Terraform Interview Questions and Answers

Terraform is an open-source tool that helps you automate the setup and management of your infrastructure, such as servers, databases, and networks. Instead of doing everything manually, you write simple code to describe what your infrastructure should look like, and Terraform automatically creates, updates, or deletes resources based on your instructions. It's widely used for cloud environments like AWS, Azure, and Google Cloud, making it easier to manage large or complex systems

1. What is Terraform's primary purpose?

Its primary purpose in DevOps is to automate the infrastructure lifecycle, enabling teams to build, change, and version infrastructure safely and efficiently. It acts as a single tool to manage infrastructure across multiple cloud providers and on-premises data centers, fostering a consistent workflow.

2. Explain the difference between declarative and imperative IaC.

Declarative and imperative are two different approaches to IaC. A declarative approach, used by Terraform, focuses on the "what" you define the desired end-state of your infrastructure, and the tool is responsible for figuring out how to achieve it.An imperative approach, often seen in shell scripts, focuses on the "how" you provide explicit, step-by-step commands that must be executed in order to reach the desired state. Declarative IaC is generally less complex and more reliable for managing state over time.

3. How does Terraform differ from configuration management tools like Ansible?

Terraform is primarily a provisioning tool, focused on creating, managing, and destroying infrastructure resources like virtual machines, networks, and databases. It excels at managing the lifecycle of these foundational components.Ansible, on the other hand, is primarily a configuration management tool, focused on installing and managing software on existing servers.

4. Explain the basic structure of a Terraform configuration file.

HCL (HashiCorp Configuration Language) is employed to structure a Terraform configuration file. It is made up of parts like variable for input variables, resource to define resources, provider to determine the cloud provider, and output to extract and display values. Parameters and values defining infrastructure settings and components are provided in each block.

5. What makes Terraform a cloud-agnostic tool?

Terraform is cloud-agnostic due to its provider-based architecture. It uses plugins called "providers" that act as a translation layer between Terraform's universal configuration language and the specific API of a cloud provider (like AWS, Azure, GCP) or other services. This allows a single Terraform configuration and workflow to manage resources across multiple platforms simultaneously. This contrasts with cloud-specific tools like AWS CloudFormation, which only work within their native ecosystem.

6. What is Infrastructure as Code (IaC) and its main benefits?

Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure through machine-readable configuration files rather than manual processes or interactive tools. Its primary benefits include increased deployment speed and efficiency through automation, enhanced consistency across environments (dev, staging, production), and improved scalability. By versioning infrastructure configurations, teams can track changes, collaborate more effectively, and significantly reduce the risk of human error.

7. Describe the core Terraform workflow.

The core Terraform workflow consists of three main steps: Write, Plan, and Apply.First, you Write infrastructure as code in HCL files. Next, you run terraform plan to generate an execution Plan, which previews the changes Terraform will make to your infrastructure without actually applying them. Finally, you use terraform apply to Apply the changes and provision or modify the resources as described in the plan. This cycle provides a safe and predictable way to manage infrastructure.

8. What is the purpose of terraform init?

The terraform init command is used to initialize a working directory containing Terraform configuration files. It performs three primary tasks: it downloads and installs the provider plugins declared in the configuration, initializes the configured backend for state file storage, and downloads any modules referenced in the configuration. This command must be run before any other Terraform commands can be executed in a new or cloned project directory.

9. Explain what terraform plan does and why it's important.

The terraform plan command creates an execution plan by comparing the desired state defined in your configuration files against the current state of the real-world infrastructure recorded in the state file.The output shows exactly which resources will be created, updated, or destroyed. This command is critically important because it provides a "dry run" or preview of changes, allowing for review and validation before any modifications are made to the actual infrastructure, thereby preventing unintended or destructive actions.

10. . What is the difference between terraform apply and terraform apply tfplan?

Running terraform apply without an argument will first generate a new execution plan and then prompt for interactive approval before executing it. This is suitable for manual workflows. In contrast, terraform apply tfplan, where tfplan is a file saved from a terraform plan -out=tfplan command, applies the exact changes outlined in that pre-saved plan file without generating a new one or prompting for approval. The latter is a best practice for automation and CI/CD pipelines, as it ensures that only the previously reviewed and approved changes are executed.

