Terraform Interview Questions for Experienced/Terraform Interview Questions and Answers for Freshers & Experienced

How to ignore duplicate resource error during terraform apply?

It seems to be the case that when a resource conflict occurs (the IAM roles in my case), Terraform will ignore certain resource types previously saved in its state and attempt to recreate those resources from scratch.



Possible causes of this could be:

* You or someone else has executed your Terraform code and you don’t have a shared/updated state
* Someone has created them manually
* A Terraform destroy failed in a way that deleted the resources for the API but failed to save the update state


Solutions depend on what you need. You can:

* Delete those resources from your Terraform code to stop managing them with it
* Delete those resources from the API (cloud provider) and recreate them with Terraform
* Perform a terraform import of those resources and remove the terraform code that is trying to recreate them (NOT RECOMMENDED)
* Use terraform apply –target=xxx to apply only resources you need to apply (NOT RECOMMENDED)

While using TEF’s API for the provision of resources, will history be the same as it is on the web?

Yes. The narration will be similar as it is on the web because the UI is residential keeping API as the base. So the whole thing that is on the UI could be availed during the API and the other method around.

Tell me the reasons to choose Terraform for DevOps?

To decide to Terraform for DevOps one significant reason people think Terraform is to direct their infrastructure as code. Infrastructure as code is also a primary and base for DevOps practices such as account control, policy review, continuous addition and continuous operation.

How would you recover from a failed apply in Terraform?

The usual way to represent “rolling back” in Terraform is to put your configuration in version control and commit before each change, and then you can use your version control system’s features to revert to an older configuration if needed. You always need to recommit the previous version code for it to be the new version in the version control system.



Not all changes can be rolled back purely by reverting a version control system change though. For example, if you added a new provider block and resources for that provider all in one commit and then applied the result, in order to rollback, you would need to change the configuration to still include the provider block but not include any of the resource blocks, so you would need to adjust the configuration during the revert. Terraform will then use the remaining provider block to configure the provider to run the destroy actions, after which you can finally remove the provider block too.



If the state file gets corrupted from the latest terraform run, then you can use terraform enterprise and its features of state rollback to go to the previous latest state which was working fine and was in a good state. This is possible in the enterprise version because every state change is versioned there.

How do you move the state from one source to another?

terraform state mv command is used to move the current state of a module, resource, or instance from one source to another. Below is the syntax of the command:

Syntax: terraform state mv [options] SOURCE DESTINATION

The tracking of the object moved will be done from the destination. Here is an example, where a resource of ‘demo’ is moving to ‘test’:

terraform state mv packet_device.demo packet_device.test

1. Where do you find and explore terraform Modules?
2. To find and explore terraform modules, you can use terraform registry. Terraform registry is a collection of modules that are small, reusable, and lets you manage a bunch of resources. You can quickly deploy common infrastructure configurations through modules available on terraform registry.

Does the taint command modify the infrastructure?

Taint command in terraform does not modify the infrastructure, rather it updates the terraform state file and marks the object as tainted. This tainted object gets destroyed and recreated in the next terraform plan, and the terraform apply will make the changes.

How do you inspect the current state of the infrastructure applied in terraform?

You inspect the current state of the infrastructure applied in terraform using terraform show command. It will give a human-readable output which will be a JSON representation of the state file if you run the command with -json parameter.

If different teams are working on the same configuration. How do you make files to have syntactically valid and internally consistent?

To make sure different teams working on the same configuration are keeping the configuration syntactically valid and internally consistent, we can use the validate command. terraform validate validates the configuration files in a directory and reports errors found in attribute name, modules, and value types. This command returns a success message if all the syntax is valid and consistent.

If different teams are working on the same configuration. How do you make files have consistent formatting?

We can use terraform fmt to keep the configuration format consistent across teams. This command modifies the configurations in terraform for better readability and consistency. fmt command is used to keep the style consistent across different terraform codebases.

Is there a way to bulk import the state of the current cloud subscription into Terraform state?

With terraform import command, individual resources can be imported to terraform state, but there is not bulk import feature as of now.

How do you recover from a failed apply, where some resources were provisions, but others were not?

We can recover from a failure to apply,r ranging from the use of --force, as well as manually removing resources, cleaning up the S3 state files, and cleaning the dynamo DB lock.

Can I add policies to the open-source or pro version of Terraform enterprise?

No, you cannot add policies to both open-source or pro versions of Terraform enterprise. The best version of Terraform Enterprise could only contact the lookout policies.

How can you handle CLI authentication on terraform cloud?

With the login and logout commands, I can handle CLI authentications on terraform cloud. These commands help in automating the process of getting an API token for the Terraform Cloud user account.

The terraform login command automatically obtains and saves an API token for Terraform Cloud, Terraform Enterprise, or any other Terraform service host.

