Terraform Interview Questions and Answers for 2024

  

What is Terraform?

Terraform is a popular infrastructure-as-code tool that allows you to automate the provisioning and management of infrastructure resources. It uses configuration files written in the HashiCorp Configuration Language (HCL) to define the desired state of your infrastructure, and it uses various commands to apply those configurations and manage your infrastructure resources.

What is Hashicorp Terraform?

Terraform is an open-source infrastructure as code (IaC) software tool which can be used to provision the infrastructure of an cloud platform. The scripts which have been used to provision infrastructure can be human-readable configuration files that can be versioned, reused, and shared. You can use wide provision wide range of resources in the cloud by using terraform like compute, storage, networking, and application services, across a variety of cloud providers and on-premises environments.

The language used in the terraform is declarative type where you can just mention the required state no need of mentioning how to achieve that desired state. Wit the help of the state file terraform will create, modify, or destroy resources.

What is Infrastructure as a Code (IaC)?

Infrastructure as Code (IaC) is a method of managing and provisioning IT infrastructure using code, rather than manual configuration. It allows teams to automate the setup and management of their infrastructure, making it more efficient and consistent. This is particularly useful in the DevOps environment, where teams are constantly updating and deploying software. 

What are Use Cases Of Terraform?

Following are the some of the use cases of terraform.

1. Provisioning Cloud Resources: Different types of cloud resources can be provisioned by using terraform like AWS,GCP, and others. The resources can be managed are compute, storage, networking, and application services.
2. Multi-Cloud Management: You can manage the infrastructure of different cloud platform at a time which will helps you to maintain the multi-cloud or hybrid cloud environments.
3. Infrastructure Versioning and Collaboration: You can store the scripts which have been written to provision the infrastructure in the version control system like git form where other teams can collaborate on infrastructure changes, track revisions, and roll back to previous states if needed.
4. Automation and Continuous Integration/Continuous Deployment (CI/CD): You can also integrate the terraform into you CICD pipelines where ever the build is triggered if there is any changes the infrastructure will upgrades automatically.

What is Terraform Provider?

A software element known as a Terraform provider enables Terraform to communicate with a particular infrastructure platform. The resource kinds and data sources that Terraform can handle for that platform must be implemented by providers.Cloud platforms, data centres, network devices, databases, and other resources inside the target infrastructure or service can all be defined, configured, and managed by Terraform providers.

What is Work Of Terraform ?

With Terraform, users can define infrastructure resources using a simple, declarative configuration language. These resources can include virtual machines, networking components, storage resources, and more. Once the configuration is defined, Terraform can be used to create, modify, and destroy these resources in a repeatable and predictable way.

One of the key benefits of Terraform is its ability to support multiple cloud providers, as well as on-premises and open-source tools. This means that users can define infrastructure resources using a single configuration and use Terraform to manage resources across different environments.

Overall, Terraform is a powerful and flexible tool that enables users to define and manage infrastructure resources in a reusable and automated way. It is widely used in a variety of industries and scenarios, including cloud infrastructure, data centers, and hybrid environments.

 

What Are Components of Terraform Architecture

Terraform Configuration Files

These files contain the definition of the infrastructure resources that Terraform will manage, as well as any input and output variables and modules. The configuration files are written in the HashiCorp Configuration Language (HCL), which is a domain-specific language designed specifically for Terraform.

Terraform State File

This file stores the current state of the infrastructure resources managed by Terraform Statefile. The state file is used to track the resources that have been created, modified, or destroyed, and it is used to ensure that the infrastructure resources match the desired state defined in the configuration files.

Infrastructure as Code

Terraform allows you to use code to define and manage your infrastructure, rather than manually configuring resources through a user interface. This makes it easier to version, review, and collaborate on infrastructure changes.

Cloud APIs or other Infrastructure Providers

These are the APIs or other interfaces that Terraform uses to create, modify, or destroy infrastructure resources. Terraform supports multiple cloud providers, as well as on-premises and open-source tools.

Providers

Terraform integrates with a wide range of cloud and infrastructure providers, including AWS, Azure, GCP, and more. These providers allow Terraform to create and manage resources on those platforms.

Overall, the architecture of a Terraform deployment consists of configuration files, a state file, and a CLI that interacts with cloud APIs or other infrastructure providers to create, modify, or destroy resources. This architecture enables users to define and manage infrastructure resources in a declarative and reusable way.

What is Terraform Modules?

In Terraform, a module is a container for a set of related resources that are used together to perform a specific task. Modules allow users to organize and reuse their infrastructure code, making it easier to manage complex infrastructure deployments.

