Top 40 Terraform Interview Questions and Answers for 2024

Are you preparing for a Terraform interview? If yes, then you’ve come to the right place! In this article, we’ll cover the top 40 Terraform interview questions and answers that will help you ace your next interview.

Terraform has become an essential tool in the world of cloud computing and infrastructure as code (IaC). It enables you to build, change, and manage your infrastructure in a safe and efficient manner. As the demand for Terraform professionals continues to rise, it’s crucial to be well-prepared for the interview process.

This article will cover a wide range of Terraform interview questions, from basic to advanced levels, to help you assess your knowledge and identify areas where you need to focus more. We’ll also provide detailed answers to these questions, ensuring you have a thorough understanding of the concepts.

So, let’s dive in and explore the top 40 Terraform interview questions and answers!

Top Terraform Interview Questions and Answers

Here are some basic-level Terraform interview questions to kick things off.

1. What is Terraform?
   Terraform is an open-source infrastructure as code (IaC) tool created by HashiCorp. It allows you to build, change, and version your infrastructure safely and efficiently. Terraform can manage both existing and custom in-house solutions.

2. Why should you use Terraform?
   Terraform is a tool for building infrastructure safely and efficiently. It can manage leading and popular service providers as well as custom in-house solutions. Terraform creates incremental execution plans that can be applied according to configuration changes, making it easier to manage your infrastructure.

3. What are the key features of Terraform?
   Some of the key features of Terraform include:

   • Execution Plan: Terraform generates an execution plan that describes the actions it will take to achieve the desired state.
   • Change Automation: Terraform automates changes to your infrastructure, allowing you to apply complex changesets with minimal human interaction.
   • Resource Graph: Terraform creates a resource graph and builds or modifies non-dependent resources simultaneously.
   • Infrastructure as Code: Terraform uses a high-level configuration language to define your infrastructure in human-readable declarative configuration files.

4. Define IAC (Infrastructure as Code).
   Infrastructure as Code (IAC) is a process of managing and provisioning infrastructure resources through machine-readable definition files instead of manual processes. IAC allows you to build, change, and manage your infrastructure through coding.

5. What are the most useful Terraform commands?
   Some of the most useful Terraform commands are:

   • terraform init: Initializes the current directory for Terraform configuration files.
   • terraform plan: Shows the changes required by the current configuration.
   • terraform apply: Creates or updates the infrastructure based on the Terraform configuration.
   • terraform destroy: Destroys the previously created infrastructure.
   • terraform output: Views the output values from the Terraform configuration.
   • terraform show: Provides human-readable output from a state or plan file.

6. Are callbacks possible with Terraform on Azure?
   Yes, callbacks are possible with Terraform on Azure by using Azure Event Hubs. The Terraform AzureRM provider provides easy functionality to users for this.

7. What is Terraform init?
   terraform init is a command used to initialize a working directory containing Terraform configuration files. This command can be run multiple times, and it is safe to do so. It is the first command that should be run after writing new Terraform configuration.

8. What is Terraform D?
   Terraform D is a plugin used on most in-service systems and Windows. By default, terraform init searches the next directories for plugins.

9. Is history the same as it is on the web while using TFS API to provide resources?
   Yes, the narration is similar to the web because the UI uses the API as its base. Everything on the UI is available through other methods and the API.

10. Why is Terraform used for DevOps?
    Terraform is commonly used in DevOps because it utilizes a JSON-like configuration language called the HashiCorp Configuration Language (HCL). HCL has a simple syntax that makes it easy for DevOps teams to define and enforce infrastructure configurations across multiple clouds and on-premises data centers.

11. Define null resource in Terraform.
    The null_resource implements the standard resource lifecycle but takes no further action. The triggers argument allows specifying an arbitrary set of values that will cause the resource to be replaced when changed.

12. What is Terraform Cloud?
    Terraform Cloud is a platform that enables teams to use Terraform collaboratively, either on-demand or in response to various events. It is deeply integrated with Terraform’s workflows and data, providing easy access to shared state and secret data, detailed policy controls for updating infrastructure, a private registry for sharing Terraform modules, and more.

13. Explain Oracle Cloud Infrastructure.
    Oracle Cloud Infrastructure (OCI) is a cloud computing service provided by Oracle Corporation, offering storage, servers, applications, services, and networks through a global network of managed data centers.