Syntax: terraform login [hostname]

The terraform logout command removes the terraform login credentials which were stored.

Is there any similarity between the management of Azure Availability Zones and management by other available cloud providers?

The response to this question would directly refer to the fact that availability zones have different areas and zones. Every availability zone has a specific power source and network. Any region with an enabled availability zone would have three different availability zones. You need to note that AzureRM Terraform provider does not have any accessible resources for the management of Azure Availability Zones. However, this is the present scenario, and AzureRM Terraform provider could include some improvements in the future for this issue.

Which command is used to destroy Terraform-managed infrastructure?

The “terraform destroy command” is used to destroy the Terraform-managed infrastructure.

Tell Us About Some of the Terraform CLI Commands and their Functions?

Init- The init command is used to initiate the process which is included in terraform.

Get- The command helps to chart a path to a mentioned module that can be triggered as and when required.

Graph- Using the CLI command, you can create a visual representation of the configuration.

Validate- This command is used as validation for the respective configuration file if they are syntactically consistent.

Fmt- configuration files with a different set of format and style are rewritten with this command.

How to Ignore the Error Duplicate Resource During Terraform Apply?

Solutions can differentiate depending on requirements

You can delete the resources from the terraform code to stop managing them.

You can delete the resources from the API and recreate them by implementing terraform.

Perform an importing action to remove the resources and eliminate the code that is attempting to recreate them.

What do you mean by a Virtual Private Cloud (VPC)? Which command do you use in Terraform to use a VPC service?

A Virtual Private Cloud (VPC) is a private virtual network within AWS where you can store all of your AWS services. It will have gateways, route tables, network access control lists (ACL), subnets, and security groups, and will be a logical data centre in AWS. When you create a service on a public cloud, it is effectively open to the rest of the world and can be vulnerable to internet attacks. You lock your instances down and secure them from outside threats by putting them inside a VPC. The VPC limits the types of traffic, IP addresses, and individuals who have access to your instances.

This stops unauthorised users from accessing your resources and protects you from DDOS assaults. Because not all services require internet connection, they can be safely stored within a private network. You can then only allow particular machines to connect to the internet.

We use the command aws_vpc to use a VPC Service in Terraform.

How will you check whether your POVRay install is ok with the terraform?

For checking whether my POVRay install is ok with terraforming, I will try this: povray+I tf_land.pov

I may get either of the two outcomes from this. Either I will observe an error of this type: tf_land.pov:26:error: Error opening TGA image.

tf_land.pov refers to the file that is distributed in the root directory of terraforming. If I see the above type error, then it means that it is ok and the included file can be found by my POV. The second error type that I may observe will be about 'colors .inc’. This error means that the included files can't be found by my POV. This will help me in verifying if it is ok with terraforming or not.

What procedures should be taken to make a high-level object from one module available to the other module?

The steps to make an object from one module available to the other module at a high level are as follows:

1. The first step is to define an output variable in a resource configuration. The scope of local and to a module will not be declared until you define resource configuration details.

2. Now you must specify the output variable of module A so that it can be utilised in the setup of other modules. You should establish a fresh new and up-to-date key name, with a value that is equal to the output variable of module A.

3. You must now create a file named variable.tf for module B. Create an input variable with the exact same name as the key you defined in module B inside this file. This variable permits the resource's dynamic setting in a module. Replicate the process to make this variable available to other modules as well. This is because the scope of the variable established here is limited to module B.

Explain State File Locking in the context of Terraform.

Terraform's state file locking method prevents conflicts between numerous users doing the same task by blocking activities on a given state file. When one user unlocks the lock, only the other user has access to that state. Terraform will lock your state for any operations that potentially write state if your backend supports it. This prevents outsiders from gaining access to the lock and corrupting your state. All operations that have the potential to write state are automatically locked. There will be no indication that this is happening. Terraform will not continue if state locking fails. The -lock flag can be used to deactivate state locking for most tasks, although it is not advised. Terraform will send a status message if gaining the lock takes longer than planned. If your backend enables state locking, even if Terraform doesn't send a message, it still happens.

Can I use Terraform for on-premises infrastructure?

Yes, Terraform supports multi–provider deployments which include on-prem like VMware, Openstack and even using Terrarm we can manage SDN (Software Defined Network) too.

What if I encounter a serious error and want to rollback?

Recommitting the previous version of the code for making it the new and current version in a VCS (Version Control System). As a result, a terraform run triggers and runs the old code. It is essential to ensure that the old code contains all entities provisioned in the code for rollback. If the state file has been subject to corruption from a recent Terraform run, then you can opt for State Rollback Feature in Terraform Enterprise. It can help you to roll back to the previous latest state. The validation for this process is the versioning of every state change.

