Terraform basics
---
shuffleAnswers: true
shuffleQuestions: true
nQuestions: 25
introduction: >
The test contains a set of questions and there is no time limit. The test is not official, it's just one of the most efficient ways to see how much you know, or don't know, about the subject.
--- # When you execute the "terraform init" command, where are all the configuration files (including the backend and plugins) stored? 1. [ ] terraform.tfstate stores all the current configuration 1. [ ] .terraform/home directory 1. [ ] Config.tf where all the init configurations are saved. 1. [x] .terraform/plugins directory > .terraform/plugins Whenever terraform is initialized all the plugin related files are stored and downloaded under .terraform/plugins # basics, supported operation system Which of the following OS is supported by Terraform for installation on client workstations? Please choose the relevant choice. 1. [ ] Windows 1. [ ] Amazon Linux 1. [ ] FreeBSD 1. [ ] Solaris 1. [ ] MacOS 1. [x] All of these operating systems. > All of the aforementioned are true. On it, Terraform operates flawlessly. > Please find the URL for your reference https://www.terraform.io/downloads.html # What command should you enter to make a new workspace with the name new-project? 1. [ ] terraform workspace –new –new-project 1. [ ] terraform workspace init new-project 1. [ ] terraform workspace new-project 1. [x] terraform workspace new new-project > The syntax to create a new workspace is `terraform workspace new`
# You have the following provider configuration for AWS:
```terraform
provider "aws” {
region = "eu-west-1”
}
provider "aws” {
alias = "frankfurt"
region = "eu-central-1"
}
```
How do you specify an instance creation on eu-central-1 ?
1. [ ] resource "aws_instance" "web-server” { provider = aws.central … }
1. [x] resource "aws_instance" "web-server” { provider = aws.frankfurt … }
1. [ ] resource "aws_instance" "web-server” { … }
1. [ ] resource "aws_instance" "web-server” { provider = aws.west … }
# How do you force users to use a particular version of required providers in your terraform code?
1. [x] `terraform { required_providers { aws = { source = "hashicorp/aws" version =”3.74.1″ }}}`
1. [ ] `terraform { aws = { source = "hashicorp/aws" version ~> "3.74.1” }}`
1. [ ] `aws = { source = "hashicorp/aws" version = "3.74.1” }}`
1. [ ] `provider "aws” = { source = "hashicorp/aws" version = "3.74.1” }`
# What of the following next arguments are not part of the generic meta-arguments for a provider?
- [ ] Alias
- [x] Version
- [ ] Profile
- [x] Region
# local-exec invokes a process on the resource that is being created by Terraform.
1. [ ] True
1. [x] False
# Which language does terraform support from the below list?
1. [ ] xml
1. [ ] javascript
1. [ ] Plaintext
1. [x] Hashicorp Language & JSON
> Terraform supports Hashicorp Language & JSON, files ending in `.tf` and `tf.json` format.
https://www.terraform.io/docs/configuration/syntax-json.html # Select the correct option for the sequence of steps required to execute Terraform code. 1. [ ] Plan -> Apply 1. [ ] Write -> Apply -> Plan 1. [ ] Plan -> Apply -> Write 1. [x] Write -> Plan -> Apply > Terraform's core workflow consists of three steps: Write - Create infrastructure in the form of code.
Plan ahead of time to see how the changes will look before they are implemented.
Apply - Create a repeatable infrastructure.
All of the other choices are incorrect.
> References: https://www.terraform.io/guides/core-workflow.html # Which command would you use to allow multiple configurations in the case of a duplicate 'provider' configuration error? ``` provider "aws" { Region = us-west-2" } provider "aws" { Region = "eu-central-1" } provider "aws" { Region = ap-north-2" } ``` 1. [ ] Label 1. [ ] Module 1. [ ] Resource for each provider 1. [x] Alias > We can use the alias command to create multiple configurations for the same provider, each pointing to a different resource. > https://www.terraform.io/docs/configuration/providers.html # What is the method for evaluating an expression in Terraform before applying it? Choose an option from below. 1. [ ] Execute terraform Graph command or see the graph of the resources. 1. [ ] Execute terraform validate. 1. [ ] Push the code to the repository. 1. [x] On terraform console, validate the expression. > Use terraform console to execute & validate the expression. # If Terraform code is utilizing values that are not specified in the code files, which of the following options could be the cause of this issue? 1. [ ] Issue in main.tf file 1. [ ] Issue in vars.tf file 1. [ ] Issue in terraform.tfvars 1. [x] Issue in Environment Variables > Terraform is a term that refers to a set of environment variables that be used to customise different aspects of its behaviour.
They be used to override some of Terraform's default behaviours in sual circumstances or to increase output verbosity for debugging poses.
Because these are the names of the code files used in Terraform configuration, all other options are incorrect.
> Reference: https://www.terraform.io/docs/cli/config/environment-variables.html # What is the provider version of Google Cloud being used in Terraform when provider is set to `aws = "~> 1.9.0"` - [ ] 1.0.0 - [ ] 1.8.0 - [x] 1.9.2 - [x] 1.9.1 > The operator `~>` (Pessimistic Constraint Operator) means that only minor (right most version increase) updates are accepted,according to the Terraform doc.
As a result, > 1.9.0 denotes that the related module/provider requirement accepts 1.9.1 to 1.9.x, but not 1.10.0 or 1.0.0 or 1.8.0. > https://www.terraform.io/docs/language/expressions/versionconstraints.html # Which of the following are supported backend types in Terraform? (Select more than one) - [x] consul - [x] gcs - [x] manta - [ ] bitbucket > Please refer to the below link for the standard list of supported backend types. > https://www.terraform.io/docs/language/settings/backends/index.html # It is possible for resources in Terraform to share identical identifiers, which consist of a combination of resource type and block name. 1. [ ] True 1. [x] False > Unique identifiers should be assigned to Terraform Resources.
Resource Type + Block name are the identifiers.
We can't have resource identifiers that are the same. # If you use a sensitive flag for database password while running terraform plan & apply commands on the console, will the password be displayed as plain text in logs? 1. [ ] True 1. [x] False > The output cannot be visible if the sensitive flag is used with terraform apply and plan.
If you have access to state files, however, you can see the output as plaintext. # Is it necessary to execute terraform init every time you add a new provider before running the terraform plan and terraform apply commands? 1. [ ] False 1. [x] True > Every time you introduce a new provider, it is essential to execute terraform init.
This ensures that the most recent provider or a specified version and initialization files are downloaded to the .terraform folder. # With the help of Terraform iterator, it is possible to assign names to a temporary variable that corresponds to an element. 1. [ ] False 1. [x] True > The iterator argument allows for the assignment of names to temporary variables that pertain to the current element within a complex value. For additional information, please consult the following link: > Reference:https://www.terraform.io/docs/language/expressions/dynamicblocks.html # Is it advisable to hardcode the provider version in a production environment? 1. [ ] False 1. [x] True > While it may be desirable to have the most up-to-date version, it's typically more prudent to operate on a known version in a production environment. This approach can aid in managing any potential issues that may arise. # Is Mongodb Atlas a supported database provider approved by hashicorp? 1. [ ] False 1. [x] True > https://www.terraform.io/docs/providers/type/database-index.html # If a variable has been configured but not assigned a value, will terraform plan prompt for an input value? 1. [ ] False 1. [x] True > Whenever there is a variable used and no value configured upon terraform plan or terraform apply, it will ask for variable value at Command Line Interface. # Is the correct command to upgrade/download the most recent providers terraform init -upgrade? 1. [ ] False 1. [x] True > To upgrade to the most current terraform providers, use terraform init-upgrade. The most current version of each previously chosen plugin that complies with the configuration's version requirements is installed. Terraform will use the most current version that complies with the configured version constraints and ignore any selections made in the dependency lock file. > Reference: https://www.terraform.io/docs/cli/commands/init.html # Dynamic blocks help to manage the complex configurations 1. [ ] False 1. [x] True > A dynamic block is similar to a for expression, but instead of producing a complex typed value, it produces nested blocks. It generates a nested block for each element of a given complex value after iterating over it. > Reference: https://www.terraform.io/docs/language/expressions/dynamicblocks.html # We've already manually created some resources. Now we want to use Terraform to duplicate resources. Is it possible to create duplicate resources in Terraform Apply? 1. [ ] True 1. [x] False > If we are creating duplicate resources, on terraform apply, terraform will give us an error that "The resource already exists - to be managed via Terraform, this resource needs to be imported into the State".