11. Who are some key players that compete with Terraform in the infrastructure as code (IaC) market?

Ansible: Terraform's versatility is matched by Ansible's complex automation instruments, that are known for their straightforwardness and agentless architecture.
AWS CloudFormation: With its native IaC includes and customized layout for AWS environments, CloudFormation directly competes Terraform's multiple clouds support.
Google Cloud Deployment Manager: Given its ability to develop and deploy complex infrastructure configurations, Google's solution poses an important danger to Terraform's cross-platform capabilities.
Azure Resource Manager (ARM): Within the Azure setting, Microsoft's ARM templates offer an effective alternative for Terraform by enabling the efficient definition and provision of Azure resources.

12. What are the roles of terraform validate and terraform fmt?

terraform validate is a command that checks the syntax and logical consistency of the Terraform configuration files in a directory.It catches errors like incorrect syntax, invalid arguments, or undeclared variables without connecting to any remote services. terraform fmt is a code formatting tool that rewrites configuration files to a canonical, standard style for improved readability and consistency across a team. It helps maintain a clean and professional codebase but does not affect the functionality of the code.

13. What is the purpose of the Terraform state file?

The Terraform state file (terraform.tfstate) is a JSON file that serves as a single source of truth for the infrastructure managed by Terraform. Its primary purpose is to map the resources defined in your configuration files to the actual resources in your cloud environment. It also tracks resource metadata and dependencies, which allows Terraform to create an accurate plan for creating, updating, or destroying infrastructure. The state file is crucial for detecting drift and ensuring changes are applied correctly.

14. Why is storing state remotely a best practice?

Storing state remotely, using a backend like AWS S3 or Terraform Cloud, is a best practice for several reasons. It facilitates collaboration by providing a central, shared location for the state file that all team members can access. Remote backends also provide critical features like state locking to prevent concurrent modifications, versioning for rollback capabilities, and encryption at rest to secure potentially sensitive data. This approach is far more secure and reliable than keeping the state file on a local machine.

15. What is state locking and why is it important for collaboration?

State locking is a mechanism that prevents multiple users or automated processes from running Terraform operations on the same state file at the same time.When an operation like terraform apply begins, Terraform places a lock on the state file. If another user tries to run a conflicting command, they must wait until the lock is released. This is critically important for collaboration because it prevents race conditions, which can lead to a corrupted state file, overwritten changes, or inconsistent infrastructure.

16. How can you secure sensitive data within the Terraform state file?

By default, some resource attributes in the state file are stored in plaintext, which can be a security risk. The primary method for securing the state file is to use a remote backend that supports encryption at rest, such as AWS S3 with server-side encryption enabled. Additionally, access to the backend (e.g., the S3 bucket) should be tightly controlled using IAM policies. For managing secrets within the configuration itself, it is best to use a dedicated secrets manager and fetch values dynamically so they never enter the state file at all.

17. How can you manage different environments (e.g., dev, prod) using Terraform?

Create distinct state files for each setting when employing Terraform for managing multiple environments. Making use of separate directories or Terraform workspaces for each setting. To parameterize parameters for configurations across environments, utilize variables. To effectively manage and track changes across environments, implement a version control system.
Example:
# Define variables for environment-specific settings
variable "environment" {
  default = "dev"
}

# Use conditionals to create resources based on environment
resource "aws_instance" "example" {
  count = var.environment == "prod" ? 2 : 1
  # Other configurations...
}

18. . What happens if you manually edit the terraform.tfstate file?

Manually editing the terraform.tfstate file is strongly discouraged and should be considered a last resort. Doing so can easily corrupt the file or cause a mismatch between the state file and the actual infrastructure. This can lead to Terraform planning to destroy and recreate resources unexpectedly on the next run, or failing to manage existing resources correctly. If state manipulation is required, it should be done using the dedicated terraform state subcommands, such as terraform state rm or terraform import, which perform the operations safely.

19. What are Terraform providers and resources?

Providers are plugins that Terraform uses to interact with the APIs of cloud providers, SaaS services, or other platforms. The provider (e.g., aws, azurerm) is responsible for understanding API interactions and exposing resources.Resources are the fundamental building blocks of infrastructure in HCL, such as an aws_instance or an azurerm_resource_group. Each resource block in a configuration file declares an infrastructure object that Terraform will manage.

20. What are remote backends in Terraform?

Terraform's remote backends, such Amazon S3 or Azure Blob Storage, are locations of storage where Terraform stores its state files. They ensure consistent state management across environments and promote team member interaction. Terraform assists in maintaining infrastructure consistency and enables safer collaboration on infrastructure as code projects by remotely storing state.