14. What is a Terraform backend?
    Each Terraform configuration can specify a backend, which defines two main things:

    • Where operations are performed.
    • Where the state is stored (Terraform keeps track of all the resources created in a state file).

15. Name some major competitors of Terraform.
    Some of the top competitors and alternatives to Terraform include Azure Management Tools, Morpheus, CloudHealth, Turbonomic, and CloudBolt.

Intermediate Terraform Interview Questions

Now, let’s move on to some intermediate-level Terraform interview questions.

1. Explain the uses of Terraform CLI and list some basic CLI commands.
   The Terraform Command-Line Interface (CLI) is used to manage infrastructure and interact with Terraform state, configuration files, providers, etc. Some basic CLI commands are:

   • terraform init: Prepares the working directory for other commands.
   • terraform destroy: Destroys the previously created infrastructure.
   • terraform validate: Checks whether the configuration is valid.
   • terraform apply: Creates or updates the infrastructure.
   • terraform plan: Shows the changes needed by the current configuration.

2. What are modules in Terraform?
   A module in Terraform is a container for multiple resources that are used together. Every Terraform configuration that includes resources mentioned in .tf files requires the root module.

3. What is a Private Module Registry?
   A Private Module Registry is a feature from Terraform Cloud that allows you to share Terraform modules across the organization. You can enforce rules or “sentinel policies” on the registry that specify how members of your organization can use the modules.

4. Is Terraform usable for an on-prem infrastructure?
   Yes, Terraform can be used for on-premises infrastructure. As there are many available providers, you can choose the one that suits your needs best. All you need is an API.

5. Does Terraform support multi-provider deployments?
   Yes, Terraform supports multi-provider deployments, including on-premises providers like OpenStack, VMware, and you can even manage SDN using Terraform.

6. How is the duplicate resource error ignored during terraform apply?
   You can try the following options:

   • Delete those resources from the cloud provider (API) and recreate them using Terraform.
   • Delete those resources from the Terraform code to stop its management.
   • Perform a terraform import of the resource and remove the code that is trying to recreate them.

7. Name all version controls supported by Terraform.
   The version controls supported by Terraform are:

   • Azure DevOps Services
   • Azure DevOps Server
   • Bitbucket Server
   • Bitbucket Cloud
   • GitLab EE and CE
   • GitLab.com
   • GitHub Enterprise
   • GitHub.com (OAuth)
   • GitHub.com

8. What are some of the built-in provisioners available in Terraform?
   Here is a list of built-in provisioners in Terraform:

   • Salt-masterless Provisioner
   • Remote-exec Provisioner
   • Puppet Provisioner
   • Local-exec Provisioner
   • Habitat Provisioner
   • File Provisioner
   • Chef Provisioner

9. Which command is used to destroy Terraform-managed infrastructure?
   The command terraform destroy [options] [dir] is used to destroy the previously created infrastructure managed by a particular Terraform configuration.

10. Tell us about some notable Terraform applications.
    The applications of Terraform are pretty broad due to its ability to extend its capabilities for resource manipulation. Some unique applications are:

    • Software demos development
    • Resource schedulers
    • Multi-cloud deployment
    • Disposable environment creations
    • Multi-tier applications development
    • Self-service clusters
    • Setup of Heroku App

11. What are the components of Terraform architecture?
    The Terraform architecture includes the following components:

    • Sub-graphs
    • Expression Evaluation
    • Vertex Evaluation
    • Graph Walk
    • Graph Builder
    • State Manager
    • Configuration Loader
    • CLI (Command Line Interface)
    • Backend

12. Define Resource Graph in Terraform.
    A resource graph is a visual representation of the resources. It helps modify and create independent resources simultaneously. Terraform establishes a plan for the configuration of the graph to generate plans and refresh the state. It creates a structure most efficiently and effectively to help understand the drawbacks.

13. Can you provide a few examples where we can use Sentinel policies?
    Sentinels are a powerful way to implement various policies in Terraform. Here are a few examples:

    • Enforce explicit ownership in resources
    • Restrict roles the cloud provider can assume
    • Review an audit trail for Terraform Cloud operations
    • Forbid only certain resources, providers, or data sources
    • Enforce mandatory tagging on resources
    • Restrict how modules are used in the Private Module Registry

14. What are the various levels of Sentinel enforcement?
    Sentinel has three enforcement levels: advisory, soft mandatory, and hard mandatory.

