Challenge - 5 Problems

🎖️

Create_before_destroy Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ Configuration

intermediate

2:00remaining

Identify the effect of create_before_destroy in Terraform lifecycle

Given the following Terraform resource configuration, what will happen when the resource is updated?

resource "aws_instance" "example" {
  ami           = "ami-123456"
  instance_type = "t2.micro"

  lifecycle {
    create_before_destroy = true
  }
}

Terraform

resource "aws_instance" "example" {
  ami           = "ami-123456"
  instance_type = "t2.micro"

  lifecycle {
    create_before_destroy = true
  }
}

ATerraform will update the existing instance in place without replacement.

BTerraform will destroy the old instance first, then create a new one.

CTerraform will create a new instance before destroying the old one during updates.

DTerraform will fail to apply because create_before_destroy is invalid here.

Attempts:

2 left

❓ Architecture

intermediate

2:00remaining

Choosing lifecycle rules for zero downtime deployment

You want to update a cloud resource with zero downtime. Which lifecycle configuration should you use in Terraform?

Alifecycle { create_before_destroy = true }

Blifecycle { ignore_changes = ["ami"] }

Clifecycle { replace_triggered_by = ["aws_instance.example"] }

Dlifecycle { prevent_destroy = true }

Attempts:

2 left

❓ service_behavior

advanced

2:30remaining

Effect of create_before_destroy on resource dependencies

Consider two Terraform resources where one depends on the other. If the dependent resource has create_before_destroy = true, what is the expected behavior during replacement?

Terraform

resource "aws_lb" "example_lb" {
  name = "example-lb"
}

resource "aws_lb_listener" "example_listener" {
  load_balancer_arn = aws_lb.example_lb.arn
  port              = 80
  protocol          = "HTTP"

  lifecycle {
    create_before_destroy = true
  }
}

ATerraform destroys the old listener before creating the new one, causing downtime.

BTerraform fails to apply due to circular dependency caused by create_before_destroy.

CTerraform ignores the lifecycle rule because dependencies override it.

DTerraform creates the new listener before destroying the old one, ensuring the load balancer is not disrupted.

Attempts:

2 left

❓ security

advanced

2:30remaining

Security implications of create_before_destroy lifecycle rule

What is a potential security risk when using create_before_destroy = true for resources like IAM roles or security groups?

ATerraform will delete permissions before creating new ones, causing access loss.

BTemporary duplication of permissions may exist, increasing attack surface.

CThe lifecycle rule disables encryption on the resource during replacement.

DThere is no security risk; create_before_destroy only affects resource timing.

Attempts:

2 left

✅ Best Practice

expert

3:00remaining

Troubleshooting create_before_destroy causing apply failure

You have a Terraform resource with create_before_destroy = true. When applying, Terraform fails with a "resource already exists" error. What is the most likely cause?

AThe new resource uses the same unique identifier as the old one, causing a conflict.

BTerraform does not support create_before_destroy for this resource type.

CThe lifecycle block is missing the prevent_destroy setting.

DThe old resource was manually deleted outside Terraform, causing state mismatch.

Attempts:

2 left