The growing demand for infrastructure as code (IaC) has brought tools like Terraform to the forefront of the DevOps world. If you're preparing for an interview that requires knowledge of Terraform, you're in the right place. This comprehensive list of Terraform interview questions will not only help you prepare but also give you a deeper understanding of the tool:

1. What is Terraform?
2. Why use Terraform instead of other IaC tools?
3. What is the difference between imperative and declarative language in the context of IaC?
4. Explain the significance of the Terraform state file.
5. What is a Terraform provider?
6. How do you handle secrets in Terraform?
7. Can you explain Terraform's workflow?
8. What are Terraform Modules?
9. How do you handle Terraform state in a team environment?
10. What are provisioners in Terraform?
11. How does Terraform manage dependencies between resources?
12. What is the significance of .tfvars file in Terraform?
13. How do you upgrade to a new version of a Terraform provider?
14. What are data sources in Terraform?
15. Explain the difference between terraform apply and terraform plan.
16. How can you prevent a resource from being destroyed in Terraform?
17. How can you import existing infrastructure into Terraform?
18. What is tainting in Terraform?
19. How can you reference the output of one module in another module in Terraform?
20. How do you handle state file merge conflicts in a team environment?
21. What's the difference between a Terraform provider and a Terraform module?

1. What is Terraform?

Terraform is an open-source infrastructure-as-code (IAC) software tool developed by HashiCorp. It allows users to define and provision data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL). Terraform's main features and advantages include:

• Declarative Language: With HCL, you specify the desired end-state of your infrastructure, and Terraform determines how to achieve it. This contrasts with imperative approaches where one needs to specify each individual step to achieve the desired state.
• Platform Agnostic: Terraform is cloud-agnostic and supports a multitude of providers like AWS, Azure, Google Cloud, and many others, including on-premises solutions. This enables users to manage diverse infrastructure resources consistently.
• State Management: Terraform maintains a state file that keeps track of the resources it has provisioned, allowing it to determine the differences between the current and desired state and make the necessary changes.
• Modularity: Terraform supports the use of modules, enabling users to create reusable infrastructure components that can be shared and used across multiple environments or projects.
• Versioning and Collaboration: With features like remote backends and workspaces, multiple teams can collaborate on infrastructure provisioning and management while maintaining versioning and state integrity.
• Safety and Predictability: Before applying any changes, Terraform produces a plan that outlines the actions it will take. This provides an opportunity to review and verify the changes before they're applied.

In summary, Terraform provides a consistent, declarative way to manage and provision infrastructure resources, making it an essential tool in the DevOps toolchain for automating, scaling, and maintaining infrastructure efficiently.

2. Why use Terraform instead of other IaC tools?

While each tool has its merits, Terraform stands out due to its:

• Provider agnosticism: It can work with numerous cloud providers and services.
• State management: Terraform maintains a state file to keep track of resources.
• Declarative Language: You describe what you want, and Terraform determines how to achieve it.
• Modularity: You can create reusable modules for common infrastructure patterns.

Compare Terraform with other IaC tools:

AWS CloudFormation

• AWS CloudFormation: It's a service offered by Amazon Web Services (AWS) that allows you to define and provision AWS infrastructure using a declarative template.
• Advantage of Terraform: While CloudFormation is tightly integrated with AWS and provides deep customization for AWS resources, Terraform is cloud-agnostic. This means you can use Terraform to manage resources across multiple cloud providers with a single tool. Also, Terraform's syntax (HCL) is often regarded as more readable and intuitive compared to CloudFormation's JSON or YAML templates.

Azure Resource Manager (ARM) Templates

• ARM Templates: Azure's native IaC solution allows you to define and deploy infrastructure to Azure using JSON templates.
• Advantage of Terraform: Similar to the AWS CloudFormation scenario, while ARM templates are specific to Azure, Terraform can manage resources both in Azure and across other platforms. Additionally, Terraform provides a more consistent syntax and behavior when managing resources across cloud providers.

Google Cloud Deployment Manager

• Google Cloud Deployment Manager: Google Cloud's native IaC tool that allows you to specify all the resources needed for your application in a declarative format using YAML.
• Advantage of Terraform: Beyond the multi-cloud argument, Terraform also offers a more extensive range of community-contributed modules and plugins, potentially speeding up development and deployment.

Pulumi

• Pulumi: Unlike the previously mentioned tools that use domain-specific languages, Pulumi allows you to define your infrastructure using general-purpose programming languages like TypeScript, Python, Go, and C#.
• Advantage of Terraform: While Pulumi's approach is powerful and flexible, especially for developers familiar with the specific languages, Terraform's declarative approach with HCL provides a clear separation between infrastructure code and application code. This can simplify troubleshooting and understanding for those primarily focused on infrastructure.

Ansible

• Ansible: While primarily a configuration management tool, Ansible can also be used for infrastructure provisioning with its cloud modules.
• Advantage of Terraform: Terraform's state management provides a more granular and real-time representation of infrastructure, making it better suited for IaC tasks. Ansible, being procedural (describing steps to achieve a desired state) and Terraform being declarative (describing the desired end state), there's a fundamental difference in approach. Also, Ansible does not maintain a persistent state, which can lead to discrepancies when used for provisioning.

Chef, Puppet, and SaltStack

• Chef/Puppet/SaltStack: Like Ansible, these are more focused on configuration management but can be adapted for IaC purposes.
• Advantage of Terraform: Again, Terraform's state management and its focus on being a pure-play IaC tool give it an edge for infrastructure provisioning tasks. The clear separation between infrastructure setup (handled by Terraform) and system configuration (which can be managed by tools like Chef or Puppet) allows for a modular and organized approach to infrastructure deployment.