Can I add policies to the open-source or Pro version of Terraform Enterprise?

This is one of the most popular Terraform interview questions coming up in recent interviews. First of all, you cannot add policies to the open-source version of Terraform Enterprise. The same also goes for the Enterprise Pro version. The Premium version of Terraform Enterprise only could access the sentinel policies.

What do you know about Terragrunt? What are its uses?

Terragrunt is a lightweight wrapper that adds extra features for maintaining DRY configurations, dealing with many Terraform modules, and managing remote state.

Following are the use cases of Terragrunt:

<> To Keep Our Background Configuration DRY (Don’t Repeat Yourself): By setting your backend configuration once in a root location and inheriting that information in all child modules, Terragrunt helps you to keep it DRY ("Don't Repeat Yourself").
<> To Keep Our Provider Configuration DRY: It might be difficult to unify provider configurations across all of your modules, especially if you wish to alter authentication credentials. You may use Terragrunt to refactor common Terraform code and keep your Terraform modules DRY by using it. The provider configurations can be defined once at a root location, just like the backend configuration.
<> To Keep Our Terraform Command Line Interface arguments DRY: In the Terraform universe, CLI flags are another typical source of copy/paste. It can be difficult and error-prone to have to remember these -var-file options every time. By declaring your CLI parameters as code in your terragrunt.hcl settings, Terragrunt helps you to keep your CLI arguments DRY.
<> To Promote Terraform modules that are immutable and versioned across environments: Large modules should be considered hazardous, according to one of the most important lessons we've learnt from building hundreds of thousands of lines of infrastructure code. That is, defining all of your environments (dev, stage, prod, and so on) or even a huge amount of infrastructure (servers, databases, load balancers, DNS, and so on) in a single Terraform module is a Bad Idea. Large modules are slow, insecure, difficult to update, code review, test, and are brittle. Terragrunt lets you define your Terraform code once and then promote a versioned, immutable "artifact" of that code from one environment to the next.

What do you mean by a Virtual Private Cloud (VPC)? Which command do you use in Terraform to use a VPC service?

A Virtual Private Cloud (VPC) is a private virtual network within AWS where you can store all of your AWS services. It will have gateways, route tables, network access control lists (ACL), subnets, and security groups, and will be a logical data centre in AWS. When you create a service on a public cloud, it is effectively open to the rest of the world and can be vulnerable to internet attacks. You lock your instances down and secure them from outside threats by putting them inside a VPC. The VPC limits the types of traffic, IP addresses, and individuals who have access to your instances.

This stops unauthorised users from accessing your resources and protects you from DDOS assaults. Because not all services require internet connection, they can be safely stored within a private network. You can then only allow particular machines to connect to the internet.

We use the command aws_vpc to use a VPC Service in Terraform.

Are themes supported by terraforming?

Yes. Gtk themes are efficiently supported by the 0.3.1 version of terraforming. If your system contains a gtk theme, then it can be enabled by performing this: cp/usr/wherever/THEMENAME/gtk/gtkrc $HOME/.gtkrc If it shows error on opening the theme files and theme files fail to open, then .gtkrc should be edited and after that attach a line like the below one at the starting of the file. pixmap_path”/usr/wherever/THEMENAME/gtk” Now the theme should be able to load on startup.

What are the new factors in the latest v1.24.0 & v1.25.0 Terraform Azure Provider?

There are many new resources in the latest versions v1.24.0 & v1.25.0. Also, it involves new data resources. One of the the latest version is Azurerm_batch_certificate. It helps in managing the certificate in the Azure batch. This resource is used for managing public IP, the prefix in networking. New data resource in the latest version includes Azurerm_firewall which allows access to the data for some already existing firewall. The latest release has also done work in the fixing of bugs. The azurerm_app_service has been enhanced which is a good sign of improvement.

What steps should be followed for making an object of one module to be available for the other module at a high level?

Following are the steps which should be followed for making an object of one module to be available for the other module at a high level: First, an output variable to be defined in a resource configuration. Till you do not declare resource configuration details, the scope of local and to a module. Now, you have to declare the output variable of module_A to be used in other module's configuration. A brand new and latest key name should be created by you and the value should be kept equivalent to the module_A’s output variable.

Now, for module_B you have to create a file variable.tf. Establish an input variable inside this file having exactly the same name as was in the key defined by you in module_B. In a module, this particular variable enables the resource's dynamic configuration. For making this variable available to some other module also, replicate the process. This is because the particular variable established here have its scope restricted to module_B.

How to Store Sensitive Data in Terraform?

In order to communicate with your cloud provider's API, Terraform requires credentials. Although config files and environment variables are a preferable alternative, the credentials are still saved in plaintext on your desktop.

