Top 50 Terraform Interview Question and Answers

13 Oct 2024 - Shyam Mohan

1. What is Terraform?

   • Terraform is an open-source Infrastructure as Code (IaC) tool by HashiCorp. It allows users to define and provision infrastructure using a declarative configuration language.

2. How does Terraform work?

   • Terraform manages infrastructure by reading the configuration files and then creating an execution plan. This plan describes what it will do to reach the desired state, and then applies the necessary changes.

3. What is a Terraform provider?

   • Providers are responsible for managing the lifecycle of a resource. Examples include cloud providers like AWS, Azure, and GCP, and on-premises solutions like VMware.

4. What are Terraform modules?

   • Modules are containers for multiple resources that are used together. They enable reusability, simplify configuration, and organize resources logically.

5. What is the purpose of the terraform init command?

   • The terraform init command initializes the configuration, downloads providers, and sets up the backend to store state.

6. Explain the Terraform lifecycle.

   • The Terraform lifecycle includes: terraform init, terraform plan, and terraform apply. Optional commands include terraform validate, terraform destroy, and terraform refresh.

7. What is the difference between terraform apply and terraform plan?

   • terraform plan shows what actions Terraform will take to reach the desired state, while terraform apply executes those actions.

8. What is Terraform state?

   • Terraform state is a file that keeps track of the infrastructure created by Terraform, ensuring consistency between what is deployed and what is defined.

9. Why do we need a state file in Terraform?

   • The state file enables tracking of resources, dependency resolution, and mapping of resources to configuration.

10. How do you manage state in Terraform?

    • State can be managed locally or remotely. Remote backends, such as AWS S3 or HashiCorp Consul, are commonly used for collaboration and backup.

---

1. What is remote state management?

   • Remote state management stores the state file in a remote location to enable team collaboration and secure storage.

2. What is a Terraform backend?

   • A backend is used to define where the Terraform state is stored and can also manage operations like apply and plan locking.

3. What is a workspace in Terraform?

   • Workspaces are a way to manage multiple environments with a single configuration, such as staging and production.

4. How do you handle sensitive data in Terraform?

   • Sensitive data can be managed using environment variables, the sensitive attribute, and tools like HashiCorp Vault or AWS Secrets Manager.

5. Explain the use of .tf and .tfstate files.

   • .tf files contain the configuration for resources, and .tfstate files store the current state of infrastructure.

6. What are data sources in Terraform?

   • Data sources retrieve read-only data from external sources to use within Terraform configurations.

7. Explain the use of terraform import.

   • terraform import imports an existing infrastructure into Terraform management.

8. What is the terraform refresh command?

   • The terraform refresh command updates the state file with the actual configuration of resources without applying any changes.

9. How do you create reusable components in Terraform?

   • Reusable components are created using modules.

10. What is the use of terraform fmt?

    • The terraform fmt command is used to format code to the standard style, improving readability.

---

1. How do you handle dependencies between resources in Terraform?

   • Terraform automatically handles dependencies based on resource references, but explicit dependencies can be set using the depends_on attribute.

2. Explain the count and for_each meta-arguments.

   • count allows you to create multiple instances of a resource, while for_each is used for dynamic resource creation based on a map or list.

3. What is drift in Terraform?

   • Drift occurs when the actual infrastructure deviates from the state file configuration. This can be identified with terraform plan or terraform refresh.

4. Explain conditional expressions in Terraform.

   • Conditional expressions allow you to define resources or settings based on conditions, using if statements.

5. What is Terraform Cloud?

   • Terraform Cloud is a SaaS offering that provides a centralized version of Terraform, enabling collaboration, governance, and automation.

6. What is the difference between terraform taint and terraform untaint?

   • terraform taint marks a resource for recreation, while terraform untaint removes that mark.

7. How do you handle multiple providers in Terraform?

   • Multiple providers can be used by aliasing providers and specifying the alias in resource definitions.

8. What is Sentinel in Terraform?

   • Sentinel is a policy-as-code framework that allows you to enforce governance and compliance in Terraform configurations.

9. Explain the purpose of the output variable.

   • Output variables allow you to display key information from your configuration after deployment.

10. What is a terraform destroy command?

    • The terraform destroy command destroys all resources managed by a Terraform configuration.

---

1. Why is it important to use version control with Terraform?

   • Version control allows tracking of infrastructure changes, collaboration, and rollback capabilities.

2. What are remote backends and why are they used?

   • Remote backends store state files remotely, enabling collaboration, secure access, and state locking.

3. How can you use CI/CD with Terraform?

   • CI/CD integration enables automated infrastructure deployment and updates, ensuring consistency and faster deployments.

4. What are the benefits of using Terraform in a multi-cloud environment?

   • Terraform’s multi-cloud support allows a consistent approach across different providers, reducing learning curves and avoiding vendor lock-in.

5. Explain the locals block in Terraform.

   • The locals block defines local variables within a module, often used for simplifying configurations.

6. What are custom providers in Terraform?

   • Custom providers are created to manage resources for unsupported services, using the Terraform Plugin SDK.

7. How does Terraform handle resource deletion?

   • Resources are deleted when they are removed from the configuration, or when terraform destroy is run.

8. How can you upgrade Terraform modules?

   • Modules can be upgraded by specifying a new version in the configuration and running terraform init -upgrade.

9. What is the purpose of the terraform graph command?

   • terraform graph generates a dependency graph of resources, aiding in understanding relationships.

10. What are some common errors in Terraform?

    • Common errors include version mismatches, incorrect variable declarations, and unsupported provider features.

11. How do you resolve provider version conflicts?

    • Provider version conflicts are resolved by specifying compatible versions and using terraform init -upgrade.

12. What is the purpose of the -refresh flag in Terraform?

    • The -refresh flag forces a state refresh before planning, updating any changes in real-time.

13. How can you enforce security policies with Terraform?

    • Policies can be enforced using Sentinel or by embedding policies directly within Terraform configurations.

14. Explain the difference between output and local variables.

    • output variables expose data from a module, while local variables are used within a module for configuration simplicity.

15. What are the benefits of state locking in Terraform?

    • State locking prevents concurrent modifications, ensuring consistency and preventing corruption.

16. What is an execution plan in Terraform?

    • An execution plan is generated by terraform plan, detailing proposed changes to reach the desired state.

17. How do you handle rollbacks in Terraform?

    • Rollbacks can be managed by using version control for configurations and applying previous versions of code.

18. What is an override file in Terraform?

    • Override files allow local modifications without altering the main configuration, useful for local testing.

19. How can you test Terraform configurations?

    • Testing can be done using terraform plan, static code analysis, and tools like Terratest and InSpec.

20. Explain how Terraform ensures idempotency.

    • Terraform ensures idempotency by managing infrastructure through its state file, preventing duplicate creation or accidental deletion.