Terraform associate

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Terraform Cloud workspaces act more like completely separate working directories. are often (but not required) mapped to unique repos.

CLI workspaces (OSS) are just alternate STATE FILES. are often used within the same working directory while workspaces

Before a new provider can be used, it must be ______ and _______

Initialization downloads and declared /used in a configuration file not approved by hashicorp

You have a number of different variables in a parent module that calls multiple child modules. Can the child modules refer to any of the variables declared in the parent module?

No it can only refer to the variables passed to the module The resources defined in a module are encapsulated Child modules can only access variables that are passed in the calling module block.

To satisfy the ticket, you update the Terraform configuration to reflect the changes and run a terraform plan. However, a co-worker has since logged into the console and manually updated the security group. What will happen when you run a terraform apply?

Nothing will happen because terraform will validate the infrastructure and it matches the desired state it will just make the change he changed the code loggedin to console A terraform apply will run its own state refresh and see the configuration matches the deployed infrastructure, so no changes will be made to the infrastructure

State is a requirement for

Terraform to function Terraform CANNOT inspect cloud resources on every run to validate that the real-world resources match the desired state.

Before a terraform validate can be run

the directory must be initialized. and it validate the syntax of your HCL files. will check and report errors within modules, attribute names, and value types to ensure they are syntactically valid and internally consistent?

Error: Reference to undeclared input variable on main.tf line 35: 4: db_path = var.db_connection_string An input variable with the name "db_connection_string" has not been declared. This variable can be declared with a variable "db_connection_string" {} block.

Since the variable was declared within the module it cannot be referenced outside the module that is a common practice !!!!you're supposed to pass it to a child module when it is called by a parent

Terraform Cloud Agents are a feature that allows Terraform Cloud to communicate with private infrastructure, such as VMware hosts running on-premises.

Terraform Cloud for Business

What Terraform command will launch the Interactive console to evaluate and experiment with expressions?

Terraform console command let's u use the CLI too for debugging, testing expressions, like "hello" or 5, understanding behavior

When writing Terraform code, how many spaces between each nesting level does HashiCorp recommends that you use?

2

Modules can only be supported in certain sources

Cannot be stored anywhere accessible by terraform

When using the Terraform provider for Vault and even retrieving it from a data source

Cannot mask secrets in the STATE file. sensitive information will be written in to the state file

What are the ways the remaining configuration can be added to Terraform so it can initialize and communicate with the backend?

Command-line key/value pairs: Key/value pairs can be specified via the init command line -backend-config="KEY=VALUE" option when running terraform init. !!!! To specify a file, use the -backend-config=PATH option when running terraform init !!!!!!! not hashicorp vault

Due to this, the firewall rules are increasing and are more than 100 rules. This is leading firewall configuration file that is difficult to manage. What is the way this type of configuration can be managed easily?

Dynamic blocks

infrastructure as code (IaC) for your day-to-day operations?

Enable cell service for developers and operators alike IS IMMUTABLE -unchanging over time or unable to be changed. API-driven workflows for deploying resources in clouds API: 2 applications talking to each other

if multiple users attempt to run a terraform apply simultaneously when using a remote backend

If the back end does not support locking statefile can be corrupted if the back end supports locking the first apply will lock the file for changes

Your organization has standardized on Microsoft Azure to run its applications on PaaS, SaaS, and IaaS offerings. The deployment quickly standardized on Azure ARM to provision these resources quickly and efficiently.

If they was to go to another public cloud provider they couldn't that's why you use terraform

What are some of the requirements that must be met in order to publish a module on the Terraform Public Module Registry?

Named terraform-<PROVIDER>-<NAME>. x.y.z tags for releases GitHub repository description Standard module structure. Is on terraform open source so it is not it a additional feature moving to terrafom cloud

Which of the following variable can contain multiple items but these items are not associated with index number?

Set

From the Terraform documentation, they read that if there are multiple writes happening in Terraform state file from different users, it can corrupt the state. To prevent this, Terraform state file lock must be used. Is there a additional terraform code required to implement this functionality with local backend?

State locking happens automatically on all operations that could write state. (answr is false) with local backend

What are some ways you can protect the state file?

Storing state remotely can provide better security to encrypt the state data at rest. Terraform CLOUD ALWAYS encrypts STATE AT REST

However, your internal security policies require that you have full control over both the operating system and deployment of Terraform binaries. What versions of Terraform can you use for this?

