Terraform Questions

State maps real-world resources to your configuration. In a team, use a remote backend (like S3 with DynamoDB for locking) to ensure everyone works with the same state and to prevent concurrent modifications.

plan creates an execution plan, showing what actions Terraform will take to reach the desired state. apply executes those actions to provision the resources.

Answer: Modules are containers for multiple resources that are used together. They allow you to:

• Reusability: Write code once and instantiate it multiple times (e.g., a standard VPC setup).
• Organization: Break down complex configurations into smaller, manageable parts.
• Encapsulation: Hide complexity and expose only necessary variables.

Answer:

• `count`: Good for simple conditional creation (0 or 1) or identical resources. However, it relies on array indices. If you remove an item from the middle of the list, Terraform may destroy and recreate all subsequent resources.
• `for_each`: Uses a map or set of strings. Resources are identified by a key, not an index. This is safer for lists of resources that might change order or have items removed.

Answer: NEVER commit secrets to version control.

• Use Environment Variables (e.g., `TF_VAR_db_password`).
• Use a secret manager (AWS Secrets Manager, HashiCorp Vault) and fetch them via data sources.
• Mark variables as `sensitive = true` to prevent them from showing in logs.
• Encrypt the state file (remote backends usually handle this).

Answer: Data sources allow Terraform to fetch information defined outside of Terraform, or defined by another separate Terraform configuration. For example, looking up the ID of the latest Amazon Linux AMI or finding the ID of an existing VPC.

Answer: Terraform usually infers dependencies automatically (implicit dependency) based on resource references (e.g., an EC2 instance referencing a Security Group ID). However, sometimes hidden dependencies exist that Terraform can't see. In those cases, you use the `depends_on` meta-argument to explicitly define the order of creation.

Answer: Provisioners (like `local-exec` or `remote-exec`) execute scripts on a local or remote machine as part of resource creation/destruction. They are a "last resort" because:

• They don't track state well.
• They make the code less portable and more fragile.
• It's better to use "User Data" (cloud-init) or golden images (Packer) for configuration.

Answer: Workspaces allow you to manage multiple states for the same configuration. For example, you can have a `dev`, `staging`, and `prod` workspace using the exact same `.tf` files.

Caveat: HashiCorp often recommends using separate directories (and separate state files) for different environments (e.g., `env/prod`, `env/dev`) instead of workspaces for better isolation and clarity.

Answer: This is called "Drift". The next time you run `terraform plan`, Terraform will detect that the real-world state differs from the state file. It will propose changes to revert the resource back to the configuration defined in your code.