Terraform Associate
refresh
"terraform ______" fetches the latest configuration state of your resources (checks your current managed state vs real world infrastructure)
apply
"terraform ______" is the command you should run that will result in a confirmation prompt. This will actually spin up the resources defined in your .tf files.
destroy
"terraform ______" is the command you should run to tear down your terraform managed resource(s).
plan
"terraform ______" is the command you should run to view resources that will be generated from your various .tf files. It will also run a validation check on your code to ensure proper syntax.
output
"terraform ________" command is used to extract the value of an output variable from the state file. i.e. terraform __________ iam_names > [ "iamuser.0", "iamuser.1", "iamuser.2", ]
show
"terraform ________" gives you information from your state file on your current configuration.
init
"terraform ________" is the first command you should enter to initialize your Terraform environment and download any necessary configuration/provider files.
Partial
A _________ time configuration for backends may be suitable where omitting certain configuration details are beneficial to protecting sensitive data (i.e. secret keys) but must be provided during the initializing process to Terraform.
Sentinel
An embedded policy-as-code framework integrated with Hashicorp Enterprise products. It enabled fine-grained, logic-based policy decisions and can be extended to use information from external sources.
-target=resource
Another way to prevent terraform from refreshing the state of your entire infrastructure is to use the targeted _________=___________ flag which will specify a specific target.
never, directly
As a general principle, you should ______ modify the terraform state file ______.
directly, initialized
Backends are configured __________ in Terraform files in the terraform section. After configuring a backend, it must be ________
default, ref
By default, terraform will use the _____ branch (references by HEAD) in the repository. You can overwrite this by using the ____ argument to reference other branches within your module source argument.
Dynamic Blocks
D_________ B_________ allow you to dynamically construct repeatable nested blocks which is supported inside resource, data, provider, and provisioner blocks.
true_value, false_value
Fill in the blanks to complete the bool expression: condition ? ____________ : __________
tainted
If a creation-time provisioner fails, the resource(s) affected is/are marked as ________
default, prompted
If no override value(s) are defined in the command line for variables, the _______ variable value(s) are used. If no default value is supplied for your variables, you will be ___________ by terraform to specify value(s).
corrupt
If others are also trying to perform write operations on the same state file at the same time, this could _______ your state file (if no locking mechanism is in place)
air
If terraform needs to be installed in an environment without internet access, the installation is referred to as ____-gapped
last
If the same variable defined in Terraform is assigned multiple values, Terraform uses the _______ value it finds.
environment, TF_VAR_name
In additionally to variables.tf and terraform.tfvars for defining variables, you can also utilize ____________ variables by setting the __________________.
assume_role
In order to avoid having to configure multiple access/secret keys for different accounts within your provider, you can simply utilize the a________r________ block and subsequent parameters within the provider. This coupled with aliases provide you a way to deploy to multiple regions/accounts without having to manage multiple sets of credentials.
alias
In order to use multiple providers (i.e. deploy to multiple regions), you must specify the _____ parameter in the providers block and reference this within your resource block(s).
resource=aws_instance , block=myec2
In the below code snippet, identify which is the resource and which is the block identifiers (i.e. resource=_______ , block=_______) resource "aws_instance" "myec2" { ... }
count object
In the resource blocks where count is set, an additional ______ _______ is available in expressions so you can modify the configuration of each instance.
profile
Instead of hard coding your secret/access key into the provider block, you can use the ______ assignment
repeating, moderation
Local values can be helpful to avoid _______ the same values/expressions multiple times in a configuration. If overused, they can actually make a configuration harder to read and therefore should be used in ________.
Automation, reusability, versioning
Name 3 benefits of IaC:
F (you can define local values and output them -- no need for provider here since no resources are being instantiated)
Provider configuration block IS mandatory for all terraform configurations.
inside, last
Provisioners are located ________ a resource block. Additionally, they should only be used as a _______ resort. Often times there are better methods to install applications/software (i.e. custom AMI).
proactive
Sentinel is a _________ service.
T
T/F: A module can call other modules to include the child module's resources in a concise way.
T
T/F: By default, provisioners that fail will also cause terraform apply to fail itself
T
T/F: If your desired state differs from your current state (i.e. manual changes occurred outside of terraform), then using "terraform apply" will reset your configuration settings (revert any manual changes)
T
T/F: If your desired state does not define/mention a property of your resources that is later modified (manually), terraform will NOT track any drift from those manual changes.