21. Explain the difference between input variables and local variables (locals).

Input variables, declared with a variable block, are used to parameterize a Terraform configuration and serve as its inputs, allowing values to be passed in from outside the module.They are like function arguments. Local variables, defined in a locals block, are named expressions that can be used to assign a short name to a complex expression or a value that is used multiple times within a module. They help to reduce repetition and improve readability, acting like temporary local variables within a function's scope.

22. What are three common ways to assign values to Terraform variables?

There are several ways to assign values to input variables. Three of the most common are:

Command-Line Flags: Using the -var or -var-file flag during plan or apply (e.g., terraform apply -var="region=us-west-2").
Variable Definition Files (.tfvars): Creating a file named terraform.tfvars or *.auto.tfvars, where Terraform automatically loads the variable assignments.
Environment Variables: Prefixing an environment variable with TF_VAR_ (e.g., export TF_VAR_region="us-west-2"). Terraform will automatically use this to populate the corresponding variable.

23. What is the purpose of output values in Terraform?

Output values are used to expose information about the resources a Terraform configuration manages. They serve two main purposes: for a root module, they print useful data to the CLI after an apply, such as a server's public IP address. For a child module, outputs act as a return value, allowing data about its resources to be passed to the parent module for use in other resource configurations. This is the primary way to share data between modules.

24. What is a .tfvars file and how is it used?

A .tfvars file is a variable definitions file used to assign values to input variables declared in .tf files. By default, Terraform automatically loads values from files named terraform.tfvars or any file ending in .auto.tfvars. This approach is commonly used to separate environment-specific values (e.g., dev.tfvars, prod.tfvars) from the core infrastructure logic, allowing the same configuration to be applied with different parameters for different environments without modifying the code.

25. What is a Terraform module and why are they used?

A Terraform module is a container for a set of related resources that are managed together. Modules are used to organize, encapsulate, and reuse infrastructure code. The primary benefits are reducing code duplication, improving maintainability, and establishing standardized, reusable components. By creating modules for common architectural patterns (like a VPC or a web server cluster), you can ensure consistency and apply best practices across all your environments

26. How do you import existing infrastructure into Terraform?

terraform import command only adds existing infrastructure to the Terraform state. It does not automatically generate configuration code.
After importing, you must manually write the corresponding Terraform configuration.
terraform import aws_instance.example i-1234567890abcdef0
Then, manually add the corresponding Terraform configuration:
resource "aws_instance" "example" {
  ami           = "ami-123456"
  instance_type = "t2.micro"
}
Note: If the Terraform configuration does not match the imported resource, Terraform may mark it for deletion during terraform apply.

27. Describe the typical file structure of a Terraform module.

A standard Terraform module has a well-defined file structure to enhance clarity and usability. The main files include main.tf, which contains the core resource definitions; variables.tf, which declares the input variables that serve as the module's parameters; and outputs.tf, which defines the output values that the module returns. It is also a best practice to include a README.md file for documentation and a LICENSE file.

28. Can Terraform be utilized to manage infrastructure that is hosted on-premises?

Yes, Terraform can employ custom scripts or providers like VMware or OpenStack to manage on-premises infrastructure. It enables version control and automation via infrastructure as code practices. It ensures scalability and consistency in on-premises and cloud environments.

29. What is the difference between a root module and a child module?

The root module is the main set of Terraform configuration files in your working directory from which you run terraform commands. A child module is a separate module that is called from another configuration (typically the root module) using a module block. The root module is the entry point for a Terraform execution, and it orchestrates the deployment by calling various child modules and connecting them using their inputs and outputs.

30. How can Terraform handle and disregard duplicate resource errors when executing a `terraform apply` command?

Terraform can accept duplicate resource errors during terraform apply owing to the -ignore_duplicate switch. By setting on this setting, Terraform continues to operate even when it encounters duplicate resources, ensuring continuous deployment. This capacity improves reliability and automation, especially for complex infrastructure setups.

