0
0
Terraformcloud~20 mins

Environment variables (TF_VAR_) in Terraform - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
TF_VAR Environment Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
How does Terraform use environment variables prefixed with TF_VAR_?

Terraform allows setting input variables using environment variables prefixed with TF_VAR_. What happens when you set TF_VAR_region=us-west-2 before running terraform apply?

ATerraform automatically assigns the value 'us-west-2' to the input variable named 'region'.
BTerraform ignores environment variables and requires variables to be set only in .tf files.
CTerraform treats 'TF_VAR_region' as a resource name and creates a resource called 'region'.
DTerraform throws an error because environment variables cannot be used for variables.
Attempts:
2 left
💡 Hint

Think about how environment variables can provide values to Terraform variables without editing files.

Configuration
intermediate
2:00remaining
What is the value of the variable 'instance_type' after applying this configuration with environment variable set?

Given the Terraform variable declaration and environment variable below, what value will instance_type have during terraform apply?

variable "instance_type" {
  type    = string
  default = "t2.micro"
}

Environment variable set before running Terraform:

export TF_VAR_instance_type="m5.large"
A"m5.large"
Bnull
C"t2.micro"
DTerraform throws an error due to conflicting values
Attempts:
2 left
💡 Hint

Environment variables override default values in Terraform variables.

Architecture
advanced
2:30remaining
How to securely manage sensitive variables using TF_VAR_ environment variables?

You want to pass a sensitive variable like a database password to Terraform without storing it in code or state files. Which approach using TF_VAR_ environment variables is best practice?

AStore the sensitive value in a public GitHub repository as a <code>TF_VAR_</code> environment variable.
BHardcode the sensitive value in the Terraform variable default to avoid environment variables.
CSet the sensitive variable as a <code>TF_VAR_</code> environment variable only in your local shell before running Terraform, and mark the variable as sensitive in Terraform.
DPass the sensitive variable as a plain text command line argument to <code>terraform apply</code>.
Attempts:
2 left
💡 Hint

Think about avoiding storing secrets in code or version control.

service_behavior
advanced
2:00remaining
What happens if a required variable is not set and no TF_VAR_ environment variable exists?

Consider a Terraform variable declared as:

variable "region" {
  type = string
}

No default is set. You do not set TF_VAR_region or provide the variable in any other way. What will happen when you run terraform apply?

ATerraform applies with a null value for 'region' without error.
BTerraform uses an empty string as the value for 'region'.
CTerraform fails immediately with a syntax error.
DTerraform prompts you to enter a value interactively before applying.
Attempts:
2 left
💡 Hint

Think about how Terraform handles required variables without defaults or environment variables.

security
expert
3:00remaining
Why is relying solely on TF_VAR_ environment variables for secrets risky in CI/CD pipelines?

In a CI/CD pipeline, you set sensitive secrets as TF_VAR_ environment variables to pass to Terraform. What is a key security risk of this approach?

ATerraform encrypts all environment variables automatically, so there is no risk.
BEnvironment variables can be exposed in logs or process listings, risking secret leakage.
CCI/CD pipelines do not support environment variables, so secrets are lost.
DUsing TF_VAR_ variables disables Terraform state encryption.
Attempts:
2 left
💡 Hint

Consider how environment variables might be exposed during pipeline execution.