Terraform
When you are working with the workspaces how do you access the current workspace in the configuration files?
${terraform.workspace}
Where are custom plugins stored on windows?
%APPDATA%\terraform.d\plugins
What are the three syntax types for comments that terraform supports?
# begins a single-line comment, ending at the end of the line. // also begins a single-line comment, as an alternative to #. /* and */ are start and end delimiters for a comment that might span over multiple lines.
Is terraform a push or pull model.
A push model. No agent is running to pull configuration.
Which of the following statements best describes the Terraform list(...) type?
A sequence of values identified by consecutive whole numbers starting with zero.
How can you reference in your configuration, which workspace you are in?
Add terraform.workspace to your configuration
What are terraform modules used for?
Code reuse
What is Terraform Cloud Cost Estimation?
Terraform Cloud provides cost estimates for many resources found in your Terraform configuration. For each resource an hourly and monthly cost is shown, along with the monthly delta. The total cost and delta of all estimable resources is also shown. Cost estimation cloud providers include AWS, GCP and Azure
How do you share Terraform modules across your organization?
Terraform Cloud's private module registry helps you share Terraform modules across your organization. It includes support for module versioning, a searchable and filterable list of available modules, and a configuration designer to help you build new workspaces faster.
What does the terraform validate command do?
The terraform validate command validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc.
What does it mean to call a module?
To call a module means to include the contents of that module into the configuration with specific values for its input variables.
True or False: the backend can't use string interpolation or variables in the configuration?
True.
True or false: You can have multiple value files.
True. You can have a file called prod.tfvars and one called uat.tfvars for example.
What are the two structure types in Terraform?
Tuples and objects
Where are providers downloaded to?
Windows: %APPDATA%\terraform.d\plugins All other systems: ~/.terraform.d/plugins
__________ are how Terraform Cloud organizes infrastructure.
Workspaces
What steps is terraform workflow composed of?
Write, plan and create
How do you view outputs and queries them?
You will see the output when you run the following command terraform apply You can query the output with the following command terraform output ip
Provider configurations are_____?
Provider configurations, unlike most other concepts in Terraform, are global to an entire Terraform configuration and can be shared across module boundaries.
A list is denoted by?
[ ]
What is an object?
a collection of named attributes that each have their own type. object({ name=string, age=number }) { name = "John" age = 52 }
What is a set?
a collection of unique values that do not have any secondary identifiers or ordering.
In order to make a Terraform configuration file dynamic and/or reusable, static values should be converted to use what?
input parameters.
address_space = ["10.0.0.0/16"] The address is surrounded by square brackets []. Square brackets define _______?
lists The list is a sequence of comma-separated values. When you see square brackets around an argument, it tells you that the argument accepts more than one value.
What would you use to execute an ansible playbook?
local-exec
How do we execute code from our machine when providers won't do the job?
local-exec = from your local machine remote-exec = on the remote instance
How do you retrieve a value from a list?
local.taco_toppings[2] returns element 3
By default, terraform will store the state file?
locally, in your current working directory.
What is the syntax of a block?
resource "aws_vpc" "main" { cidr_block = var.base_cidr_block } <BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" { # Block body <IDENTIFIER> = <EXPRESSION> # Argument }
What are the requirements for the terraform import command?
terraform import [option] ADDR ID ADDR - is the configuration resource identifier in terraform ex. module.vpc.aws_subnet.public[2] ID - the provider specific resource identifier from provider ex. subnet-ad4538adfg
Taint a resource?
terraform list # to get the resource address to taint terraform taint aws_autoscaling.scale_up terraform plan terraform apply
When using providers that require the retrieval of data, such as the HashiCorp Vault provider, in what phase does Terraform actually retrieve the data required?
terraform plan
How can you use a tfvars file?
terraform plan -var-file=prod.tfvars
What command should you use to view the specified version constraints for all providers used in the current configuration.
terraform providers
How do you inspect the current state of the infrastructure applied?
terraform show
What terraform command can be used to inspect the current state file?
terraform show
What terraform command can dbe used to inspect the current state file?
terraform show
You are working on terraform files and you want to list all the resources. What is the command you should use?
terraform state list
Command to create a new workspace called dev?
terraform workspace new dev
How can you tell which workspace you are in?
terraform workspace show or terraform workspace list
What is a tuple?
tuple(...): a sequence of elements identified by consecutive whole numbers starting with zero, where each element has its own type. You specify the data types inside a list.
What is the flag you should use to upgrade modules and plugins a part of their respective installation steps?
upgrade terraform init -upgrade
How is the backend configured?
terraform { backend "s3" { bucket = "terrfaform-backen" key = "state/terraform.tfstate" region = "wus2" } } Then run terraform init state/terraform.tfstate folder/file
By default, Terraform stores state locally in a file named _________?
terraform.tfstate
What is the name of the terraform state file?
terraform.tfstate
Which two Terraform files should be ignored by Git when committing code to a repo?
terraform.tfstate terraform.tfvars
For local state, Terraform stores the workspace states in a directory called __________?
terraform.tfstate.d
During terraform apply, you notice that a resource has a tilde ~ next to it. What does this infe?
the resource will be updated in place
Which of the following is not a valid Terraform string function? replace, format, join, tostring
tostring
What are the benefits of Backends?
- Working in a team - Keeping sensitive information off disk - Remote operations
What are the benefits of using IasCode?
- automated deployment - consistent environment - repeatable process - reusable components - documented architecture
what are the meta-arguments for the lifecycle block?
create_before_destroy prevent_destroy ignore_changes
Does terraform encrypt the plan file?
No. Saved plan files (with the -out flag) encode the configuration, state, diff, and variables. Variables are often used to store secrets. Therefore, the plan file can potentially store secrets.
Example tuple: variable "mytuple" { type = tuple([string, number, string]) default = ["cat", 1, "dog"]
Not limited to just one data type.
Can terraform init download third party providers that are not distributed by HashiCorp
Note that terraform init cannot automatically download providers that are not distributed by HashiCorp
Example of resource syntax
resource "aws_instance" "web" { ami = "ami-a1b2c3d4" instance_type = "t2.micro" } The resource type and name together serve as an identifier for a given resource and so must be unique within a module.
How do you reference the ireland alias: provider "aws { region = "eu-west-2" } provider "aws { region = "eu-west-1" alias = "ireland" }
resource "aws_vpc" "irlvpc" { provider = aws.ireland
`What is the syntax for creating a resource in terraform?
resource "type" "name" { } type = what we want to create name= internally inside terraform code - how we want to refer to it.
What Terraform Cloud feature is not free to customers?
roles and team management
Which feature of terraform Cloud is not free to customers?
roles and team management
What does terraform validate check?
syntax and logic you must run terraform init first. It does not check state.
Prior to version .12, terraform relied heavily on interpolation.
taco_name = "neds-${var.taco_type}" this style still works in .12 but it is really only necessary when you are trying to concatenate values in text string.