Modules are defined using the ‘ module ‘ block in Terraform configuration. A module block takes the following arguments:

• source: The source location of the module. This can be a local path or a URL.
• name: The name of the module. This is used to reference the module in other parts of the configuration.
• version: The version of the module to use. This is optional and can be used to specify a specific version of the module.

Inside a module block, users can define the resources that make up the module, as well as any input and output variables that the module exposes. Input variables allow users to pass values into the module when it is called, and output variables allow the module to return values to the calling configuration. Modules can be nested, allowing users to create complex infrastructure architectures using a hierarchical structure. Modules can also be published and shared on the Terraform Registry, enabling users to reuse and extend the infrastructure code of others.

What is Terraform?

The open-source binary for Terraform Core is available for download and usage on the command line. The configuration files you provide (your desired state) and the present state (a state file generated and managed solely by Terraform) are the two input sources used by Terraform’s Core. The Core then develops a plan for what resources need to be added, altered, or eliminated using this knowledge.

 

Why To Use Terraform?

Terraform offers many benefits and it is a widely used tool in present organizations for managing their infrastructure.

Multi-Cloud And Multi-Provider Support

Terraform can manage multi-cloud at a time like AWS, AZURE and GCP and also you can manage your on-premises infrastructure. The language used in terraform was Hashi Crop Language (HCL). 

Terraform Is Declerative Mangement Tool 

There is no need to tell Terraform how to achieve the desired step-by-step you can just mention the desired state you want Terraform will automatically achieve that. So that the terraform is called a declarative management tool. 

Mutable and Immutable Infrastructure

Mutable infrastructure refers to upgrading the software by modifying the existing one. Immutable infrastructure refers to infrastructure that is never modified once it is created which one to choose will depend upon us.

State Management

Terraform logs(maintains) information about the resources it has created in a state file( terraform. tfstate). This enables Terraform to know which resources are under its control and when to update and destroy them.

What is Terraform Private Module Registry?

A private module registry is a repository for Terraform Modules that is only accessible to a specific group of users, rather than being publicly available. Private module registries are useful for organizations that want to manage and distribute their own infrastructure code internally, rather than using publicly available modules from the Terraform Registry.

To use a private module registry, users need to configure their Terraform CLI to authenticate with the registry and access the modules. This typically involves setting up an access token or other authentication method and specifying the registry URL in the Terraform configuration.

Once configured, users can use the ‘ module ‘ block in their Terraform configuration to reference the modules in the private registry, just like they would with publicly available modules. Private module registries can be hosted on a variety of platforms, including cloud providers, on-premises servers, and open-source tools.

Overall, private module registries are a useful tool for organizations that want to manage and distribute their own Terraform modules internally, enabling them to better control and reuse their infrastructure code.

What Are Terraform Commands? 

Terraform init

Terraform init command initializes a Terraform working directory by downloading and installing any required plugins and dependencies. It should be run before any other Terraform commands.

$ terraform init

Terraform Validate

The Validate Command performs precisely what its name implies. It ensures that the code is internally coherent and examines it for syntax mistakes. Only the configuration files (*.tf) in the active working directory are examined. You must provide the -a recursive flag if you want to validate files inside of folders (for example, if you have a module/ directory).

$ terraform validate

Terraform Apply 

Terraform apply command applies the changes defined in the configuration to your infrastructure. It creates or updates the resources according to the configuration, and it also prompts you to confirm the changes before applying them.

$ terraform apply

Terraform Destroy 

Terraform destroy command will destroy all the resources created by Terraform in the current working directory. It is a useful command for tearing down your infrastructure when you no longer need it.

$ terraform destroy

Terraform Import

Imports an existing resource into the Terraform state, allowing it to be managed by Terraform.

$ terraform import

Terraform Console

Opens an interactive console for evaluating expressions in the Terraform configuration.

$ terraform console

Terraform Refresh 

This command updates the state of your infrastructure to reflect the actual state of your resources. It is useful when you want to ensure that your Terraform state is in sync with the actual state of your infrastructure.

