Terraform
What are ways to debug in terraform?
-Terraform has detailed logs that can be enabled by setting the TF_LOG environment variable to any value. -You can set TF_LOG to one of the log levels TRACE, DEBUG, INFO, WARN or ERROR to change the verbosity of the logs. Example: TF_LOG=TRACE -To persist logged output, you can set TF_LOG_PATH
What are terraform local variables?
-Terraform is able to import existing infrastructure. -This allows you to take resources that you've created by some other means and bring it under Terraform management. -The current implementation of Terraform import can only import resources into the state. It does not generate configuration. -Because of this, prior to running terraform import, it is necessary to write a resource configuration block manually for the resource, to which the imported object will be mapped. -terraform import aws_instance.myec2 instance-id
What is the terraform import command used for?
-Terraform is able to import existing infrastructure. -This allows you to take resources that you've created by some other means and bring it under Terraform management. -The current implementation of Terraform import can only import resources into the state. It does not generate configuration. -Because of this, prior to running terraform import, it is necessary to write a resource configuration block manually for the resource, to which the imported object will be mapped. -terraform import aws_instance.myec2 instance-id
Does terraform have a registry?
-The Terraform Registry is integrated directly into Terraform. -The syntax for referencing a registry module is <NAMESPACE>/<NAME>/<PROVIDER>. -For example hashicorp/consul/aws: module "consul" { source = "hashicorp/consul/aws" version = "0.0.5" servers = 3 }
What does the remote backend for the terraform cloud do?
-The remote backend stores Terraform state and may be used to run operations in Terraform Cloud. -When using full remote operations, operations like terraform plan or terraform apply can be executed in Terraform Cloud's run environment, with log output streaming to the local terminal.
How do you access output values in modules?
-The resources defined in a module are encapsulated, so the calling module cannot access their attributes directly. -However, the child module can declare output values to selectively export certain values to be accessed by the calling module. -A module includes a module block like this is the calling module of the child module. output "instance_ip_addr" { value = aws_instance.server.private_ip }
What is the terraform apply command used for?
-The terraform apply command is used to apply the changes required to reach the desired state of the configuration. -Terraform apply will also write data to the terraform.tfstate file. -Once apply is completed, resources are immediately available.
What is the terraform destroy command used for?
-The terraform destroy command is used to destroy the Terraform-managed infrastructure. -terraform destroy command is not the only command through which infrastructure can be destroyed.
What is the terraform format command used for?
-The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style. -For use-case, where the all configuration written by team members needs to have a proper style of code, terraform fmt can be used.
What is the terraform graph command?
-The terraform graph command is used to generate a visual representation of either a configuration or execution plan. -The output of terraform graph is in the DOT format, which can easily be converted to an image
What is the terraform init used for?
-The terraform init command is used to initialize a working directory containing Terraform configuration files. -During init, the configuration is searched for module blocks, and the source code for referenced modules is retrieved from the locations given in their source arguments. -Terraform must initialize the provider before it can be used. -Initialization downloads and installs the provider's plugin so that it can later be executed. -It will not create any sample files like example.tf
What are terraform functions?
-The Terraform language includes a number of built-in functions that you can use to transform and combine values. > max(5, 12, 9) 12 -The Terraform language does not support user-defined functions, and so only the functions built into the language are available for use -Be aware of basic functions like element, lookup.
What is the terraform count and count index?
-The count parameter on resources can simplify configurations and let you scale resources by simply incrementing a number. -In resource blocks where the count is set, an additional count object (count.index) is available in expressions, so that you can modify the configuration of each instance.
Are you expected to find use-case issues with terraform code?
Yes, you can expect use-case with terraform code, and you have to find what should be removed as part of Terraform best practice.
What is a terraform provider?
-A provider is responsible for understanding API interactions and exposing resources. -Most of the available providers correspond to one cloud or on-premises infrastructure platform and offer resource types that correspond to each of the features of that platform. -You can explicitly set a specific version of the provider within the provider block. -To upgrade to the latest acceptable version of each provider, run terraform init -upgrade -Following is the high-level architecture of the provider.
What is a terraform resource block?
-Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records. -A resource block declares a resource of a given type ("aws_instance") with a given local name ("web").
What are root and child modules?
-Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory. -A module can call other modules, which lets you include the child module's resources into the configuration in a concise way. -A module that includes a module block like this is the calling module of the child module.
How do you deal with credentials in the configuration?
-Hard-coding credentials into any Terraform configuration are not recommended, and risks the secret leakage should this file ever be committed to a public version control system. -You can store the credentials outside of terraform configuration. -Storing credentials as part of environment variables is also a much better approach than hard coding it in the system.
What is the terraform unlock command?
-If supported by your backend, Terraform will lock your state for all operations that could write state. -Not all backends support locking functionality. -Terraform has a force-unlock command to manually unlock the state if unlocking failed. -terraform force-unlock LOCK_ID [DIR]
How do you mitigate sensitive data in a terraform state file?