31. Could you describe the different parts that make up Terraform's architecture?

CLI (Command-Line Interface): This is the primary user interface via which users can tell Terraform to manage infrastructure.
Core Engine: The core engine takes actions that provide and upkeep the infrastructure by understanding configurations written in JSON or HashiCorp Configuration Language (HCL).
Providers: Terraform has the ability to manage resources across multiple infrastructure platforms (like AWS, Azure, etc.) via providers communicating via their APIs.
State Management: Terraform keeps a state file containing the current status of the managed infrastructure, enabling it to precisely determine any changes that have to be performed in later runs.

32. Why is it important to lock module versions, and how do you do it?

Locking module versions is crucial for creating stable and predictable infrastructure deployments. Without version pinning, a future terraform init could download a new, potentially incompatible version of a module, leading to unexpected errors or breaking changes in your infrastructure. You lock a module version within the module block by setting the version argument to a specific version string or a version constraint, such as version = "~> 1.2".

33. What is the difference between the count and for_each meta-arguments?

Both count and for_each are used to create multiple instances of a resource, but they differ in how they identify and manage those instances. count takes an integer and creates that many copies, referencing them via an index (e.g., resource.name). for_each takes a map or a set of strings and creates one instance for each item, referencing them via the map key or set value (e.g., resource.name["key"]). This key-based mapping makes for_each more stable when items are added or removed.

34. When would you choose for_each over count?

You should choose for_each over count when you need to create multiple resources that are not identical or when the collection of resources might change over time. for_each is superior when removing an item from the collection, as it will only destroy the specific resource associated with that key. With count, removing an item from the middle of a list will cause all subsequent resources to be destroyed and recreated due to the re-indexing of the list, which can be highly disruptive in a production environment.

35. How does Terraform handle dependencies between resources?

Terraform utilizes both explicit and implicit declarations in its configuration files to manage resource dependencies. For deciding which resources should be provisioned or current first, it employs a dependency graph. Dependencies can be provided by users using resource references in their configuration or through using the "depends_on" assets. The provisioning process is then managed by Terraform in accordance with, ensuring that resources are produced or changed in the correct sequence.

36. What are Terraform workspaces and how do they differ from modules?

Utilizing Terraform workspaces, you may oversee multiple environments such as development, staging, and production—within a single configuration. On the other hand, modules are reusable Terraform configuration construction fragments that let you bundle and share infrastructure parts. While workspaces emphasize environment isolation, modules enhance the upkeep and reusability of applications.

37. How do you debug and troubleshoot Terraform configurations?

Before applying, utilize "terraform plan" to preview changes to identify potential issues.
Using "terraform validate" to make sure that configurations are properly established and to check syntax.
For ongoing consistency, read and handle the state file with the "terraform state" commands.
For extensive knowledge into the process flow and errors, use Terraform's verbose mode, error messages, and logging capabilities.

38. How can you conditionally create a resource in Terraform?

Conditional resource creation is typically achieved using the count meta-argument with a ternary expression. You can set count to either 1 or 0 based on a boolean condition. If the condition is true, count is 1, and the resource is created. If the condition is false, count is 0, and the resource is not created at all. For example: count = var.create_resource? 1 : 0.

39. What are dynamic blocks and provide a common use case?

Dynamic blocks are an HCL feature that allows you to dynamically generate multiple nested configuration blocks within a resource.They are useful when a resource argument requires repeatable blocks whose number is not known ahead of time. A common use case is defining multiple ingress or egress rules for an aws_security_group resource by iterating over a list of port numbers, which avoids having to write a separate static block for each rule

40. What are Terraform provisioners, and why are they considered a "last resort"?

Provisioners are a feature in Terraform used to execute scripts or commands on a local or remote machine after a resource is created or before it is destroyed. They are considered a "last resort" because Terraform cannot model their actions in its execution plan, making the outcome less predictable. Best practice is to use alternatives like cloud-init scripts (user_data), Packer to create pre-configured machine images, or dedicated configuration management tools like Ansible, which provide more robust and idempotent solutions for software configuration.

41. What are the best practices for structuring Terraform configurations?

Use modules to effectively organize resources by enclosing comparable duties.
Employ outputs and variables to parameterize and save the configuration.
For clarity, utilize naming conventions for modules and resources.
Take advantage of Terraform environments and workspaces for managing multiple deployments.

42. What is infrastructure drift and what are its common causes?

Infrastructure drift is the divergence between the actual state of your infrastructure in the real world and the state defined in your Terraform configuration files. Common causes include manual changes made through a cloud provider's console (often for urgent fixes), automated changes by external scripts or services not managed by Terraform, and failed or partial Terraform applies. Drift undermines the reliability of IaC and can lead to security vulnerabilities and unexpected behavior.