How do you access the value of a list variable as seen below: variable "mymap"{ type = map default = { Key1 = "value1" Key2 = "value2" }
tags = { Name = var.mylist[2] }
How do you access the value 1 from this key variable: variable "mymap" { type = map default = { Key1 = "Value1" Key2 = "Value2"
tags = { Name = var.mymap["Key1"]
Look at example of data sources
tags = { Name = "DB Server" } data "aws_instance" "dbsearch" { filter { name = "tag:Name" values = ["DB Server"] output "dbservers" { value = "data.aws_instance.dbsearch.availability_zone } This will return anything that matches this criteria
What are built-in functions?
The Terraform language includes a number of built-in functions that you can call from within expressions to transform and combine values. > max(5, 12, 9) 12
Do terraform state commands work with remote state?
The Terraform state subcommands all work with remote state just as if it was local state. Reads and writes may take longer than normal as each read and each write do a full network roundtrip
What is Vault Provider?
The Vault provider allows Terraform to read from, write to, and configure Hashicorp Vault.
What is local Backend?
The local backend stores state on the local filesystem, locks that state using system APIs, and performs operations locally.
What is a local-exec provisioner and when do we use it?
The local-exec provisioner executing a command locally on your machine running Terraform.We use this when we need to do something on our local machine without needing any external URL
What is local-exec?
The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the resource. See the remote-exec provisioner to run commands on the resource.
By default, provisioners that fail will also cause the Terraform apply itself to fail. How do you change this?
The on_failure setting can be used to change this. The allowed values are: continue: Ignore the error and continue with creation or destruction. fail: Raise an error and stop applying (the default behavior). If this is a creation provisioner, taint the resource.// Exampleresource "aws_instance" "web" {# ...provisioner "local-exec" {command = "echo The server's IP address is ${self.private_ip}"on_failure = "continue"
What is remote-exec?
The remote-exec provisioner invokes a script on a remote resource after it is created. This can be used to run a configuration management tool, bootstrap into a cluster, etc. The remote-exec provisioner supports both ssh and winrm type connections.
What must be unique in a resource module?
The resource type and name together serve as an identifier for a given resource and so must be unique within a module. resource "aws_instance" "web" { A resource block declares a resource of a given type ("aws_instance") with a given local name ("web").
Where do you put terraform configurations so that you can configure some behaviors of Terraform itself?
The special terraform configuration block type is used to configure some behaviors of Terraform itself, such as requiring a minimum Terraform version to apply your configuration.terraform {# ...}
What is the FMT command?
The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style. Makes code look neater
What does terraform plan do?
The terraform plan command is used to create an execution plan. Terraform performs a refresh, unless explicitly disabled, and then determines what actions are necessary to achieve the desired state specified in the configuration files.
What does terraform refresh do?
The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. This can be used to detect any drift from the last-known state, and to update the state file. This does not modify infrastructure, but does modify the state file. If the state is changed, this may cause changes to occur during the next plan or apply.
How do you view the terraform state file?
The terraform show command is used to provide human-readable output from a state or plan file. This can be used to inspect a plan to ensure that the planned operations are expected, or to inspect the current state as Terraform sees it.
How do you list resources in a terraform state file?
The terraform state list command is used to list resources within a Terraform state.
How do you move items in a state file?
The terraform state mv command is used to move items in a Terraform state. This command can move single resources, single instances of a resource, entire modules, and more. This command can also move items to a completely different state file, enabling efficient refactoring. The example below renames the packet_device resource named worker to helper: $ terraform state mv 'packet_device.worker' 'packet_device.helper'
How do you view the contents of a remote state file?
The terraform state pull command is used to manually download and output the state from remote state. This command also works with local state.
What does terraform state push do?
The terraform state push command is used to manually upload a local state file to remote state. This command also works with local state. This command should rarely be used. It is meant only as a utility in case manual intervention is necessary with the remote state.
How do you remove an item from terraform state file?
The terraform state rm command is used to remove items from the Terraform state. This command can remove single resources, single instances of a resource, entire modules, and more. terraform state rm 'packet_device.worker' The example removes the packet_device resource named worker
What command do you use to show the attributes of a single resource in the Terraform state.
The terraform state show command is used to show the attributes of a single resource in the Terraform state.
What are the three Terraform Workflow steps for a team?
Write - checkout the latest code Plan - Run terraform plan and raise a PR Create - Merge and create
What are the three workflow steps in Terraform Cloud?
Write - use terraform cloud as your development environment (state and code) Plan - when a PR is raised, Terraform Plan is run Create - before merging a second plan is run before approval to create
What is a map?
a collection of values where each is identified by a string label. Maps can be made with braces ({}) and colons (:) or equals signs (=): { "foo": "bar", "bar": "baz" } OR { foo = "bar", bar = "baz" }.
What is a list?
a sequence of values identified by consecutive whole numbers starting with zero. The keyword list is a shorthand for list(any), which accepts any element type as long as every element is the same type.
How can you optionally define multiple configurations for the same provider, and select which one to use on a per-resource or per-module basis.
use alias # The default provider configuration provider "aws" { region = "us-east-1" } # Additional provider configuration for west coast region provider "aws" { alias = "west" region = "us-west-2" }
Terraform destroy will always prompt for confirmatoin before executing unless passed the _________ flag.
-auto-approve
When installing the modules and where does the terraform save these modules?
.terraform/modules
What do terraform configuration file end in?
.tf or .tf.json
What are three benefits of backends?
1. Working in a team 2. Keeping sensitive information off disk 3. Remote operations: For larger infrastructures or certain changes, terraform apply can take a long, long time. Some backends support remote operations which enable the operation to execute remotely. You can then turn off your computer and your operation will still complete. Paired with remote state storage and locking above, this also helps in team environments.
What does this symbol version = "~> 1.0" mean when defining versions?
Any version more than 1.0 and less than 2.0
What are verified modules?
By default, only verified modules are shown in search results. Verified modules are reviewed by HashiCorp to ensure stability and compatibility. By using the filters, you can view unverified modules as well.
What backends can you use in terraform?
Consul, aws s3, Azure Storage, Google Cloud Storage
What is CI/CD?
Continuous Integration for code check-in Continuous Delivery of builds automated testing and validation
Is terraform declarative or imperative?
Declarative. You say how you want your taco built.
How do you write logging out to a file?
Enable environment variable TF_LOG_PATH has to be full path to a file
How do you enable verbose logging?
Enabled through the environment variable TF_LOG $env:TF_LOG="INFO" linux: export TF_LOG=INFO
What do resource taints do?
Forces the recreation of a resource. Marks a resource for recreation.
What are the supported VCS providers?
Github, bitlab, bitbucket and Azure DevOps
Where can you have your own private registry?
Hashicorp cloud
For terraform destroy, how do you silence the confirmation?
If -auto-approve is set, then the destroy confirmation will not be shown.
What happens if a provisioner fails?
