0
0
Terraformcloud~20 mins

Plan output reading in Terraform - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Terraform Plan Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
Interpreting Terraform plan output for resource changes

Given the following Terraform plan output snippet, how many resources will be created?

  # aws_instance.web will be created
  + resource "aws_instance" "web" {
      + ami           = "ami-123456"
      + instance_type = "t2.micro"
    }

  # aws_s3_bucket.data_bucket will be updated in-place
  ~ resource "aws_s3_bucket" "data_bucket" {
      ~ versioning {
          ~ enabled = false -> true
        }
    }

Plan: 1 to add, 1 to change, 0 to destroy.
A0
B3
C2
D1
Attempts:
2 left
💡 Hint

Look for the '+' sign which indicates resource creation.

🧠 Conceptual
intermediate
1:30remaining
Understanding Terraform plan output symbols

In Terraform plan output, what does the symbol '~' before a resource name indicate?

AThe resource will be updated in-place
BThe resource will be created
CThe resource will be destroyed
DThe resource will be replaced
Attempts:
2 left
💡 Hint

Think about what happens when a resource changes but is not destroyed.

Configuration
advanced
2:00remaining
Reading Terraform plan output for resource replacement

Review this Terraform plan output snippet. How many resources will be replaced?

  # aws_lb.web_lb must be replaced
-/+ resource "aws_lb" "web_lb" {
      id             = "lb-1234"
      name           = "web-lb"
      internal       = false
      load_balancer_type = "application"
    }

Plan: 1 to add, 0 to change, 1 to destroy.
A1
B3
C2
D0
Attempts:
2 left
💡 Hint

Look for the '-/+' symbol which indicates replacement.

security
advanced
2:30remaining
Detecting security risks from Terraform plan output

Given this Terraform plan output snippet, which change could introduce a security risk?

  # aws_security_group.sg will be updated in-place
  ~ resource "aws_security_group" "sg" {
      ~ ingress {
          ~ cidr_blocks = ["0.0.0.0/0"] -> ["0.0.0.0/0", "192.168.1.0/24"]
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.
AAdding 192.168.1.0/24 to ingress rules reduces exposure
BAdding 0.0.0.0/0 to ingress rules increases exposure
CAdding 192.168.1.0/24 to ingress rules increases exposure
DRemoving 0.0.0.0/0 from ingress rules increases exposure
Attempts:
2 left
💡 Hint

Consider which IP ranges are more open and risky.

Architecture
expert
3:00remaining
Analyzing Terraform plan output for multi-resource orchestration

Examine this Terraform plan summary:

Plan: 3 to add, 2 to change, 1 to destroy.

Which of the following statements is true about the infrastructure state after applying this plan?

AThe infrastructure will have 2 fewer resources than before
BThe infrastructure will have 2 more resources than before
CThe infrastructure will have the same number of resources as before
DThe infrastructure will have 1 more resource than before
Attempts:
2 left
💡 Hint

Calculate net resource count: additions minus destructions.