Terraform OSS and Terraform Enterprise are versions of Terraform that can be installed locally on your own servers, therefore giving you the ability to manage both the Terraform binary and the underlying operating system where Terraform runs. not terraform bussiness

James has created a variable and has explicitly defined the type as a string. Following is the snippet: variable "myvar" { type = string } Which of the following value will be accepted?

Terraform automatically converts number and bool values to strings when needed.

Matthew has written the configuration file of a manually created EC2 instance in Terraform. Following is the code: resource "aws_instance" "myec2" { ami = "ami-bf5540df" instance_type = "t2.micro" vpc_security_group_ids = ["sg-6ae7d613", "sg-53370035"] key_name = "remotepractical" subnet_id = "subnet-9e3cfbc5" tags { Name = "manual" } } The instance id of the manually created EC2 instance is i-041886ebb7e9bd20 How he can import data of that EC2 to the state file and link it with the resource block?

Terraform import aws_instance.myec2 i-041886ebb7e9bd20

What feature of Terraform provides an abstraction above the upstream API and is responsible for understanding API interactions and exposing resources?

Terraform relies on plugins called "providers" to interact with remote systems. not backend

You have a Terraform configuration file with no defined resources. However, there is a related state file for resources that were created on AWS. What happens when you run a terraform apply?

Terraform will match the desired state of no resources AND DESTROY all of the resources there will be no error

if Margaret removed the version parameter in the module block and ran a terraform init again? module "consul" { source = "hashicorp/consul/aws" version = "0.0.5" servers = 3 }

Terraform would use the existing module already downloaded

From the code below, identify the implicit dependency: resource "aws_eip" "public_ip" { vpc = true instance = aws_instance.web_server.id } resource "aws_instance" "web_server" { ami = "ami-2757f631" instance_type = "t2.micro" depends_on = [aws_s3_bucket.company_data] }

The EC2 instance labeled web server As the aws_eip cannot be created until the aws_instance labeled web_server has been provisioned and the id is available.

John is an intern and he had recently created an EC2 instance manually. Can he import the EC2 instance to Terraform without having to write a terraform configuration file for that EC2 instance from scratch?

The current implementation of Terraform import can only import resources into the state. It does not generate configuration. A future version of Terraform will also generate configuration.

Why might a user opt to include the following snippet in their configuration file? terraform { required_version = ">= 1.3.8" } ALSO terraform { required_provider { aws = ">= 1.3.8" }

The required_version parameter in a terraform block is used to specify the minimum version of Terraform that is required to run the configuration. Required version has to start with TERRAFORM

What Terraform version would the new workspace be configured to use after the migration

The same terraform version that was used to perform the migration you

You are performing a code review of a colleague's Terraform code and see the following code. Where is this module stored? module "vault-aws-tgw" { source = "btkrausen/vault-aws-tgw/hcp" version = "1.0.0" client_id = "4djlsn29sdnjk20dn" hvn_id = "a4c9357ead4de" route_table_id = "rtb-a221958bc5892eade331" }

The terraform public module registry says vault and hcp not the file directory in source

What do the declarations, such as name, cidr, and azs, in the following Terraform code represent and what purpose do they serve? star module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "2.21.0" name = var.vpc_name cidr = var.vpc_cidr azs = var.vpc_azs private_subnets = var.vpc_private_subnets public_subnets = var.vpc_public_subnets enable_nat_gateway = var.vpc_enable_nat_gateway tags = var.vpc_tags }

The variables are passed into the child module likely for resource creation

min, max, format, join, trim, and length are examples of different expressions in Terraform.

These are actually examples of Terraform functions, not expressions. Expressions would be something more in the line of string, number, bool, null,

IAC is described using a high-level configuration syntax

This allows a blueprint of your datacenter to be versioned and treated as you would any other code

Developers in Medium Corp are facing a few issues while writing complex expressions that involve interpolation. They have to run the terraform plan every time and check whether there are errors, and also verify the terraform apply to print value as a temporary output for the purpose of debugging What can be achieved to avoid this?

Use the terraform console command to run your interplotations and verify and debug them

If the state file is locked

Validate will be allowed since it does not perform any write operation but terraform apply/destroy is blocked

Given the following snippet of code, what does servers = 4 reference? module "servers" { source = "./modules/aws-servers" servers = 4 }

When calling a child module, values can be passed to the module to be used within the module itself. ITS REALLY FOR PASSING RESOUCESSSSSSSS!!!!! The value of an input variable!!!