    • Advisory: Logged but allowed to pass. An advisory is issued to the user when they trigger a plan that violates the policy.
    • Soft Mandatory: The policy must pass unless an override is specified. Only administrators have the ability to override.
    • Hard Mandatory: The policy must pass no matter what. This policy cannot be overridden unless it is removed. It is the default enforcement level in Terraform.

15. How do you store sensitive data in Terraform?
    Terraform requires credentials to communicate with your cloud provider’s API. However, these credentials should never be stored directly in Terraform code as plaintext, as GitHub is exposed to thousands of API and cryptographic keys every day. Instead, you should use encrypted storage to store passwords, TLS certificates, SSH keys, and anything else that shouldn’t be stored in plain text.

Advanced Terraform Interview Questions

In this section, we’ll explore some advanced-level Terraform interview questions.

1. What is Terragrunt, and what are its uses?
   Terragrunt is a thin wrapper that provides extra tools to keep configurations DRY (Don’t Repeat Yourself), manage remote state, and work with multiple Terraform modules. It is used for:

   • Working with multiple AWS accounts
   • Executing Terraform commands on multiple modules
   • Keeping CLI flags DRY
   • Keeping remote state configuration DRY
   • Keeping Terraform code DRY

2. Explain State File Locking.
   State file locking is a Terraform mechanism in which operations on a specific state file are blocked to avoid conflicts between multiple users performing the same process. When one user releases the lock, only then can another user operate on that state. This helps in preventing state file corruption. This is a backend operation.

3. What is a Tainted Resource?
   A tainted resource is a resource that is forced to be destroyed and recreated on the next apply command. When a resource is marked as tainted, the state files are updated, but nothing changes on the infrastructure. The terraform plan output shows that the resource will be destroyed and recreated. The changes get implemented when the next apply happens.

4. How do you lock Terraform module versions?
   A proven way to lock Terraform module versions is to use the Terraform module registry as a source. You can use the version attribute in the module of the Terraform configuration file. If you’re using a GitHub repository as a source, you need to specify the version, branch, and query string with ?ref.

5. What is Terraform Core? Tell us some primary responsibilities of it.
   Terraform Core is a binary statically compiled using the Go programming language. The compiled binary offers an entry point for Terraform users. The primary responsibilities include:

   • Reading and interpolation of modules and configuration files by Infrastructure as Code functionalities
   • Resource Graph Construction
   • Plugin communication through RPC
   • Plan execution
   • Management of resource state

6. Give the Terraform configuration for creating a single EC2 instance on AWS.
   This is the Terraform configuration for creating a single EC2 instance on AWS:

   ini

   Copy

   provider "aws" {  region = ""}resource "aws_instance" "example" {  ami           = ""  instance_type = ""  tags = {    Name = "example"  }}

7. How do you upgrade plugins on Terraform?
   Run terraform init with the -upgrade option. This command rechecks the releases.hashicorp.com to find new acceptable provider versions and downloads available provider versions. The automatic downloads directory is .terraform/plugins/<OS>_<ARCH>.

8. How do you make an object of one module available for another module at a high level?
   Here are the steps to make an object from one module available to another module at a high level:

   1. Define an output variable in the resource configuration.
   2. Declare the output variable of module_A.
   3. Create a variable.tf file for module_B.
   4. Establish the input variable inside this file with the same name as the key defined in module_B.
   5. Replicate the process for making the variable available to other modules.

9. What are some of the latest Terraform Azure Provider factors?
   The latest versions involve new data resources and Azurem_batch_certificate, which helps in managing certificates. This resource is used for controlling the prefix in networking. There is also bug fixing, and azurerm_app_service has been enhanced.

10. How do you control and handle rollbacks when something goes wrong?
    To handle rollbacks, you need to recommit the previous code version to be the new and current version in your version control system (VCS). This would trigger a Terraform run, which would be responsible for running the old code. Since Terraform is more declarative, you need to ensure that all things in the code roll back to the old code. If the state file gets corrupted, you can use the State Rollback Feature of Terraform Enterprise to roll back to the latest good state.

Conclusion

Congratulations! You’ve made it through the top 40 Terraform interview questions and answers. By mastering these questions, you’ve gained a solid understanding of Terraform and its various concepts, features, and applications.

Remember, while having knowledge of these questions is crucial, it’s equally important to practice and experiment with Terraform to solidify your understanding further. Hands-on experience will not only boost your confidence but also prepare you for any practical scenarios that may arise during the interview process.