$ terraform refresh

Advantages of Terraform

• Declarative Configuration: Terraform uses a declarative configuration language, which means that users define the desired state of their infrastructure resources, rather than the specific steps required to achieve that state. This makes it easier to understand and manage complex infrastructure deployments.
• Support for Multiple Cloud Providers: Terraform supports multiple cloud providers, as well as on-premises and open-source tools, which means that users can define and manage their infrastructure resources using a single configuration.
• Reusable Infrastructure Code: Terraform allows users to define their infrastructure resources in a reusable and modular way, using features such as modules and variables. This makes it easier to manage and maintain complex infrastructure deployments.
• Collaboration and Version Control: Terraform configuration files can be stored in version control systems such as Git, which makes it easier for teams to collaborate and track changes to their infrastructure.
• Efficient Resource Management: Terraform has features such as resource dependencies and provisioners that enable users to manage their infrastructure resources efficiently, minimizing duplication and ensuring that resources are created and destroyed in the correct order.

Disadvantages of Terraform

• Complexity: Terraform can be complex to learn and use, especially for users who are new to infrastructure automation. It has a large number of features and can be difficult to understand the full scope of its capabilities.
• State Management: Terraform uses a state file to track the resources it manages, which can cause issues if the state file becomes out of sync with the actual infrastructure. This can happen if the infrastructure is modified outside of Terraform or if the state file is lost or corrupted.
• Performance: Terraform can be slower than some other IaC tools, especially when managing large infrastructure deployments. This can be due to the need to communicate with multiple APIs and the overhead of managing the state file.
• Limited Error Handling: Terraform does not have robust error handling, and it can be difficult to diagnose and fix issues when they arise. This can make it difficult to troubleshoot problems with infrastructure deployments.
• Limited Rollback Capabilities: Terraform does not have a built-in rollback feature, so it can be difficult to undo changes to infrastructure if something goes wrong. Users can use the ‘ terraform destroy ‘ command to destroy all resources defined in the configuration, but this can be time-consuming and may not be feasible in all situations.

FAQs On the Terraform

1. Why Terraform is used in DevOps?

Terraform offers no.of advantages which you automate your work completely some of the advantages are

1. Agility
2. Automation
3. Collaboration

2. Is Terraform an AWS tool?

No terraform is not an AWS tool is developed and completely managed by HashiCorp software company.

3. Why Terraform is used in AWS?

Terraform will automate the proceses of automating the infrastructure instead of doing it manually and also following are the some reasons Terraform is used in AWS

1. Consistency
2. Reproducibility
3. Efficiency
4. Flexibility

4. Is Terraform is a DevOps tool?

Terraform is a DevOps tool, yes. Using configuration files that are readable by humans, users can define and provision infrastructure with this infrastructure as code (IaC) tool.

Here are some basic level terraform interview questions.

1. What do you understand by Terraform in AWS?

Terraform is a part of the AWS DevOps Competency and also an AWS Partner Network (APN) advanced technology partner. It is similar to AWS CloudFromation in the sense that it is also an “infrastructure as code” tool that allows you to create, update, and version your AWS infrastructure.

2. What are the key features of Terraform?

Terraform helps you manage all of your infrastructures as code and construct it as and when needed. Here are its key main features:

• A console that allows users to observe functions 
• The ability to translate HCL code into JSON format
• A configuration language that supports interpolation 
• A module count that keeps track of the number of modules applied to the infrastructure.

3. Define IAC?

IAC allows you to build, change, and manage your infrastructure through coding instead of manual processes. The configuration files are created according to your infrastructure specifications and these configurations can be edited and distributed securely within an organization.

4. What are the most useful Terraform commands?

Some of the most useful Terraform commands are:

• terraform init - initializes the current directory
• terraform refresh - refreshes the state file
• terraform output - views Terraform outputs
• terraform apply - applies the Terraform code and builds stuff
• terraform destroy - destroys what has been built by Terraform
• terraform graph - creates a DOT-formatted graph
• terraform plan - a dry run to see what Terraform will do

5. Are callbacks possible with Terraform on Azure?

By using the Azure Event Hubs, callbacks are probable on Azure. Terraform’s Azure supplier provides effortless functionality to users. Microsoft Azure cloud Shell provides an already installed Terraform occurrence.

6. What is Terraform init?

Terraform init is a control to initialize an operational index that contains Terraform pattern files. This control can be looped multiple times. It is the first command that should be run after writing the new Terraform design.

7. What is Terraform D?

Terraform D is a plugin used on most in-service systems and Windows. Terraform init by default searches next directories for plugins.

8. Is history the same as it is on the web while using TFS API to provide resources?

Yes, the narration is similar to on the web because UI keeps API as the base. The whole thing that is on the UI is availed during other methods and the API.

