Hemanshu Sanjay Mahajan's blog
Day 71 - Let's prepare for some interview questions of Terraform 🔥

Day 71 - Let's prepare for some interview questions of Terraform 🔥

Hemanshu S Mahajan's photo
Hemanshu S Mahajan
·

5 min read

Terraform, an open-source infrastructure as code (IaC) tool developed by HashiCorp, has gained immense popularity in the world of DevOps and cloud infrastructure management. It allows you to define and provision infrastructure using declarative configuration files. As Terraform continues to be a key player in the IaC space, it’s crucial for professionals to be well-versed in its concepts and usage. In this article, we’ll dive into some common Terraform interview questions and explore the answers.

1. What is Terraform and how is it different from other IaC tools?

Terraform is an infrastructure as code tool used to define and provision infrastructure resources. It allows you to express your infrastructure in a declarative manner using HashiCorp Configuration Language (HCL) and then automatically creates, updates, or deletes resources to match the desired state.

The key differences that set Terraform apart from other IaC tools like Ansible or Chef are:

  • Declarative Syntax: Terraform uses a declarative syntax, which means you specify what you want, and Terraform figures out how to achieve it. Other tools may use imperative scripts.

  • Resource Graph: Terraform builds a dependency graph of resources, enabling it to understand and manage relationships between resources efficiently.

  • Multi-Cloud Support: Terraform supports multiple cloud providers and on-premises infrastructure, making it versatile.

2. How do you call a main.tf module?

In Terraform, a configuration is typically organized into modules. To call a main.tf module, you use the module block in your Terraform configuration. Here's an example:

module "example" {
  source = "./path/to/main.tf"
  # other module configuration options
}

You specify the source attribute to point to the directory containing your main.tf module.

3. What exactly is Sentinel? Can you provide a few examples where we can use Sentinel policies?

Sentinel is a policy-as-code framework developed by HashiCorp that integrates with Terraform to enforce compliance and security policies during the infrastructure provisioning process. Sentinel allows you to define rules, which are evaluated before Terraform applies changes. Some examples where you can use Sentinel policies include:

  • Security Policies: Ensuring that security groups don’t expose sensitive ports to the public internet.

  • Compliance Checks: Verifying that resources adhere to regulatory requirements like GDPR or HIPAA.

  • Cost Control: Checking that resources adhere to budget constraints by validating resource tags and sizes.

4. How would you modify the Terraform configuration file to create multiple instances of the same resource?

To create multiple instances of the same resource in Terraform, you can use a count or for_each argument. Here's an example using count:

resource "aws_instance" "example" {
  count = 3
  ami   = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}

This code will create three EC2 instances with the specified attributes.

5. You want to know from which paths Terraform is loading providers referenced in your Terraform configuration (*.tf files). You need to enable debug messages to find this out. Which of the following would achieve this?

A. Set the environment variable TF_LOG=TRACE

Setting TF_LOG=TRACE as an environment variable will enable Terraform to generate detailed debug logs, including information about where it is loading providers from.

6. How would you save a particular resource while destroying the complete infrastructure using terraform destroy?

To save a particular resource while destroying the complete infrastructure, you can use the -target flag with terraform destroy. For example:

terraform destroy -target=aws_instance.example

This command will only destroy the specified resource (aws_instance.example) and its dependencies while leaving other resources intact.

7. Which module is used to store the .tfstate file in S3?

The module used to store the .tfstate file in an S3 bucket is called terraform-backend-s3. It is a separate Terraform configuration that sets up the backend configuration to store the state file in an S3 bucket.

8. How do you manage sensitive data in Terraform, such as API keys or passwords?

Sensitive data in Terraform can be managed using Terraform Vault Integration or environment variables. Vault Integration allows you to store and retrieve sensitive data securely, while environment variables keep sensitive information out of Terraform configuration files.

9. How would you provision an S3 bucket and a user with read and write access to the bucket in Terraform?

To provision an S3 bucket and a user with read and write access, you can use the following Terraform resources:

resource "aws_s3_bucket" "example" {
  bucket = "my-example-bucket"
  acl    = "private"
}

resource "aws_iam_user" "example" {
  name = "example-user"
}

resource "aws_iam_access_key" "example" {
  user = aws_iam_user.example.name
}

resource "aws_iam_policy" "example" {
  name        = "example-policy"
  description = "Example policy for S3 access"
  policy      = <<-EOT
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject", "s3:PutObject"],
      "Resource": ["arn:aws:s3:::my-example-bucket/*"]
    }
  ]
}
  EOT
}

resource "aws_iam_policy_attachment" "example" {
  policy_arn = aws_iam_policy.example.arn
  users      = [aws_iam_user.example.name]
}

10. Who maintains Terraform providers?

Terraform providers are maintained by the respective cloud service providers or organizations. For example, AWS maintains the AWS provider, and Google maintains the Google Cloud provider. The providers are typically open source, and the community and contributors also play a role in maintaining them.

11. How can we export data from one module to another?

To export data from one module to another in Terraform, you can use output values. In the source module, define an output block, and in the calling module, reference that output using the module syntax. Here's an example:

In the source module (module1):

output "example_output" {
  value = "This is an example output."
}

In the calling module (module2):

module "module1" {
  source = "./module1"
}

# Access the output from module1
output "module1_output" {
  value = module.module1.example_output
}

In this example, module2 can access the output value of module1 using module.module1.example_output.

AWSTerraformTrainWithShubham