- Understand Infrastructure as Code (IaC) Concepts
- Understand the purpose of Terraform (vs other IaC)
- Understand Terraform basics
- Use Terraform outside the core workflow
- Interact with Terraform modules
- Use the core Terraform workflow
- 6a. Describe Terraform workflow (Write -> Plan -> Create)
- 6b. Initialize a Terraform working directory (terraform init)
- 6c. Validate a Terraform configuration (terraform validate)
- 6d. Generate and review an execution plan for Terraform (terraform plan)
- 6e. Execute changes to infrastructure with Terraform (terraform apply)
- 6f. Destroy Terraform managed infrastructure (terraform destroy)
- 6g. Apply formatting and style adjustments to a configuration (terraform fmt)
- Implement and maintain state
- 7a. Describe default local backend
- 7b. Describe state locking
- 7c. Handle backend and cloud integration authentication methods
- 7d. Differentiate remote state back end options
- 7e. Manage resource drift and Terraform state
- 7f. Describe backend block and cloud integration in configuration
- 7g. Understand secret management in state files
- Read, generate, and modify configuration
- 8a. Demonstrate use of variables and outputs
- 8b. Describe secure secret injection best practice
- 8c. Understand the use of collection and structural types
- 8d. Create and differentiate resource and data configuration
- 8e. Use resource addressing and resource parameters to connect resources together
- 8f. Use HCL and Terraform functions to write configuration
- 8g. Describe built-in dependency management (order of execution based)
- Understand HCP Terraform capabilities
- Exam Duration: 1 hour
- Question Count: 50-60 questions
- Tested on: Terraform 0.12 and higher
- Certification Expiration: 2 years
- True/False
- Multiple Choice
- Multiple Choice - Multiple Answer
- Fill-in the blank
- IaC (Infrastructure as Code): A practice where infrastructure is provisioned and managed using code instead of manual processes. It involves writing what you want to deploy in a human-readable form.
- DevOps Enablement: IaC is tracked in version control, allowing for better visibility and collaboration across teams.
- Declarative Approach: Infrastructure is defined declaratively via code, though it can also be procedural.
- Speed: Automates deployment processes, saving time.
- Cost Reduction: Minimizes manual intervention, reducing errors and excess resource usage.
- Reduced Risk: Less human error means fewer security vulnerabilities.
- Multi-Cloud Support: Terraform works with a variety of cloud providers, both public and private, making it provider-agnostic.
- Unified Workflow: Interacts with different cloud APIs using a consistent syntax.
- State Tracking: Terraform maintains a state file (
terraform.tfstate
) to keep track of resource statuses. This is crucial for managing and updating resources effectively. - Deployment Planning: Helps calculate changes needed and creates execution plans.
- Installation: Terraform can be installed by downloading the binary or using package managers. Providers are installed using
terraform init
. - Versioning: Providers should be pinned to specific versions to avoid breaking changes.
- Providers: Terraform uses plugins, known as providers, to interact with cloud platforms and other services.
- Registry: Providers are sourced from the Terraform providers registry or can be custom-built.
-
Configuration: Multiple providers can be declared in a Terraform configuration file to manage resources across different services.
-
Example:
provider "aws" { region = "us-east-1" } provider "google" { region = "us-central1" }
- Initialization: During
terraform init
, Terraform downloads and installs the required providers. - Provider Source: By default, Terraform looks in the Terraform providers registry.
4a. Describe when to use terraform import to import existing infrastructure into your Terraform state
- Use Case: When managing existing resources not initially created by Terraform. The
terraform import
command brings these resources into Terraform's management.
- Viewing State: Commands like
terraform state list
andterraform state show
allow users to inspect the current state file and the resources it manages.
- Verbose Logging: Enabled by setting the environment variable
TF_LOG
toTRACE
,DEBUG
, etc., to provide detailed execution logs. This is useful for debugging and understanding Terraform's behavior.
- Sources: Modules can be sourced from the public Terraform Module Registry, private registries, or local paths.
- Example:
module "network" { source = "terraform-aws-modules/vpc/aws" version = "2.0" }
- Inputs: Parameters passed to the module, used within the module as variables.