If the provisioner fails, the resource will be left in an unknown state. When this happens, Terraform will generate an error and mark the resource as "tainted." A resource that is tainted isn't considered safe to use. When you generate your next execution plan, Terraform will not attempt to restart provisioning on the tainted resource because it isn't guaranteed to be safe. Instead, Terraform will remove any tainted resources and create new resources, attempting to provision them again after creation.
If you want to switch from using remote backend to local backend. What should you do?
If you want to move back to local state, you can remove the backend configuration block from your configuration and run terraform init again. Terraform will once again ask if you want to migrate your state back to local.
When should you use count instead of for_each?
If your resource instances are almost identical, count is appropriate. If some of their arguments need distinct values that can't be directly derived from an integer, it's safer to use for_each.
What is an implicit dependency?
Implicit dependency: By studying the resource attributes used in interpolation expressions, Terraform can automatically infer when one resource depends on another. Terraform uses this dependency information to determine the correct order in which to create the different resources.Implicit dependencies via interpolation expressions are the primary way to inform Terraform about these relationships, and should be used whenever possible.
What does terraform list do?
Lists all your objects in state data
What is the difference between local and remote provisioner?
Local means that the provisioner actually executes on your machine. Remote means it executes on the the remote resource. Provisioners can be run during creation or destruction.
First rule of Terraform?
Make all changes in Terraform!
What is idempotent?
Make me a taco. Made person a taco. They ask that you make a taco again. No, you already have a taco! I'm aware of your state and if you give me the same instruction again, it already matches the state of the world already. Terraform is idempotent. If you re-apply a configuration with no change, nothing will happen since it already exists.
How does terraform handle dependancies?
Most resource dependencies are handled automatically. Terraform analyses any expressions within a resource block to find references to other objects, and treats those references as implicit ordering requirements when creating, updating, or destroying resources. Since most resources with behavioral dependencies on other resources also refer to those resources' data, it's usually not necessary to manually specify dependencies between resources.
what does state mv do?
Move or rename an object in a state file. Move it to another state file.
Can a resource use count and for_each?
No
When are provisioners run?
Provisioners run when a resource is created, or a resource is destroyed. Provisioners do not run during update operations.
What is in a terraform state file?
Resource mappings and metadata.
What is Sentinel?
Sentinel is an embedded policy-as-code framework integrated with the HashiCorp Enterprise products. It enables fine-grained, logic-based policy decisions, and can be extended to use information from external sources.
What is Sentinel?
Sentinel policies define rules that restrict the provisioning of resources by Terraform configurations. Terraform enforces Sentinel policies between the plan and apply phases of a run, preventing out of policy infrastructure from being provisioned.
When working with remote backends, terraform pulls down the state in memory. So there ____
So there is nothing persistent on the hard drive.
Which OSs is terraform available for (list 5):
Solaris, FreeBSD, macOS, Windows, Linux
What is an explicit dependancy?
Sometimes there are dependencies between resources that are not visible to Terraform. The depends_on argument is accepted by any resource and accepts a list of resources to create explicit dependencies for.
What does terraform import do?
Terraform is able to import existing infrastructure. This allows you take resources you've created by some other means and bring it under Terraform management. Because of this, prior to running terraform import it is necessary to write manually a resource configuration block for the resource, to which the imported object will be mapped.
What is terraform cli?
Terraform is controlled via a very easy to use command-line interface (CLI). Terraform is only a single command-line application: terraform. This application then takes a subcommand such as "apply" or "plan".
What is the format to set environmental variables?
The environment variables must be set in the format of TF_VAR_name export TF_VAR_region=us-west-1 export TF_VAR_alist='[1,2,3]'
What does terraform fmt do?
The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style. This command applies a subset of the Terraform language style conventions, along with other minor adjustments for readability. The canonical format may change in minor ways between Terraform versions, so after upgrading Terraform we recommend to proactively run terraform fmt on your modules along with any other changes you are making to adopt the new version.
How do you persist variables?
To persist variable values, create a file named terraform.tfvars and assign variables within this file.
Terraform CLI versions and provider versions are independent of each other. Is this true?
True
What Hashicorp tool can we use to store our secrets and access them?
Vault
What is the best and easiest way for Terraform to read and write secrets from Hashicorp vault?
Vault provider
What should you do with module versions?
When using modules installed from a module registry, we recommend explicitly constraining the acceptable version numbers to avoid unexpected or unwanted changes.
What are backends?
Where state data is stored. Backends must be initialized. Partial configurations are recommended. Interpolation is not supported - means you can't use variables or local values in your backend configuration because terraform doesn't have access to your variables yet.
How do you access output variables from the modules?
You can access them by referring module.<MODULE NAME>.<OUTPUT NAME>
Your team has decided to use terraform in your company and you have existing infrastructure. How do you migrate your existing resources to terraform and start using it?
You should use terraform import and modify the infrastrcuture in the terraform files and do the terraform workflow (init, plan, apply)
In the terraform plan - how do you know that a resource will be destroyed and re-created?
You will see a -/+ next to the resource.
When Terraform needs to be installed in a location where it does not have internet access to download the installer and upgrades, the installation is generally known as to be __________.
air-gapped
How to get a property out of a reference?
aws_instance.taco_truck.name aws_instance is the resource type taco_truck is the label name - what is the name of my aws_instance taco_truck
What is the syntax for terraform blocks?
block_type label_one label_two { resource "aws_route_table" "route-table" {
For remote state, the workspaces are stored directly in the _______?
configured backend. For example, if you use Consul, the workspaces are stored by appending the workspace name to the state path.
What is an object?
object(...): a collection of named attributes that each have their own type. Like a map. variable = "myobject" { type = object({name = string, port = number, port = list(number)}) default = { name = "john" port = 1 port = [22, 25, 80] }
How many backends are you allowed when using terraform?
one backend
How do you define and use output values to get information about a resource you created?
output "vpcid" { value = aws_vpc.myvpc.id } when you run terraform apply, you will get the value of the id.
What is the built-in function to change string to a number?
parseint
When using local state, state is stored in __________________?
plain-text JSON files
What is a downside to using a terraform provider such as Vault, to interact with sensitve data such as reading secrets from Vault?
secrets are persisted to the state files and plans
What is the required argument for the module?
source All modules require a source argument, which is a meta-argument defined by Terraform CLI. Its value is either the path to a local directory of the module's configuration files, or a remote module source that Terraform should download and use.
When working as a team, what should you do with state file?
state locking - it prevents two people from writing to the state at the same time.
What is the command to pull the remote state?
terraform state pull This command will download the state from its current location and output the raw format to stdout.
How do you update remote state from local?
terraform state push
What is the command is used manually to upload a local state file to a remote state
terraform state push
What if you want to remove an object from state but not destroy it in azure? What command would you use?
terraform state rm
How do you define a variable?
variable "region" { default = "us-east-1" } This defines the region variable within your Terraform configuration.
What are the three comment types in terraform?
# begins a single-line comment, ending at the end of the line. // also begins a single-line comment, as an alternative to #. /* and */ are start and end delimiters for a comment that might span over multiple lines.
