Here are 28 Real-time Terraform Interview Questions and Answers with a list and explanation of important commands often asked in interviews.
The rise in the use of Cloud Technologies has opened a lot of opportunities in the world of DevOps. In the future, cloud technologies will be a common topic for interview questions, and basic knowledge of cloud and Infrastructure as a Code, IAC tools will be a must for DevOps roles.
What is Terraform?
Terraform is one of the most popular IAC tools used by every cloud engineer. It allows us to define both cloud and on-premise resources in human-readable configuration files and thereby provision these resources programmatically. The most notable feature of Terraform is that, unlike most IAC tools out there, it is not limited to a single cloud provider. You can use Terraform to run your applications on multiple cloud platforms simultaneously.
In case you are wondering what technologies terraform supports, here is a small list:
- Amazon Web Services (AWS)
- Google Cloud Platform (GCP)
- Microsoft Azure
- IBM Cloud
- VMware vSphere
- Serverspace
- DigitalOcean
- Oracle Cloud Infrastructure
- Yandex. ClouD
- OpenStack.
To go ahead in your career as DevOps Engineers, Cloud Architects, Developers, or Administrators, you will have to face Terraform interview questions. We have compiled a list of top terraform interview questions that should help you enhance your knowledge of Terraform.
General Terraform Interview Questions and Answers
#1. What do you understand by Terraform?
Terraform is an open-source IAC tool created by HashiCorp. It is used to create, update, delete and version your infrastructure on multiple cloud platforms.
#2. What are the reasons to choose Terraform for DevOps?
Using Terraform for provisioning infrastructure leaves no room for human errors, hence improving the quality, consistency, and efficiency of Cloud and on-prem infrastructure. Terraform uses the HCL language, which is fairly similar to JSON and easy to learn and use. Unlike the other IAC tools offered by cloud providers like Cloudformation for AWS, we can use Terraform with a number of cloud platforms simultaneously. This avoids the need to learn multiple IAC tools and improves the scope of collaboration.
#3. How does Terraform work?
Terraform uses plugins called the Terraform providers to interact with APIs on Cloud Platforms and provision our resources. As an end-user, terraform workflow has three steps.
Write: Author the infrastructure as code.
Plan: Preview changes Terraform will make before applying.
Apply: Provision the infrastructure and apply the changes.
#4. What do you mean by Terraform cloud?
Terraform Cloud is a remote environment that is optimized for the Terraform workflow. It provides features like workspaces and state locking, which allows people in big teams to collaborate.
#5. What do you understand by State in Terraform?
As an IAC tool, terraform should know the current state of configurations and infrastructure under its management. Terraform stores this information in a file called the state file.
#6. What is the benefit of Terraform State?
The Terraform State allows Terraform to map real-world resources to your configuration, keep track of metadata, and improve performance when planning changes for complex infrastructures. It is a critical component of Terraform.
#7. What do you understand by Terraform Backend?
Terraform backend is the platform where the Terraform State Snapshots are stored. By default, Terraform uses a backend called local to store state as a local file on your disk. All other supported backends are some kind of remote storage service.
#8. What is a provider in Terraform?
Providers in Terraform are plugins that allow Terraform to interact with cloud providers, SaaS providers, and other APIs. For example, if we plan on using Terraform to provision infrastructure on AWS, we will need to declare an AWS provider in our configuration files.
#9. Who maintains Terraform Providers?
Providers are distributed separately from Terraform itself. As a Terraform user, anyone can develop their own providers. There are some standard providers that are maintained explicitly by Hashicorp.
#10. What is Sentinel?
Sentinel is a policy as a code tool used to enforce standard configurations for resources being deployed by Terraform. It can be used by organizations for compliance and governance purposes.
#11. What do you understand by modules in Terraform?
A Terraform module is a standard container for multiple resources used together to provision and configure resources. For example, you can create a “VPC module” for your organization that provisions a standard VPC and other resources like Subnets and Internet Gateways. Modules can be shared publically via the Public module registry and privately via the Private Module registry.
#12. What is the benefit of using modules in terraform?
Terraform modules allow us to create logical abstraction on the top of a resource set. Using modules allows us to maintain and reuse a standard configuration for resources. They can be versioned and shared with members of your teams to provision resources in a standard way.
#13. What is the Private Module Registry?
A Private Module Registry Terraform Cloud feature allows us to share Terraform modules across our organization.
Advanced Terraform Interview Questions and Answers
#14. How can we export data from one module to another?