We can manage the resource using terraform import command. # You've given the variable `myvar` a type string. What values does it accept (from the options below)? Select all that apply from the list below. ```terraform variable "myvar" { type = string } ``` - [x] 100 - [x] "100" - [ ] myvar - [ ] All of them > For more information: https://www.terraform.io/docs/configuration-0-11/variables.html # You have noticed lot of commit errors due to terraform version issues and noticed that your remote team is still using `0.11` instead of `0.12` . How do you make sure all of them are updated? 1. [ ] Call for a meeting with remote team and ask to rewrite the code in `0.12` and merge it. 1. [ ] Make sure code works both in `0.11` and `0.12` and make changes as necessary. 1. [ ] Ask the remote team to manually make changes to support `0.12`. 1. [x] Ask the remote team to use required_version `>=0.12` function and use it whenever they write code. > The version that is required The setting takes a version constraint string that specifies which Terraform versions are compatible with your configuration. Terraform will generate an error and exit without taking any further actions if the current version of Terraform does not match the constraints specified. > For more information: https://www.terraform.io/docs/language/settings/index.htmL # Select the language or syntax supported by Terraform. - [x] HCL(Hashicorp Configuration Language) > A Terraform configuration is a full document written in the Terraform language that instructs Terraform on how to manage a set of infrastructure. Multiple files and directories can make up a configuration. - [ ] XML - [x] JSON > The Terraform language's constructs can also be expressed in JSON syntax, which is more difficult to read and edit for humans but easier to generate and parse programmatically. The native syntax is used to define the JSON syntax. Everything that can be expressed in native syntax can also be expressed in JSON syntax, but due to JSON grammar limitations, some constructs are more difficult to represent in JSON. The low-level JSON syntax is defined in terms of the HCL specification, just like the native syntax. - [ ] GO > For more information: https://www.terraform.io/docs/language/index.html > https://www.terraform.io/docs/language/syntax/json.html # How to define environment variables in Terraform? Select the correct syntax from the options given below. 1. [ ] TF_VAR 1. [ ] TF_ENV_VAR 1. [x] TF_VAR_ 1. [ ] TF_ENV_ > Terraform looks for environment variables with the name TF VAR_ followed by the name of a declared variable in its own process's environment. Because they are not valid syntax, other options are incorrect.
Sample: ```bash $ export TF_VAR_image_id=ami-xaybcz $ terraform plan ``` > For more information: https://www.terraform.io/docs/language/values/variables.html#environment-variables # Terraform wants to talk to remote systems by using API calls. From which of the following options, the required scenario can be achieved? 1. [ ] terraform resources > because Terraform resources do not have the ability to communicate with remote systems. 1. [ ] terraform state > Because the state only contains mappings of provisioned resources, 1. [ ] terraform REST API > because the Terraform plugin uses an API to communicate with the backend, and an API alone cannot communicate with remote systems. 1. [x] terraform plugin > because the Terraform plugin includes all of the code required to communicate with remote systems via API interaction. > To interact with remote systems, Terraform uses `providers`, which are plugins. Terraform uses API calls to communicate with remote systems. https://www.terraform.io/docs/configuration/providers.html # The following snippet of code is written to use multi-region for AWS provider. The error "Duplicate provider configuration" is thrown when terraform init is run against this code snippet. What is the best way to fix this problem? ```terraform provider "aws" { region = "us-east-1" } // For another region provider "aws" { region = "us-west-2" } ``` 1. [x] By adding alias variable, `alias = "west"` in one of the provider block and referencing to this provider in resource block as `provider = aws.west` > because we can refer to multiple providers using an alias variable in one of the blocks, which we refer to as aws in the resource block. 1. [ ] By adding the alias variable, `alias ="west"` in one of the provider blocks and referencing to this provider in the resource block as `provider = alias.west.alias` > because we can refer to multiple providers with an alias variable in one of the blocks, and we refer to this in the resource block as aws. rather than alias. 1. [ ] By defining provider block as `provider "aws"{ region = "us-east- 2" }` > because Terraform does not allow us to define provider as a block. 1. [ ] We cannot have same provider but we can have 2 different providers. > because we can use the alias variable to refer to the same providers. If we want to deploy resources in two different regions for the same provider, we use the alias variable as `alias= "somename"` in one of the provider blocks. > For more information:https://www.terraform.io/docs/configuration/providers.html#aliasmultiple-provider-configurations # Which of the following are valid provider versions that satisfy the expression found in the following code snippet when using constraint expressions to signify a version of a provider: (choose two) ```terraform terraform { required_providers { aws = "~> 2.3.0" } } ``` - [ ] 2.4.1 > because 2.4.1 doesn’t fall in range >= 2.3.0 to < 2.4.0 - [x] 2.3.3 > because 2.3.3 falls in range >= 2.3.0 to < 2.4.0 - [x] 2.3.9 > because 2.3.3 falls in range >= 2.3.0 to < 2.4.0 - [ ] 3.4.0 > because 3.4.0 doesn’t fall in range >= 2.3.0 to < 2.4.0 > For more information: The ~> operator is a convenient shorthand for allowing only patch releases within a specific minor release. https://www.terraform.io/docs/configuration/providerrequirements.html#version-constraints # Is it mandatory to have Go runtime to run terraform? 1. [ ] True 1. [x] False > Terraform Core is a binary written in the Go programming language that is statically compiled. The compiled binary is the terraform command line tool (CLI), which is the starting point for anyone who wants to use Terraform. The source code can be found at github.com/hashicorp/terraform. Terraform does not require Go runtime to function. > For more information: https://www.terraform.io/docs/extend/how-terraform-works.html > https://www.terraform.io/downloads.html # How HashiCorp distributed plugins are installed (Select Two) - [x] During initializing working directory using terraform init > because during initialization plugins get installed - [ ] During terraform apply stage > because apply will not install plugins it performs provisioning of resources - [ ] During terraform plan stage > because plan cannot install plugins. - [x] Plugins can also be manually installed in the user plugins directory > because Plugins can be manually installed in the user plugins directory, located at `~/.terraform.d/plugins` on most operating systems and `%APPDATA%\terraform.d\plugins` on Windows. Terraform searches the configuration for both direct and indirect references to providers during initialization and tries to load the required plugins. If plugins are required for providers distributed by HashiCorp, `init` will download and install them automatically. > For more information: https://www.terraform.io/docs/commands/init.html#plugin-installation > https://www.terraform.io/docs/configuration/providerrequirements.html#provider-installation # Which among the following log command should be set to get Maximum verbosity of terraform logs? 1. [ ] set the `TF_LOG=DEBUG` in environment variable > because, unlike trace, this command does not provide detailed verbose information. 1. [ ] set the `TF_LOG=INFO` in environment variable > because this command will not only give you information, but it will also give you a lot of it. 1. [x] set the `TF_LOG=TRACE` in environment variable > because it provides more detailed information than the other options. 1. [ ] set the `TF_LOG=WARN` in environment variable > because it only prints warning messages. The `TF LOG` environment variable can be set to any value to enable detailed logs in Terraform. Detailed logs will appear on `stderr` as a result of this. To persist logged output you can set TF_LOG_PATH in order to force the log to always be appended to a specific file when logging is enabled. Note that even when TF_LOG_PATH is set, TF_LOG must be set in order for any logging to be enabled. > https://www.terraform.io/docs/internals/debugging.html # In which of the following languages, as per terraform version 0.12, terraform configuration can be written? (Select Two) - [x] HashiCorp Configuration Language (HCL) > HCL is a valid configuration language - [ ] XML > because the configuration language XML is not supported. - [ ] YAML > because the configuration language YAML is not supported. - [x] JSON > JSON is a valid configuration language - [ ] Go > Configuration language Go is not supported. > https://www.terraform.io/docs/configuration-0-11/syntax.html > https://www.hashicorp.com/blog/cdk-for-terraform-enabling-pythonand-typescript-support # Bob is employed by Fusion Corp. The internal IT team has downloaded and saved the plugins in a shared folder so that everyone on the team is using the same version. How can we tell Terraform to use these pre-installed plugins rather than downloading new ones? 1. [x] terraform init –plugin-dir=PATH > The CORRECT plugin-dir option is option 1. Installs no plugins and only loads plugins from the specified directory. 1. [ ] terraform init –plugin-path=PATH > Because the init command does not include the plugin-path option. 1. [ ] terraform init –get-plugins=PATH > Because get-plugins takes a Boolean value as a parameter. Installing plugins is not required. 1. [ ] terraform init –plugin-file=PATH > https://www.terraform.io/docs/commands/init.html#plugin-installation > https://www.terraform.io/docs/commands/init.html # Which of the following is true about third party plugins? (SELECT TWO) - [ ] Third party plugins also gets downloaded automatically from terraform version 0.12 > third-party plugins must be downloaded manually. - [x] Third-party plugins (both providers and provisioners) can be manually installed into the user plugins directory based on OS type. > manually install third-party plugins in the user's plugin directory. - [ ] Third-party plugins should be installed only into user plugins directory, no other directories are supported for third party plugin. > third-party plugins can be manually installed in any directory, but the path must be specified during initialization using the –plugin-dir=PATH option. - [ ] Third party plugins which are approved by HashiCorp are supported. > FALSE because anyone can write and distribute plugins without HashiCorp's permission. - [x] Plugins can be written only in Go language. > As of now, CORRECT plugins can only be written in the GO programming language. > https://www.terraform.io/docs/plugins/basics.html > https://www.terraform.io/docs/configuration/providers.html#thirdparty-plugins # Which of the following command can be used to syntactically check terraform configuration before using apply or plan command? 