43. How do you detect and remediate infrastructure drift with Terraform?

Drift is primarily detected by running the terraform plan command. If the plan shows changes to be made even when the configuration files have not been modified, it indicates that the real-world resources have drifted from the state file's record. Remediation involves two main options: either run terraform apply to revert the infrastructure back to the state defined in the code, or update the Terraform code to match the manual changes and potentially use terraform import to bring the resource back under management.

44. What is the purpose of the terraform import command?

The terraform import command is used to bring existing, manually-created infrastructure resources under Terraform's management. To use it, you must first write a resource block in your configuration that matches the resource you want to import. Then, you run the command with the resource address and the resource's unique ID from the cloud provider. This populates the state file with the imported resource, allowing Terraform to manage it from that point forward without having to destroy and recreate it.

45. Explain how you would use a data source to fetch a secret from AWS Secrets Manager

To fetch a secret from AWS Secrets Manager, you would use the aws_secretsmanager_secret_version data source. In your Terraform configuration, you define a data block that references the secret by its ID or ARN. Terraform will then query the AWS API during the plan phase to retrieve the secret's value. This value can then be referenced in other resource configurations, such as passing a database password to an aws_db_instance resource, without ever hardcoding the secret in your code.

Scenario-Based Terraform Interview Questions

Here are some real-world Terraform interview questions designed to test problem-solving skills in infrastructure automation.

Scenario 1: Handling Manual Changes Outside Terraform

46. Your Terraform configuration deploys an EC2 instance. However, a team member manually changed the instance type in the AWS console. How can you detect and reconcile this change in Terraform?

Solution:

Run terraform plan to identify the drift between the configuration and the actual infrastructure.
To reconcile:
If the manual change should remain, update the Terraform configuration (main.tf) to match.
If the manual change should be reverted, run terraform apply to enforce the original state.
To prevent future manual modifications, use IAM policies to restrict console access.

Scenario 2: Preventing Accidental Deletions in Terraform

47. A junior developer mistakenly removed an S3 bucket from the Terraform configuration file. On running `terraform apply`, Terraform detects it as a deletion. How can you prevent accidental deletions?

Solution:

To prevent accidental deletions of resources managed by Terraform, use the prevent_destroy lifecycle rule in your resource configuration:
resource "aws_s3_bucket" "important_bucket" {  
bucket = "my-secure-bucket" 

 lifecycle {    
   prevent_destroy = true  
}
}
With this setting, Terraform will not destroy the resource unless you explicitly remove the prevent_destroy flag from the configuration.
This is particularly useful in production environments to safeguard critical resources.
Note: If you need to delete the resource, you must first remove the prevent_destroy flag, apply the changes, and then destroy the resource.

Scenario 3: Running Terraform in a Team Environment

48. Multiple engineers are applying Terraform changes on a shared project. At times, state conflicts occur, causing errors. How can you prevent this issue?

Solution:

Use remote backend storage with state locking, such as S3 with DynamoDB:
backend "s3" {
  bucket         = "terraform-state-bucket"
  key           = "state/terraform.tfstate"
  region        = "us-east-1"
  dynamodb_table = "terraform-lock"
}
The DynamoDB table locks the state, ensuring only one engineer can apply changes at a time.
Encourage best practices:
Use terraform plan before terraform apply.
Communicate with team members before making changes.

Scenario 4: Managing Secrets in Terraform

49. Your Terraform configuration needs to use database credentials. How should you store and manage sensitive information securely?

Solution:

Use Terraform variables and mark them as sensitive:
variable "db_password" {
  type      = string
  sensitive = true
}
Use AWS Secrets Manager, HashiCorp Vault, or environment variables to retrieve credentials instead of hardcoding them.
Store Terraform state files remotely (e.g., S3 backend with encryption) to prevent exposing secrets.

Scenario 5: Terraform Apply Failing Due to Missing Dependencies

50. Your Terraform deployment failed because a security group needed for an EC2 instance was not created in time. How can you ensure Terraform manages dependencies correctly?