We can export data from a module by defining output blocks in the module configuration files. This data can then be transferred as a parameter to the destination module.
#13. How can you define dependencies in Terraform?
Terraform has built-in dependency management. Terraform has two kinds of dependencies between resources- implicit and explicit dependencies.
Implicit dependencies, as the name suggests, are detected by Terraform automatically. This is when the output of a “resource A” is used in “resource B”. Terraform automatically detects that “resource B” needs to be created only after “resource A”
Explicit dependencies can be specified in cases where two resources are internally dependent on each other without sharing any outputs. This can be done by using the depends_on parameter in the configuration block.
#14. What are Provisioners in Terraform?
Provisioners are Terraform resources used to execute scripts as a part of the resource creation or destruction. There are two types of Provisioners in Terraform:
- local-exec: Invokes a script on the machine running Terraform.
- remote- exec: Invokes a script on a remote resource after it is created.
Provisioners are only meant to be used as a last resort in Terraform.
#15. What is the external data block in Terraform?
Just like the local-exec provisioner, external data bock can be used to run scripts on machines running Terraform. The difference between a provisioner and the external data block is that the scripts in the external data block can return data in JSON format, whereas provisioners cannot return any outputs. It is important to note that external data blocks are also meant to be a last resort and should not be used if there is a better alternative.
#16. How can two people using the Terraform cloud can create two different sets of infrastructure using the same working directory?
By using different workspaces. These users can start Terraform runs in two separate workspaces. Each workspace has a state file of its own, so as long as the resources do not overlap, both the users can successfully provision two different sets of infrastructure using the same code.
#17. What happens when multiple engineers start deploying infrastructure using the same state file?
Terraform has a very important feature called “state locking”. This feature ensures that no changes are made to the state file during a run and prevents the state file from getting corrupt. It is important to note that not all Terraform Backends support the state locking feature. You should choose the right backend if this feature is a requirement.
#18. What is a null resource in Terraform?
A terraform null resource is a configuration that runs like a standard terraform resource block but does not create any resources. This may sound like a strange and useless resource, but it can be useful in various situations to work around limitations in Terraform.
#19. How can you use the same provider in Terraform with different configurations?
By using alias argument in the provider block.
#20. You have a Terraform configuration file with no resources. What happens when you run the terraform apply
command?
Terraform will destroy all the resources. Starting an empty run with terraform apply
command is exactly the same as starting the terraform destroy run.
#21. What happens if a resource was created successfully in terraform but failed during provisioning?
This is an unlikely scenario, but when this happens, the resource is marked as tainted and can be recreated by restarting the terraform run.
#22. Which value of the TF_LOG
variable provides the MOST verbose logging?
TRACE is the most verbose and the default value of the TF_LOG
variable.
#23. How can you import existing resources under Terraform Management?
By using the terraform import
command.
#24. Which command can be used to preview the terraform execution plan?
The terraform plan
command generates the execution plan of the changes Terraform will do to the infrastructure.
#25. Which command can be used to reconcile the Terraform state with the actual real-world infrastructure?
The terraform apply -refresh-only
command is used to reconcile Terraform state with the actual real-world infrastructure. It is the new alternative to the terraform refresh
command, which is now deprecated.
#26. Which command can be used to switch between workspaces when using Terraform Cloud?
The terraform workspace select <workspace-name>
command is used to choose a different workspace.
#27. Which command is used to perform syntax validation on terraform configuration files?
The terraform validate
command is used to verify whether a configuration is syntactically valid and internally consistent.
#28. Which command is used to create new workspaces in the Terraform cloud?
The terraform workspace new <workspace-name>
command is used to create a new workspace.
Some other important terraform commands for technical interviews.
- terraform init: Initializes remote backends; downloads providers and remote modules defined in your configuration.
- terraform init -upgrade: used to upgrade the existing downloaded providers.
- terraform plan: generates the execution plan for the infrastructure creation or updation.
- terraform apply: creates or updates the infrastructure after requesting confirmation from user.
- terraform apply –auto-approve: creates or updates the infrastructure; user approval stage is skipped.
- terraform destroy: deletes the infrastructure after requesting confirmation from user.
- terraform destroy –auto-approve: deletes the infrastructure; user approval stage is skipped.
- terraform fmt: scans the current directory for configuration files and formats them according to the HCP canonical style and format.
- terraform fmt –recursive: scans the current directory as well as the sub directories for configuration files and formats them according to the HCP canonical style and format.
- terraform show: provides a human-readable output from a state or plan file.
I hope the above information helps you to get a Terraform job.