T
T/F: Local values can reference other local values
F (outputted resources can be used as inputs for other resources definitions -- make sure you specify attributes in your outputs or it will list the entire list of attributes as an output)
T/F: Outputted attributes CANNOT be used as inputs to other resources being created via terraform.
T
T/F: Setting the "sensitive = true" property within a schema does NOT encrypt/obscure the value. It will only hide it from showing up in the CLI output.
T
T/F: Terraform automatically converts number and bool values to strings when needed.
T
T/F: terraform plan always makes terraform check for mismatches with current vs. desired state
Namespace, Name, Provider
Terraform Module sources follows the following format: ________/________/_________?
Provisioners
Terraform __________ are used to execute scripts on a local/remove machine as part of the resource creation or destruction process. (i.e. install apache after ec2 instance creation)
modules
Terraform ___________ allow you to define commonly used infrastructure resources and reference those resources in a repeatable manner conforming to the DRY SWE principle.
alphabetical
Terraform generally loads all the configuration files within a directory specific in __________ order.
TF_LOG
Terraform has detailed logs which can be enabled by setting the __________________ environment variable to any value.
Does
Terraform refresh ________ modify the configuration's state file but does NOT modify resources.
.tfstate
Terraform stores the current state of the infrastructure that is being created from .tf files in the ________ file This allows terraform to map real world resources to your current configuration.
strong
Terraform workspaces are not suitable for ________ isolation between desired configuration environment (i.e. dev/prod)
taint
The "terraform _______" command manually makes a terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply.
import
The "terraform ________" command is very useful in the situation where a resource was manually created and you would like it to be managed by terraform. This requires the manual creation of the resource code block(s) before this command can be utilized.
not
The Slice Function is ______ part of the String subset of Terraform functions.
tilde
The ___ (~) means that resource will be updated in place (if you see this in your terraform plan)
on-failure
The ____-_________ setting/switch for provisioners allow you to change the default behavior of provisioner failures
enhanced
The _______ backend type supports all features of the standard backend type + remote state management.
count
The _______ parameter on resources can simplify configurations and allow you to scale resources by increasing a number (rather than defining the resources multiple times)
standard
The ________ Backend type for storing your terraform .tfstate file supports state storage & locking.
zipmap
The _________ function constructs a map from a list of keys & and corresponding list of values. (Very useful for combining values for outputs into a map that can later be used i.e. IAM Name to ARN
Iterator, label
The __________ argument (optional) sets the name of a temporary variable that represents the current element of the complex value. If omitted, the name of the iterator variable defaults to the _______ of the dynamic block.
multiple
The advantages of Terraform Workspaces is that it allows _______ state files for a single configuration. It also allows different environment variable sets for each workspace.
index
The count object has one attribute: the count._______ -- the distinct index number (starting with 0) corresponding to this instance.
ssh, winrm
The remote-exec provisioner supports which two connection types for connecting to machines to execute commands?
configuration
The special terraform ____________ block type is used to configure some behaviors of Terraform itself, such as requiring a minimum Terraform version to apply to your configuration.
functions
The terraform language includes a number of built-in __________ that you can use to transform and combine values.
continue, fail
The two switch options for on-failure setting within provisioners are:
Go
There has been an open issue related to Terraform. You have figured out a solution and would like to add a fix to the terraform project. Which language you will need to write the fix?
Terraform Workspace
This feature of terraform allows us to have multiple workspaces. Each workspace can have different sets fo environment variables defined for them (i.e. default/prod/dev)
Terraform Registry
This is a repository of modules written by the Terraform Community. They help you get started quickly with Terraform. It also contained verified modules maintained by various third party vendors (i.e. GCP, Azure, IBM, AWS)
smaller
To avoid API rate limits for providers when dealing with a large infrastructure, it is best practice to separate out to ___________ configurations where each component can be applied independently.
git
To include any arbitrary Git repository within a module source, you must utilize the special ____ prefix.
TF_LOG_PATH
To persist logged output, you can set the ______________________ in order to force the log to always be appended to a specific file when logging is enabled.