You've added the following data block to your configuration. When Terraform the data block is executed, what value is the data source returning?

When you add a data block to your configuration, Terraform will retrieve all of the available data for that particular resource.

Teddy is using Terraform to deploy infrastructure using modules. Where is the module below stored? module "monitoring_tools" { source = "./modules/monitoring_tools" cluster_hostname = module.k8s_cluster.hostname }

When you see ../ it is locally on the instance running terraform

using a Terraform provider, it's common that Terraform needs credentials to access the API for the underlying platform, such as VMware, AWS, or Google Cloud

You can use integrated services like a AWS IAM or Azure, environment variables, directly in provider a block remote-exec does not work

Terraform command can be used to evaluate and experiment with expressions in your configuration?

terraform console command provides an interactive command-line console for evaluating and experimenting with expressions. echo 'split(",", "foo,bar,baz")' | terraform console

What command could you run to easily rewrite your Terraform to follow the HCL style in both the current directory and all SUB-directories?

terraform fmt -recursive flag to instruct fmt to also process files in subdirectories.

James has decided to migrate the Terraform state file from localhost to S3 bucket In order to move the state, James has written the following code: terraform { backend "s3" { bucket = "mybucket" key = "path/to/my/key" region = "us-east-1" } } Which command does James need to run to migrate your current state store locally to the S3 backend?

terraform init ( it's giving u a source - path to download) Prepares the working directory for use in terraform INITIALIZES THE BACKEND CONFIGURATIONS It DOES NOT update/ CHANGE STATE FILE on new changes

What command should be run in order to complete the state migration while copying the existing state to the new BACKEND? star terraform { backend "s3" { bucket = "tf-bucket" key = "terraform/krausen/" region = "us-east-1" }

terraform init -reconfigure or -migrate-state Whenever a configuration's backend changes, INITIALIZES THE BACKEND CONFIGURATIONS

With the latest versions of Terraform

terraform init can automatically download COMMUNITY providers.(git,ansible,puppet,AD) INITIALIZES THE BACKEND CONFIGURATIONS

Matthew needs to configure some behaviors of Terraform, such as requiring a minimum Terraform version to apply your configuration. Which configuration block can be used to achieve this use-case?

terraform it is asking for terraform version NOT A PROVIDER that is how you start off the block that does required provider, required version

What Terraform command can be used to inspect the current state file?

terraform show Machine-readable output can be generated by adding the -json command-line flag. not terraform state

Alice has created 10 different AWS resources from a single terraform configuration file named large.tf Due to some manual modification to one of the EC2 instances, she wants to destroy and recreate the EC2 instance. What is the ideal way to achieve it?

terraform taint

code snippets will properly configure a Terraform backend?

terraform { backend = "etcd" IT HAS TO STAR WITH TERRAFORMMMMMMM it does not start with backend

Following is the sample Child module configuration: resource "aws_instance" "myec2" { ami = "ami-082b5a644766e0e6f" instance_type = var.instance_type } variable instance_type {} If this module is called from a ROOT module, can the user set the value associated with variable of instance_type?

yes and not the other way around

You can move Terraform state between supported backends

at any time, even after running your first terraform apply.

You need to spin up an AWS instance for each tool, so you create the resource block as shown below using the for_each meta-argument. resource "aws_instance" "bryan-demos" { # ... for_each = { "terraform": "infrastructure", "vault": "security", "consul": "connectivity", "nomad": "scheduler", } } After the deployment, you view the state using the terraform state list command. What resource address would be displayed for the instance related to vault?

aws_instance.web["vault"] for_each Terraform generates multiple instances of that resource, each with a unique address

Based on the following code, which of the resources will be created first? resource "aws_instance" "data_processing" { ami = data.aws_ami.amazon_linux.id instance_type = "t2.micro"' depends_on = [aws_s3_bucket.customer_data] } module "example_sqs_queue" { source = "terraform-aws-modules/sqs/aws" version = "2.1.0" depends_on = [aws_s3_bucket.customer_data, aws_instance.data_processing] } resource "aws_s3_bucket" "customer_data" { acl = "private" } resource "aws_eip" "ip" { vpc = true instance = aws_instance.data_processing.id }

aws_s3_bucket.customer_data. Every other resource defined in this configuration has a dependency on another resource.

