Top 50 Infrastructure as Code (IaC) Interview Question and Answers

12 Oct 2024 - Shyam Mohan

1. What is Infrastructure as Code (IaC)?

• Answer: Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure through code rather than manual processes. This allows infrastructure to be version-controlled, automated, and repeatable.

2. What are the main benefits of IaC?

• Answer: The benefits include increased efficiency, reduced risk of human error, consistency, repeatability, better scalability, and ease of version control and rollback.

3. Explain the difference between Declarative and Imperative IaC.

• Answer: Declarative IaC focuses on defining the desired end state (what the infrastructure should look like), while Imperative IaC defines the specific commands or steps needed to achieve the infrastructure setup (how to build it).

4. What are some popular IaC tools?

• Answer: Some popular IaC tools are Terraform, AWS CloudFormation, Ansible, Puppet, Chef, and SaltStack.

5. How does IaC improve DevOps?

• Answer: IaC enables rapid and consistent environment creation, improves collaboration, speeds up deployment times, and aligns infrastructure changes with CI/CD pipelines for faster software delivery.

6. What is Terraform, and why is it widely used?

• Answer: Terraform is an open-source IaC tool by HashiCorp. It is widely used for its support of multiple cloud providers, ease of use, and modular structure, allowing infrastructure to be defined as code in a cloud-agnostic way.

7. What is a Terraform state file?

• Answer: The Terraform state file (often terraform.tfstate) is a JSON file that stores information about the infrastructure resources managed by Terraform. It allows Terraform to track resource configurations and detect changes.

8. Explain the concept of idempotency in IaC.

• Answer: Idempotency in IaC means that applying the same configuration multiple times results in the same infrastructure state, ensuring consistency and preventing unintended changes.

9. What are Modules in Terraform?

• Answer: Modules in Terraform are containers for multiple resources that are used together. They allow code reusability and abstraction of infrastructure configurations for scalability and consistency.

10. What is terraform plan?

• Answer: terraform plan is a command that previews changes that Terraform will make to the infrastructure. It shows what actions Terraform will take without actually applying any changes.

11. What is terraform apply?

• Answer: terraform apply is a command that executes the planned changes to the infrastructure as defined in the configuration files, based on the Terraform state.

12. What is CloudFormation?

• Answer: CloudFormation is Amazon Web Services’ (AWS) IaC tool, which allows you to define, provision, and manage AWS resources using JSON or YAML templates.

13. Explain the role of a “playbook” in Ansible.

• Answer: In Ansible, a playbook is a YAML file containing a series of tasks to be executed on remote servers, defining the desired state of the infrastructure.

14. How does IaC enable version control?

• Answer: IaC configurations are stored in code files, which can be version-controlled in repositories like Git. This enables tracking changes, collaborating with others, and rolling back configurations if needed.

15. What is the role of tfvars files in Terraform?

• Answer: .tfvars files in Terraform store variable values used in configuration files. They allow for separating variable data from the main configuration, making it easier to manage and reuse.

16. What is Configuration Drift?

• Answer: Configuration drift occurs when the actual state of the infrastructure deviates from the state defined in IaC due to manual changes or other factors.

17. How does Puppet differ from Ansible?

• Answer: Puppet uses a declarative approach and a pull-based configuration model, while Ansible uses a push-based model and can work in both declarative and imperative styles.

18. What is a State Locking in Terraform?

• Answer: State locking in Terraform prevents multiple users from making concurrent changes to the same infrastructure. It’s commonly managed with remote state backends like AWS S3.

19. What are Outputs in Terraform?

• Answer: Outputs in Terraform allow you to define values that will be displayed to the user after an apply operation, which can be used for cross-referencing resources between configurations.

20. How does IaC facilitate disaster recovery?

• Answer: IaC configurations can be version-controlled and stored in repositories, allowing for quick re-deployment of infrastructure in case of disaster.

21. What is “Infrastructure as Code testing”?

• Answer: It is the process of validating IaC configurations to ensure they meet desired criteria, which can involve linting, syntax validation, and functional tests for configuration accuracy.

22. What is a Resource Graph in Terraform?

• Answer: A resource graph is a visual representation of dependencies between resources in a Terraform configuration, helping Terraform determine the order of operations.

23. Can you explain the purpose of AWS CloudFormation stacks?

• Answer: A stack in AWS CloudFormation is a collection of AWS resources that can be managed, updated, and deleted as a single unit based on a CloudFormation template.

24. What is terraform init?

• Answer: terraform init is the command to initialize a Terraform working directory, downloading provider plugins and preparing the environment for further commands.

25. What is a Manifest in Kubernetes?

• Answer: A Kubernetes manifest is a YAML or JSON configuration file that defines the desired state of Kubernetes resources, such as Pods, Deployments, and Services.