LockID
To use a DynamoDB with S3 for implementing state locking, you must create a table with the primary key of _____________.
fmt
Use the "terraform _____" command to rewrite/adjust configuration files to remediate formatting and help with readability.
validate
Use the "terraform __________" command to check whether a configuration is syntactically valid (automatically run when you use "terraform plan")
aws.north_cali
What code snippet would I fill in here to reference the following specific Northern California provider alias in my resource block? // providers.tf provider "aws" { region = "us-west-1" alias = "north_cali" } // resource.tf resource "aws_eip" "myeip" { vpc = "true" provider = _____________________? }
inline
What command does the remote-exec provisioner use to provide commands for the remote server?
Slice
What of function is NOT part of string functions in terraform?
sensitive
When working with a field that contains information likely to be considered sensitive, it is best to set the _________ property on its schema to true.
lock
Whenever you are performing write operations, terraform will ______ the state file.
HCL, JSON
Which configurations formats are supported by terraform?
implicit
With ________ dependency, Terraform automatically can order resource creation based on one resource using the attribute of another resource. i.e. // example.tf resource "aws_instance" "myec2" { instance_type = "blah" public_ip = aws_eip.myeip.private_ip // HERE }
explicit
With ________ dependency, you can use the depends_on argument to explicitly tell Terraform one resource must be created before another when it does not utilize the attribute of another resource. i.e. // example.tf resource "aws_instance" "myec2" { instance_type = "blah" depends_on = [aws_s3_bucket.mybucket] // HERE }
static
Within modules, you can prevent overriding of certain resource attributes by using ______ values for those attributes (i.e. ami ID of a hardened ami)
variables, default
Within modules, you can set certain overridable resource attributes as _________. It is also important to define _______ values for any values you set. (i.e. instance type)
var.ami_ids["mumbai"]
Within the defined map structure below, provide the line of code that will allow you to reference the "mumbai" AMI ID: //variables.tf variable "ami_ids" { type = "map" default = { "mumbai" = "ami-409sdfj24093" "north_virginia" = "ami-sj39sdfj93" "south_america" = "ami-dio39j390393" } }
profiles
Within the providers block, you can use a combination of aliases and multiple ________ in order to deploy resources to multiple regions/accounts.
-refresh=false
You can prevent terraform from querying the current state during operations like terraform plan with the _________=_________ flag
tfvars, override
You can specify a file called "terraform.__________" to define variable assignments. The values assigned to variables in this file will _______________ the var values defined in the variables.tf file (including any defaults).
variables, -vars
You can use a ________.tf file to reference vars. Alternatively, you can use the ______ command line flag to override variables.
-out
You can use the "terraform plan _______=path" flag to save your execution/plan to a specific path. This can then be referenced/used later with "terraform apply path" to ensure changes to the .tf file do not affect future plans (preserve current state of plan).
Splat
_______ Expressions allow you to get a list of all the attributes. i.e.: output "arns" { value = aws_iam_user.lb[*].arn } ^ will list all Arn's of every created IAM user
local-exec
_______-______ provisioners allow you to invoke local executable(s) after resource creation. These run on the machine that invoked the "terraform apply" and NOT on the newly created remote machine(s).
local
________ values assigns a name to an expression, allowing it to be used multiple times within a module without repeating it.
remote-exec
________-_____ provisioners allow you to invoke scripts directly on the newly created remote server.
Data Sources
_________ _________ allow data to be fetched or computed for use elsewhere in terraform configurations. (I.e. retrieving latest AMI for a particular AWS region)
object, list
_________ structural data type allows multiple values of several distinct types together. Conversely, _______ contains multiple values of the SAME type.
destroy
__________-time provisioners are run before the resource is destroyed (i.e. uninstall antivirus agent)
creation
__________-time provisioners only run during the creation, not during the update or any other lifecycle.
Terraform Cloud
___________ __________ managed Terraform runs in a consistent & reliable environment. It extends the features of Terraform CLI with a self-service SaaS platform. It allows for remote Terraform functionality from a web GUI that is perfect for collaboration across a DevOps team.
graph
the "terraform ________" command allows you to generate a visual representation of either a configuration or execution plan. (Requires graphviz to covert to .svg in order to view full visual representation).
mv
the "terraform state ___" command is used to move items in a terraform state file. It is used in many cases where you want to rename an existing resource without destroying & recreating it.
pull
the "terraform state _____" command is used to manually download & output states from remote states
list
the "terraform state _____" command lists your resources within a tfstate file.
type
the ______ arg in a variable block will restrict the type of value that will be accepted as the value for the variable.
init -upgrade
you can run the "terraform _______ _______" command to upgrade your provider(s) to the latest acceptable version.