Syntax for variables?
# specify default variable and type variable "environment_name" { type = string default = "development" } #specify variable in file: environment_name = "uat"
What's a best practice regarding provider access_keys and secret_keys?
They should not be in the config file.
Terraform cloud _________the state file at rest.
encrypts
A map is denoted by ?
{}
How do you get values out of resources?
- var.region # returns us-east-1 - data.aws_availability_zones.azs.names[1] # returns 2nd AZ names is an attribute/property of the datasource names is a list
The Terraform language supports a number of different syntaxes for comments. What are they?
/* */ // #
In what order does terraform load variables?
1. Environment variables 2. The terraform.tfvars file, if present. 3. The terraform.tfvars.json file, if present. 4. Any *.auto.tfvars or *.auto.tfvars.json files, processed in lexical order of their filenames. 5. Any -var and -var-file options on the command line, in the order they are provided. (This includes variables set by a Terraform Cloud workspace.)
What are the 4 ways variables can be set?
1. In a Terraform Cloud workspace. 2. Individually, with the -var command line option. 3. In variable definitions (.tfvars) files, either specified on the command line or automatically loaded. 4. As environment variables.
What are the three advantages of Terraform?
1. Platform Agnostic 2. State Management 3. Operator Confidence
What is the order that variables are loaded?
1. environment variables 2. terraform.tfvars 3. terraform.tfvars.json 4. any .auto.tfvars 5. any -var or -var-file options
What are the five object types?
1. string = "taco" 2. number = 5 3. bool = true 4. list = ["bean-taco, "beef-taco"] 5. map = {name = "Ned", age = 42, loves_tacos = true}
What are the variable types?
1.string 2.number 3boolean 4.list () - in brackets put in string, number or boolean List is same as an array and values are in [] 5. map - key value pair goes in { key1 = "value1"}
In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently?
10
What is the ttl for a Vault token?
20 minutes by default The requested token TTL can be controlled by the max_lease_ttl_seconds provider argument
In Terraform Enterprise, a workspace can be mapped to how many VCS repos?
5
What is the syntax for referencing a private registry module?
<HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER> // for example module "vpc" { source = "app.terraform.io/example_corp/vpc/aws" version = "0.9.3"}
What is a "backend"?
A "backend" in Terraform determines how state is loaded and how an operation such as apply is executed. This abstraction enables non-local file state storage, remote execution, etc. By default, Terraform uses the "local" backend, which is the normal behavior of Terraform you're used to. This is the backend that was being invoked throughout the introduction.
What does a resource address look like?
A Resource Address is a string that references a specific resource in a larger infrastructure. An address is made up of two parts: [module path][resource spec] resource "aws_instance" "web" { aws_instance.web
What's one purpose for a terraform workspace?
A common use for multiple workspaces is to create a parallel, distinct copy of a set of infrastructure in order to test a set of changes before modifying the main production infrastructure.
What is a module in simplest form?
A folder that contains other terraform files.
When to use a map vs an object?
A map is a collection of string values grouped together. When it is necessary to group different kinds of values, for example strings, bool values, and/or numbers, you will need to use an object type.
What is a map in terraform?
A map value is a lookup table of string name = value pairs. variable "tags" { type = "map" default = { Environment = "Terraform GS" Dept = "Engineering" }
What are terraform providers?
A provider is a plugin that Terraform uses to translate the API interactions with the service. A provider is responsible for understanding API interactions and exposing resources. Because Terraform can interact with any API, you can represent almost any infrastructure type as a resource in Terraform.
Where does AzureRM store backend?
Azurerm backend stores remote state on Azure Blob storage and supports all of the state storage and locking features of a standard backend. Blob storage provides RBAC security, declarative access policy, data encryption, low cost, and high availability on the Azure platform.
True or False: When using a new module for the first time, you must run either terraform init or terraform get to install the module.
true
What do data sources do?
Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration. Use of data sources allows a Terraform configuration to make use of information defined outside of Terraform, or defined by another separate Terraform configuration. A data block requests that Terraform read from a given data source ("aws_ami") and export the result under the given local name ("example"). The name is used to refer to this resource from elsewhere in the same Terraform module, but has no significance outside of the scope of a module.
What is terraform.tfvars for?
Define variables that exist within your configuration.
When does the local state file get created?
During terraform plan (NOT terraform init) the state file is created but nothing is in it yet.
What should you do with your state file if keeping it in an S3 bucket?
Encrypt it
What are expressions in terraform?
Expressions within a Terraform module can access information about resources in the same module, and you can use that information to help configure other resources. Use the <RESOURCE TYPE>.<NAME>.<ATTRIBUTE> syntax to reference a resource attribute in an expression.
True or false: Workspaces provide identical functionality in the open-source, Terraform Cloud and enterprise versions of Terraform?
False. Terraform Cloud workspaces act more like completely separate working directories.
In rare instances, how can you explicitly set a resource dependency?
In these rare cases, the depends_on meta-argument can explicitly specify a dependency. Use the depends_on meta-argument to handle hidden resource dependencies that Terraform can't automatically infer. The depends_on meta-argument, if present, must be a list of references to other resources in the same module.
What are module components?
Input variables Resources that should be created Output values that the calling module will consume
Terraform Vault and secrets?
Interacting with Vault from Terraform causes any secrets that you read and write to be persisted in both Terraform's state file and in any generated plan files. For any Terraform module that reads or writes Vault secrets, these files should be treated as sensitive and protected accordingly.
What happens when you do a terraform state rm?
Items removed from the Terraform state are not physically destroyed. Items removed from the Terraform state are only no longer managed by Terraform. For example, if you remove an AWS instance from the state, the AWS instance will continue running, but terraform plan will no longer see that instance.
What is the recommended method of authentication for Azure?
Managed identity. Managed identities for Azure resources is a feature of Azure Active Directory (Azure AD). Using a managed identity for the Terraform host VM or container removes the need to pass a client secret or certificate to Terraform.
What does terraform taint mean?
Mark a resource for recreation.
How do you call a module?
Modules are called from within other modules using module blocks: module "servers" { source = "./app-cluster" servers = 5 } The label immediately after the module keyword is a local name, which the calling module can use to refer to this instance of the module.
What are the 5 log levels?
TRACE, DEBUG, INFO, WARN or ERROR
What 4 features are only available in Terraform Enterprise?
Private Network Connectivity SAML/SSO Clustering Audit Logs
What is Infrastructure as code?
Provisioning infrastructure through software to achieve consistent and predictable environments.
What is the resource naming convention?
Resource names must start with a letter or underscore, and may contain only letters, digits, underscores, and dashes.
List some examples of data sources?
Resources are data sources Providers have data sources Alternate data sources: - templates - HTTP - External (runs a script that returns JSON) - Consul (pull key information from Consul)
What are terraform resources?
Resources are the most important element in the Terraform language. Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records.
What are three features that are exclusive to Terraform Enterprise?