9. Why is Terraform used for DevOps?

Terraform uses a JSON-like configuration language called the HashiCorp Configuration Language (HCL). HCL has a very simple syntax that makes it easy for DevOps Teams to define and enforce infrastructure configurations across multiple clouds and on-premises data centers.

10. Define null resource in Terraform.

null_resource implements standard resource library, but no further action is taken. The triggers argument allows an arbitrary set of values that will cause the replacement of resources when changed.

11. What do you mean by Terraform cloud?

Terraform Cloud is a platform that enables teams to use Terraform together, either on-demand or in response to various events. It is deeply integrated with Terraform's workflows and data, unlike a general-purpose continuous integration system. It includes easy access to shared state and secret data, detailed policy controls for updating infrastructure and governing the contents of Terraform, a private registry for sharing Terraform modules, and lots more.

12. Explain Oracle Cloud Infrastructure.

Oracle cloud offered by Oracle Corporation is a cloud computing service providing storage, servers, applications, services, and networks through a global network of managed data centers by Oracle Corporation. These services are provisioned on-demand over the Internet by the company.

13. What do you understand by terraform backend?

Each Terraform configuration can specify a backend, which defines two main things:

• Where operations are performed 
• Where the state is stored (Terraform keeps track of all the resources created in a state file)

14. What are the version controls supported by Terraform besides GitHub?

The version controls supported GitLab EE, GitLab CE, and Bucket Cloud.

15. Name some major competitors of Terraform.

Some of the top competitors to terraform are Azure Management Tools, Morpheus, CloudHealth, Turbonomic, and CloudBolt.

16. Explain the uses of Terraform CLI and list some basic CLI commands?

The Terraform Command-Line Interface (CLI) is used to manage infrastructure and interact with Terraform state, configuration files, providers, etc.

Here are some basic CLI commands:

• terraform init - prepares your working directory for other commands
• terraform destroy - destroys the previously-created infrastructure
• terraform validate - check whether the configuration is valid
• terraform apply - creates or updates the infrastructure
• terraform plan - shows changes needed by the current configuration

17. What are modules in Terraform?

A jug for numerous resources that are used jointly is known as a module in Terraform. The root module includes resources mentioned in the .tf files and is required for every Terraform.

18. What is a Private Module Registry?

A Private Module Registry is a feature from Terraform Cloud that allows you to share Terraform modules across the organization. You can enforce rules or “sentinel policies” on the registry that specify how members of your organization can use the modules.

19. Is Terraform usable for an on-prem infrastructure?

Yes, Terraform can be used for on-prem infrastructure. As there are a lot of obtainable providers, we can decide which suits us the best. All that we need is an API.

20. Does Terraform support multi-provider deployments?

Yes, multi-provider deployments are supported by Terraform, which includes on-prem like Openstack, VMware, and we can manage SDN even using Terram too.

21. How is duplicate resource error ignored during terraform apply?

We can try the following options:

1. Delete those resources from the Cloud Provider(API) and recreate them using Terraform
2. Delete those resources from Terraform code to stop its management with it
3. Carry out a terraform import of the resource and remove the code that is trying to recreate them

22. Name all version controls supported by Terraform

The supported version controls are:

• Azure DevOps Services
• Azure DevOps Server
• Bitbucket Server
• Bitbucket Cloud
• Gitlab EE and CE
• Gitlab.com
• GitHub Enterprise
• GitHub.com (OAuth)
• GitHub.com

23. What are some of the built-in provisioners available in Terraform?

Here is the list of built-in provisioners in Terraform:

• Salt-masterless Provisioner
• Remote-exec Provisioner
• Puppet Provisioner
• Local-exec Provisioner
• Habitat Provisioner
• File Provisioner
• Chef Provisioner

24. Which command destroys Terraform managed infrastructure?

The given command is used for this purpose:

terraform destroy [options] [dir]

25. Tell us about some notable Terraform applications.

The applications of Terraform are pretty broad due to its facility of extending its abilities for resource manipulation. Some of the unique applications are:

• Software demos development
• Resource schedulers
• Multi-cloud deployment
• Disposable environment creations
• Multi-tier applications development
• Self-service clusters
• Setup of Heroku App

26. What are the components of Terraform architecture?

The Terraform architecture includes the following features:

• Sub-graphs
• Expression Evaluation
• Vertex Evaluation
• Graph Walk
• Graph Builder
• State Manager
• Configuration Loader
• CLI (Command Line interface)
• Backend

27. Define Resource Graph in Terraform.

A resource graph is a visual representation of the resources. It helps modify and create independent resources simultaneously. Terraform establishes a plan for the configuration of the graph to generate plans and refresh the state. It creates structure most efficiently and effectively to help us understand the drawbacks.