1. [ ] terraform fmt > because fmt is used to rewrite Terraform configuration files to a canonical format and style. 1. [x] terraform validate > because it is used to validate the terraform configuration. 1. [ ] terraform show > because show is used to provide human readable output from a state or plan file. 1. [ ] terraform check > because there is no command in terraform called check. > https://www.terraform.io/docs/commands/validate.html # When terraform fmt is applied, how many space indentation are applied for each nesting level? 1. [ ] 3 1. [x] 2 > because terraform fmt applies a twospace indentation to each level by default. These conventions will be applied automatically by Terraform formatting. Rest of the options are INCORRECT because by default terraform fmt applies 2 space indentation at each level. 1. [ ] 1 1. [ ] 4 > https://www.terraform.io/docs/configuration/style.html https://www.terraform.io/docs/commands/fmt.html # How to save destroy plan to a file before destroying it? 1. [ ] terraform plan -destroy > because it only displays the plan in the console and does not save it to a file. 1. [ ] terraform plan > Because this command is used to create an execution plan. Unless explicitly disabled, Terraform performs a refresh and then determines what actions are required to achieve the desired state specified in the configuration files. 1. [ ] terraform plan –out=PATH > because the generated execution plan is saved in the path specified by this command. This isn't just for destroying things; it also includes the entire execution plan. 1. [x] terraform plan –destroy –out=PATH > this plan will be generated to delete all resources managed by the given configuration and state and save them in the PATH specified. When you run terraform plan –destroy, a plan for destroying all resources managed by the given configuration and state is generated and displayed in the console. PATH should be specified with the –out option if we want to save the state. > https://www.terraform.io/docs/commands/plan.html#destroy > https://www.terraform.io/docs/cli/commands/destroy.html # When using the Terraform provider for Vault, the tight integration between the HashiCorp tools provides the ability to mask secrets in the terraform plan and state files. 1. [ ] True 1. [x] False (right) > Terraform currently lacks a direct integration with a vault provider for storing sensitive data securely. Before running terraform init, we must download any secrets stored. In addition, the downloaded secrets must be passed to the init command. Because Terraform currently lacks a mechanism for redacting or protecting secrets returned by data sources, secrets read through this provider will be persisted in the Terraform state, any plan files, and, in some cases, the console output produced while planning and applying. As a result, all of these artefacts must be properly safeguarded. > For more information: https://registry.terraform.io/providers/hashicorp/vault/latest/docs # Which of the following is not true about data sources? 1. [ ] data block can have local source. > because a data block's source can be local. 1. [x] data sources are only given by providers. (right) > because data sources can come from anywhere. We also have the option of having our own source. 1. [ ] data sources allows a terraform configuration to make use of information defined by another separate Terraform configuration. > because the data source can make use of data from another configuration 1. [ ] We can use filters inside data block. > allows filters on the INCORRECT data block. > https://www.terraform.io/docs/configuration/data-sources.html # A variable of type `object({ name=string, age=number })` would match which of the following 1. [ ] { name = "John" age = "52" } > Because age is represented as a string 1. [ ] { name = John, age = "52" } > Because age is represented as a string and there is a comma, Option B is incorrect. 1. [ ] { name = "John", age = 52 } > Because there is a comma separator, Option C is incorrect. 1. [x] { name = "John" age = 52 } (right) > Because the object is represented by a string and a number. object(...): a collection of named attributes that each have their own type. The schema for object types is { = , = , ... } > For more information: https://www.terraform.io/docs/configuration/types.html#structuraltype # What would be output of the below? ```terraform lookup( {a="test ", b="good morning"}, "call", "terraform?") ``` 1. [ ] test 1. [ ] good morning 1. [ ] call 1. [x] terraform? > This is the real outcome: terraform? This can be verified using the Terraform console. The lookup command uses the key to find the value of a single element in a given map. If no key is specified, the default values will be returned. It's looking for the word "call" in this case. > Reference: https://www.terraform.io/docs/configuration/functions/lookup.html # In the below-given code, what is the local name of the block? ```terraform resource "aws_instance" "test" { ami = "ami-test" instance_type = "t2.nano" vpc.id = "vpc-test1234" } ``` 1. [ ] aws_instance 1. [ ] Demo 1. [ ] resource 1. [x] test > We need a unique identifier for the resource block, which is resource type + local name. 'test' is the block's local name in this case. > https://www.terraform.io/docs/language/resources/index.html > https://www.terraform.io/docs/language/resources/syntax.html # What is the result of the following terraform function call? ```terraform > zipmap(["john", "Jim"], [0, 2]) ``` 1. [ ] `["john", "jim", "0", "2",]` 1. [x] `{"Jim" = 2, "john" = 0}` > Usually, the map is denoted by curly braces and lists are with square brackets. `{"Jim" = 2, "john" = 0}` zipmap constructs a map from a list of keys and a corresponding list of values. The syntax for zipmap is as follows: `zipmap(keyslist, valueslist)` 1. [ ] `("john"=1,"jim"=2)` 1. [ ] `{{ "john"=1 "jim"=2 }}` > https://www.terraform.io/docs/language/functions/zipmap.html # You noticed this symbol = `~> 0.11` in your terraform provider version. What does this signify? 1. [ ] Version which is more than 0.11 and less than 0.10 1. [ ] Version which is less than 0.11 and more than 0.10 1. [ ] Versions which are less than 0.1 and more than 0.11 1. [x] Version which are more than 0.11 and less than 0.12 > For example, ~> 1.0 is equivalent to >= 1.0, < 1.0, and ~> 0.9.2, is equivalent to >= 0.9.2, < 1.0 This is known as a . > https://www.terraform.io/docs/language/expressions/versionconstraints.html # You have been asked to talk to your team about how to manage secrets in terraform. Please choose the correct statements from below. - [ ] Always store the secrets in tfstate file with sensitive parameter turned on and this will help to mask the parameters and doesn’t show the data unless you unmask it - [x] Never hardcode secrets like access keys, passwords in the configuration’s files - [x] Avoid saving the hardcoded secrets in state file or configuration files - [x] Make sure when commiting to git don’t add the files where the secrets are stored # Why should one use provisioners? Please pick the choices from below - [x] Remote-exec helps to run commands remotely on virtual machine - [x] Local-exec is a provisioner which helps to run scripts locally on machine where terraform is installed - [ ] Local-exec is used to run things on remote virtual machines - [ ] File provisioner is a provisioner which is used to run or execute configurable scripts on remote instances > https://www.terraform.io/docs/language/resources/provisioners/file.html > https://www.terraform.io/docs/language/resources/provisioners/localexec.html > https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html # What are the benefits of using a private registry in Terraform? Select all that apply. - [ ] Terraform cloud private registry is a paid feature. - [x] Using a private registry, all the modules can be shared within or across organizations. - [x] It supports module versioning, filtered list of available modules, and configuration designer to build new workspaces - [x] It is very similar to the public Terraform Registry. > The private module registry in Terraform Cloud allows you to share Terraform modules across your organisation. It features module versioning, a searchable and filterable list of available modules, and a configuration designer to assist you in quickly creating new workspaces. The private module registry is designed to work similarly to the public Terraform Registry. > https://www.terraform.io/docs/cloud/registry/index.html # Which command is used to launch terraform console? 1. [ ] `terraform apply -config` 1. [x] `terraform console` > terraform console [options] [dir]. This command allows you to evaluate and experiment with expressions using an interactive command-line console. 1. [ ] `terrafrom plan` 1. [ ] `terrafrom consul` > https://www.terraform.io/docs/cli/commands/console.html # What is the output of the below terraform function? ```terraform > index(["test", "dev", "prod"], "prod") ``` 1. [ ] -1 1. [x] 2 > Index outputs the values of the element index, for a given value in the list starting with 0. So here it is `test =0,dev =1, prod =2`. The syntax for the Index function in Terraform is as follows: index(list, value) 1. [ ] 1 1. [ ] 3 > https://www.terraform.io/docs/language/functions/index_function.html # Does Terrafrom validate checks for the errors and upon terraform apply shows the debug output 1. [ ] True 1. [x] False # Can you force to use a Terraform version in your code? 1. [x] Yes. Using the meta-argument required_version in the terraform block > The meta-argument required version in the terraform block can be used to force the use of a specific version of Terraform. 1. [ ] Yes. Using the meta-argument required_version in the provider block > Because the meta-argument must be on the terraform block configuration, not the provider's block 1. [ ] Yes. Using the meta-argument version in the terraform block > Because the meta-argument version is incorrect 1. [ ] Yes. Using the meta-argument version in the provider block > Because the meta-argument version is incorrect > Reference: https://www.terraform.io/docs/language/settings/index.html # How you can install all the providers associated with your terraform directory? 1. [ ] terraform install providers.tf 1. [ ] terraform plan 1. [ ] Using the default installer of your Operating System to install the plugins 1. [x] terraform init > During the initialization of your Terraform directory, providers are configured and installed. When a terraform init is run, this step takes place. # You have the following provider configuration: ```terraform provider "aws" { region = "eu-west-1" } provider "aws" { alias = "frankfurt" region = "eu-central-1" } ``` On your IaC, you have modules and resources. You want to put your module's resources on eu-west-1 and your module's resources on eu-central-1. Which of the code blocks below is correct? 