Terraform Pocket Book

Posted on by uplatzblog

Terraform Pocket Book — Uplatz

50 Expanded Cards • One-Column Colorful Layout • HCL · State · Providers · Modules · Workspaces · CI/CD · Interview Q&A

1) What is Terraform?

Terraform is an open-source Infrastructure as Code (IaC) tool by HashiCorp that allows you to define, provision, and manage infrastructure across multiple cloud providers using declarative configuration files.

2) Key Advantages

  • Multi-cloud and provider-agnostic
  • Declarative language (HCL)
  • State management
  • Reusable modules
  • Execution plan for predictability

3) HCL Basics

resource "aws_instance" "web" {
  ami           = "ami-0abcd1234"
  instance_type = "t2.micro"
}

4) Providers

Plugins that enable Terraform to interact with APIs (AWS, Azure, GCP, Kubernetes, etc.).

provider "aws" {
  region = "us-east-1"
}

5) State Files

Terraform keeps track of managed infrastructure in a state file (terraform.tfstate) which should be stored securely (e.g., S3 + DynamoDB for locking).

6) Basic Workflow

  • terraform init – Initialize
  • terraform plan – Preview changes
  • terraform apply – Apply changes
  • terraform destroy – Tear down

7) Variables

variable "region" {
  default = "us-east-1"
}

8) Outputs

output "instance_ip" {
  value = aws_instance.web.public_ip
}

9) Modules

Reusable containers for Terraform configurations, can be local or from the registry.

10) Data Sources

data "aws_ami" "latest" {
  most_recent = true
  owners      = ["amazon"]
}

11) Terraform Registry

Public repository of providers and modules at registry.terraform.io.

12) Remote State

Store state remotely for team collaboration. Examples: AWS S3, GCS, Azure Blob.

13) State Locking

Prevents concurrent state modifications (e.g., DynamoDB lock for S3 backend).

14) Workspaces

Maintain multiple environments (dev, staging, prod) with the same configuration.

15) Taint & Replace

terraform taint aws_instance.web

16) Provisioners

Run scripts on resources after creation (use with caution).

17) Lifecycle Rules

lifecycle {
  prevent_destroy = true
}

18) Import

Bring existing infrastructure into Terraform management.

19) Graph

Visualize dependency graph with terraform graph.

20) Drift Detection

Identify infrastructure changes outside Terraform using terraform plan.

21) Backends

Define where state is stored and how operations are executed.

22) Sensitive Variables

Mark with sensitive = true to hide from logs.

23) For Each & Count

count = 3
for_each = toset(["a", "b"])

24) Conditional Expressions

instance_type = var.env == "prod" ? "t3.large" : "t3.micro"

25) Dynamic Blocks

dynamic "ingress" {
  for_each = var.rules
  content { ... }
}

26) File Function

Load file contents: file("script.sh")

27) External Data

Use external data source to integrate with scripts.

28) Terraform Cloud

Managed service for state, runs, and policy enforcement.

29) Sentinel Policies

Policy as Code framework to enforce rules.

30) CI/CD Integration

Integrate with Jenkins, GitLab CI, GitHub Actions for automated plans and applies.

31) Q: Terraform vs CloudFormation?

A: Terraform is multi-cloud, open-source; CloudFormation is AWS-only.

32) Q: What is HCL?

A: HashiCorp Configuration Language — human-friendly and machine-readable.

33) Q: How to manage state securely?

A: Use remote backends with encryption and locking.

34) Q: Purpose of terraform plan?

A: Preview changes before applying to avoid mistakes.

35) Q: Providers?

A: API bridges for Terraform to interact with platforms.

36) Q: Difference between module and resource?

A: Resource is a single infrastructure item; module is a reusable set of resources.

37) Q: What happens if state file is lost?

A: Terraform loses track; requires import or rebuild.

38) Q: How to handle secrets?

A: Sensitive variables, Vault, secret managers.

39) Q: Workspace use case?

A: Manage multiple environments with one config.

40) Q: Terraform destroy risks?

A: Irreversible deletion; use prevent_destroy.

41) Q: Local vs Remote exec?

A: Local runs on control machine; remote runs on target.

42) Q: Terraform import?

A: Brings existing resources under management.

43) Q: Why modules?

A: DRY principle, reuse, maintainability.

44) Q: Difference between count and for_each?

A: count is index-based, for_each is key-based.

45) Q: Remote backend advantages?

A: Collaboration, locking, central state.

46) Q: Sentinel usage?

A: Enforce compliance via policies.

47) Q: State locking?

A: Prevents parallel conflicting changes.

48) Q: Plan output usage?

A: Review for auditing or approval workflows.

49) Q: When to use provisioners?

A: As last resort for tasks outside provider scope.

50) Q: Handling drift?

A: Run plan regularly, reapply to sync.