---

This list covers 25 questions and answers so far. If you’d like, I can provide the remaining questions or delve deeper into specific areas such as Terraform, Ansible, or CloudFormation. Let me know!

26. What is a provider in Terraform?

• Answer: A provider in Terraform is a plugin that allows Terraform to interact with APIs of cloud platforms and other services to create and manage resources.

27. What is AWS CDK (Cloud Development Kit)?

• Answer: AWS CDK is an open-source framework for defining cloud infrastructure using familiar programming languages, allowing developers to write IaC in TypeScript, JavaScript, Python, Java, or C#.

28. How does Terraform manage dependencies between resources?

• Answer: Terraform uses an implicit dependency model by analyzing resource references in configurations, and users can specify explicit dependencies with the depends_on argument.

29. What is Configuration Management in IaC?

• Answer: Configuration management in IaC refers to managing the configuration of servers and systems to ensure they maintain a specific state, often using tools like Ansible, Puppet, or Chef.

30. How do you manage secrets in Terraform?

• Answer: Terraform can manage secrets using tools like AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault, and sensitive variables can be masked in Terraform output using the sensitive = true flag.

31. Explain the purpose of a “host inventory” in Ansible.

• Answer: Ansible’s host inventory is a list of hosts that Ansible can manage, and it’s usually defined in an inventory file that groups servers by categories, such as production, staging, etc.

32. What is the Terraform Registry?

• Answer: The Terraform Registry is a repository where Terraform modules are published and shared publicly, allowing users to download and use predefined infrastructure components.

33. What is “drift detection” in AWS CloudFormation?

• Answer: Drift detection in AWS CloudFormation identifies changes in AWS resources that differ from their expected state as defined in the CloudFormation stack.

34. What are Handler Functions in Chef?

• Answer: In Chef, Handler functions are used to monitor and report the state of infrastructure, providing insights or triggering events based on configuration states or errors.

35. How can you handle multiple environments in IaC?

• Answer: Multiple environments can be handled by using separate IaC configurations for each environment (e.g., dev, test, prod) or using environment-specific variable files.

36. What is the role of a “cookbook” in Chef?

• Answer: A cookbook in Chef is a collection of recipes that define how resources should be configured, providing a way to package and share configuration instructions for infrastructure.

37. What is terraform destroy?

• Answer: terraform destroy is a command that deletes all infrastructure resources managed by a Terraform configuration, effectively tearing down the environment.

38. What is CloudFormation’s Change Set?

• Answer: A Change Set in CloudFormation is a summary of the proposed changes to a stack that allows users to review changes before they are applied.

39. What is “self-healing infrastructure”?

• Answer: Self-healing infrastructure refers to the ability of an environment to automatically recover from failures, often through automation, monitoring, and IaC practices.

40. Explain “infrastructure as data.”

• Answer: Infrastructure as Data is the concept where IaC configurations and metadata are treated as data, enabling automation, analysis, and easier management of configurations.

41. What is Blue-Green Deployment in IaC?

• Answer: Blue-Green Deployment is a strategy where two identical environments (blue and green) are created, allowing seamless transition from one environment to the other with minimal downtime.

42. What are roles in Ansible?

• Answer: Roles in Ansible are a way to organize playbooks and manage configurations, allowing reusable, modular configurations for different tasks or services.

43. What is a Terraform Backend?

• Answer: A Terraform backend is the storage mechanism for Terraform state, which can be local or remote (e.g., AWS S3, HashiCorp Consul) and allows collaboration and state management.

44. What is Infrastructure Testing?

• Answer: Infrastructure Testing involves testing IaC configurations to ensure correctness, security, compliance, and to prevent configuration drift.

45. What is Desired State Configuration (DSC)?

• Answer: DSC is a management platform in PowerShell that enables infrastructure configuration to reach and maintain a desired state automatically.

46. What is “convergent configuration” in Puppet?

• Answer: Convergent configuration is Puppet’s approach to continually enforce the desired state on nodes, where it automatically corrects deviations.

47. What are Sentinel policies in Terraform?

• Answer: Sentinel policies in Terraform Enterprise allow governance policies to be defined, ensuring that infrastructure follows certain rules and meets organizational compliance.

48. What is the purpose of Ansible Vault?

• Answer: Ansible Vault is used for securely storing sensitive data, such as passwords and keys, in playbooks by encrypting specific files.

49. How does IaC handle rollback?

• Answer: IaC allows for rollback by reapplying a previous configuration version, making it easier to revert changes if issues arise.

50. How would you troubleshoot a failed Terraform apply?

• Answer: Troubleshooting a failed terraform apply includes checking the error messages, verifying credentials, checking resource limits, ensuring correct syntax, and confirming that the state file is up to date.