perfectly

Given that your Terraform is creating an EC2 instance called “mySQL_instance”, create an output to display it’s ID.

output "instanceid" {
    value = aws_instance.mySQL_instance.id
}

How well did you know this?

Not at all

Perfectly

What is the only step in which outputs are available? Why?

apply because the resource must actually be created.

How well did you know this?

Not at all

Perfectly

Fill in the block to assign tags from a map variable called “my-tags” to the instance:

aws_instance "my-instance" {
    ami           = "ami-053b0d53c279acc90"
    instance_type = "t2.micro"
		
		tags = \_\_\_\_
}

tags = var.my-tags

How well did you know this?

Not at all

Perfectly

Variable types:

A ____ is an ordered collection that allows duplicates. Uses ____ characters to contain items.

A ____ is an unordered collection with unique values. Uses ____ characters to contain items.

A ____ is an unordered collection of key-value pairs with unique keys. Uses ____ characters to contain items.

A ____ is a fixed-length, ordered collection that allows multiple data types. Uses ____ characters to contain items.

Which types can be used with for_each to create multiple EC2 instances? Why?

A list is ordered and allows duplicates. Uses brackets.
["First", "Second", "Second", "Third"]

A set is unordered and must be unique values. Uses brackets.
["John", "Joe", "Jim"]

A map is unordered key-value pairs and must be unique keys. Uses curly brackets.

{
Key1 = Value1
Key2 = Value2
}

A tuple is ordered, fixed-length, and allows multiple data types. Uses brackets. Used to contain multiple values in a strict structure.
["web-server", 8080, true]

Can use for_each with sets or maps to create multiple EC2 instances because they enforce unique values.

How well did you know this?

Not at all

Perfectly

Fill in the block to create a separate EC2 instance for each item in the set.

variable instance_names {
    type = set(string)
		default = ["First", "Second", "Third"]
}

resource "aws_instance" "example" {
    \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
		ami = "ami-053b0d53c279acc90"
		
		tags = {
		    Name = \_\_\_\_\_\_
		}
}

variable instance_names {
    type = set(string)
		default = ["First", "Second", "Third"]
}

resource "aws_instance" "example" {
    for_each = var.instance_names
		ami = "ami-053b0d53c279acc90"
		
		tags = {
		    Name = each.value
		}
}

How well did you know this?

Not at all

Perfectly

When using for_each to loop through a list, Terraform provides ____ for accessing the values.

When using for_each to loop through a map, Terraform provides ____ for accessing the values.

**List: ** each.value

**Map: ** each.key, each.value

How well did you know this?

Not at all

Perfectly

What is a dynamic block? What 2 variable types is it usually paired with? What 2 components are usually in the dynamic block?

A way to generate multiple blocks dynamically from a list or map variable.

Paired with list or map variable.

Usually there’s also a for_each and a content block.

How well did you know this?

Not at all

Perfectly

Complete the dynamic block to iterate over the variable "my-ports": ``` resource "aws_security_group" "my-sg" { dynamic "ingress" { ____________ ____________ { from_port = ______ to_port = ______ protocol = "TCP" cird_blocks = ["0.0.0.0/0"] } } } ```

``` resource "aws_security_group" "my-sg" { dynamic "ingress" { for_each = "my-ports" content { from_port = each.value to_port = each.value protocol = "TCP" cird_blocks = ["0.0.0.0/0"] } } } ```

Declare an **object** variable to hold first name, last name, and phone number

``` variable "myobject" { type = object({first = string, last = string, phone = number}) default = { first = "" last = "" phone = 0 } } ```

Given the Terraform below, how would you make sure **DB Server** is created **first**? ``` resource "aws_instance" "myec2" { ami = "ami-1234" instance_type = "t2.micro" tags = { Name = "Web Server" } } resource "aws_instance" "myec2db" { ami = "ami-1234" instance_type = "t2.micro" tags = { Name = "DB Server" } ```

Add to the Web Server: `depends_on = ["aws_instance.myec2db"]`

Data Sources are a way Terraform can ____ AWS for ____

**query** AWS for **data**

Declare a **data** block called "dbsearch" that queries AWS for the EC2 instances with the tag {"Name": "DB Server"}. Then use **output** to display the **availability_zone** attribute of the instances.

``` data "aws_instance" "dbsearch" { filter { name = "tag:Name" values = ["DB Server"] } } output "dbservers" { value = data.aws_instance.dbsearch.availability_zone } ```

What does the **file** function do? What is the required parameter?

Return the contents of a file as a string. Parameter is the path to the file. ``` file(path) ```

Explain the Terraform Versioning operator: `~>` Explain: `~> 0.8.4`

Pessimistic constraint. It means "this is the minimum, but don't get too much newer either" `~> 0.8.4` means the version must be between 0.8.4 and 0.9

A **module** is basically a ____ that contains ____

a **folder** that contains **terraform code**

You have a local **module** (a folder) called "ec2". Write a **module** block to create a resource with it called "my-instance".

``` module "my-instance" { source = "./ec2" } ```

What always needs to be performed after adding a new local **module **(folder) to your terraform repository?