- Outputs: Values returned by the module to be used by the root module or other modules.
- Scope: Variables declared in the root module can be passed down to child modules. Variables are scoped to their respective modules unless explicitly passed.
-
Versioning: Specifying a module version ensures compatibility and stability. Example:
module "network" { source = "terraform-aws-modules/vpc/aws" version = "2.0.0" }
- Write: Define infrastructure as code in
.tf
files. - Plan: Run
terraform plan
to preview changes. - Apply: Execute
terraform apply
to create/update infrastructure.
- Prepares the directory by downloading providers and modules.
- Checks the syntax and internal consistency of Terraform configuration files.
- Creates an execution plan showing what changes will be made.
- Applies the changes as per the plan to the actual infrastructure.
- Destroys all resources defined in the Terraform configuration.
- Automatically formats Terraform configuration files to canonical style.
- Local Backend: By default, Terraform stores the state file locally on disk.
- State Locking: Prevents simultaneous updates to the state file by locking it during operations.
- Authentication: Uses various methods like AWS credentials, GCP service accounts, etc., to authenticate with backends.
- Remote Backends: Options include AWS S3, Google Cloud Storage, and others for storing state files remotely.
- Resource Drift: Regular state refresh and
terraform plan
help detect and manage changes not made through Terraform.
-
Backend Block: Defines where the state is stored, e.g., in an S3 bucket.
backend "s3" { bucket = "my-tf-state" key = "path/to/my/key" region = "us-east-1" }
-
Secrets in State: Sensitive data may be stored in state files, so securing state storage is critical. Use encryption and secure storage options to protect sensitive information.
-
Variables: Used to parameterize Terraform configurations.
variable "my-var" { description = "My Test Variable" type = string default = "Hello" validation { condition = length(var.my-bat) > error_message = "String more than 4 characters" } }
variable "my-var" { description = "My Test Variable" type = string default = "Hello" sensitive = true }
-
Outputs: Used to return values from modules or the root module.
output "instance_ip" { description = "VM's Private IP" # Variable config arguments such as variable description and value value = aws_instance.my-vm.private_ip }
- Best Practices: Use environment variables or secret management tools (e.g., Vault) to inject secrets securely into Terraform configurations without exposing them in code or state files.
-
Types: Terraform supports collections like lists and maps, and structural types like objects and tuples, which help handle complex data structures.
variable "training" { type = list(string) default = ["ACG","LA"] # Two separate strings in one variable }
variable "instructor" { type = object ({ name = string age = number # Primitive types several named attributes }) }
- Resources: Used to create and manage infrastructure (e.g.,
aws_instance
). - Data Sources: Used to fetch existing resources or data that Terraform does not manage (e.g.,
aws_ami
).
-
Resource Addressing: Terraform allows you to reference resources using their addresses, like
aws_instance.my_instance
. This is used to define relationships and dependencies between resources.provider "aws" { region = "us-east-1" # Configuration parameters }
resource "aws_instance" "web" { ami = "ami-a1bsas9as9" # Configuration parameters instance_type = "t4g.medium" }
data "aws_instance" "my-vm" { instance_id = "i-1asd12321eeadfs1" } # Resource Address --> data.aws_instance.my-vm
- HCL (HashiCorp Configuration Language): The syntax used for writing Terraform configuration files. It is designed to be both human-readable and machine-friendly.
- Terraform Functions: Terraform includes built-in functions such as
join()
,split()
, andlookup()
that are used to manipulate and manage data within configuration files.
- Dependency Management: Terraform automatically manages dependencies between resources. It understands which resources need to be created or destroyed first based on their dependencies. This ensures that the infrastructure is created and modified in the correct order.
- HCP Terraform: The HashiCorp Cloud Platform (HCP) provides a managed service for Terraform that includes features like secure remote state storage, team collaboration, and governance.
- Collaboration: HCP Terraform allows multiple team members to work on the same Terraform configurations, with state management features to prevent conflicts.
- Governance: Includes tools for policy enforcement (such as Sentinel) to ensure compliance with organizational standards and best practices.