Terraform uses a declarative approach to manage infrastructure. What does Terraform primarily store and use to manage resources?
Think about what Terraform compares before making changes.
Terraform stores the desired state in configuration files and compares it with the current state to decide what changes to apply.
What does the terraform plan command do in Terraform's declarative workflow?
It previews changes without applying them.
terraform plan shows a preview of changes Terraform will make to match the desired state without applying them yet.
Given the following Terraform configuration snippet, what is the correct way to declare that aws_instance.web depends on aws_security_group.web_sg?
resource "aws_security_group" "web_sg" {
name = "web_sg"
}
resource "aws_instance" "web" {
ami = "ami-123456"
instance_type = "t2.micro"
# Where to declare dependency?
}Explicit dependencies use depends_on with resource references.
To explicitly declare that aws_instance.web depends on aws_security_group.web_sg, use depends_on = [aws_security_group.web_sg] inside the instance resource.
In a team environment, what is the best practice for managing Terraform state files to avoid conflicts and ensure consistency?
Think about shared access and preventing simultaneous changes.
Using remote state storage with locking prevents conflicts by ensuring only one user can modify the state at a time, which is essential in team environments.
Which approach best protects sensitive data such as passwords or API keys in Terraform configurations and state files?
Consider both configuration and state file security.
Marking variables as sensitive hides them in output, and referencing secrets from secure managers avoids storing them directly in code or state files.