Which of the following block allows setting the credentials required while defining Terraform provisioners? (like code block dummy)

connection block connection { type = "ssh" can also be "winrm" these are the only 2 user = "root" password = "${var.root_password}" host = "${var.host}"

Rather than storing them in plaintext, where should you store the credentials?

credentials files or environment variables

Which among the following allows constructing a set of nested configuration blocks? dynamic "origin_group" { for_each = var.load_balancer_origin_groups content { name = origin_group.key dynamic "origin" { for_each = origin_group.value.origins content { hostname = origin.value.hostname } } } }

dynamic blocks

how would you refer to the value of ip for the dev environment if you are using a for_each argument? variable "env" { type = map(any) default = { prod = { ip = "10.0.150.0/24" az = "us-east-1a" } dev = { ip = "10.0.250.0/24" az = "us-east-1e"

each.value.ip the map(object) is the input variable and the "each" would be the higher-level map, so prod and dev. Underneath each value, there are two arguments, both az and ip that you can choose from.

owever, sensitive information provided in your configuration can be written to the state file, which is not desirable. Which method below will not result in sensitive information being written to the state file?

environmnt files !!!!!!not hashi vault from a data source!!!!!!!, tfvars file,

When using Terraform, where can you install providers from

even from a plugin cache, the official HashiCorp releases page, a local plugins directory, or

Terraform abstracts the target platforms API

from the end user

Given the following snippet of code, what will the value of the "Name" tag equal after a terraform apply? variable "name" { description = "The username assigned to the infrastructure" default = "data_processing" } locals { name = (var.name != "" ? var.name : random_id.id.hex) owner = var.team common_tags = { Owner = local.owner Name = local.name }

if var.name is not (!=) empty, assign the !!!var.name value!!!; data processing is right there so it is not empty if it is empty , assign the new random_id then it is hex.id random_id.id.hex: is the false value var.name : answer is data_processing true value

you must include a provider block for each unique provider so Terraform knows which ones you want to download and use.

if you don't have any specific configurations for your provider, you may indeed leave it out of your configuration.

Where do we define PROVISIONER block in Terraform? resource "aws_instance" "myec2" { ami = "ami-082b5a644766e0e6f" instance_type = "t2.micro" }

inside RESOURCEEEEEEE block NOT TERRAFORM provisioner is local and remote exec!!!!! provider is terraform

Which of the following represents a feature of Terraform Cloud

is Team mangement and governance not private module registry

Which code snippet would allow you to retrieve information about existing resources and use that information within your Terraform configuration?

it is a !data! block not a module blook with source =.//app-cluster

Following are the output values defined in Child and Root Module: Child Module output "child_module" { value = "This is Child Module" } Root Module: output "root_module" { value = "This is ROOT Module" } On a terraform apply, which output values will be displayed?

just the root value

By default, Terraform OSS stores its state file in what type of backend?

local backend by defult will be used if you don't specify a backend

Which of the following best describes the default local backend?

local backend stores state on the local filesystem, locks the state using system APIs, and perfrom operations locally

In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently during a terraform apply?

maximum of 10 concurrent resource operations Terraform will provision resources concurrently with a

Refer to the following Terraform code: variable "availability_zone_names" { type = list(string) default = ["us-west-1a"] description = "Availability Zones" } Which among the following arguments are required in the variable definition?

none not type, defult or description

A list/tuples in terraform expects square brackets["a","15"]

not paranthese

How can Emma quickly have Terraform recreate the one resource without having to destroy everything that was created?

terraform apply - replace=aws_instance.web to mark vm replacement

You need Terraform to destroy and recreate a single database server that was deployed with a bunch of other resources. You don't want to modify the Terraform code. What command can be used to accomplish this task?

terraform apply -replace="aws_instance.database"

Published modules via the Terraform Registry!!

show examples and READme , and allow browsing version history!!!!! does not support every code repo

Each Terraform workspace uses its own

state file to manage the infrastructure associated with that particular workspace.

The core Terraform workflow has three steps:

- Write - Author infrastructure as code. - Plan - Preview changes before applying. - Apply - Provision reproducible infrastructure.

~

update in place

Which of the following Terraform feature is available in the Enterprise and Terraform Cloud for Business editions?