28. Can you provide a few examples where we can use for Sentinel policies?

Sentinels are a powerful way to implement a variety of policies in Terraform. Here are a few examples:

• Enforce explicit ownership in resources
• Restrict roles the cloud provider can assume
• Review an audit trail for Terraform Cloud operations
• Forbid only certain resources, providers, or data sources
• Enforce mandatory tagging on resources 
• Restrict how modules are used in the Private Module Registry

29. What are the various levels of Sentinel enforcement?

Sentinel has three enforcement levels - advisory, soft mandatory, and hard mandatory.

• Advisory - Logged but allowed to pass. An advisory is issued to the user when they trigger a plan that violates the policy.
• Soft Mandatory - The policy must pass unless an override is specified. Only administrators have the ability to override.
• Hard Mandatory - The policy must pass no matter what. This policy cannot be overridden unless it is removed. It is the default enforcement level in Terraform.

30. How to Store Sensitive Data in Terraform?

Terraform requires credentials to communicate with your cloud provider's API. But most of the time, these credentials are saved in plaintext on your desktop. GitHub is exposed to thousands of API and cryptographic keys every day. Hence, your API keys should never be stored in Terraform code directly.  You should use encrypted storage to store all your passwords, TLS certificates, SSH keys, and anything else that shouldn't be stored in plain text.

Advanced Terraform Interview Questions

31. What is Terragrunt, and what are its uses?

Terragrunt is a thin wrapper that provides extra tools to keep configurations DRY, manage remote state and work with multiple Terraform modules. It is used for:

• Working with multiple AWS accounts
• Executing Terraform commands on multiple modules
• Keeping our CLI flags DRY
• Keeping our remote state configuration DRY
• Keeping our Terraform code DRY

32. Explain State File Locking?

State file locking is Terraform mechanism in which operations on a specific state file are blocked to avoid conflicts between multiple users performing the same process. When one user releases the lock, then only the other one can operate on that state. This helps in preventing state file corruption. This is a backend operation.

33. What do you understand by a Tainted Resource?

A tainted resource is a resource that is forced to be destroyed and recreated on the next apply command. When a resource is marked as tainted, the state files are updated, but nothing changes on infrastructure. The terraform plan out shows that help will get destroyed and recreated. The changes get implemented when the next apply happens.

34. How to lock Terraform module versions?

A proven way of locking Terraform module version is using the Terraform module registry as a source. We can use the ‘version’ attribute in module of the Terraform configuration file. As the Github repository is being used as a source, we need to specify versions, branch, and query string with ‘?ref’.

35. What is Terraform Core? Tell us some primary responsibilities of it.

Terraform Core is a binary written statically compiled by using the Go programming language. The compiled binary offers an entry point for the users of Terraform. The primary responsibilities include:

• Reading and interpolation of modules and configuration files by Infrastructure as code functionalities
• Resource Graph Construction
• Plugin communication through RPC
• Plan execution
• Management of resource state

36. Give the terraform configuration for creating a single EC2 instance on AWS.

This is the Terraform configuration for creating a single EC2 instance in AWS

provider “aws” {

region = “”}

resource “aws_instance”

“example” {

ami = ""

instance_type = ""

tags {

 Name = "example"}

37. How will you upgrade plugins on Terraform?

Run ‘terraform init’ with ‘-upgrade’ option. This command rechecks the releases.hashicorp.com to find new acceptable provider versions. It also downloads available provider versions. “.terraform/plugins/<OS>_<ARCH>” is the automatic downloads directory.

38. How will you make an object of one module available for the other module at a high level?

1. Ab output variable is defined in resource configuration.
2. Declare the output variable of module_A.
3. Create a file variable.tf for module B.
4. Establish the input variable inside this file having the same name as the key defined in module_B.
5. Replicate the process for making variable available to other modules

39. What are some of the latest Terraform Azure Provider factors?

The latest versions involve new data resources and Azurem_batch_certificate, which helps in managing the certificate. This resource is used for controlling the prefix in networking. There is fixing of bugs, and azurerm_app_service has also been enhanced.

40. How will you control and handle rollbacks when something goes wrong?

I need to recommit the previous code version to be the new and current version in my VCS. This would trigger as terraform run, which would be responsible for running the old code. As Terraform is more declarative, I will make sure all things in the code roll back to the old code. I would use the State Rollback Feature of Terraform Enterprise to roll back to the latest state if the state file got corrupted.