17 Terraform Interview Questions and Answers: Ace Your Infrastructure Automation Interviews

Introduction:

As organizations strive for efficient and scalable infrastructure management, Infrastructure as Code (IaC) has emerged as a crucial concept. Among the leading tools in the IaC domain, Terraform stands out for its ability to automate infrastructure provisioning across various cloud providers. If you're preparing for a Terraform interview, this blog is here to help. We've compiled a list of 17 common Terraform interview questions and provided detailed answers to help you confidently navigate your interview.

1. What is Terraform, and how does it differ from other infrastructure management tools?

Terraform is an open-source IaC tool created by HashiCorp. It enables users to define infrastructure resources as code and automatically provisions and manages them across various cloud providers. Unlike other tools, Terraform offers a declarative approach, meaning it focuses on describing the desired state rather than specifying detailed steps.

2. What is a Terraform state file, and why is it important?

The Terraform state file is a JSON-formatted file that stores the mapping between the resources defined in your Terraform configuration and the actual resources deployed in your infrastructure. It helps Terraform understand the current state of your infrastructure and determine the necessary actions to reach the desired state.

3. What are Terraform providers?

Terraform providers are plugins that allow Terraform to interact with specific infrastructure platforms, such as AWS, Azure, OCI, or Google Cloud. Providers define the necessary API calls and resources to manage infrastructure within the target platform.

4. How do you handle secrets and sensitive data in Terraform?

Terraform provides several mechanisms to manage secrets securely, such as environment variables, input variables, and remote backends like HashiCorp Vault or AWS Secrets Manager. You should avoid hardcoding secrets directly into your Terraform configuration files. Sensitive data should never be stored directly in Terraform configuration files. Instead, Terraform provides input variables and environment variables to handle sensitive data securely. Input variables can be passed through command-line flags or from variable files, while environment variables can be accessed using the `TF_VAR_variable_name` convention.

5. What is the purpose of Terraform modules?

Terraform modules are reusable components that encapsulate a set of resources and configurations. They promote code reuse, reduce duplication, and enable modular infrastructure provisioning. Modules can be published, shared, and versioned, making it easier to collaborate and promote best practices within an organization.

6. How does Terraform handle dependencies between resources?

Terraform automatically manages resource dependencies based on the defined configuration. It determines the order of resource creation and updates by analyzing the relationships expressed through variables, references, and resource dependencies.

Terraform uses implicit and explicit dependencies to manage resource ordering. Implicit dependencies are inferred from resource references within the configuration. Explicit dependencies can be defined using the `depends_on` argument, ensuring resources are created or updated in the desired order.

There are 2 types of dependencies .

1. Implicit dependencies

2. Explicit dependencies

Implicit dependencies:

Implicit dependencies are the primary way that Terraform understands the relationships between your resources. The most common source of dependencies is an implicit dependency between two resources or modules. 

Review the configuration in main.tf. It declares two EC2 instances and an Elastic IP address.

main.tf

provider "aws" {

  region = var.aws_region

}

data "aws_ami" "amazon_linux" {

  most_recent = true

  owners      = ["amazon"]

  filter {

    name   = "name"

    values = ["amzn2-ami-hvm-*-x86_64-gp2"]

  }

}

resource "aws_instance" "example_a" {

  ami           = data.aws_ami.amazon_linux.id

  instance_type = "t2.micro"

}

resource "aws_instance" "example_b" {

  ami           = data.aws_ami.amazon_linux.id

  instance_type = "t2.micro"

}

resource "aws_eip" "ip" {

  vpc      = true

  instance = aws_instance.example_a.id

}

The aws_eip resource type allocates and associates an Elastic IP to an EC2 instance. Since the instance must exist before the Elastic IP can be created and attached, Terraform must ensure that aws_instance.example_a is created before it creates aws_eip.ip. Meanwhile, aws_instance.example_b can be created in parallel to the other resources.

As shown above, Terraform waited until the creation of EC2 instance example_a was complete before creating the Elastic IP address.

Terraform automatically infers when one resource depends on another by studying the resource attributes used in interpolation expressions. In the example above, the reference to aws_instance.example_a.id in the definition of the aws_eip.ip block creates an implicit dependency.

Terraform uses this dependency information to determine the correct order in which to create the different resources. To do so, it creates a dependency graph of all of the resources defined by the configuration. In the example above, Terraform knows that the EC2 Instance must be created before the Elastic IP.

Explicit dependencies

Sometimes there are dependencies between resources that are not visible to Terraform, however. The depends_on argument is accepted by any resource or module block and accepts a list of resources to create explicit dependencies for.