1. [x] ```terraform module "aws_vpc" { source = "./aws_vpc" providers = { aws = aws } } resource "aws_instance" "mylab" { provider = aws.frankfurt } ``` > To distinguish different providers from the default provider on Terraform, we must use an alias. Because we need to create those resources on eu-west-1, it's fine to use the default provider in the module. module "aws_vpc" { source = "./aws_vpc" providers = { aws = aws } } The single resource must be created on eu-central-1, so we have to specify the provider configured with the alias frankfurt resource "aws_instance" "mylab" { provider = aws.frankfurt } 1. [ ] ```terraform module "aws_vpc" { source = "./aws_vpc" providers = { aws = aws.east } } resource "aws_instance" "mylab" { provider = aws.frankfurt } ``` > because we do not have a provider with the alias aws.east configured. 1. [ ] ```terraform module "aws_vpc" { source = "./aws_vpc" provider = aws.frankfurt } resource "aws_instance" "mylab" { provider = aws.frankfurt } ``` > because the VPC and single resource should be created on eu-west-1 and eu-central-1, respectively. Both resources are created on eu-central-1 with this configuration. 1. [ ] ```terraform module "aws_vpc" { source = "./aws_vpc" provider = aws.euwest-1 } resource "aws_instance" "mylab" { provider = aws.frankfurt } ``` > because either a default provider or an alias must be specified. > Reference: https://www.terraform.io/docs/language/providers/configuration.html # With Terraform, you can only download providers from the Terraform registry. 1. [ ] True > because you can download custom providers that aren't part of Terraform using other methods 1. [x] False > You can use Terraform to download other providers or your own custom Terraform providers from a local mirror. 1. [ ] All providers must be hosted on Github. > because your providers can be hosted in repositories other than GitHub. > Reference: https://www.terraform.io/docs/cli/config/config-file.html#explicitinstallation-method-configuration
> https://www.terraform.io/docs/cli/config/config-file.html#explicitinstallation-method-configuration # To run a script in a remote resource, which provisioner should you use? 1. [ ] Use a local-exec provisioner with ssh command inside. > local-exec is executed locally and not remotely. 1. [ ] Use an ssh-provisioner and add the command to be executed > because the ssh-provisioner command is not available. The connection provisioner must be used. 1. [x] Use a remote-exec provisioner to execute the script required > remote-exec is the provider defined to execute a script or other operations remotely after the resource is created. ```terraform resource "aws_instance" "mylab" { provisioner "remote-exec" { inline = ["apt-get install terraform"] } } ``` > References: https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html
> https://www.terraform.io/docs/language/resources/provisioners/connection.html # To use in your IaC, you'll need to install pymysql libraries in the local instance where you're running Terraform. How will you install and use these libraries in your IaC? 1. [x] ```terraform resource "null_resource" "pymysql" { provisioner "local-exec" { command = "pip install --target ./python pymysql && zip -r pymysql.zip python" } } ``` And use the null resource attributes inside of your IaC > You can use a provisioner local-exec to run commands locally. It is necessary to create pymysql libraries in this Query. You must reference these libraries in your IaC once you have them. To use as a reference in the IaC, the best approach is to use a null resource that is executing this local provisioner. 1. [ ] ```terraform provisioner "local-exec" { command = "pip install --target ./python pymysql && zip -r pymysql.zip python" } ``` Then reference this provisioner inside of your IaC > because a provisioner block must always be placed inside a resource block. 1. [ ] You have to install the libraries manually first and the packaged them as zip and reference this zip file on your IaC > because you don't have a resource block to identify which libraries to use in your IaC if you created them manually. > Reference: https://www.terraform.io/docs/language/resources/provisioners/syntax.html#provisioners-are-a-last-resort # You're working with AWS and need to set up a multi-region infrastructure for eu-west-1 and eu-central-1 deployments. In your Terraform code, how do you set up the multi-provider? 1. [x] ```terraform provider "aws" { region = "eu-west-1" } provider "aws" { alias = "frankfurt" region = "eu-central-1" } ``` > When specifying the provider in Terraform, the meta-argument "alias" is required to configure multiple providers. On the non-default provider, the alias will be used on the resources and modules that are created. 1. [ ] ```terraform provider "aws-eu-west-1" { region = "eu-west-1" } provider "awseu-central-1" { alias = "frankfurt" region = "eu-central-1" } ``` > because the providers aws-eu-west-1 and aws-eucentral-1 do not exist. 1. [ ] ```terraform provider "eu-west-1" { cloud = aws } provider "eu-central-1" { cloud = aws } ``` > because "cloud" is not a meta-argument. 1. [ ] ```terraform providers "aws" { ireland = { region=eu-west-1 } frankfurt = { region=eu-central-1 } ``` > because multiple providers cannot be configured in the same configuration block. In Terraform, the term "providers" does not exist. > Reference: https://www.terraform.io/language/providers/configuration#aliasmultiple-provider-configurations # What of the following next arguments are not part of the generic meta-arguments for a provider? - [ ] alias - [ ] version - [x] profile > Alias and version are the two most important generic metaarguments for a provider. - [x] region > Alias and version are the two most important generic metaarguments for a provider. > References:
> AWS provider configuration: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#argument-reference
> https://www.terraform.io/language/providers/configuration?_ga=2.5999995.934997445.1642622103-536275114.1619454689#provider-configuration-1 # local-exec invokes a process on the resource that is being created by Terraform. 1. [ ] True 1. [x] False >The process is always invoked on the machine runningTerraform. > Reference: https://www.terraform.io/language/resources/provisioners/localexec#local-exec-provisioner # You're a DevOps Engineer for a startup with no Terraform experience, and you've been tasked with designing a multienvironment Terraform State Architecture for "dev," "stg," and "prod" on an S3 bucket for Terraform Cloud to delegate permissions on your infrastructure. Which of the following approaches do you think you should take: 1. [ ] Have a single bucket with a single state for different states like: ```terraform mybucket/dev.tfstate mybucket/stg.tfstate mybucket/prod.tfstate ``` > When using workspaces in Terraform Cloud, it is incorrect. 1. [x] Create different workspaces per environment: ```terraform mybucket/dev/application.tfstate mybucket/stg/application.tfstate mybucket/prod/application.tfstate ``` > Terraform's main tool for delegating access between different environments is Workspaces. Hashicorp's advice has always been to design a workspace for each environment. 1. [ ] Use the default workspace for all the stages > because the different environments are not segmented. > Reference: https://www.terraform.io/docs/cloud/guides/recommendedpractices/part1.html#the-recommended-terraform-workspacestructure # You noticed this symbol = "~> 0.11" in your terraform provider version. What does this signify? 1. [ ] Version which is more than 0.11 and less than 0.10 1. [ ] Version which is less than 0.11 and more than 0.10 1. [ ] Versions which are less than 0.1 and more than 0.11 1. [x] Version which are more than 0.11 and less than 0.12 > For example, ~> 1.0 is equivalent to >= 1.0, < 1.0, and ~> 0.9.2, is equivalent to >= 0.9.2, < 1.0 This is known as a Pessimistic Constraint Operator. > https://www.terraform.io/docs/language/expressions/versionconstraints.html # What is the default number of concurrent opeations supported by terraform apply command? 1. [ ] 100 1. [x] 10 > Terraform apply supports a maximum of 10 concurrent operations by default. -parallelism=n - Limits the number of concurrent operations. Terraform performs as it walks the graph; the default is 10. 1. [ ] 5 1. [ ] 1 > https://www.terraform.io/docs/commands/apply.html # Which command is used to launch terraform console? 1. [ ] `terraform apply -config` 1. [x] `terraform console` > terraform console [options] [dir]. This command allows you to evaluate and experiment with expressions using an interactive command-line console. 1. [ ] `terrafrom plan` 1. [ ] `terrafrom consul` > https://www.terraform.io/docs/cli/commands/console.html # What is the result of the following terraform function call? ```terraform > zipmap(["john", "Jim"], [0, 2]) ``` 1. [ ] `["john", "jim", "0", "2",]` 1. [x] `{"Jim" = 2, "john" = 0}` > Usually, the map is denoted by curly braces and lists are with square brackets. `{"Jim" = 2, "john" = 0}` zipmap constructs a map from a list of keys and a corresponding list of values. The syntax for zipmap is as follows: `zipmap(keyslist, valueslist)` 1. [ ] `("john"=1,"jim"=2)` 1. [ ] `{{ "john"=1 "jim"=2 }}` > https://www.terraform.io/docs/language/functions/zipmap.html # Is state file mandatory for Terraform to work? 1. [ ] False 1. [x] True > Terraform state's primary purpose is to store bindings between remote system objects and resource instances declared in your configuration. When Terraform creates a remote object in response to a configuration change, it records the remote object's identity against a specific resource instance, which it can then update or delete in response to future configuration changes. > https://www.terraform.io/docs/language/state/purpose.html # What would be output of the below? ```terraform lookup( {a="test ", b="good morning"}, "call", "terraform?") ``` 1. [ ] test 1. [ ] good morning 1. [ ] call 1. [x] terraform? > This is the real outcome: terraform? This can be verified using the Terraform console. The lookup command uses the key to find the value of a single element in a given map. If no key is specified, the default values will be returned. It's looking for the word "call" in this case. > Reference: https://www.terraform.io/docs/configuration/functions/lookup.html # Which terraform command can be used to find the provider name being used in your code? 1. [ ] `terraform state` 1. [ ] `terraform apply` 1. [x] `terraform providers` > The terraform providers command is used to determine the name of the provider you're deploying. 1. [ ] `terraform plan` > https://www.terraform.io/docs/cli/commands/providers.html # You are new to terraform and have been asked to find that what is created/target resource name for the below code? ```terraform resource "azurerm_resource_group" "rg" { name = "testrg" location = "eastus2" } ``` 1. [ ] rg 1. [x] testrg > The name of the created resource group would be "testrg" 1. [ ] azurerm_resource_group.rg 1. [ ] resource
The test contains a set of questions and there is no time limit. The test is not official, it's just one of the most efficient ways to see how much you know, or don't know, about the subject.