`terraform init`

You have a local **module** (folder) called "ec2". You also have the following variable: ``` variable "envs" { type = set(string) default = ["Prod", "UAT", "Dev"] } ``` Use the **module** to create an EC2 instance for each of the **envs**

``` module "ec2" { source = "./ec2" for_each = var.envs } ```

Complete the resource block below to create **one** instance in the "prod" environment and **zero** instances in other environments (the variable is called "environment") ``` resource "aws_instance" "ec2" { ami = "ami-1234" instance_type = "t2.micro" __________________________________________ } ```

``` resource "aws_instance" "ec2" { ami = "ami-1234" instance_type = "t2.micro" count = var.environment == "prod" ? 1 : 0 } ```

What `terraform apply` parameter sets the variable file (ex: prod.tfvars) to be used for the apply?

terraform apply **-var-file="prod.tfvars"**

The `________` allows Terraform to interact with the AWS API

provider

Providers are made available by running what command? What exactly gets pulled down?

``` terraform init ``` Plugins are pulled down

Multiple Providers: **Fill in the blanks** to enable specification of which provider a resource block should use. Then provide an **example** of how a resource would refer to it. ``` provider "aws" { region = "eu-west-1" _______ = _______ } provider "aws" { region = "eu-west-2" } ```

Use an **alias**: ``` provider "aws" { region = "eu-west-1" alias = "ireland" } ``` **example reference: specify the provider** ``` resource "aws_instance" "my-instance" { ami = "ami-1234" type = "t2.micro" provider = aws.ireland } ```

When would you use `Local-Exec` instead of a provider plugin? Provide an example.

When you need to run a command on **your local machine** as part of the deployment. **Example:** Executing a script to notify another system after an EC2 instance is created.

When would you use `Remote-Exec` instead of a provider plugin?

When you need to run a command on **the deployed machine** as part of the deployment. **Example:** Installing software

# Name What's going on with the variable in this **./db.tf** module file? How would you use this in **main.tf**? ``` variable "dbname" { type = "string" } resource "aws_instance" "example" { ami = "ami-053b0d53c279acc90" instance_type = "t2.micro" tags = { Name = var.dbname } } ```

The variable "dbname" becomes a required parameter when resources are created. In main.tf: ``` module "dbserver" { source = "./db" dbname = "My-DB-Server" } ```

A `_____` module is a module within a module (a `____` within a `____`)

Child Module A folder within a folder

The module `db` has a child module called `mysql`. How would you reference it in `main.tf`? ( source = `_______`)

`source = "./db/mysql"` | Remember: modules are basically folders

What do environment variable names need to start with to be used in Terraform?

`TF_VAR_`

Write a `terraform plan` command that uses the CLI to set the variable "vpcname" to "My VPC"

``` terraform plan -var="vpcname=My VPC" ```

By default, in what order does Terraform look for variables? 1: `______` 2: `______` 3: `______` 4: `______` 5: `______`

1: Environment Variables 2: `Terraform.tfvars` 3: `Terraform.tfvars.json` 4: `*.auto.tfvars` files 5: `-var` or `var-file` options

Explain the command: `terraform fmt`

Fix indentation

What command marks an existing EC2 instance "my_instance" to be destroyed and recreated? How would you undo this?

``` terraform taint aws_instance.my_instance ``` To undo, use `untaint` command

What command lets you bring an existing aws_vpc "myvpc", with resource id "vpc-1234", into your Terraform? What has to be done first?

``` terraform import aws_vpc.myvpc vpc-1234 ```

Terraform `______` let you logically separate your state file into different pieces

workspaces

Write the command to create a new terraform workspace called "dev"

``` terraform workspace new dev ```

What command shows the workspace you're in?

``` terraform workspace show ```

What command lets you switch your workspace to "dev"?

`terraform workspace select dev`

What command deletes the workspace "uat"?

`terraform workspace delete uat`

What command shows what's in your state file?

``` terraform state list ```

What command retrieves a remote state file?

``` terraform state pull ```

What command renames the existing aws_vpc called "vpc" to "mynewvpc" in the state file?

Use the **mv** command: ``` terraform state mv aws_vpc.myvpc aws_vpc.mynewvpc ```

What parameter backs up the current state file to "./backups" before making any changes?

``` -back-out="./backups" ```

What command lets you remove an existing aws_vpc resource called "myvpc" from your state file?

``` terraform state rm aws_vpc.myvpc ```

What environment variable sets the debug logging level for Terraform? What is the most verbose logging level?

`TF_LOG` Most verbose: `TF_LOG=TRACE`

Sentinel is Hashicorp's `____-as-____` solution. Give an example use case.

Policy-as-code Example use case: Prevent port 22 from being open in deployed security groups

Vault is a Hashicorp tool that lets you `______`

Store and access secrets

On the exam, `_____` will often be presented as the solution to all problems

Terraform Cloud

What command can (sometimes) detect drift and correct the state file? (ex: EC2 instance was deleted through the console but it's still in the state file)

``` terraform refresh ```

What type of block would let you keep your state file in a remote location such as an S3 bucket? What is the limitation with this method? When is that a big problem?

A `backend` block You're only allowed one backend. Big problem for multi-cloud because you'd be using AWS + Azure but your state file is only in AWS.

One of the big security issues with state files is `_____`

They store secrets

How can you prevent 2 people from writing to the state file at the same time?

State locking

When working with a remote backend (a remotely stored state file), Terraform pulls down the state in `_____`. The security implication is `____`.

memory Don't have to worry about the state file being accessible on your local machine

Terraform Basics Flashcards

Providers, Resources, State File, Keys, Variable Types, User Input, Dependencies, Built-In Functions, Versioning, Modules (70 cards)