Understand Terraform Cloud and Enterprise capabilities Flashcards
What is Sentinel?
Sentinel is an embedded policy-as-code framework integrated with the HashiCorp Enterprise products. It enables fine-grained, logic-based policy decisions, and can be extended to use information from external sources.
What is the benefit of Sentinel?
Codifying policy removes the need for ticketing queues, without sacrificing enforcement.
One of the other benefits of Sentinel is that it also has a full testing framework.
Avoiding a ticketing workflow allows organizations to provide more self-service capabilities and end-to-end automation, minimizing the friction for developers and operators.
https://www.hashicorp.com/blog/why-policy-as-code/
What is the Private Module Registry?
Terraform Cloud’s private module registry helps you share Terraform modules across your organization. It includes support for module versioning, a searchable and filterable list of available modules, and a configuration designer to help you build new workspaces faster.
What is the difference between public and private module registries when defined source?
The public registry uses a three-part // format
private modules use a four-part /// format
// example
module "vpc" {
source = "app.terraform.io/example_corp/vpc/aws"
version = "1.0.4"
}
Where is the Terraform Module Registry available at?
https://registry.terraform.io/
What is a workspace?
A workspace contains everything Terraform needs to manage a given collection of infrastructure, and separate workspaces function like completely separate working directories
What are the benefits of workspaces?
https://www.hashicorp.com/resources/terraform-enterprise-understanding-workspaces-and-modules/
You are configuring a remote backend in the terraform cloud. You didn’t create an organization before you do terraform init. Does it work?
While the organization defined in the backend stanza must already exist
You are configuring a remote backend in the terraform cloud. You didn’t create a workspace before you do terraform init. Does it work?
Terraform Cloud will create it if necessary. If you opt to use a workspace that already exists, the workspace must not have anyexisting states.
Terraform workspaces when you are working with CLI and Terraform workspaces in the Terraform cloud. Is this correct?
If you are familiar with running Terraform using the CLI, you may have used Terraform workspaces. Terraform Cloud workspaces behave differently than Terraform CLI workspaces. Terraform CLI workspaces allow multiple state files to exist within a single directory,
enabling you to use one configuration for multiple environments. Terraform Cloud workspaces contain everything needed to manage a given set of infrastructure, and function like separate working
directories.
How do you authenticate the CLI with the terraform cloud?
Newer Versions:
- terraform login
- it will open the terraform cloud and generate the token
- paste that token back in the CLI
https: //learn.hashicorp.com/terraform/tfc/tfc_login
Older versions:
keep the following token in the CLI configuration file
credentials “app.terraform.io” {
token = “xxxxxx.atlasv1.zzzzzzzzzzzzz”
}
https://www.terraform.io/docs/commands/cli-config.html#credentials
You are building infrastructure on your local machine and you changed your backend to remote backend with the Terraform cloud. What should you do to migrate the state to the remote backend?
terraform init
Once you have authenticated the remote backend, you’re ready to migrate your local state file to Terraform Cloud. To begin the migration, reinitialize. This causes Terraform to recognize your changed backend configuration.
During reinitialization, Terraform presents a prompt saying that it will copy the state file to the new backend. Enter “yes” and Terraform will migrate the state from your local machine to Terraform Cloud.
https://learn.hashicorp.com/terraform/tfc/tfc_migration#migrate-the-state-file
How do you configure remote backend with the terraform cloud?
You need to configure in the terraform block
terraform {
backend "remote" {
hostname = "app.terraform.io"
organization = ""
workspaces {
name = "state-migration"
}
}
}What is Run Triggers?
Terraform Cloud’s run triggers allow you to link workspaces so that a successful apply in a source workspace will queue a run in the
workspace linked to it with a run trigger.
For example, adding new subnets to your network configuration could trigger an update to your application configuration to rebalance servers across the new subnets.
What is the benefit of Run Triggers?
When managing complex infrastructure with Terraform Cloud, organizing your configuration into different workspaces helps you to better manage and design your infrastructure.
Configuring run triggers between workspaces allows you to set up infrastructure pipelines as part of your overall deployment strategy.