Count your score
You will get 1 point for each correct answer. At the end of the Quiz, your total score will be displayed.Reflect on you answers
Please conduct a self review of your answers once you complete the quiz test. Being an active participant in your own evaluation, honestly assess your strengths and also areas you need to improve. Good luck!--- # When you execute the "terraform init" command, where are all the configuration files (including the backend and plugins) stored? 1. [ ] terraform.tfstate stores all the current configuration 1. [ ] .terraform/home directory 1. [ ] Config.tf where all the init configurations are saved. 1. [x] .terraform/plugins directory > .terraform/plugins Whenever terraform is initialized all the plugin related files are stored and downloaded under .terraform/plugins # basics, supported operation system Which of the following OS is supported by Terraform for installation on client workstations? Please choose the relevant choice. 1. [ ] Windows 1. [ ] Amazon Linux 1. [ ] FreeBSD 1. [ ] Solaris 1. [ ] MacOS 1. [x] All of these operating systems. > All of the aforementioned are true. On it, Terraform operates flawlessly. > Please find the URL for your reference https://www.terraform.io/downloads.html # What command should you enter to make a new workspace with the name new-project? 1. [ ] terraform workspace –new –new-project 1. [ ] terraform workspace init new-project 1. [ ] terraform workspace new-project 1. [x] terraform workspace new new-project > The syntax to create a new workspace is `terraform workspace new
https://www.terraform.io/docs/configuration/syntax-json.html # Select the correct option for the sequence of steps required to execute Terraform code. 1. [ ] Plan -> Apply 1. [ ] Write -> Apply -> Plan 1. [ ] Plan -> Apply -> Write 1. [x] Write -> Plan -> Apply > Terraform's core workflow consists of three steps: Write - Create infrastructure in the form of code.
Plan ahead of time to see how the changes will look before they are implemented.
Apply - Create a repeatable infrastructure.
All of the other choices are incorrect.
> References: https://www.terraform.io/guides/core-workflow.html # Which command would you use to allow multiple configurations in the case of a duplicate 'provider' configuration error? ``` provider "aws" { Region = us-west-2" } provider "aws" { Region = "eu-central-1" } provider "aws" { Region = ap-north-2" } ``` 1. [ ] Label 1. [ ] Module 1. [ ] Resource for each provider 1. [x] Alias > We can use the alias command to create multiple configurations for the same provider, each pointing to a different resource. > https://www.terraform.io/docs/configuration/providers.html # What is the method for evaluating an expression in Terraform before applying it? Choose an option from below. 1. [ ] Execute terraform Graph command or see the graph of the resources. 1. [ ] Execute terraform validate. 1. [ ] Push the code to the repository. 1. [x] On terraform console, validate the expression. > Use terraform console to execute & validate the expression. # If Terraform code is utilizing values that are not specified in the code files, which of the following options could be the cause of this issue? 1. [ ] Issue in main.tf file 1. [ ] Issue in vars.tf file 1. [ ] Issue in terraform.tfvars 1. [x] Issue in Environment Variables > Terraform is a term that refers to a set of environment variables that be used to customise different aspects of its behaviour.
They be used to override some of Terraform's default behaviours in sual circumstances or to increase output verbosity for debugging poses.
Because these are the names of the code files used in Terraform configuration, all other options are incorrect.
> Reference: https://www.terraform.io/docs/cli/config/environment-variables.html # What is the provider version of Google Cloud being used in Terraform when provider is set to `aws = "~> 1.9.0"` - [ ] 1.0.0 - [ ] 1.8.0 - [x] 1.9.2 - [x] 1.9.1 > The operator `~>` (Pessimistic Constraint Operator) means that only minor (right most version increase) updates are accepted,according to the Terraform doc.
As a result, > 1.9.0 denotes that the related module/provider requirement accepts 1.9.1 to 1.9.x, but not 1.10.0 or 1.0.0 or 1.8.0. > https://www.terraform.io/docs/language/expressions/versionconstraints.html # Which of the following are supported backend types in Terraform? (Select more than one) - [x] consul - [x] gcs - [x] manta - [ ] bitbucket > Please refer to the below link for the standard list of supported backend types. > https://www.terraform.io/docs/language/settings/backends/index.html # It is possible for resources in Terraform to share identical identifiers, which consist of a combination of resource type and block name. 1. [ ] True 1. [x] False > Unique identifiers should be assigned to Terraform Resources.
Resource Type + Block name are the identifiers.
We can't have resource identifiers that are the same. # If you use a sensitive flag for database password while running terraform plan & apply commands on the console, will the password be displayed as plain text in logs? 1. [ ] True 1. [x] False > The output cannot be visible if the sensitive flag is used with terraform apply and plan.
If you have access to state files, however, you can see the output as plaintext. # Is it necessary to execute terraform init every time you add a new provider before running the terraform plan and terraform apply commands? 1. [ ] False 1. [x] True > Every time you introduce a new provider, it is essential to execute terraform init.
This ensures that the most recent provider or a specified version and initialization files are downloaded to the .terraform folder. # With the help of Terraform iterator, it is possible to assign names to a temporary variable that corresponds to an element. 1. [ ] False 1. [x] True > The iterator argument allows for the assignment of names to temporary variables that pertain to the current element within a complex value. For additional information, please consult the following link: > Reference:https://www.terraform.io/docs/language/expressions/dynamicblocks.html # Is it advisable to hardcode the provider version in a production environment? 1. [ ] False 1. [x] True > While it may be desirable to have the most up-to-date version, it's typically more prudent to operate on a known version in a production environment. This approach can aid in managing any potential issues that may arise. # Is Mongodb Atlas a supported database provider approved by hashicorp? 1. [ ] False 1. [x] True > https://www.terraform.io/docs/providers/type/database-index.html # If a variable has been configured but not assigned a value, will terraform plan prompt for an input value? 1. [ ] False 1. [x] True > Whenever there is a variable used and no value configured upon terraform plan or terraform apply, it will ask for variable value at Command Line Interface. # Is the correct command to upgrade/download the most recent providers terraform init -upgrade? 1. [ ] False 1. [x] True > To upgrade to the most current terraform providers, use terraform init-upgrade. The most current version of each previously chosen plugin that complies with the configuration's version requirements is installed. Terraform will use the most current version that complies with the configured version constraints and ignore any selections made in the dependency lock file. > Reference: https://www.terraform.io/docs/cli/commands/init.html # Dynamic blocks help to manage the complex configurations 1. [ ] False 1. [x] True > A dynamic block is similar to a for expression, but instead of producing a complex typed value, it produces nested blocks. It generates a nested block for each element of a given complex value after iterating over it. > Reference: https://www.terraform.io/docs/language/expressions/dynamicblocks.html # We've already manually created some resources. Now we want to use Terraform to duplicate resources. Is it possible to create duplicate resources in Terraform Apply? 1. [ ] True 1. [x] False > If we are creating duplicate resources, on terraform apply, terraform will give us an error that "The resource already exists - to be managed via Terraform, this resource needs to be imported into the State".
We can manage the resource using terraform import command. # You've given the variable `myvar` a type string. What values does it accept (from the options below)? Select all that apply from the list below. ```terraform variable "myvar" { type = string } ``` - [x] 100 - [x] "100" - [ ] myvar - [ ] All of them > For more information: https://www.terraform.io/docs/configuration-0-11/variables.html # You have noticed lot of commit errors due to terraform version issues and noticed that your remote team is still using `0.11` instead of `0.12` . How do you make sure all of them are updated? 1. [ ] Call for a meeting with remote team and ask to rewrite the code in `0.12` and merge it. 1. [ ] Make sure code works both in `0.11` and `0.12` and make changes as necessary. 1. [ ] Ask the remote team to manually make changes to support `0.12`. 1. [x] Ask the remote team to use required_version `>=0.12` function and use it whenever they write code. > The version that is required The setting takes a version constraint string that specifies which Terraform versions are compatible with your configuration. Terraform will generate an error and exit without taking any further actions if the current version of Terraform does not match the constraints specified. > For more information: https://www.terraform.io/docs/language/settings/index.htmL # Select the language or syntax supported by Terraform. - [x] HCL(Hashicorp Configuration Language) > A Terraform configuration is a full document written in the Terraform language that instructs Terraform on how to manage a set of infrastructure. Multiple files and directories can make up a configuration. - [ ] XML - [x] JSON > The Terraform language's constructs can also be expressed in JSON syntax, which is more difficult to read and edit for humans but easier to generate and parse programmatically. The native syntax is used to define the JSON syntax. Everything that can be expressed in native syntax can also be expressed in JSON syntax, but due to JSON grammar limitations, some constructs are more difficult to represent in JSON. The low-level JSON syntax is defined in terms of the HCL specification, just like the native syntax. - [ ] GO > For more information: https://www.terraform.io/docs/language/index.html > https://www.terraform.io/docs/language/syntax/json.html # How to define environment variables in Terraform? Select the correct syntax from the options given below. 1. [ ] TF_VAR 1. [ ] TF_ENV_VAR 1. [x] TF_VAR_ 1. [ ] TF_ENV_ > Terraform looks for environment variables with the name TF VAR_ followed by the name of a declared variable in its own process's environment. Because they are not valid syntax, other options are incorrect.