To illustrate this, assume you have an application running on your EC2 instance that expects to use a specific Amazon S3 bucket. This dependency is configured inside the application, and thus not visible to Terraform. You can use depends_on to explicitly declare the dependency. You can also specify multiple resources in the depends_on argument, and Terraform will wait until all of them have been created before creating the target resource.

Add the following to main.tf.

resource "aws_s3_bucket" "example" { }

resource "aws_instance" "example_c" {

  ami           = data.aws_ami.amazon_linux.id

  instance_type = "t2.micro"

  depends_on = [aws_s3_bucket.example]

}

module "example_sqs_queue" {

  source  = "terraform-aws-modules/sqs/aws"

  version = "3.3.0"

  depends_on = [aws_s3_bucket.example, aws_instance.example_c]

}

This configuration includes a reference to a new module, terraform-aws-modules/sqs/aws. Modules must be installed before Terraform can use them.

7. How can you manage different environments (e.g., development, staging, production) with Terraform?

Terraform allows you to define variables and use them to specify environment-specific configurations. By leveraging separate variable files or environment-specific backend configurations, you can manage multiple environments within a single Terraform codebase.

8. Explain the concept of Terraform workspaces.

Terraform workspaces enable you to manage multiple instances of the same infrastructure concurrently. Each workspace has its separate state file, allowing you to create isolated environments for different stages or branches of development.

Terraform workspaces allow you to manage multiple environments or configurations within a single Terraform project. Workspaces help you keep resource configurations separate and avoid conflicts between different environments, such as development, staging, and production.

Example:

$ terraform workspace new dev

$ terraform workspace select dev

9. How do you handle changes to infrastructure resources in Terraform?

Terraform employs a change detection mechanism. It compares the desired state (defined in the configuration) with the current state (stored in the state file) and determines the necessary actions to reach the desired state. It then applies only the required changes to the infrastructure.

10. What is the purpose of the Terraform plan command?

The terraform plan command examines the current infrastructure state and configuration to generate an execution plan. It outlines the actions Terraform will take to reach the desired state without actually making any changes. This allows you to review the plan and ensure it aligns with your expectations before applying changes.

11. How does Terraform differ from other IaC tools like Ansible or Chef?

While Ansible and Chef are primarily configuration management tools, Terraform focuses on infrastructure provisioning and orchestration. Terraform supports multiple cloud providers, whereas Ansible and Chef have broader support for configuring servers and managing software.

12. What is the difference between Terraform's "plan," "apply," and "destroy" commands?

- The `terraform plan` command generates an execution plan, showing the changes Terraform will make to the infrastructure without actually applying them.

- The `terraform apply` command applies the changes defined in the Terraform configuration to create, update, or delete resources.

- The `terraform destroy` command destroys all the resources created by Terraform.

13. What is remote state in Terraform, and why is it important?

Remote state in Terraform refers to storing the state file in a shared location, such as an object storage service or a version control system. Storing the state remotely ensures consistency, collaboration, and better team coordination when working on the same infrastructure codebase.

14. How do you manage provider credentials in Terraform?

Terraform uses provider-specific configuration blocks to manage credentials. For example, if you're working with AWS, you can set up AWS access and secret keys as environment variables or use the AWS CLI configuration file. Alternatively, you can use a shared credentials file or even an instance profile if you're running Terraform on an EC2 instance.

Example:

provider "aws" {

  access_key = var.aws_access_key

  secret_key = var.aws_secret_key

  region     = var.aws_region

}

15. How do you manage Terraform state?

Terraform state is a crucial component for tracking and managing resources. By default, Terraform stores state locally in a file named `terraform.tfstate`. However, in a team environment, it's recommended to use remote state storage, such as AWS S3 or HashiCorp Consul, to allow collaboration and state locking.

Example:

terraform {

  backend "s3" {

    bucket         = "my-terraform-state"

    key            = "terraform.tfstate"

    region         = "us-west-2"

    dynamodb_table = "terraform-locks"

  }

}

16. How do you create reusable modules in Terraform?

Terraform modules enable you to encapsulate and reuse infrastructure configurations. A module can represent a group of resources with defined input and output variables. By abstracting infrastructure components into modules, you can promote consistency, reusability, and easier maintenance across different projects.

Example:

module "vpc" {

  source = "terraform-aws-modules/vpc/aws"

  name = "my-vpc"

  cidr = "10.0.0.0/16"

}

17. How do you handle infrastructure updates without disrupting existing resources?

Terraform offers the concept of a "planned" and "apply" workflow. The `terraform plan` command generates an execution plan that shows the proposed changes before actually applying them. This way, you can review and validate the changes before Terraform applies them to the infrastructure.

Example:

$ terraform plan