Every day, GitHub is exposed to thousands of API and cryptographic keys! Protecting sensitive variables such as Cloud API Keys, Passwords, SSH private keys, SSL certificates, and other sensitive text or data is critical. So these API keys should never be stored in terraform code directly.

Why write tests for Sentinel policies?

* Policies and infrastructure are prone to change for refactoring.
* Writing tests assures that your policy will continue to work as intended even if things change.
* Writing testing instils trust in the policymaking process.

What exactly is Sentinel?

Sentinel is the policy enforcement language used by HashiCorp. Sentinel policies are validated when the Terraform plan is executed. Sentinel will detect incorrect settings before they reach production, not later.

What is Private Module Registry?

Terraform Cloud provides a Private Module Registry, which allows you to store, version, and distribute modules to your organisations and teams.

How can I check if the POVRay install is compatible with Terraform?

Candidates could find tough Terraform interview questions like this one. You can try “povray+l tf_land.pov” to check whether the POVRay installs on your system is ok with Terraform. You can find two outcomes – one good and one bad. The good message is an error “tf_land.pov:26:error: Error opening TGA image”. The “tf_land.pov” denotes the file distributed in the root directory of terraforming. It means that you can find the included file in the POV on your system. The second message is about ‘colors.inc,’ that indicates the absence of files in your POV. As a result, you can clearly find out whether the POVRay installs works with Terraform or not.

Why does POVRay render fields and does not display sometimes?

This is one of the critical Terraform DevOps interview questions. The primary reason for the failure of default export to POVRay could be the lower version of POVRay. Version 3.0 of POVRay does not support the display. The same reason could be evident in the case of failure in a display of POVRay without error reports. Terraform works effectively with the 3.1 version of POVRay. So, you should use the –pov30 switch for informing Terraform about the issue. You can check the version of POVRay by typing “POVRay” and observing the first line of the output.

What are the different behaviors of Terraform plugins during discovery?

This question is one of the tricky Terraform interview questions that can confuse many expert candidates. The behavior of the plugins depends on their type. The three kinds of plugins are built-in provisioners, providers by HashiCorp, and third-party providers and provisioners. The in-built provisioner plugins are always available in the Terraform binary. The providers by HashiCorp download automatically if not installed already. Regarding the third-party providers and provisioners, you have to install them manually.

Do you know about the new factors in the latest v1.24.0 and v1.25.0 Terraform Azure Provider?

Candidates should prepare for such Terraform technical interview questions. You can find multiple new resources in the latest versions of Terraform alongside new data resources. For example, Azurerm_batch_certificate. The new resource can support the management of certificates in the Azure batch. Furthermore, it also helps in the management of public IP and the prefix in networking. Another data resource in the latest versions is the Azurerm_firewall that helps in accessing data for a particular firewall existing already. In addition, the new versions also involve a lot of bug fixes. You can also find improvement in the azurerm_app_service resource in the latest versions.

How will you control and handle rollbacks when something goes wrong?

I need to recommit the previous code version to be the new and current version in my VCS. This would trigger as terraform run, which would be responsible for running the old code. As Terraform is more declarative, I will make sure all things in the code roll back to the old code. I would use the State Rollback Feature of Terraform Enterprise to roll back to the latest state if the state file got corrupted.

What does the providers command do?

The terraform providers command prints information about the providers used in the current configuration.

What is use of fmt command in Terraform?

The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style. This command applies a subset of the Terraform language style conventions, along with other minor adjustments for readability.

Search
R4R Team
R4R provides Terraform Freshers questions and answers (Terraform Interview Questions and Answers) .The questions on R4R.in website is done by expert team! Mock Tests and Practice Papers for prepare yourself.. Mock Tests, Practice Papers,Terraform Interview Questions for Experienced,Terraform Freshers & Experienced Interview Questions and Answers,Terraform Objetive choice questions and answers,Terraform Multiple choice questions and answers,Terraform objective, Terraform questions , Terraform answers,Terraform MCQs questions and answers Java, C ,C++, ASP, ASP.net C# ,Struts ,Questions & Answer, Struts2, Ajax, Hibernate, Swing ,JSP , Servlet, J2EE ,Core Java ,Stping, VC++, HTML, DHTML, JAVASCRIPT, VB ,CSS, interview ,questions, and answers, for,experienced, and fresher R4r provides Python,General knowledge(GK),Computer,PHP,SQL,Java,JSP,Android,CSS,Hibernate,Servlets,Spring etc Interview tips for Freshers and Experienced for Terraform fresher interview questions ,Terraform Experienced interview questions,Terraform fresher interview questions and answers ,Terraform Experienced interview questions and answers,tricky Terraform queries for interview pdf,complex Terraform for practice with answers,Terraform for practice with answers You can search job and get offer latters by studing r4r.in .learn in easy ways .