SAML/SSO, Audit Logs, Clustering
What are some features of Terraform Cloud?
SaaS, remote state, remote execution, variable and secret storage, source control integration.
Terraform has detailed logs which can be enabled by setting the ___________ environment variable to any value. This will cause detailed logs to appear on stderr.
TF_LOG
Environment variables can be used to set variables. The environment variables must be in the format "____"_<variablename>.
TF_VAR
What is the most verbose logging in terraform?
TRACE
__________ is the most verbose and it is the default if TF_LOG is set to something other than a log level name.
TRACE
True or false? Some terraform changes will force Terraform to destroy and then recreate the resource.
TRUE For example, changing the name or location of a resource group will force Terraform to recreate the resource. Recreating the resource group will force the destruction of all the resources in the group. Use caution when making changes that force Terraform to destroy and recreate a resource.
What is Terraform Cloud?
Terraform Cloud is an application that helps teams use Terraform together. It manages Terraform runs in a consistent and reliable environment, and includes easy access to shared state and secret data, access controls for approving changes to infrastructure, a private registry for sharing Terraform modules, detailed policy controls for governing the contents of Terraform configurations, and more.
Difference between Terraform Cloud and Terraform Enterprise?
Terraform Cloud is available as a hosted service at https://app.terraform.io. We offer free accounts for small teams, and paid plans with additional feature sets for medium-sized businesses. Large enterprises can purchase Terraform Enterprise, our self-hosted distribution of Terraform Cloud. It offers enterprises a private instance of the Terraform Cloud application, with no resource limits and with additional enterprise-grade architectural features like audit logging and SAML single sign-on.
What is Run Triggers?
Terraform Cloud's run triggers allow you to link workspaces so that a successful apply in a source workspace will queue a run in the workspace linked to it with a run trigger.
What is the difference between Terraform cloud and Terraform Enterprise?
Terraform Enterprise is offered as a private installation. It is designed to suit the needs of organizations with specific requirements for security, compliance and custom operations. Terraform Cloud is offered as a multi-tenant SaaS platform and is designed to suit the needs of smaller teams and organizations. Its smaller plans default to one run at a time, which prevents users from executing multiple runs concurrently.
Where can you find terraform modules?
Terraform Registry They have been verified by hashicorp
How are environmental variables set?
Terraform searches the environment of its own process for environment variables named TF_VAR_ followed by the name of a declared variable. $ export TF_VAR_image_id=ami-abc123 $ terraform plan
How will terraform read environmental variables?
Terraform will read environment variables in the form of TF_VAR_name to find the value for a variable. For example, the TF_VAR_location variable can be set to set the location variable.
Where is state data stored for terraform workspaces?
Terraform workspaces - common configuration and individual state data instance.
What is the CLI configuration File?
The CLI configuration file configures per-user settings for CLI behaviors, which apply across all Terraform working directories.It is named either .terraformrc or terraform.rc
Where can you find and search for modules?
The Terraform Registry makes it simple to find and use modules.
True or False: Terraform state can store secrets?
true
What does the taint command do?
The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply. This command will not modify infrastructure, but does modify the state file in order to mark a resource as tainted. Once a resource is marked as tainted, the next plan will show that the resource will be destroyed and recreated and the next apply will implement this change.
What does terraform untaint do?
The terraform untaint command manually unmarks a Terraform-managed resource as tainted, restoring it as the primary instance in the state. This reverses either a manual terraform taint or the result of provisioners failing on a resource. This command will not modify infrastructure, but does modify the state file in order to unmark a resource as tainted.
What is a type argument?
The type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable. If no type constraint is set then a value of any type is accepted
What are provisioners?
They allow you to do post deployment configuration. Should be configured a last resort. Should use puppet or ansible because once deployed, terraform then loses the visability.
What will this command do: terraform import aws_instance.foo i-abcd1234
This example will import an AWS instance into the aws_instance resource named foo. Usage: terraform import [options] ADDRESS ID
The value of resource_group_name is an expression, azurerm_resource_group.rg.name. what does it return?
This expression returns the Azure name of the resource group that is referenced by the terraform azurerm_resource_group resource with the name rg.
Terraform will taint things automatically if it wasn't created correctly.
True
True or False: Terraform Cloud always encrypts state at rest and protects it with TLS in transit.
True
True or False: That even when TF_LOG_PATH is set, TF_LOG must be set in order for any logging to be enabled.
True
True or False: The terraform refresh command does not modify infrastructure but does modify the state file.
True
True or False: We shouldn't use dynamic blocks very often.
True
True or False? Each workspace has it's own separate state file?
True
True or false: Terraform Cloud always encrypts state at rest.
True
What does data source configuration look like?
data "http" "my_ip" { url = "http://ifconfig.me" http is the type my_ip is the name Then you can use that response in your config like: data.http.my_ip.body
What is the default terraform workspace called?
default This workspace is special both because it is the default and also because it cannot ever be deleted. If you've never explicitly used workspaces, then you've only ever worked on the "default" workspace.
The depends_on argument it accepted by any resource and accepts a list of resources to create _____ for?
explicit dependencies
How do you manually unlock the state if unlocking failed?
force-unlock command terraform force-unlock LOCKID [DIR]
A backend in Terraform determines how state is loaded and how an operation such as apply is executed. Which of the following is not a supported backend type: s3, terraform enterprise, github, consul, artifactory.
github
what does terraform show do?
gives you details about a specific object terraform state show module.vpc.aws_vpc.this[0]
Terraform configuration is________?
idempotent. If you apply a configuration to existing infrastructure with no changes to the configuration, Terraform will not reapply the settings.
Version constraints are supported only for modules _____?
installed from a module registry, such as the public Terraform Registry or Terraform Cloud's private module registry.
How to get a value that is stored at a particular keyname?
local.taco_map["likes-tacos"] returns value at keyname likes-tacos
The terraform state command can be used to ____
modify the current state, including removing items
How do you reference a module from inside your main.tf?
module "dbserver" { source = "./db" terraform will look at the modules/db folder now and see db.tf
What are variables composed of?
name, type and default value. Last two are optional. Type is recommended. If you don't specify a default value somewhere, Terraform will ask for one at the command line.
What would you use to make changes on the instance that you just configured?
remote-exec
Which flag should be used within a Terraform configuration block to identify the specific version of a provider required?
required_providers
Backends are configured directly in Terraform files in the _____________ section. After configuring a backend, it has to be initialized.
terraform terraform { backend "consul" { address = "demo.consul.io" scheme = "https" path = "example_app/terraform_state" } } Only one backend may be specified and the configuration may not contain interpolations. Terraform will validate this.