Sample: ```bash $ export TF_VAR_image_id=ami-xaybcz $ terraform plan ``` > For more information: https://www.terraform.io/docs/language/values/variables.html#environment-variables # Terraform wants to talk to remote systems by using API calls. From which of the following options, the required scenario can be achieved? 1. [ ] terraform resources > because Terraform resources do not have the ability to communicate with remote systems. 1. [ ] terraform state > Because the state only contains mappings of provisioned resources, 1. [ ] terraform REST API > because the Terraform plugin uses an API to communicate with the backend, and an API alone cannot communicate with remote systems. 1. [x] terraform plugin > because the Terraform plugin includes all of the code required to communicate with remote systems via API interaction. > To interact with remote systems, Terraform uses `providers`, which are plugins. Terraform uses API calls to communicate with remote systems. https://www.terraform.io/docs/configuration/providers.html # The following snippet of code is written to use multi-region for AWS provider. The error "Duplicate provider configuration" is thrown when terraform init is run against this code snippet. What is the best way to fix this problem? ```terraform provider "aws" { region = "us-east-1" } // For another region provider "aws" { region = "us-west-2" } ``` 1. [x] By adding alias variable, `alias = "west"` in one of the provider block and referencing to this provider in resource block as `provider = aws.west` > because we can refer to multiple providers using an alias variable in one of the blocks, which we refer to as aws in the resource block. 1. [ ] By adding the alias variable, `alias ="west"` in one of the provider blocks and referencing to this provider in the resource block as `provider = alias.west.alias` > because we can refer to multiple providers with an alias variable in one of the blocks, and we refer to this in the resource block as aws. rather than alias. 1. [ ] By defining provider block as `provider "aws"{ region = "us-east- 2" }` > because Terraform does not allow us to define provider as a block. 1. [ ] We cannot have same provider but we can have 2 different providers. > because we can use the alias variable to refer to the same providers. If we want to deploy resources in two different regions for the same provider, we use the alias variable as `alias= "somename"` in one of the provider blocks. > For more information:https://www.terraform.io/docs/configuration/providers.html#aliasmultiple-provider-configurations # Which of the following are valid provider versions that satisfy the expression found in the following code snippet when using constraint expressions to signify a version of a provider: (choose two) ```terraform terraform { required_providers { aws = "~> 2.3.0" } } ``` - [ ] 2.4.1 > because 2.4.1 doesn’t fall in range >= 2.3.0 to < 2.4.0 - [x] 2.3.3 > because 2.3.3 falls in range >= 2.3.0 to < 2.4.0 - [x] 2.3.9 > because 2.3.3 falls in range >= 2.3.0 to < 2.4.0 - [ ] 3.4.0 > because 3.4.0 doesn’t fall in range >= 2.3.0 to < 2.4.0 > For more information: The ~> operator is a convenient shorthand for allowing only patch releases within a specific minor release. https://www.terraform.io/docs/configuration/providerrequirements.html#version-constraints # Is it mandatory to have Go runtime to run terraform? 1. [ ] True 1. [x] False > Terraform Core is a binary written in the Go programming language that is statically compiled. The compiled binary is the terraform command line tool (CLI), which is the starting point for anyone who wants to use Terraform. The source code can be found at github.com/hashicorp/terraform. Terraform does not require Go runtime to function. > For more information: https://www.terraform.io/docs/extend/how-terraform-works.html > https://www.terraform.io/downloads.html # How HashiCorp distributed plugins are installed (Select Two) - [x] During initializing working directory using terraform init > because during initialization plugins get installed - [ ] During terraform apply stage > because apply will not install plugins it performs provisioning of resources - [ ] During terraform plan stage > because plan cannot install plugins. - [x] Plugins can also be manually installed in the user plugins directory > because Plugins can be manually installed in the user plugins directory, located at `~/.terraform.d/plugins` on most operating systems and `%APPDATA%\terraform.d\plugins` on Windows. Terraform searches the configuration for both direct and indirect references to providers during initialization and tries to load the required plugins. If plugins are required for providers distributed by HashiCorp, `init` will download and install them automatically. > For more information: https://www.terraform.io/docs/commands/init.html#plugin-installation > https://www.terraform.io/docs/configuration/providerrequirements.html#provider-installation # Which among the following log command should be set to get Maximum verbosity of terraform logs? 1. [ ] set the `TF_LOG=DEBUG` in environment variable > because, unlike trace, this command does not provide detailed verbose information. 1. [ ] set the `TF_LOG=INFO` in environment variable > because this command will not only give you information, but it will also give you a lot of it. 1. [x] set the `TF_LOG=TRACE` in environment variable > because it provides more detailed information than the other options. 1. [ ] set the `TF_LOG=WARN` in environment variable > because it only prints warning messages. The `TF LOG` environment variable can be set to any value to enable detailed logs in Terraform. Detailed logs will appear on `stderr` as a result of this. To persist logged output you can set TF_LOG_PATH in order to force the log to always be appended to a specific file when logging is enabled. Note that even when TF_LOG_PATH is set, TF_LOG must be set in order for any logging to be enabled. > https://www.terraform.io/docs/internals/debugging.html # In which of the following languages, as per terraform version 0.12, terraform configuration can be written? (Select Two) - [x] HashiCorp Configuration Language (HCL) > HCL is a valid configuration language - [ ] XML > because the configuration language XML is not supported. - [ ] YAML > because the configuration language YAML is not supported. - [x] JSON > JSON is a valid configuration language - [ ] Go > Configuration language Go is not supported. > https://www.terraform.io/docs/configuration-0-11/syntax.html > https://www.hashicorp.com/blog/cdk-for-terraform-enabling-pythonand-typescript-support # Bob is employed by Fusion Corp. The internal IT team has downloaded and saved the plugins in a shared folder so that everyone on the team is using the same version. How can we tell Terraform to use these pre-installed plugins rather than downloading new ones? 1. [x] terraform init –plugin-dir=PATH > The CORRECT plugin-dir option is option 1. Installs no plugins and only loads plugins from the specified directory. 1. [ ] terraform init –plugin-path=PATH > Because the init command does not include the plugin-path option. 1. [ ] terraform init –get-plugins=PATH > Because get-plugins takes a Boolean value as a parameter. Installing plugins is not required. 1. [ ] terraform init –plugin-file=PATH > https://www.terraform.io/docs/commands/init.html#plugin-installation > https://www.terraform.io/docs/commands/init.html # Which of the following is true about third party plugins? (SELECT TWO) - [ ] Third party plugins also gets downloaded automatically from terraform version 0.12 > third-party plugins must be downloaded manually. - [x] Third-party plugins (both providers and provisioners) can be manually installed into the user plugins directory based on OS type. > manually install third-party plugins in the user's plugin directory. - [ ] Third-party plugins should be installed only into user plugins directory, no other directories are supported for third party plugin. > third-party plugins can be manually installed in any directory, but the path must be specified during initialization using the –plugin-dir=PATH option. - [ ] Third party plugins which are approved by HashiCorp are supported. > FALSE because anyone can write and distribute plugins without HashiCorp's permission. - [x] Plugins can be written only in Go language. > As of now, CORRECT plugins can only be written in the GO programming language. > https://www.terraform.io/docs/plugins/basics.html > https://www.terraform.io/docs/configuration/providers.html#thirdparty-plugins # Which of the following command can be used to syntactically check terraform configuration before using apply or plan command? 1. [ ] terraform fmt > because fmt is used to rewrite Terraform configuration files to a canonical format and style. 1. [x] terraform validate > because it is used to validate the terraform configuration. 1. [ ] terraform show > because show is used to provide human readable output from a state or plan file. 1. [ ] terraform check > because there is no command in terraform called check. > https://www.terraform.io/docs/commands/validate.html # When terraform fmt is applied, how many space indentation are applied for each nesting level? 1. [ ] 3 1. [x] 2 > because terraform fmt applies a twospace indentation to each level by default. These conventions will be applied automatically by Terraform formatting. Rest of the options are INCORRECT because by default terraform fmt applies 2 space indentation at each level. 1. [ ] 1 1. [ ] 4 > https://www.terraform.io/docs/configuration/style.html https://www.terraform.io/docs/commands/fmt.html # How to save destroy plan to a file before destroying it? 1. [ ] terraform plan -destroy > because it only displays the plan in the console and does not save it to a file. 1. [ ] terraform plan > Because this command is used to create an execution plan. Unless explicitly disabled, Terraform performs a refresh and then determines what actions are required to achieve the desired state specified in the configuration files. 