30 Terraform Interview Questions and Answers

Terraform is an open-source Infrastructure as Code (IaC) tool developed by HashiCorp. It allows users to define, provision, and manage infrastructure using declarative configuration files, making infrastructure management more automated, consistent, and repeatable.

Terraform focuses on infrastructure provisioning and lifecycle management, while tools like Ansible or Chef are primarily used for configuration management. Terraform uses declarative syntax and maintains a state file to track resources, enabling it to manage dependencies and changes efficiently.

A Terraform provider is a plugin that enables Terraform to interact with APIs of external platforms and services, such as AWS, Azure, Google Cloud, or even SaaS products. Providers define the resources and data sources available for use in Terraform configurations.

The Terraform state file (usually named terraform.tfstate) keeps track of the resources Terraform manages and their current state. It is essential for mapping real-world resources to your configuration, detecting changes, and planning updates.

Terraform automatically builds a dependency graph based on resource references in the configuration files. This ensures resources are created, updated, or destroyed in the correct order, handling dependencies without manual intervention.

'terraform init' initializes a Terraform working directory by downloading the necessary provider plugins and setting up the backend for storing state files. It is the first command you run before applying any configuration.

Variables in Terraform allow you to parameterize your configurations, making them reusable and flexible. You can define variables in .tf files, pass them via command line, or use environment variables.

'terraform plan' shows you what changes Terraform will make to your infrastructure based on your configuration, without actually applying them. 'terraform apply' executes those changes, provisioning or modifying resources as needed.

A Terraform module is a reusable collection of Terraform configuration files that can be shared and used across different projects. Modules help organize and encapsulate code, promoting reusability and maintainability.

Terraform uses its state file and declarative configuration to ensure that applying the same configuration multiple times results in the same infrastructure state. It only makes changes when the desired state differs from the current state, ensuring idempotency.

Local backends store the Terraform state file on the local disk, while remote backends store it in a remote location such as AWS S3, Azure Blob Storage, or Terraform Cloud. Remote backends enable collaboration, state locking, and enhanced security for team environments.

Sensitive data can be managed using environment variables, input variables marked as sensitive, or secret management tools like HashiCorp Vault. Avoid hardcoding secrets in configuration files and use remote backends with encryption for state files.

Data sources allow Terraform to fetch and use information from external sources or existing infrastructure. For example, you can use a data source to retrieve the latest AMI ID from AWS and use it to launch new EC2 instances.

Drift occurs when the real infrastructure diverges from the Terraform state. The 'terraform plan' and 'terraform apply' commands help detect and reconcile drift by comparing the current state with the desired configuration.

The lifecycle meta-argument allows you to control resource behavior with options like 'create_before_destroy', 'prevent_destroy', and 'ignore_changes'. For example, 'create_before_destroy' ensures a new resource is created before the old one is destroyed, minimizing downtime.

Workspaces allow you to manage multiple distinct state files within a single configuration, making it easier to manage environments like development, staging, and production. Each workspace has its own state, enabling environment isolation.

Large projects can be organized using modules, separating resources by environment or function, and following naming conventions. Using remote backends, workspaces, and version control also improves maintainability and collaboration.

The 'terraform import' command lets you bring existing infrastructure under Terraform management by mapping real resources to Terraform resources. This is useful for adopting Terraform in environments with pre-existing infrastructure.

'count' is used to create multiple instances of a resource based on an integer value, while 'for_each' allows you to iterate over a map or set of strings, providing more flexibility and control over resource creation.

'terraform taint' marks a resource as needing to be destroyed and recreated on the next apply. It is useful when a resource is in a bad state or needs to be replaced without changing the configuration.

Best practices include using remote backends (like AWS S3 with DynamoDB for state locking), enabling state file versioning, restricting direct access to state files, and using workspaces for environment separation. This ensures collaboration, prevents state corruption, and secures sensitive data.

Breaking changes should be managed by versioning modules using semantic versioning, thoroughly testing new versions, and updating module references incrementally. Communicate changes clearly, use 'terraform plan' to preview impacts, and consider backward compatibility when possible.

A blue-green deployment can be achieved by defining separate resources or modules for 'blue' and 'green' environments, using variables or workspaces to control which environment is active. Traffic can be switched using load balancer configuration updates, ensuring zero downtime during deployments.

Writing a custom provider involves using Go and the Terraform Plugin SDK to define resource schemas, CRUD operations, and authentication. Challenges include handling API rate limits, managing state, ensuring idempotency, and maintaining compatibility with Terraform core updates.

Dependencies across modules can be managed by outputting resource attributes from one module and referencing them as inputs in another. For cross-workspace dependencies, use remote state data sources to fetch outputs from other workspaces, ensuring correct resource orchestration.

Terraform state files may contain sensitive data in plaintext. To mitigate risks, use remote backends with encryption, restrict access via IAM policies, avoid outputting secrets, and use sensitive variables. Regularly audit state files and rotate credentials as needed.

Automate workflows by integrating Terraform commands (init, plan, apply) into CI/CD tools like Jenkins, GitHub Actions, or GitLab CI. Use environment-specific variables, remote backends, and approval gates for 'apply' steps. Store state securely and manage secrets using vaults or environment variables.

'terraform graph' generates a visual representation of resource dependencies as a DOT graph. This helps in understanding complex relationships, debugging dependency issues, and optimizing resource orchestration in large infrastructures.

Provider versions are managed in the 'required_providers' block. Upgrading involves updating version constraints and running 'terraform init -upgrade'. Risks include breaking changes, deprecated resources, and altered behaviors, so always review changelogs and test upgrades in isolated environments.

In a scenario with concurrent applies, a state lock conflict may occur. To resolve, identify the lock holder, coordinate with the team, and release the lock if safe. For state file corruption, restore from backup, manually reconcile resources, and use 'terraform state' commands to repair inconsistencies.