In all these comparisons, it's important to understand that no tool is universally "better" than the others. The right choice often depends on specific use cases, existing expertise, and the specific requirements of a project. But understanding the distinct advantages of Terraform can help in making an informed decision.

3. What is the difference between imperative and declarative language in the context of IaC?

Imperative language specifies a series of commands to achieve a desired state. In contrast, declarative language specifies the desired end state without detailing the steps to achieve it. Terraform uses a declarative approach, where you describe your desired infrastructure and let Terraform figure out how to achieve it.

4. Explain the significance of the Terraform state file.

The state file helps Terraform remember and track the resources it manages. Without a state file, Terraform would lack a reference point and wouldn't know the current state of infrastructure or what changes are necessary.

5. What is a Terraform provider?

Providers are responsible for understanding API interactions and exposing resources. Popular providers include AWS, Azure, Google Cloud, among others. They act as a bridge between the Terraform configuration and the target API.

6. How do you handle secrets in Terraform?

Secrets should never be hardcoded in Terraform files. Instead, use:

• Environment variables: Set secrets as environment variables and refer to them in Terraform files.
• Terraform Cloud: A SaaS product that provides secure storage for secrets.
• Vault by HashiCorp: Another product by HashiCorp designed for secret management.

7. Can you explain Terraform's workflow?

A typical Terraform workflow involves:

• Initialization: terraform init
• Plan: terraform plan – Outputs the changes to be made.
• Apply: terraform apply – Applies the proposed changes.
• Destroy: terraform destroy (if needed) – Removes all resources created by Terraform.

8. What are Terraform Modules?

Modules in Terraform are self-contained packages of Terraform configurations that are used as blueprints for infrastructure. They help in reusing and organizing code.

9. How do you handle Terraform state in a team environment?

In a team environment:

• Use remote backends like AWS S3 with state locking.
• Employ workspaces to manage different environments like staging and production.
• Regularly backup state files.
• Avoid manual changes to infrastructure, always use Terraform.

10. What are provisioners in Terraform?

Provisioners are used as a last resort in Terraform to execute scripts on a local or remote machine as part of resource creation or destruction.

11. How does Terraform manage dependencies between resources?

Terraform builds a dependency graph to determine the order of resource creation. Implicit dependencies (defined by references between resources) and explicit dependencies (using the depends_on attribute) both contribute to this graph.

12. What is the significance of .tfvars file in Terraform?

The .tfvars file allows users to define variable values in Terraform configurations. By using this file, one can set up environment-specific configurations or keep sensitive data separate from the main configuration. When running Terraform commands, it will automatically load variables from files named terraform.tfvars or any file ending in .auto.tfvars.

13. How do you upgrade to a new version of a Terraform provider?

To upgrade to a new version of a Terraform provider, you can use the terraform init -upgrade command. This will instruct Terraform to check for the latest versions of your providers and download them.

14. What are data sources in Terraform?

In Terraform, a data source allows data to be fetched or computed for use elsewhere in Terraform configuration. It can be used to discover existing VPC, IP addresses, AMI IDs, or any other resources that are external to the current Terraform configuration but necessary for it.

15. Explain the difference between terraform apply and terraform plan.

terraform plan is used to create an execution plan, showing what actions Terraform will take to apply the current configuration. It does not make any changes to real resources. On the other hand, terraform apply applies the changes required to reach the desired state of the configuration, making actual changes to the infrastructure.

16. How can you prevent a resource from being destroyed in Terraform?

To prevent a resource from being destroyed, you can set the lifecycle block within the resource configuration with the prevent_destroy attribute set to true. This will protect the resource from accidental deletions.

17. How can you import existing infrastructure into Terraform?

Terraform provides an import command that allows you to bring existing infrastructure under Terraform management. For each resource, you'd run a command in the form terraform import [address] [ID], where address is the Terraform address of the resource and ID is the unique identifier of the existing resource in the platform.

18. What is tainting in Terraform?

Tainting a resource in Terraform means flagging a resource for recreation. When you taint a resource, the next time you run terraform apply, Terraform will destroy the current resource and create a new replacement.

19. How can you reference the output of one module in another module in Terraform?

Module outputs can be referenced in other parts of your Terraform configuration using the syntax module.MODULE_NAME.OUTPUT_NAME. For example, if you have an output named subnet_id in a module named vpc, you would reference it with module.vpc.subnet_id.

20. How do you handle state file merge conflicts in a team environment?

State file merge conflicts can be minimized by:

• Using remote backends with state locking, ensuring that only one person can modify the state at a time.
• Splitting infrastructure into smaller, more manageable pieces to reduce the chances of team members working on the same resources.
• If conflicts do occur, they should be resolved manually by examining the changes and determining the correct state. Automated merging of state files is discouraged.

21. What's the difference between a Terraform provider and a Terraform module?

A Terraform provider is a plugin for Terraform that allows for the management of external resources, typically offered by cloud platforms like AWS, Azure, and Google Cloud. Providers understand the APIs of these platforms and expose resource types. On the other hand, a Terraform module is a set of Terraform configurations packaged together, allowing for code reuse, organization, and infrastructure standardization.

Conclusion

Terraform is a powerful and evolving tool in the DevOps space. Familiarizing yourself with these interview questions can give you an edge during the interview process. Always remember to supplement these questions with hands-on practice and deeper dives into specific Terraform functionalities.