-If you manage any sensitive data with Terraform (like database passwords, user passwords, or private keys), treat the state itself as sensitive data. Approaches in such a scenario: -Terraform Cloud always encrypts the state at rest and protects it with TLS in transit. Terraform Cloud also knows the identity of the user requesting state and maintains a history of state changes. -The S3 backend supports encryption at rest when the encrypt option is enabled.
What are module versions?
-It is recommended to explicitly constraining the acceptable version numbers for each external module to avoid unexpected or unwanted changes. -Version constraints are supported only for modules installed from a module registry, such as the Terraform Registry or Terraform Cloud's private module registry. module "consul" { source = "hashicorp/consul/aws" version = "0.0.5" servers = 3 }
What are terraform provisioners?
-Provisioners can be used to model specific actions on the local machine or on a remote machine in order to prepare servers or other infrastructure objects for service. -Provisioners should only be used as a last resort. For most common situations, there are better alternatives. -Provisioners are inside the resource block.
What is the terraform sentinel?
-Sentinel is an embedded policy-as-code framework integrated with the HashiCorp Enterprise products. -Can be used for various use-cases like: ● Verify if EC2 instance has tags. ● Verify if the S3 bucket has encryption enabled.
What is a terraform workspace?
-Terraform allows us to have multiple workspaces; with each of the workspaces, we can have a different set of environment variables associated. -Workspaces allow multiple state files of a single configuration.
What are some miscellaneous pointers for terraform?
-Terraform does not require go as a prerequisite. -It works well in Windows, Linux, MAC. -Windows Server is not mandatory.
What is the terraform plan used for?
-The terraform plan command is used to create an execution plan. -It will not modify things in infrastructure. -Terraform performs a refresh, unless explicitly disabled, and then determines what actions are necessary to achieve the desired state specified in the configuration files. -This command is a convenient way to check whether the execution plan for a set of changes matches your expectations without making any changes to real resources or to the state.
What is the terraform refresh command used for?
-The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. -This does not modify infrastructure but does modify the state file.
What is the terraform validate command used for?
-The terraform validate command validates the configuration files in a directory. -Validate runs checks that verify whether a configuration is syntactically valid and thus primarily useful for general verification of reusable modules, including the correctness of attribute names and value types. -It is safe to run this command automatically, for example, as a post-save check in a text editor or as a test step for a reusable module in a CI system. It can run before terraform plan. -Validation requires an initialized working directory with any referenced plugins and modules installed
What are the benefits of IAAC tools and what IAAC tools are available?
-There are three primary benefits of Infrastructure as Code tools: --Automation, Versioning, and Reusability. -Various IAC Tools Available in the market: --Terraform --CloudFormation --Azure Resource Manager --Google Cloud Deployment Manager
Is there a terraform lock?
-Yes, If supported by your backend, Terraform will lock your state for all operations that could write state. -Terraform has a force-unlock command to manually unlock the state if unlocking failed.
Does terraform have a private registry?
-You can also use modules from a private registry, like the one provided by Terraform Cloud. -Private registry modules have source strings of the following form: <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>. -This is the same format as the public registry, but with an added hostname prefix. -While fetching a module, having a version is required.
What are some terraform use-cases?
-You have created an EC2 instance. Someone has modified the EC2 instance manually. What will happen if you do terraform plan yet again? ● Someone has changed EC2 instance type from t2.micro to t2.large? ● Someone has terminated the EC2 instance. -Answer 1. Terraform's current state will have t2.large, and the desired state is t2.micro. It will try to change back instance type to t2.micro. -Answer 2. Terraform will create a new EC2 instance.
How do you suppress values in the CLI output?
An output can be marked as containing sensitive material using the optional sensitive argument: output "db_password" { value = aws_db_instance.db.password description = "The password for the db" sensitive = true } -Setting an output value in the root module as sensitive prevents Terraform from showing its value in the list of outputs at the end of terraform apply. -Sensitive output values are still recorded in the state, and so will be visible to anyone who is able to access the state data.
What are some miscellaneous pointers for terraform?
Sentinel is a proactive service. Terraform Refresh does not modify the infrastructure but it modifies the state file. Slice Function is not part of the string function. Others like join, split, chomp are part of it. It is not mandatory to include the module version argument while pulling the code from terraform registry.
What is the splat expression in terraform?
Splat Expression allows us to get a list of all the attributes.
Is the provider configuration block required for terraform?
The provider configuration block is not mandatory for all terraform configurations provider "aws" { region = "us-east-1" access_key = "Your-key" secret_key = "Your-key" }
What is the terraform output command?
The terraform output command is used to extract the value of an output variable from the state file.
What can we do with terraform modules?
We can centralize the terraform resources and can call out from TF files whenever required.
What is a terraform alias?
You can have multiple provider instances with the help of an alias provider "aws" { region = "us-east-1" } provider "aws" { alias = "west" region = "us-west-2" } The provider block without alias set is known as the default provider configuration. When an alias is set, it creates an additional provider configuration.
What are some terraform data types?
string - sequence of unicode characters representing some text like "hello". list - sequential list of values identified by their position. Starts with 0, ["1", "2", "3"] map - a group of values identified by named labels, like {name = "Mabel", age=52}. number - Example: 200