You are applying the infrastructure with the command apply and you don't want to do interactive approval. Which flag should you use?
terraform apply -auto-approve
Give an example of specifying variables on the command line.
terraform apply -var="image_id=ami-abc123"
How do you test out functions?
terraform console
Which of the following commands will launch the Interactive console for Terraform interpolations?
terraform console
What are the terraform components?
terraform executable terraform files terraform plugins terraform state
You recently joined a team and you cloned a terraform configuration files from the version control system. What is the first command you should use?
terraform init
How to see all help for terraform init command?
terraform init -h
Give an example of passing partial configuration with Command-line Key/Value pairs?
terraform init \ -backend-config="address=demo.consul.io" \ -backend-config="path=example_app/terraform_state" \ -backend-config="scheme=https"
In order to make terraform providers available, we have to run?
terraform init to pull down any plugins we need for providers
After you update terraform backend configuration, what do you have to do?
terraform init.
When does terraform read from the data sources?
terraform plan
How do you preview the behavior of the command terraform destroy?
terraform plan -destroy
What command do you run to see the execution plan for destroying the infrastructure?
terraform plan -destroy
How do you save a terraform plan output to a file?
terraform plan -out=newplan
How do you save the execution plan?
terraform plan -out=tfplan you can use that file with apply terraform apply tfplan
The ______________________ command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. This can be used to detect any drift from the last-known state, and to update the state file.
terraform refresh
How can you see what is inside a terraform state file?
terraform state list
How do you remove items from the Terraform state?
terraform state rm 'packet_device.worker' The terraform state rm command is used to remove items from the Terraform state. This command can remove single resources, single instances of a resource, entire modules, and more.
What is the command that shows the attributes of a single resource in the state file?
terraform state show 'resource name'
What command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply?
terraform taint
What is the command to taint a resource?
terraform taint [options] address you can get the address from the terraform state file. Any dependent resources are not automatically tainted.
Give an example of tainting a single resource?
terraform taint aws_security_group.allow_all The resource aws_security_group.allow_all in the module root has been marked as tainted.
Does the taint command modify the infrastructure?
terraform taint resource.idThis command will not modify infrastructure, but does modify the state file in order to mark a resource as tainted. Once a resource is marked as tainted, the next plan will show that the resource will be destroyed and recreated and the next apply will implement this change.
What is the command to delete the workspace?
terraform workspace delete <workspace name>
How do you delete a workspace?
terraform workspace delete dev
How do you see your terraform workspaces?
terraform workspace list
How do you create a new workspace?
terraform workspace new Development This creates a new terraform.tfstate.d folder and under it, development. Switches us to the development workspace context.
How would you create a new workspace called development?
terraform workspace new development
Command to create a workspace called uat?
terraform workspace new uat
How do you create a new workspace?
terraform workspace new workspace_name As the command says, if you run terraform plan, Terraform will not see any existing resources that existed on the default (or any other) workspace. These resources still physically exist, but are managed in another Terraform workspace.
How do you switch terraform workspaces?
terraform workspace select default
How do you switch between workspaces?
terraform workspace select dev
By default, provisioners that fail will also cause the Terraform apply itself to fail. Is this true?
true
A module author can specify arbitrary custom validation rules for a particular variable using a validation block nested within the corresponding variable block:
validation { condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-" error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"." } The condition argument is an expression that must use the value of the variable to return true if the value is valid, or false if it is invalid. The expression can refer only to the variable that the condition applies to, and must not produce errors.
How do you set an input variable and use it?
variable "inputname" { type = string description = "set the name of the vpc" } tags = { Name = var.inputname } when you run terraform plan , it will ask you to set the name of the vpc
What is syntax for variable and how do you reference it?
variable "vpcname" { type = string default = "myvpc" } tags = { Name = var.vpcname }
To set lots of variables, it is more convenient to specify their values in a____?
variable definitions file (with a filename ending in either .tfvars or .tfvars.json) and then specify that file on the command line with -var-file terraform apply -var-file="testing.tfvars"
Which two connection types are supported by the remote-exec provisoner?
winrm and ssh
Where are custom plugins stored in linux/mac?
~/.terraform.d/plugins
What should you use to set both a lower and upper bound on versions for each provider?
~> terraform { required_providers { aws = "~> 2.7.0" }}
What does this match? ~>0.9
~>0.9 is equivalent to >=0.9 and <1.0 ~>0.8.4 is equivalent to >=0.8.4, <0.9
Unknown values appear in the terraform plan output as___?
(not yet known)
How can you set variables?
In a Terraform Cloud workspace. Individually, with the -var command line option. In variable definitions (.tfvars) files, either specified on the command line or automatically loaded. As environment variables.
What does initializing a terraform provider do?
Terraform must initialize the provider before it can be used. Initialization downloads and installs the provider's plugin so that it can later be executed.
How do you constrain the provider version?
add a required_providers block inside a terraform block: terraform { required_providers { aws = "~> 1.0" } }
What are the six meta-arugments that can be used with any resource type?
- depends_on, for specifying hidden dependencies - count, for creating multiple resource instances according to a count - for_each, to create multiple instances according to a map, or set of strings - provider, for selecting a non-default provider configuration - lifecycle, for lifecycle customizations - provisioner and connection, for taking extra actions after resource creation
What are the five types that Terraform uses for it's values?
- string: a sequence of Unicode characters representing some text, like "hello". - number: a numeric value. The number type can represent both whole numbers like 15 and fractional values like 6.283185. - bool: either true or false. bool values can be used in conditional logic. - list (or tuple): a sequence of values, like ["us-west-1a", "us-west-1c"]. Elements in a list or tuple are identified by consecutive whole numbers, starting with zero. - map (or object): a group of values identified by named labels, like {name = "Mabel", age = 52}.
Where are terraform providers stored?
.terraform\plugins\windows_amd64
There are also two "meta-arguments" that are defined by Terraform itself and available for all provider blocks:
1. version, for constraining the allowed provider versions 2. alias, for using the same provider with different configurations for different resources
What is interpolation?
A ${ ... } sequence is an interpolation, which evaluates the expression given between the markers, converts the result to a string if necessary, and then inserts it into the final string: "Hello, ${var.name}!"
What is a block?
A block is a container for other content: resource "aws_instance" "example" { ami = "abc123" network_interface { # ... } }
Can a A given resource block use both count and for_each?
A given resource block cannot use both count and for_each.
What is a module?
A group of resources can be gathered into a module, which creates a larger unit of configuration. A resource describes a single infrastructure object, while a module might describe a set of objects and the necessary relationships between them in order to create a higher-level system.A group of resources can be gathered into a module, which creates a larger unit of configuration. A resource describes a single infrastructure object, while a module might describe a set of objects and the necessary relationships between them in order to create a higher-level system. The simplest Terraform configuration is a single root module containing only a single .tf file. A configuration can grow gradually as more resources are added, either by creating new configuration files within the root module or by organizing sets of resources into child modules.
What is a local value?
A local value assigns a name to an expression, allowing it to be used multiple times within a module without repeating it. For brevity, local values are often referred to as just "locals" when the meaning is clear from context.
What is a module in terraform?
A module is a container for multiple resources that are used together. Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory.
What are identifiers?
