Challenge - 5 Problems

🎖️

AMI Lookup Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

Understanding AMI Lookup Data Source Behavior

What does the following Terraform data source configuration do?

data "aws_ami" "example" {
  most_recent = true
  owners      = ["amazon"]
  filter {
    name   = "name"
    values = ["amzn2-ami-hvm-*-x86_64-gp2"]
  }
}

Terraform

data "aws_ami" "example" {
  most_recent = true
  owners      = ["amazon"]
  filter {
    name   = "name"
    values = ["amzn2-ami-hvm-*-x86_64-gp2"]
  }
}

AIt finds the latest Amazon Linux 2 AMI owned by Amazon matching the name pattern.

BIt creates a new AMI with the specified name pattern.

CIt deletes all AMIs owned by Amazon with the given name pattern.

DIt lists all AMIs owned by the current user without filtering.

Attempts:

2 left

❓ Configuration

intermediate

2:00remaining

Identify the Correct AMI ID Output

Given this Terraform configuration, what will be the value of output.ami_id?

data "aws_ami" "example" {
  most_recent = true
  owners      = ["amazon"]
  filter {
    name   = "name"
    values = ["amzn2-ami-hvm-2.0.*-x86_64-gp2"]
  }
}

output "ami_id" {
  value = data.aws_ami.example.id
}

Terraform

data "aws_ami" "example" {
  most_recent = true
  owners      = ["amazon"]
  filter {
    name   = "name"
    values = ["amzn2-ami-hvm-2.0.*-x86_64-gp2"]
  }
}

output "ami_id" {
  value = data.aws_ami.example.id
}

AA list of all AMI IDs owned by Amazon.

BThe AMI ID string of the latest Amazon Linux 2 AMI matching the filter.

CAn error because 'id' is not a valid attribute of the data source.

DNull because no AMI matches the filter.

Attempts:

2 left

❓ Architecture

advanced

3:00remaining

Choosing AMI Lookup Strategy for Multi-Region Deployment

You want to deploy identical infrastructure in multiple AWS regions using Terraform. Which approach ensures you get the correct latest AMI in each region?

Options:

AUse multiple provider aliases for each region and separate 'aws_ami' data sources referencing each provider alias.

BUse a single 'aws_ami' data source with a fixed region set in provider configuration.

CHardcode the AMI IDs for each region in variables and use them directly.

DUse the 'aws_ami' data source without specifying owners or filters.

Attempts:

2 left

❓ security

advanced

2:00remaining

Security Implications of AMI Lookup Without Owner Restriction

What is a potential security risk of using the 'aws_ami' data source without specifying the 'owners' attribute when looking up an AMI by name pattern?

ATerraform will create a new AMI instead of looking up existing ones.

BTerraform will fail to find any AMI and cause deployment to stop.

CThere is no risk; Terraform always selects official AMIs by default.

DTerraform might select a malicious AMI published by an unknown or untrusted owner.

Attempts:

2 left

❓ service_behavior

expert

2:30remaining

Effect of 'most_recent' Attribute in AMI Lookup

What happens if you set 'most_recent = false' in the 'aws_ami' data source with multiple AMIs matching the filter?

Example:

data "aws_ami" "example" {
  most_recent = false
  owners      = ["amazon"]
  filter {
    name   = "name"
    values = ["amzn2-ami-hvm-*-x86_64-gp2"]
  }
}

Terraform

data "aws_ami" "example" {
  most_recent = false
  owners      = ["amazon"]
  filter {
    name   = "name"
    values = ["amzn2-ami-hvm-*-x86_64-gp2"]
  }
}

ATerraform returns an error because 'most_recent' must be true.

BTerraform returns a list of all matching AMIs.

CTerraform returns the first AMI found matching the filter, which may not be the latest.

DTerraform ignores the filter and returns the latest AMI.

Attempts:

2 left