FAQs for Terraform

Terraform Interview FAQs

What is Terraform and why do we use it?
Terraform is an Infrastructure as Code (IaC) tool used to provision and manage infrastructure across cloud providers in a declarative way.
What are Providers in Terraform?
Providers are plugins that let Terraform interact with cloud platforms and services (like Azure, AWS, GCP, Kubernetes).
What is a Terraform Module?
A module is a container for multiple resources that are used together. It promotes reusability and better organization.
What is the difference between terraform plan and terraform apply?
- terraform plan: Shows the execution plan (what will change).
- terraform apply: Actually applies the changes.
What is the Terraform State file?
It’s a file (terraform.tfstate) that keeps track of resources Terraform manages. It maps real infrastructure to your configuration.
Why do we use Remote State in Terraform?
To share the state among teams, enable collaboration, and avoid conflicts. Common backends are Azure Blob, S3, GCS, etc.
What is a Backend in Terraform?
Backend defines where the state is stored (local or remote) and how operations are executed.
What is the difference between terraform import and terraform state?
- terraform import: Brings existing resources under Terraform management.
- terraform state: Manages or manipulates the state file directly.
What is terraform refresh?
It updates the state file with the real-world infrastructure without making changes.
What are Variables and Outputs in Terraform?

Variables: Input values (like parameters).
Outputs: Exported values after resource creation, often shared across modules.

What is the difference between Terraform var and locals?

var: User-defined input variables.
locals: Fixed values or derived expressions used internally.

What is Terraform Workspace?
Workspaces allow managing multiple environments (like dev, test, prod) using the same configuration.
What is the difference between Mutable vs Immutable infrastructure in Terraform?

Mutable: Resources are updated in place.
Immutable: Old resources are destroyed and new ones are created.

What are Terraform Provisioners? Should we use them?
Provisioners execute scripts on resources (like running a shell script). Best practice: avoid them unless absolutely necessary.
What are the types of Terraform Providers?

Official providers (by HashiCorp).
Verified providers (trusted partners).
Community providers (open-source contributors).

What is the difference between count and for_each in Terraform?

count: Creates resources based on a number.
for_each: Creates resources based on keys in a map/set.

What are Terraform Data Sources?
Data sources let you fetch and use information from existing infrastructure.
What happens when two people run terraform apply at the same time?
It can corrupt the state. That’s why remote state with state locking (e.g., DynamoDB for AWS, Azure Blob lock) is recommended.
What are some best practices in Terraform?

Use modules for reusability.
Store state remotely and enable locking.
Use version control for code.
Avoid hardcoding values (use variables).
Format and validate code (terraform fmt, terraform validate).

What’s new in Terraform (0.14/1.0/1.5 versions)?

Dependency lock file (.terraform.lock.hcl).
Improved provider handling.
New block types like moved (for refactoring).
CLI enhancements.

Terraform Advanced FAQs

How does Terraform handle dependencies between resources?
Terraform automatically builds a dependency graph. You can also use depends_on explicitly.
What is the difference between Terraform and ARM templates/CloudFormation?

ARM/CloudFormation → Cloud-native (Azure/AWS only).
Terraform → Multi-cloud, simpler syntax, reusable modules.

How do you manage secrets in Terraform?

Use secret managers like Azure Key Vault, AWS Secrets Manager.
Never hardcode secrets in .tf files.
Use environment variables or CI/CD pipeline integration.

How do you upgrade a Terraform module safely?

Run terraform init -upgrade.
Test in a lower environment.
Use terraform plan to preview changes.

What are null_resource and local-exec in Terraform?

null_resource: A placeholder resource.
local-exec: Executes local commands/scripts on the machine running Terraform.

What is the difference between terraform destroy and terraform taint?

terraform destroy: Removes all resources.
terraform taint: Marks a resource for recreation on the next apply.

What happens if the state file is deleted?
Terraform will not know about existing resources and may try to create them again. That’s why remote state with backup is critical.
How do you handle Terraform state drift?

Run terraform plan regularly.
Use terraform refresh.
Manually fix or re-import resources.

What is the difference between terraform fmt and terraform validate?

fmt: Formats Terraform code.
validate: Validates syntax and checks for errors.

How do you restrict which provider version to use?
By using the required_providers block in terraform {} and version constraints.
How do you handle multiple environments (Dev/Test/Prod) in Terraform?

Workspaces.
Separate state files.
Separate folders/modules with variable files (.tfvars).

What are Terraform Cloud and Terraform Enterprise?
Managed services by HashiCorp for remote state management, collaboration, policy as code (Sentinel), and governance.
What is the difference between terraform init -reconfigure and terraform init -migrate-state?

-reconfigure: Reconfigures backend.
-migrate-state: Moves state from old backend to new backend.

What is the use of terraform graph?
It visualizes the resource dependency graph.
What’s the difference between lifecycle meta-arguments like create_before_destroy and prevent_destroy?

create_before_destroy: Creates a new resource before destroying the old one.
prevent_destroy: Prevents accidental deletion.

How do you test Terraform code?

Use terraform plan for dry-runs.
Use tools like Terratest, Kitchen-Terraform.
Linting tools (tflint, checkov).

What’s the difference between Terraform Open Source vs Terraform Cloud?

Open Source: Local execution, manual state management.
Cloud: Remote execution, state locking, collaboration, Sentinel policies.

How do you perform a Terraform rollback?

Use version control to revert code.
Apply with an older version of the state/config.
No direct rollback command.

What is terraform.workspace?
A built-in variable that tells you the current workspace (e.g., default, dev, prod).
What are some common Terraform errors you have faced?

State lock errors (resolved with terraform force-unlock).
Provider authentication issues.
Version mismatch between Terraform and providers.
Drift due to manual changes in cloud resources.

AKS Architecture Overview

AKS is a managed Kubernetes service in Azure where Microsoft manages the control plane and you (the customer) manage the worker nodes and workloads . At a high level, it consists of: Control Plane (Master Components) – managed by Azure. Worker Nodes (Agent Nodes) – managed by you (inside your subscription). Supporting Azure Resources – networking, storage, monitoring, identity, etc. 🔹 1. Control Plane (Managed by Azure) This is the brain of the cluster, hosted and managed by Azure. You don’t pay directly for the control plane; it’s included in the service. Key components: API Server – entry point for kubectl, Azure CLI, and Azure portal requests. etcd – distributed key-value store to keep cluster state (pods, secrets, config, etc.). Scheduler – places pods on the right worker nodes based on resources/constraints. Controller Manager – ensures the desired state matches actual state (e.g., replicas). Cloud Controller Manager – integrates Kub...

DevOps

Search This Blog