Solution:

Use implicit dependencies by referencing the security group in the EC2 instance:
resource "aws_security_group" "web_sg" {
  name = "web-sg"
}

resource "aws_instance" "web" {
  ami           = "ami-123456"
  instance_type = "t2.micro"
  security_groups = [aws_security_group.web_sg.name]
}
Terraform automatically ensures the security group is created first.
If necessary, use explicit dependencies with the depends_on keyword:
resource "aws_instance" "web" {
  depends_on = [aws_security_group.web_sg]
  ami           = "ami-123456"
  instance_type = "t2.micro"
}

Scenario 6: Terraform Apply Deletes and Recreates Resources Unexpectedly

51. You modified an AWS RDS instance parameter in Terraform, but instead of updating it, Terraform plans to delete and recreate the instance. Why is this happening, and how can you avoid downtime?

Solution:

Some Terraform changes force resource recreation (e.g., changing allocated_storage in RDS).
To minimize downtime:
Check the Terraform documentation to confirm which properties trigger recreation.
Modify only parameters that support in-place updates.
If recreation is unavoidable, create a new resource, migrate data, and remove the old one.

Scenario 7: Using Terraform Modules for Reusability

52. Your company has multiple AWS accounts and each team needs to create an S3 bucket with the same security policies. How can you avoid repeating Terraform code?

Solution:

Use Terraform modules to create a reusable S3 bucket module:
Create a module directory (modules/s3) and define main.tf:
resource "aws_s3_bucket" "bucket" {
  bucket = var.bucket_name
  acl    = "private"
}
Define variables (variables.tf):
variable "bucket_name" {
  type = string
}
Use the module in different projects:
module "s3" {
  source      = "./modules/s3"
  bucket_name = "project-storage"
}

Scenario 8: Automating Terraform in a CI/CD Pipeline

53. Your team wants to integrate Terraform into a CI/CD pipeline to automate infrastructure deployment. How should you set up the pipeline?

Solution:

Store Terraform code in GitHub/GitLab.
Use Terraform Cloud, Jenkins, GitHub Actions, or GitLab CI/CD to automate runs.
CI/CD pipeline should:
Run terraform fmt (format check).
Run terraform validate (syntax check).
Execute terraform plan and wait for approval.
Apply changes using terraform apply -auto-approve after review.
Store Terraform state remotely (S3 with state locking).

Scenario 9: Terraform State File Gets Corrupted

54. A Terraform state file became corrupted due to an unexpected system failure. How do you recover it?

Solution:

State files are critical to Terraform’s functionality, but they can be recovered if you have stored them remotely (e.g., in an S3 bucket with versioning).
Recovery Steps:
If you have remote state storage (e.g., AWS S3 with versioning enabled), simply retrieve the last working state version from the remote storage.
If you're using local state, but the state file is lost or corrupted, you may need to manually reconstruct the state file using terraform import to bring the resources back under management.
If no state file exists, you will need to recreate the infrastructure manually or re-import it into Terraform, making sure the resources are properly described in .tf files.
Best Practice: Use remote state storage (e.g., S3, Azure Blob Storage) and enable versioning to avoid state loss.

Scenario 10: Debugging Terraform Apply Failures

55. Your `terraform apply` command fails with an error saying a required resource doesn’t exist. How do you troubleshoot this issue?

Solution:

Run terraform plan to check what Terraform is trying to modify.
Check if the resource was manually deleted in AWS.
Run Terraform logs in debug mode:
TF_LOG=DEBUG terraform apply
If dependent resources are missing, recreate them first before applying changes again.

Conclusion

This comprehensive collection of Terraform interview questions and answers can be found here. From fundamental concepts and installation to advanced practices and debugging gets closer, these questions cover a wide range of topics that are essential to mastering Terraform.

During preparation for these inquiries, candidates may improve their ability to manage infrastructure as code by gaining a greater comprehension of Terraform's capabilities and best practices. These questions offer a great tool for learning and interview preparation, no matter your degree of expertise with Terraform. Remember that efficient use of Terraform helps not only the effective deployment of infrastructure but also its dependable scaling and maintenance.

Terraform Interview Questions and Answers

1. What is Terraform's primary purpose?

2. Explain the difference between declarative and imperative IaC.

3. How does Terraform differ from configuration management tools like Ansible?

4. Explain the basic structure of a Terraform configuration file.

5. What makes Terraform a cloud-agnostic tool?

6. What is Infrastructure as Code (IaC) and its main benefits?

7. Describe the core Terraform workflow.

8. What is the purpose of terraform init?

9. Explain what terraform plan does and why it's important.

10. . What is the difference between terraform apply and terraform apply tfplan?