- Private Network Connectivity and - Private Module Registry is available in every version of Terraform except for Open-Source. -SSO Self-Managed Installation only for enterprise

Provider dependencies are created in several different ways. Select the valid provider dependencies from the following list

1. Explicit use of a provider block in the configuration including a version constraint. 2. Existence of a any resource instance belonging to a particular provider in the current state. 3. Use of any resource belonging to a particular provider and a resource or data block in the configuration there are no provider plugins found locally

you want to add this new security group with the fewest number of lines of code. What feature could you use to iterate over a list of required tcp ports to add to the new security group?

A dynamic block acts much like a for expression, but produces nested blocks instead of a complex typed value not terraform import didnt read

Sara wants to create these new resources within modules to easily reuse the code later. However, Sara is having problems getting the subnet_id from the subnet module to pass to the load balancer module. modules/subnet.tf: resource "aws_subnet" "bryan" { vpc_id = aws_vpc.krausen.id cidr_block = "10.0.1.0/24" tags = { Name = "Krausen Subnet" } }

Add an output block that references the subnet module and retrieves the value using module.subnet.subnet_id in the load balancer module you can access oupruts in modules!!!!

You want to provide a "friendly name" for the DNS of a new web server so you can simply click the CLI output and access the new website

Add the following code to the !PARENT! module: output "website" { description = "Outputs the URL of the provisioned website" value = "https://${module.web.public_dns}:8080/index.html" } needed to create output block in parent module it needed the module in the answer it was in the eb module

You need to ensure state locking is supported to reduce the chance of corrupting the state file. What backends can you use to meet these requirements?

Kubernetes, Consul, and S3 backends

If supported by your backend, Terraform will lock your state for all operations that could write state

Prevent others from acquiring the lock and corrupting your state State locking wouldn't prevent somebody from committing code to your code repository.

What feature of Terraform Cloud and/or Terraform Enterprise allows you to publish and maintain a set of custom modules which can be used within your organization?

Private registry modules have source strings of the form <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>. free tier

During init, the configuration is searched for module blocks

and the source code for referenced modules is retrieved from the locations given in their source arguments.

Official Terraform providers and modules

are owned and maintained by HashiCorp.

Provisioners should only be used

as a last resort.

You need to use multiple resources from different providers in Terraform to accomplish a task. Which of the following can be used to configure the settings for each of the providers?

provider "consul" { namespace = provider "vault" { namespace = just make different provider blocks

Which of the following options provides support for the versioning of a module? (select two) module "compute" { source = "Azure/compute/azurerm" version = "5.1.0" resource_group_name = "production_web" vnet_subnet_id = azurerm_subnet.aks-default.id }

public and private module registry,

The terraform refresh command

reads the current settings from all managed remote objects and updates the Terraform state to match. no modification

Terraform state increases performance by

reducing the requirement to query multiple resources at one time

count.index counts the distinct index number (starting with 0)

regular count =3 start with 1

In the terraform block, which configuration would be used to identify the specific version of a provider required?

required_providers terraform { required_providers { aws = { source = "hashicorp/aws" version = "3.57.0" } } }

However, two other team members, Michael and Chucky, are using a Cloud SQL instance for testing and request to keep it running. How can Freddy and Jason destroy all other resources without negatively impacting the database?

run terraform state rm to remove the cloud SQL instance from terraform management before terraform destroy

Sentinel in Terraform Enterprise?

sentential runs before configuration is applied, therefore potentially reducing cost for public cloud resources

The terraform plan -refresh-only command is used

to create a plan whose goal is only to update the Terraform state to match any changes made to remote objects outside of Terraform.

Matthew wants to perform an API call to Terraform Cloud for certain operations via CLI. What is required to make an API call?

tokens

terraform show

used to provide human-readable output from a state or plan file. This can be used to inspect a plan to ensure that the planned operations are expected, or to inspect the current state as Terraform sees it.


Kaugnay na mga set ng pag-aaral

Unit 9 Progress Check: MCQ | AP Environmental Science

View Set

WebCE Quizzes: General Insurance & Life Insurance

View Set

Live Virtual Machine Lab 2.2: Module 02 Organizational Documentation and Procedures

View Set

7th L.A.-Direct Object/Indirect Object And Subject Complement Notecards!

View Set

Fundamental Information Security Chapter 9: Cryptography, Fundamental Information Security Chapter 10: Networks and Telecommunications, Fundamental Information Security Chapter 11: Malicious Code and Activity, Fundamental Information Security Chapter...

View Set

Patellar Tendonitis --> Osgood Schlaughter

View Set