Argument names, block type names, and the names of most Terraform-specific constructs like resources, input variables, etc. are all identifiers. Identifiers can contain letters, digits, underscores (_), and hyphens (-). The first character of an identifier must not be a digit, to avoid ambiguity with literal numbers.
What are blocks?
Blocks are containers for other content and usually represent the configuration of some kind of object, like a resource. Blocks have a block type, can have zero or more labels, and have a body that contains any number of arguments and nested blocks. Most of Terraform's features are controlled by top-level blocks in a configuration file.
Where does terraform download provider plugins by default?
By default, terraform init downloads plugins into a subdirectory of the working directory so that each working directory is self-contained. As a consequence, if you have multiple configurations that use the same provider then a separate copy of its plugin will be downloaded for each configuration.
What does terraform process resources?
Terraform automatically processes resources in the correct order based on relationships defined between them in configuration.
What are creation-time provisioners?
Creation-time provisioners are only run during creation, not during updating or any other lifecycle. They are meant as a means to perform bootstrapping of a system.
What are data sources?
Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration. Use of data sources allows a Terraform configuration to make use of information defined outside of Terraform, or defined by another separate Terraform configuration.
What are destroy provisioners?
Destroy provisioners are run before the resource is destroyed
How do you declare a variable in terraform?
Each input variable accepted by a module must be declared using a variable block: variable "image_id" { type = string }
How do you declare an output value?
Each output value exported by a module must be declared using an output block: output "instance_ip_addr" { value = aws_instance.server.private_ip }
What do resources provide?
Each provider offers a set of named resource types, and defines for each resource type which arguments it accepts, which attributes it exports, and how changes to resources of that type are actually applied to remote APIs.
What are expressions?
Expressions are used to refer to or compute values within a configuration. The simplest expressions are just literal values, like "hello" or 5, but the Terraform language also allows more complex expressions such as references to data exported by resources, arithmetic, conditional evaluation, and a number of built-in functions.
Which vars files will terraform automatically load if available?
Files named exactly terraform.tfvars or terraform.tfvars.json. Any files with names ending in .auto.tfvars or .auto.tfvars.json.
What are output values?
For brevity, output values are often referred to as just "outputs" when the meaning is clear from context. Resource instances managed by Terraform each export attributes whose values can be used elsewhere in configuration. Output values are a way to expose some of that information to the user of your module.
What is implicit provider inheritance?
For convenience in simple configurations, a child module automatically inherits default (un-aliased) provider configurations from its parent. This means that explicit provider blocks appear only in the root module, and downstream modules can simply declare resources for that provider and have them automatically associated with the root provider configurations.
What is the recommend way to constrain provider versions?
For that reason, we recommend using the required_providers block as described above, and not using the version argument within provider blocks. version is still supported for compatibility with older Terraform versions.
Why shouldn't you use provisioners?
However, they also add a considerable amount of complexity and uncertainty to Terraform usage. Firstly, Terraform cannot model the actions of provisioners as part of a plan because they can in principle take any action. Secondly, successful use of provisioners requires coordinating many more details than Terraform usage usually requires: direct network access to your servers, issuing Terraform credentials to log in, making sure that all of the necessary external software is installed, etc.
What happens if a creation-time provisioner fails?
If a creation-time provisioner fails, the resource is marked as tainted. A tainted resource will be planned for destruction and recreation upon the next terraform apply.
If multiple versions of a plugin are installed, Terraform will use?
If multiple versions of a plugin are installed, Terraform will use the newest version that meets the configuration's version constraints.
When should you use for_each instead of count?
If your resource instances are almost identical, count is appropriate. If some of their arguments need distinct values that can't be directly derived from an integer, it's safer to use for_each.
How would you access child module outputs?
In a parent module, outputs of child modules are available in expressions as module.<MODULE NAME>.<OUTPUT NAME>. For example, if a child module named web_server declared an output named instance_ip_addr, you could access that value as module.web_server.instance_ip_addr.
Where should provider configurations be defined?
In most cases, only root modules should define provider configurations, with all child modules obtaining their provider configurations from their parents.
How are resource dependancies handled in terraform?
Most resource dependencies are handled automatically. Terraform analyses any expressions within a resource block to find references to other objects, and treats those references as implicit ordering requirements when creating, updating, or destroying resources. Since most resources with behavioral dependencies on other resources also refer to those resources' data, it's usually not necessary to manually specify dependencies between resources.
How many provisioners can be specified within a resource?
Multiple provisioners can be specified within a resource. Multiple provisioners are executed in the order they're defined in the configuration file.
What are output values and what are they used for?
Output values are like the return values of a Terraform module, and have several uses: - A child module can use outputs to expose a subset of its resource attributes to a parent module. - A root module can use outputs to print certain values in the CLI output after running terraform apply. - When using remote state, root module outputs can be accessed by other configurations via a terraform_remote_state data source.
When are output values rendered?
Outputs are only rendered when Terraform applies your plan. Running terraform plan will not render outputs.
What command is used to initialize a provider?
Provider initialization is one of the actions of terraform init. Running this command will download and initialize any providers that are not already initialized.
When are providers released?
Providers are plugins released on a separate rhythm from Terraform itself, and so they have their own version numbers. For production use, you should constrain the acceptable provider versions via configuration, to ensure that new versions with breaking changes will not be automatically installed by terraform init in future.
Where are providers downloaded by terraform init stored?
Providers downloaded by terraform init are only installed for the current working directory; other working directories can have their own installed provider versions.
Where are providers downloaded?
Providers downloaded by terraform init are only installed for the current working directory; other working directories can have their own installed provider versions.
Why should provisioning steps be used sparingly?
Provisioning steps should be used sparingly, since they represent non-declarative actions taken during the creation of a resource and so Terraform is not able to model changes to them as it can for the declarative portions of the Terraform language.
What is remote state?
Remote state is the recommended solution to this problem. With a fully-featured state backend, Terraform can use remote locking as a measure to avoid two or more different users accidentally running Terraform at the same time, and thus ensure that each Terraform run begins with the most recent updated state.
What are the rules for resource naming?
Resource names must start with a letter or underscore, and may contain only letters, digits, underscores, and dashes.
What are operation timeouts used for?
Some resource types provide a special timeouts nested block argument that allows you to customize how long certain operations are allowed to take before being considered to have failed. For example, aws_db_instance allows configurable timeouts for create, update and delete operations.
What is a benefit of Terraform CLI?
Terraform CLI's shared configuration engine ensures that the same language constructs and syntax are available across all services and allows resource types from different services to be combined as needed.
What's a benefit of Terraform Cloud?
Terraform Cloud provides a centralized and secure location for storing input variables and state while also bringing back a tight feedback loop for speculative plans for config authors. Terraform configuration interacts with Terraform Cloud via the "remote" backend.
How does terraform associate a resource type to a provider?
Terraform associates each resource type with a provider by taking the first word of the resource type name (separated by underscores), and so the "google" provider is assumed to be the provider for the resource type name google_compute_instance.
