Terraform Interview Prep Guide

🟢 Easy (Basics)

1. What is Terraform and why is it used?

Terraform is an Infrastructure as Code (IaC) tool by HashiCorp. It lets you define infrastructure (VMs, networks, databases, load balancers, etc.) in declarative configuration files.
Benefits: version control, automation, reproducibility, and consistency across environments.

2. Difference between Terraform and other IaC tools?

Terraform vs Ansible: Terraform is declarative, Ansible is procedural.
Terraform vs CloudFormation: Terraform is multi-cloud, CloudFormation is AWS-specific.

3. What are Terraform Providers?

Providers are plugins that allow Terraform to interact with cloud services. Examples: aws, azurerm, google, kubernetes.

4. Explain Terraform state file.

Stores infrastructure metadata in terraform.tfstate. Helps Terraform compare desired vs actual state. Should be stored remotely (S3, GCS, Azure Blob) for teams.

5. terraform plan vs terraform apply?

terraform plan → Preview changes without applying.
terraform apply → Executes the changes.

6. .terraform.lock.hcl file?

Locks provider versions, ensuring consistency across machines and pipelines.

7. What is terraform init?

Initializes directory, downloads providers, installs modules, configures backend.

8. Variables & Outputs?

Variables → dynamic values.
Outputs → expose attributes after deployment.

9. What is terraform destroy?

Tears down resources defined in configuration.

10. Dependencies in Terraform?

Terraform builds a DAG. Dependencies are implicit, can be forced with depends_on.

🟡 Medium (Hands-on)

1. Difference between count and for_each?

count creates resources based on index, for_each creates resources for each key. Use count for identical resources, for_each for unique ones.

2. Local-exec vs Remote-exec provisioners?

local-exec runs command on local machine, remote-exec on target resource. Best practice: avoid overusing provisioners.

3. Sensitive variables management?

Use sensitive=true. Store in Vault, AWS Secrets Manager, or Key Vault.

4. terraform import vs terraform taint?

import brings existing infra under Terraform. taint marks a resource for recreation.

5. What are Terraform modules?

Collection of .tf files packaged together for reusability. Example: terraform-aws-vpc module.

6. Managing multiple environments?

Use workspaces or directory/module-based structure (dev, prod).

7. Explain workspaces.

Workspaces allow managing multiple state files in the same config.

8. Two people run terraform apply at the same time?

Causes race conditions. Solution: use state locking (S3 + DynamoDB, Terraform Cloud).

9. depends_on vs implicit dependencies?

Implicit dependencies are auto-detected, explicit (depends_on) forces dependency.

10. Terraform + CI/CD?

Integrate with GitHub Actions, Jenkins, Azure DevOps. Stages: fmt → init → validate → plan → apply.

🔴 Hard (Advanced)

1. Drift detection?

Drift = infra changed outside Terraform. Detected using terraform plan.

2. Team state management best practices?

Always use remote state backend. Enable locking and encryption.

3. Remote vs Local backend?

Local = stored locally, risky. Remote = centralized, secure, collaborative.

4. Designing a reusable VPC module (multi-region)?

Define VPC, subnets, routes in module. Use variables for region, CIDR. Deploy with different values.

5. Resource lifecycle arguments?

create_before_destroy → avoids downtime.
prevent_destroy → stops deletion.
ignore_changes → ignores external changes.

6. Debugging Terraform?

Use TF_LOG=DEBUG. Run terraform plan -out=planfile. Check provider docs.

7. Upgrading providers at scale?

Use .terraform.lock.hcl. Upgrade gradually, test in lower envs.

8. State locking?

Prevents multiple applies at once. Example: S3 + DynamoDB.

9. Managing secrets?

Use Vault, Key Vault providers. Never store in tfvars. Prefer dynamic secrets.

10. Real-world automation example?

CI/CD pipeline provisions infra (VPC, subnets, EC2). Outputs IPs, state stored remotely. Approval gates for prod.