1. [ ] terraform plan –out=PATH > because the generated execution plan is saved in the path specified by this command. This isn't just for destroying things; it also includes the entire execution plan. 1. [x] terraform plan –destroy –out=PATH > this plan will be generated to delete all resources managed by the given configuration and state and save them in the PATH specified. When you run terraform plan –destroy, a plan for destroying all resources managed by the given configuration and state is generated and displayed in the console. PATH should be specified with the –out option if we want to save the state. > https://www.terraform.io/docs/commands/plan.html#destroy > https://www.terraform.io/docs/cli/commands/destroy.html # When using the Terraform provider for Vault, the tight integration between the HashiCorp tools provides the ability to mask secrets in the terraform plan and state files. 1. [ ] True 1. [x] False (right) > Terraform currently lacks a direct integration with a vault provider for storing sensitive data securely. Before running terraform init, we must download any secrets stored. In addition, the downloaded secrets must be passed to the init command. Because Terraform currently lacks a mechanism for redacting or protecting secrets returned by data sources, secrets read through this provider will be persisted in the Terraform state, any plan files, and, in some cases, the console output produced while planning and applying. As a result, all of these artefacts must be properly safeguarded. > For more information: https://registry.terraform.io/providers/hashicorp/vault/latest/docs # Which of the following is not true about data sources? 1. [ ] data block can have local source. > because a data block's source can be local. 1. [x] data sources are only given by providers. (right) > because data sources can come from anywhere. We also have the option of having our own source. 1. [ ] data sources allows a terraform configuration to make use of information defined by another separate Terraform configuration. > because the data source can make use of data from another configuration 1. [ ] We can use filters inside data block. > allows filters on the INCORRECT data block. > https://www.terraform.io/docs/configuration/data-sources.html # A variable of type `object({ name=string, age=number })` would match which of the following 1. [ ] { name = "John" age = "52" } > Because age is represented as a string 1. [ ] { name = John, age = "52" } > Because age is represented as a string and there is a comma, Option B is incorrect. 1. [ ] { name = "John", age = 52 } > Because there is a comma separator, Option C is incorrect. 1. [x] { name = "John" age = 52 } (right) > Because the object is represented by a string and a number. object(...): a collection of named attributes that each have their own type. The schema for object types is { = , = , ... } > For more information: https://www.terraform.io/docs/configuration/types.html#structuraltype # What would be output of the below? ```terraform lookup( {a="test ", b="good morning"}, "call", "terraform?") ``` 1. [ ] test 1. [ ] good morning 1. [ ] call 1. [x] terraform? > This is the real outcome: terraform? This can be verified using the Terraform console. The lookup command uses the key to find the value of a single element in a given map. If no key is specified, the default values will be returned. It's looking for the word "call" in this case. > Reference: https://www.terraform.io/docs/configuration/functions/lookup.html # In the below-given code, what is the local name of the block? ```terraform resource "aws_instance" "test" { ami = "ami-test" instance_type = "t2.nano" vpc.id = "vpc-test1234" } ``` 1. [ ] aws_instance 1. [ ] Demo 1. [ ] resource 1. [x] test > We need a unique identifier for the resource block, which is resource type + local name. 'test' is the block's local name in this case. > https://www.terraform.io/docs/language/resources/index.html > https://www.terraform.io/docs/language/resources/syntax.html # What is the result of the following terraform function call? ```terraform > zipmap(["john", "Jim"], [0, 2]) ``` 1. [ ] `["john", "jim", "0", "2",]` 1. [x] `{"Jim" = 2, "john" = 0}` > Usually, the map is denoted by curly braces and lists are with square brackets. `{"Jim" = 2, "john" = 0}` zipmap constructs a map from a list of keys and a corresponding list of values. The syntax for zipmap is as follows: `zipmap(keyslist, valueslist)` 1. [ ] `("john"=1,"jim"=2)` 1. [ ] `{{ "john"=1 "jim"=2 }}` > https://www.terraform.io/docs/language/functions/zipmap.html # You noticed this symbol = `~> 0.11` in your terraform provider version. What does this signify? 1. [ ] Version which is more than 0.11 and less than 0.10 1. [ ] Version which is less than 0.11 and more than 0.10 1. [ ] Versions which are less than 0.1 and more than 0.11 1. [x] Version which are more than 0.11 and less than 0.12 > For example, ~> 1.0 is equivalent to >= 1.0, < 1.0, and ~> 0.9.2, is equivalent to >= 0.9.2, < 1.0 This is known as a . > https://www.terraform.io/docs/language/expressions/versionconstraints.html # You have been asked to talk to your team about how to manage secrets in terraform. Please choose the correct statements from below. - [ ] Always store the secrets in tfstate file with sensitive parameter turned on and this will help to mask the parameters and doesn’t show the data unless you unmask it - [x] Never hardcode secrets like access keys, passwords in the configuration’s files - [x] Avoid saving the hardcoded secrets in state file or configuration files - [x] Make sure when commiting to git don’t add the files where the secrets are stored # Why should one use provisioners? Please pick the choices from below - [x] Remote-exec helps to run commands remotely on virtual machine - [x] Local-exec is a provisioner which helps to run scripts locally on machine where terraform is installed - [ ] Local-exec is used to run things on remote virtual machines - [ ] File provisioner is a provisioner which is used to run or execute configurable scripts on remote instances > https://www.terraform.io/docs/language/resources/provisioners/file.html > https://www.terraform.io/docs/language/resources/provisioners/localexec.html > https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html # What are the benefits of using a private registry in Terraform? Select all that apply. - [ ] Terraform cloud private registry is a paid feature. - [x] Using a private registry, all the modules can be shared within or across organizations. - [x] It supports module versioning, filtered list of available modules, and configuration designer to build new workspaces - [x] It is very similar to the public Terraform Registry. > The private module registry in Terraform Cloud allows you to share Terraform modules across your organisation. It features module versioning, a searchable and filterable list of available modules, and a configuration designer to assist you in quickly creating new workspaces. The private module registry is designed to work similarly to the public Terraform Registry. > https://www.terraform.io/docs/cloud/registry/index.html # Which command is used to launch terraform console? 1. [ ] `terraform apply -config` 1. [x] `terraform console` > terraform console [options] [dir]. This command allows you to evaluate and experiment with expressions using an interactive command-line console. 1. [ ] `terrafrom plan` 1. [ ] `terrafrom consul` > https://www.terraform.io/docs/cli/commands/console.html # What is the output of the below terraform function? ```terraform > index(["test", "dev", "prod"], "prod") ``` 1. [ ] -1 1. [x] 2 > Index outputs the values of the element index, for a given value in the list starting with 0. So here it is `test =0,dev =1, prod =2`. The syntax for the Index function in Terraform is as follows: index(list, value) 1. [ ] 1 1. [ ] 3 > https://www.terraform.io/docs/language/functions/index_function.html # Does Terrafrom validate checks for the errors and upon terraform apply shows the debug output 1. [ ] True 1. [x] False # Can you force to use a Terraform version in your code? 1. [x] Yes. Using the meta-argument required_version in the terraform block > The meta-argument required version in the terraform block can be used to force the use of a specific version of Terraform. 1. [ ] Yes. Using the meta-argument required_version in the provider block > Because the meta-argument must be on the terraform block configuration, not the provider's block 1. [ ] Yes. Using the meta-argument version in the terraform block > Because the meta-argument version is incorrect 1. [ ] Yes. Using the meta-argument version in the provider block > Because the meta-argument version is incorrect > Reference: https://www.terraform.io/docs/language/settings/index.html # How you can install all the providers associated with your terraform directory? 1. [ ] terraform install providers.tf 1. [ ] terraform plan 1. [ ] Using the default installer of your Operating System to install the plugins 1. [x] terraform init > During the initialization of your Terraform directory, providers are configured and installed. When a terraform init is run, this step takes place. # You have the following provider configuration: ```terraform provider "aws" { region = "eu-west-1" } provider "aws" { alias = "frankfurt" region = "eu-central-1" } ``` On your IaC, you have modules and resources. You want to put your module's resources on eu-west-1 and your module's resources on eu-central-1. Which of the code blocks below is correct? 1. [x] ```terraform module "aws_vpc" { source = "./aws_vpc" providers = { aws = aws } } resource "aws_instance" "mylab" { provider = aws.frankfurt } ``` > To distinguish different providers from the default provider on Terraform, we must use an alias. Because we need to create those resources on eu-west-1, it's fine to use the default provider in the module. module "aws_vpc" { source = "./aws_vpc" providers = { aws = aws } } The single resource must be created on eu-central-1, so we have to specify the provider configured with the alias frankfurt resource "aws_instance" "mylab" { provider = aws.frankfurt } 1. [ ] ```terraform module "aws_vpc" { source = "./aws_vpc" providers = { aws = aws.east } } resource "aws_instance" "mylab" { provider = aws.frankfurt } ``` > because we do not have a provider with the alias aws.east configured. 1. [ ] ```terraform module "aws_vpc" { source = "./aws_vpc" provider = aws.frankfurt } resource "aws_instance" "mylab" { provider = aws.frankfurt } ``` > because the VPC and single resource should be created on eu-west-1 and eu-central-1, respectively. Both resources are created on eu-central-1 with this configuration. 1. [ ] ```terraform module "aws_vpc" { source = "./aws_vpc" provider = aws.euwest-1 } resource "aws_instance" "mylab" { provider = aws.frankfurt } ``` > because either a default provider or an alias must be specified. > Reference: https://www.terraform.io/docs/language/providers/configuration.html # With Terraform, you can only download providers from the Terraform registry. 1. [ ] True > because you can download custom providers that aren't part of Terraform using other methods 1. [x] False > You can use Terraform to download other providers or your own custom Terraform providers from a local mirror. 1. [ ] All providers must be hosted on Github. > because your providers can be hosted in repositories other than GitHub. > Reference: https://www.terraform.io/docs/cli/config/config-file.html#explicitinstallation-method-configuration