Terraform's language is _________?
Terraform's configuration language is declarative,
What is the terraform cli?
The Terraform command line interface (CLI) is a general engine for evaluating and applying Terraform configurations. It defines the Terraform language syntax and overall structure, and coordinates sequences of changes that must be made to make remote infrastructure match the given configuration.
What does the count meta-argument do?
The count meta-argument accepts a whole number, and creates that many instances of the resource. count.index — The distinct index number (starting with 0) corresponding to this instance. resource "aws_instance" "server" { count = 4 # create four similar EC2 instances ami = "ami-a1b2c3d4" instance_type = "t2.micro" tags = { Name = "Server ${count.index}" } }
How are terraform plugins named?
The naming scheme for provider plugins is terraform-provider-<NAME>_vX.Y.Z, terraform-provider-azurerm_v2.10.0_x5.exe
What is the naming scheme for provider plugins?
The naming scheme for provider plugins is terraform-provider-<NAME>_vX.Y.Z, and Terraform uses the name to understand the name and version of a particular provider binary. If multiple versions of a plugin are installed, Terraform will use the newest version that meets the configuration's version constraints.
By default, provisioners that fail will also cause the Terraform apply itself to fail. What is the solution?
The on_failure setting can be used to change this. The allowed values are: continue - Ignore the error and continue with creation or destruction. fail - Raise an error and stop applying (the default behavior). If this is a creation provisioner, taint the resource.
Which provider is known as the default provider?
The provider block without alias set is known as the default provider configuration.
Types and values?
The result of an expression is a value. All values have a type, which dictates where that value can be used and what transformations can be applied to it.
What is the first command that should be run after writing a new Terraform configuration or cloning an existing one from version control. It is safe to run this command multiple times.
The terraform init command is used to initialize a working directory containing Terraform configuration files.
What is a type constraint?
The type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable. If no type constraint is set then a value of any type is accepted.
Can terraform init download third-party providers?
These third-party providers must be manually installed, since terraform init cannot automatically download them.
Is it safe to run terraform init several times?
Yes - Though subsequent runs may give errors, this command will never delete your existing configuration or state.
How do you call a child module?
To call a module means to include the contents of that module into the configuration with specific values for its input variables. Modules are called from within other modules using module blocks: module "servers" { source = "./app-cluster" servers = 5 }
How do you constrain a provider to a particular version?
To constrain the provider version as suggested, add a required_providers block inside a terraform block: terraform { required_providers { aws = "~> 1.0" } }
Terraform optionally allows the use of a local directory as a shared plugin cache, which then allows each distinct plugin binary to be downloaded only once. Which option is this?
To enable the plugin cache, use the plugin_cache_dir plugin_cache_dir = "$HOME/.terraform.d/plugin-cache" This directory must already exist before Terraform will cache plugins; Terraform will not create the directory itself.
How do you use multiple provider instances?
To include multiple configurations for a given provider, include multiple provider blocks with the same provider name, but set the alias meta-argument to an alias name to use for each additional configuration.
How to set lots of variables in a file?
To set lots of variables, it is more convenient to specify their values in a variable definitions file (with a filename ending in either .tfvars or .tfvars.json) terraform apply -var-file="testing.tfvars"
How do you upgrade a provider?
To upgrade to the latest acceptable version of each provider, run terraform init -upgrade. This command also upgrades to the latest versions of all Terraform modules.
When should you use depends_on?
Use the depends_on meta-argument to handle hidden resource dependencies that Terraform can't automatically infer. resource $$$ $$$ { depends_on = [ aws_iam_role_policy.example, ] } The depends_on argument should be used only as a last resort. When using it, always include a comment explaining why it is being used, to help future maintainers understand the purpose of the additional dependency.
How can elements of list/tuple and map/object values be accessed?
Using the square-bracket index notation, like local.list[3]
Where are third party plugins installed?
Windows %APPDATA%\terraform.d\plugins All other systems ~/.terraform.d/plugins
What is the core Terraform workflow?
Write - Author infrastructure as code. Plan - Preview changes before applying. Apply - Provision reproducible infrastructure.
How to use a data source?
data "aws_ami" "example" { most_recent = true owners = ["self"] tags = { Name = "app-server" Tested = "true" } } A data block requests that Terraform read from a given data source ("aws_ami") and export the result under the given local name ("example"). The name is used to refer to this resource from elsewhere in the same Terraform module, but has no significance outside of the scope of a module. The data source and name together serve as an identifier for a given resource and so must be unique within a module.
How do you explicitly specify a dependency?
depends_on meta-argument can explicitly specify a dependency.
What are the three optional arguments that output blocks can include?
description: Output Value Documentation sensitive: Suppressing Values in CLI Output depends on: Explicit Output Dependencies
Provider initialization is one of the actions of terraform init. Running this command will?
download and initialize any providers that are not already initialized.
How to export a variable?
export TF_VAR_image_id=ami-abc123
What does a variable definition in .tfvars file look like?
image_id = "ami-abc123" availability_zone_names = [ "us-east-1a", "us-west-1c", ]
How can an input variable be accessed?
its value can be accessed from within expressions as var.<NAME>, where <NAME> matches the label given in the declaration block: resource "aws_instance" "example" { instance_type = "t2.micro" ami = var.image_id }
What are the 5 complex types?
list(<TYPE>) set(<TYPE>) map(<TYPE>) object({<ATTR NAME> = <TYPE>, ... }) tuple([<TYPE>, ...])
What value has no type?
null: a value that represents absence or omission. If you set an argument of a resource or module to null, Terraform behaves as though you had completely omitted it — it will use the argument's default value if it has one, or raise an error if the argument is mandatory. null is most useful in conditional expressions, so you can dynamically omit an argument if a condition isn't met.
When using local state, state is stored in _______?
plain-text JSON files.
How do you enable plugin cache?
plugin_cache_dir = "$HOME/.terraform.d/plugin-cache" To enable the plugin cache, use the plugin_cache_dir setting in the CLI configuration file. Note that the CLI configuration file is _not_ the same as the .tf files # used to configure infrastructure.)
What are terraform providers?
providers that each define and manage a set of resource types. Most providers are associated with a particular cloud or on-premises infrastructure service, allowing Terraform to manage infrastructure objects within that service. Terraform doesn't have a concept of platform-independent resource types — resources are always tied to a provider, since the features of similar resources can vary greatly from provider to provider.
The name of a variable can be any valid identifier except the following
source version providers count for_each lifecycle depends_on locals
What are the three type constraints?
string number bool
How do you specify a variable on the command line?
terraform apply -var="image_id=ami-abc123"
How do you upgrade the terraform provider?
terraform init -upgrade. This command also upgrades to the latest versions of all Terraform modules.
Because the input variables of a module are part of its user interface, you can briefly describe the purpose of each variable using the optional description argument:
variable "image_id" { type = string description = "The id of the machine image (AMI) to use for the server." }
How are maps/objects represented? With {} or []?
{}
