Basic Scenario-Based Terraform Interview Questions and Answers
Scenario: You need to create a VPC with multiple subnets in different availability zones.
Question: How would you define this in Terraform?
Answer: You would use the aws_vpc, aws_subnet, and aws_availability_zone resources, utilizing modules for reusability and defining subnets in a loop.
Scenario: Your Terraform configuration needs to create an EC2 instance and attach an existing security group.
Question: How do you reference the existing security group?
Answer: Use the data block to fetch the existing security group and reference it in your aws_instance resource.
Scenario: You are asked to migrate an existing infrastructure managed outside Terraform into Terraform.
Question: How would you approach this task?
Answer: Use terraform import to bring the existing resources into Terraform management and ensure the state file reflects the current infrastructure state.
Scenario: Multiple team members need to work on the same Terraform configuration.
Question: How do you manage the state file to avoid conflicts?
Answer: Use remote state storage with state locking enabled, such as Terraform Cloud, AWS S3 with DynamoDB, or Azure Blob Storage with a shared key.
Scenario: A Terraform plan indicates that certain resources will be destroyed and recreated.
Question: How do you investigate the cause and prevent it?
Answer: Check for changes in immutable properties or dependencies in the configuration. Use lifecycle blocks with ignore_changes to prevent recreation if necessary.
Scenario: You need to deploy resources across multiple cloud providers.
Question: How would you structure your Terraform configuration?
Answer: Create provider configurations for each cloud provider and use modules to encapsulate the resource definitions for each provider.
Scenario: Your Terraform apply failed halfway through.
Question: What steps do you take to resolve the situation?
Answer: Investigate the error message, ensure resources are in the expected state, and use terraform apply again. Check the state file if necessary.
Scenario: You need to create infrastructure for multiple environments (dev, staging, prod).
Question: How do you manage different configurations?
Answer: Use workspaces or separate state files and configuration files for each environment, ensuring modularization and parameterization.
Scenario: A critical security patch needs to be applied to all EC2 instances.
Question: How do you ensure all instances are updated?
Answer: Update the AMI or configuration in the Terraform code, apply the changes, and use a rolling update strategy to minimize downtime.
Scenario: A team member accidentally deleted the Terraform state file.
Question: What do you do to recover?
Answer: Restore the state file from a backup or remote state storage, and use terraform refresh to update the state file with current resource statuses.
Scenario: Your Terraform configuration has hardcoded values that need to be changed frequently.
Question: How do you make it more flexible?
Answer: Use input variables to parameterize the configuration, allowing values to be changed without modifying the code.
Scenario: You are tasked with ensuring infrastructure compliance with a set of security policies.
Question: How do you enforce these policies in Terraform?
Answer: Implement policy as code using tools like Sentinel or Open Policy Agent (OPA) integrated with Terraform.
Scenario: You need to create resources that depend on each other in a specific order.
Question: How do you manage the dependencies?
Answer: Use implicit dependencies by referencing resource attributes or explicit dependencies with the depends_on meta-argument.
Scenario: Your Terraform apply command fails due to rate limiting by the cloud provider.
Question: How do you handle this?
Answer: Implement retries with exponential backoff, and use batching or throttling techniques in your configuration.
Scenario: You need to scale infrastructure based on load.
Question: How do you configure auto-scaling in Terraform?
Answer: Use resources like aws_autoscaling_group and aws_launch_configuration, and define scaling policies based on metrics.
Scenario: You need to perform a blue-green deployment.
Question: How do you implement this with Terraform?
Answer: Create separate environments (blue and green) and switch traffic between them using a load balancer or DNS.
Scenario: Your infrastructure needs to be resilient to regional failures.
Question: How do you design it with Terraform?
Answer: Deploy resources across multiple regions and use global services or cross-region replication.
Scenario: You need to update the Terraform provider to the latest version.
Question: What steps do you take to ensure a smooth update?
Answer: Check the provider's release notes, update the provider version constraint in the configuration, and run terraform init -upgrade.
Scenario: A resource configuration change is required but should not affect existing resources.
Question: How do you apply this change?
Answer: Use the lifecycle block with the ignore_changes argument to prevent specific attributes from triggering resource replacement.
Scenario: You need to create a resource only if it doesn't already exist.
Question: How do you handle this in Terraform?
Answer: Use the count or for_each meta-arguments with conditional expressions to control resource creation based on existence checks.
Scenario: You are asked to integrate Terraform with a CI/CD pipeline.
Question: How do you implement this?
Answer: Use Terraform commands in your CI/CD tool (e.g., Jenkins, GitLab CI) to run terraform init, plan, and apply as part of the deployment process.
Scenario: Your Terraform state file grows too large.
Question: What can you do to manage it?
Answer: Break the state file into multiple smaller files by using modules and workspaces, and store state remotely.
Scenario: A new team member needs access to manage Terraform infrastructure.
Question: How do you grant access securely?
Answer: Use role-based access control (RBAC) in your remote state backend and limit access with least privilege principles.
Scenario: You need to debug a Terraform configuration issue.
Question: What tools or methods do you use?
Answer: Use terraform plan to check for discrepancies, terraform validate for syntax errors, and logging/debugging output from Terraform commands.
Scenario: Your Terraform configuration must comply with organizational naming conventions.
Question: How do you enforce naming standards?
Answer: Use modules with predefined naming conventions and validate naming patterns with policies or scripts.
Scenario: You need to create a resource that is dependent on an output from another resource.
Question: How do you reference this output?
Answer: Use output variables to expose values from one module or resource and reference them in another.
Scenario: You need to create resources conditionally based on input variables.
Question: How do you achieve this in Terraform?
Answer: Use conditional expressions with the count or for_each meta-arguments to create resources based on input variable conditions.
Scenario: You need to version control your Terraform configurations.
Question: What best practices do you follow?
Answer: Use a version control system like Git, modularize your code, maintain clear commit messages, and implement CI/CD for automatic testing and deployment.
Scenario: Your organization adopts a multi-cloud strategy.
Question: How do you manage infrastructure across different cloud providers?
Answer: Use Terraform’s multi-provider capabilities, create provider configurations for each cloud, and define modules to encapsulate cloud-specific resource definitions.
Scenario: You need to roll back infrastructure to a previous state.
Question: How do you perform a rollback in Terraform?
Answer: Use versioned state files or revert to a previous commit in your version control system, and run terraform apply to restore the desired state.
