GCP and CloudFormation are cloud-native solutions and there is no state file, or at least it is abstracted away so you don't have to manage or think about it
Cloud Agnostic solutions like Terraform and Plumi require a state file since state has to be portable.
Most cloud service providers, will have a native solution and the managing state will be abstracted away within their online service and you'll never be able to download or move the state file around.
With the exception of Oracle Cloud which is powered by Terraform.
terraform loginTerraform Login command can be used to automatically obtain and save an API token for Terraform Cloud, Terraform Enterprise, or any other host that offers Terraform services.
https://www.terraform.io/docs/cli/commands/login.html
This is the recommended way to connect to terraform
Terraform Enterprise Air-gapped environment is designed to run in a network with no internet or outside connectivity
What is Air Gap?
Air Gap or disconnected network is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks e.g. Public Internet
https://www.hashicorp.com/blog/deploying-terraform-enterprise-in-airgapped-environments
init > fmt > validate > plan > apply > destroyTerraform is a cloud-agnostic tool that can deploy to multiple cloud providers and including anything that has an API such as Kubernetes and Postgres?
What HashiCorp service can be used alongside Terraform to inject secrets to protect a developer's local enviroment?
This tutorial on HashiCorp Learn shows how to use secrets. https://learn.hashicorp.com/tutorials/terraform/secrets-vault?in=terraform/security
A DevOps Engineer needs to reference an existing AMI (machine image) for an AWS Virtual machine called example. What would be the correct resource address to assign this AMI to another virtual machine?
resource "aws_instance" "example" {
ami = "ami-abc123"
instance_type = "t2.micro"
ebs_block_device {
device_name = "sda2"
volume_size = 16
}
ebs_block_device {
device_name = "sda3"
volume_size = 20
}
}resource "aws_instance" "example2" {
ami = aws_instance.example.ami
}This is correct because we are referencing the resource block
module "consul" {
source = "hashicorp/consul/aws"
}The real exam had a similar question which is why this is included in the exam pool of questions.
https://www.terraform.io/docs/language/modules/sources.html
When you want to remove a record tracking a remote object in your state file but have the remote object (eg. Azure Virtual Machine) to still exist, which command do you use?
Terraform will search the state for any instances matching the given resource address, and remove the record of each one so that Terraform will no longer be tracking the corresponding remote objects
https://www.terraform.io/docs/cli/commands/state/rm.html
Sentinel allows you to write policies to validate that your infrastructure is in its expected configuration. Sentinel is a Policy as Code tool. You can use it to validate the state of your infrastructure and automate it for remediation to ensure your infrastructure stays compliant.terraform {
providers{
aws = {
source = "hashicorp/aws"
version = "3.58.0"
}
}
}
provider "aws" {
# Configuration options
}Each Terraform module must declare which providers it requires, so that Terraform can install and use them. Provider requirements are declared in a required_providers block.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "3.58.0"
}
}
}
provider "aws" {
# Configuration options
}https://www.terraform.io/docs/language/providers/requirements.html#requiring-providers
True -target=ADDRESS - Instructs Terraform to focus its planning efforts only on resource instances which match the given address and on any objects that those instances depend onhttps://www.terraform.io/docs/cli/commands/plan.html#resource-targeting
A module needs to have the latest patches applied but not update the major or minor version.
Which of the following will achieve this requirement?
https://www.terraform.io/docs/language/expressions/version-constraints.html
interpreter interpreter is an argument available to local-execThe following arguments are supported:
inline - This is a list of command strings. They are executed in the order they are provided. This cannot be provided with script or scripts.
script - This is a path (relative or absolute) to a local script that will be copied to the remote resource and then executed. This cannot be provided with inline or scripts.
scripts - This is a list of paths (relative or absolute) to local scripts that will be copied to the remote resource and then executed. They are executed in the order they are provided. This cannot be provided with inline or script.