11. Who are some key players that compete with Terraform in the infrastructure as code (IaC) market?

12. What are the roles of terraform validate and terraform fmt?

13. What is the purpose of the Terraform state file?

14. Why is storing state remotely a best practice?

15. What is state locking and why is it important for collaboration?

16. How can you secure sensitive data within the Terraform state file?

17. How can you manage different environments (e.g., dev, prod) using Terraform?

18. . What happens if you manually edit the terraform.tfstate file?

19. What are Terraform providers and resources?

20. What are remote backends in Terraform?

21. Explain the difference between input variables and local variables (locals).

22. What are three common ways to assign values to Terraform variables?

23. What is the purpose of output values in Terraform?

24. What is a .tfvars file and how is it used?

25. What is a Terraform module and why are they used?

26. How do you import existing infrastructure into Terraform?

27. Describe the typical file structure of a Terraform module.

28. Can Terraform be utilized to manage infrastructure that is hosted on-premises?

29. What is the difference between a root module and a child module?

30. How can Terraform handle and disregard duplicate resource errors when executing a terraform apply command?

31. Could you describe the different parts that make up Terraform's architecture?

32. Why is it important to lock module versions, and how do you do it?

33. What is the difference between the count and for_each meta-arguments?

34. When would you choose for_each over count?

35. How does Terraform handle dependencies between resources?

36. What are Terraform workspaces and how do they differ from modules?

37. How do you debug and troubleshoot Terraform configurations?

38. How can you conditionally create a resource in Terraform?

39. What are dynamic blocks and provide a common use case?

40. What are Terraform provisioners, and why are they considered a "last resort"?

41. What are the best practices for structuring Terraform configurations?

42. What is infrastructure drift and what are its common causes?

43. How do you detect and remediate infrastructure drift with Terraform?

44. What is the purpose of the terraform import command?

45. Explain how you would use a data source to fetch a secret from AWS Secrets Manager

Scenario-Based Terraform Interview Questions

Scenario 1: Handling Manual Changes Outside Terraform

46. Your Terraform configuration deploys an EC2 instance. However, a team member manually changed the instance type in the AWS console. How can you detect and reconcile this change in Terraform?

Scenario 2: Preventing Accidental Deletions in Terraform

47. A junior developer mistakenly removed an S3 bucket from the Terraform configuration file. On running terraform apply, Terraform detects it as a deletion. How can you prevent accidental deletions?

Scenario 3: Running Terraform in a Team Environment

48. Multiple engineers are applying Terraform changes on a shared project. At times, state conflicts occur, causing errors. How can you prevent this issue?

Scenario 4: Managing Secrets in Terraform

49. Your Terraform configuration needs to use database credentials. How should you store and manage sensitive information securely?

Scenario 5: Terraform Apply Failing Due to Missing Dependencies

50. Your Terraform deployment failed because a security group needed for an EC2 instance was not created in time. How can you ensure Terraform manages dependencies correctly?

Scenario 6: Terraform Apply Deletes and Recreates Resources Unexpectedly

51. You modified an AWS RDS instance parameter in Terraform, but instead of updating it, Terraform plans to delete and recreate the instance. Why is this happening, and how can you avoid downtime?

Scenario 7: Using Terraform Modules for Reusability

52. Your company has multiple AWS accounts and each team needs to create an S3 bucket with the same security policies. How can you avoid repeating Terraform code?

Scenario 8: Automating Terraform in a CI/CD Pipeline

53. Your team wants to integrate Terraform into a CI/CD pipeline to automate infrastructure deployment. How should you set up the pipeline?

Scenario 9: Terraform State File Gets Corrupted

54. A Terraform state file became corrupted due to an unexpected system failure. How do you recover it?

Scenario 10: Debugging Terraform Apply Failures

55. Your terraform apply command fails with an error saying a required resource doesn’t exist. How do you troubleshoot this issue?

Conclusion

Explore

30. How can Terraform handle and disregard duplicate resource errors when executing a `terraform apply` command?

47. A junior developer mistakenly removed an S3 bucket from the Terraform configuration file. On running `terraform apply`, Terraform detects it as a deletion. How can you prevent accidental deletions?

55. Your `terraform apply` command fails with an error saying a required resource doesn’t exist. How do you troubleshoot this issue?