> https://www.terraform.io/docs/cli/config/config-file.html#explicitinstallation-method-configuration # To run a script in a remote resource, which provisioner should you use? 1. [ ] Use a local-exec provisioner with ssh command inside. > local-exec is executed locally and not remotely. 1. [ ] Use an ssh-provisioner and add the command to be executed > because the ssh-provisioner command is not available. The connection provisioner must be used. 1. [x] Use a remote-exec provisioner to execute the script required > remote-exec is the provider defined to execute a script or other operations remotely after the resource is created. ```terraform resource "aws_instance" "mylab" { provisioner "remote-exec" { inline = ["apt-get install terraform"] } } ``` > References: https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html
> https://www.terraform.io/docs/language/resources/provisioners/connection.html # To use in your IaC, you'll need to install pymysql libraries in the local instance where you're running Terraform. How will you install and use these libraries in your IaC? 1. [x] ```terraform resource "null_resource" "pymysql" { provisioner "local-exec" { command = "pip install --target ./python pymysql && zip -r pymysql.zip python" } } ``` And use the null resource attributes inside of your IaC > You can use a provisioner local-exec to run commands locally. It is necessary to create pymysql libraries in this Query. You must reference these libraries in your IaC once you have them. To use as a reference in the IaC, the best approach is to use a null resource that is executing this local provisioner. 1. [ ] ```terraform provisioner "local-exec" { command = "pip install --target ./python pymysql && zip -r pymysql.zip python" } ``` Then reference this provisioner inside of your IaC > because a provisioner block must always be placed inside a resource block. 1. [ ] You have to install the libraries manually first and the packaged them as zip and reference this zip file on your IaC > because you don't have a resource block to identify which libraries to use in your IaC if you created them manually. > Reference: https://www.terraform.io/docs/language/resources/provisioners/syntax.html#provisioners-are-a-last-resort # You're working with AWS and need to set up a multi-region infrastructure for eu-west-1 and eu-central-1 deployments. In your Terraform code, how do you set up the multi-provider? 1. [x] ```terraform provider "aws" { region = "eu-west-1" } provider "aws" { alias = "frankfurt" region = "eu-central-1" } ``` > When specifying the provider in Terraform, the meta-argument "alias" is required to configure multiple providers. On the non-default provider, the alias will be used on the resources and modules that are created. 1. [ ] ```terraform provider "aws-eu-west-1" { region = "eu-west-1" } provider "awseu-central-1" { alias = "frankfurt" region = "eu-central-1" } ``` > because the providers aws-eu-west-1 and aws-eucentral-1 do not exist. 1. [ ] ```terraform provider "eu-west-1" { cloud = aws } provider "eu-central-1" { cloud = aws } ``` > because "cloud" is not a meta-argument. 1. [ ] ```terraform providers "aws" { ireland = { region=eu-west-1 } frankfurt = { region=eu-central-1 } ``` > because multiple providers cannot be configured in the same configuration block. In Terraform, the term "providers" does not exist. > Reference: https://www.terraform.io/language/providers/configuration#aliasmultiple-provider-configurations # What of the following next arguments are not part of the generic meta-arguments for a provider? - [ ] alias - [ ] version - [x] profile > Alias and version are the two most important generic metaarguments for a provider. - [x] region > Alias and version are the two most important generic metaarguments for a provider. > References:
> AWS provider configuration: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#argument-reference
> https://www.terraform.io/language/providers/configuration?_ga=2.5999995.934997445.1642622103-536275114.1619454689#provider-configuration-1 # local-exec invokes a process on the resource that is being created by Terraform. 1. [ ] True 1. [x] False >The process is always invoked on the machine runningTerraform. > Reference: https://www.terraform.io/language/resources/provisioners/localexec#local-exec-provisioner # You're a DevOps Engineer for a startup with no Terraform experience, and you've been tasked with designing a multienvironment Terraform State Architecture for "dev," "stg," and "prod" on an S3 bucket for Terraform Cloud to delegate permissions on your infrastructure. Which of the following approaches do you think you should take: 1. [ ] Have a single bucket with a single state for different states like: ```terraform mybucket/dev.tfstate mybucket/stg.tfstate mybucket/prod.tfstate ``` > When using workspaces in Terraform Cloud, it is incorrect. 1. [x] Create different workspaces per environment: ```terraform mybucket/dev/application.tfstate mybucket/stg/application.tfstate mybucket/prod/application.tfstate ``` > Terraform's main tool for delegating access between different environments is Workspaces. Hashicorp's advice has always been to design a workspace for each environment. 1. [ ] Use the default workspace for all the stages > because the different environments are not segmented. > Reference: https://www.terraform.io/docs/cloud/guides/recommendedpractices/part1.html#the-recommended-terraform-workspacestructure # You noticed this symbol = "~> 0.11" in your terraform provider version. What does this signify? 1. [ ] Version which is more than 0.11 and less than 0.10 1. [ ] Version which is less than 0.11 and more than 0.10 1. [ ] Versions which are less than 0.1 and more than 0.11 1. [x] Version which are more than 0.11 and less than 0.12 > For example, ~> 1.0 is equivalent to >= 1.0, < 1.0, and ~> 0.9.2, is equivalent to >= 0.9.2, < 1.0 This is known as a Pessimistic Constraint Operator. > https://www.terraform.io/docs/language/expressions/versionconstraints.html # What is the default number of concurrent opeations supported by terraform apply command? 1. [ ] 100 1. [x] 10 > Terraform apply supports a maximum of 10 concurrent operations by default. -parallelism=n - Limits the number of concurrent operations. Terraform performs as it walks the graph; the default is 10. 1. [ ] 5 1. [ ] 1 > https://www.terraform.io/docs/commands/apply.html # Which command is used to launch terraform console? 1. [ ] `terraform apply -config` 1. [x] `terraform console` > terraform console [options] [dir]. This command allows you to evaluate and experiment with expressions using an interactive command-line console. 1. [ ] `terrafrom plan` 1. [ ] `terrafrom consul` > https://www.terraform.io/docs/cli/commands/console.html # What is the result of the following terraform function call? ```terraform > zipmap(["john", "Jim"], [0, 2]) ``` 1. [ ] `["john", "jim", "0", "2",]` 1. [x] `{"Jim" = 2, "john" = 0}` > Usually, the map is denoted by curly braces and lists are with square brackets. `{"Jim" = 2, "john" = 0}` zipmap constructs a map from a list of keys and a corresponding list of values. The syntax for zipmap is as follows: `zipmap(keyslist, valueslist)` 1. [ ] `("john"=1,"jim"=2)` 1. [ ] `{{ "john"=1 "jim"=2 }}` > https://www.terraform.io/docs/language/functions/zipmap.html # Is state file mandatory for Terraform to work? 1. [ ] False 1. [x] True > Terraform state's primary purpose is to store bindings between remote system objects and resource instances declared in your configuration. When Terraform creates a remote object in response to a configuration change, it records the remote object's identity against a specific resource instance, which it can then update or delete in response to future configuration changes. > https://www.terraform.io/docs/language/state/purpose.html # What would be output of the below? ```terraform lookup( {a="test ", b="good morning"}, "call", "terraform?") ``` 1. [ ] test 1. [ ] good morning 1. [ ] call 1. [x] terraform? > This is the real outcome: terraform? This can be verified using the Terraform console. The lookup command uses the key to find the value of a single element in a given map. If no key is specified, the default values will be returned. It's looking for the word "call" in this case. > Reference: https://www.terraform.io/docs/configuration/functions/lookup.html # Which terraform command can be used to find the provider name being used in your code? 1. [ ] `terraform state` 1. [ ] `terraform apply` 1. [x] `terraform providers` > The terraform providers command is used to determine the name of the provider you're deploying. 1. [ ] `terraform plan` > https://www.terraform.io/docs/cli/commands/providers.html # You are new to terraform and have been asked to find that what is created/target resource name for the below code? ```terraform resource "azurerm_resource_group" "rg" { name = "testrg" location = "eastus2" } ``` 1. [ ] rg 1. [x] testrg > The name of the created resource group would be "testrg" 1. [ ] azurerm_resource_group.rg 1. [ ] resource
- Terraform is an open-source tool for managing infrastructure as code.
- It uses a declarative language to specify the desired end state of infrastructure resources.
- Providers are plugins that enable Terraform to interact with different infrastructure services.
- Resources represent infrastructure components such as servers, databases, and networks.
- State files are used to track the current state of infrastructure resources and ensure consistency.
- Terraform generates an execution plan for reviewing changes before they are applied.
- Terraform streamlines infrastructure management by enabling automation, consistency, and scalability.