https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html
coalesce takes any number of arguments and returns the first one that isn't null or an empty string. coalesce https://www.terraform.io/docs/language/functions/coalesce.html Create a dependency lock file, Download plugin dependencies https://www.terraform.io/docs/cli/commands/init.html, Create a .terraform directoryTerraform Cloud saves a history of state files every time you perform a run
https://www.terraform.io/docs/language/state/index.html
When defining a data source block, how can we narrow down the resource we want to select from a remote provider?
data "aws_ami" "web" {
filter {
name = "state"
values = ["available"]
}
filter {
name = "tag:Component"
values = ["web"]
}
}Arbitrary Git repositories can be used by prefixing the address with the special git:: prefix. After this prefix, any valid Git URL can be specified to select one of the protocols supported by Git.
For example, to use HTTPS or SSH:
module "vpc" { source = "git::https://example.com/vpc.git" }
module "storage" { source = "git::ssh://username@example.com/storage.git" }
The project resides in a repo, and the backend is configured to use Terraform Cloud Pull requests are submitted to the repo with new changes When the Pull Request is approved Terraform Cloud runs terraform apply
Core Workflow Enhanced The Core Workflow Enhanced by Terraform Cloud False Your state file can contain sensitive information, and storing in your codebase git repository is considered dangerous. False The Terraform Registry only contains public providers and modules.https://www.terraform.io/docs/registry/private.html
True This is true, you can only replace a single resource at a time.https://www.terraform.io/docs/cli/commands/taint.html
For example,
terraform apply -replace="aws_instance.example[0]"
TRACE https://www.terraform.io/docs/internals/debugging.htmlYou can set TF_LOG to one of the log levels TRACE, DEBUG, INFO, WARN, or ERROR to change the verbosity of the logs.
https://stackoverflow.com/questions/2031163/when-to-use-the-different-log-levels
Trace - Only when I would be "tracing" the code and trying to find one part of a function specifically. Debug - Information that is diagnostically helpful to people more than just developers (IT, sysadmins, etc.). Info - Generally useful information to log (service start/stop, configuration assumptions, etc). Info I want to always have available but usually don't care about under normal circumstances. This is my out-of-the-box config level. Warn - Anything that can potentially cause application oddities, but for which I am automatically recovering. (Such as switching from a primary to backup server, retrying an operation, missing secondary data, etc.) Error - Any error which is fatal to the operation, but not the service or application (can't open a required file, missing data, etc.). These errors will force user (administrator, or direct user) intervention. These are usually reserved (in my apps) for incorrect connection strings, missing services, etc.
Terraform takes the current state and stores it in a file called terrraform.tfstate.backup Its not easy to find documentation for this feature, but if you test in practice you will see that this is how it works locally.Which Terraform Workflow ( Write -> Plan -> Create ) does this describe?
The project resides in a repo, and the backend is configured to use Terraform Cloud Pull requests are submitted to the repo with new changes When the Pull Request is approved Terraform Cloud runs terraform apply
The search query will look at module name, provider, and description to match your search terms. On the results page, filters can be used to further refine search results.
https://www.terraform.io/docs/registry/modules/use.html#finding-modules
terraform workspace new The terraform workspace new command is used to create a new workspace.$ terraform workspace new example Created and switched to workspace "example"!
You're now on a new, empty workspace. Workspaces isolate their state, so if you run "terraform plan" Terraform will not see any existing state for this configuration. https://www.terraform.io/docs/cli/commands/workspace/new.html
True https://learn.hashicorp.com/tutorials/terraform/infrastructure-as-codeTerraform can store its state in variety of backends, where IaC tools such as AWS CloudFormation cannot.
slice(["a", "b", "c", "d"], 1, 3) [ "b", "c", ] https://www.terraform.io/docs/language/functions/slice.html
The following data source is set.
data "terraform_remote_state" "vpc" { backend = "remote"
config = { organization = "hashicorp" workspaces = { name = "vpc-prod" } } } How would it be referenced within a resource?