Challenge - 5 Problems

🎖️

Terraform Data Source Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

Identify the correct data source block syntax

Which of the following Terraform data source blocks is correctly written to fetch an AWS AMI by its name?

data "aws_ami" example {
  most_recent = true
  filter {
    name = "name"
    values = ["amzn2-ami-hvm-2.0.*-x86_64-gp2"]
  }
  owners = ["amazon"]
}

data "aws_ami" "example" {
  most_recent = true
  filter {
    name   = "name"
    values = ["amzn2-ami-hvm-2.0.*-x86_64-gp2"]
  }
  owners = ["amazon"]
}

data "aws_ami" "example" {
  most_recent = true
  filter = {
    name = "name"
    values = ["amzn2-ami-hvm-2.0.*-x86_64-gp2"]
  }
  owners = ["amazon"]
}

data "aws_ami" "example" {
  most_recent = true
  filter {
    name = "name"
    values = "amzn2-ami-hvm-2.0.*-x86_64-gp2"
  }
  owners = ["amazon"]
}

Attempts:

2 left

❓ Configuration

intermediate

2:00remaining

Determine the output of a Terraform data source block

Given the following Terraform data source block, what will be the value of data.aws_ami.example.id after apply?

Terraform

data "aws_ami" "example" {
  most_recent = true
  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  }
  owners = ["099720109477"]
}

AThe AMI ID of the most recent Ubuntu 20.04 image owned by Canonical

BA list of all AMI IDs matching the filter

CAn error because <code>owners</code> must be a string, not a list

DNull because <code>most_recent</code> is not a valid argument

Attempts:

2 left

❓ Architecture

advanced

2:00remaining

Choose the correct data source block to reference an existing VPC by tag

You want to reference an existing AWS VPC by its tag Environment=Production in Terraform. Which data source block correctly achieves this?

data "aws_vpcs" "prod" {
  filter {
    name   = "tag:Environment"
    values = ["Production"]
  }
}

data "aws_vpc" "prod" {
  tags = {
    Environment = "Production"
  }
}

data "aws_vpc" "prod" {
  filter {
    name   = "tag:Environment"
    values = ["Production"]
  }
}

data "aws_vpc" "prod" {
  filter = {
    name = "tag:Environment"
    values = ["Production"]
  }
}

Attempts:

2 left

❓ security

advanced

2:00remaining

Identify the security risk in a Terraform data source block

Consider this Terraform data source block fetching AWS credentials from the environment. What is the main security risk?

Terraform

data "aws_caller_identity" "current" {}

AIt exposes AWS account details in Terraform state files if not encrypted

BIt automatically grants admin privileges to the Terraform user

CIt stores AWS credentials in plain text in the Terraform configuration

DIt allows unauthorized users to modify AWS credentials

Attempts:

2 left

❓ service_behavior

expert

3:00remaining

Predict the behavior of a Terraform data source with multiple filters

Given this Terraform data source block, what will be the behavior when applied?

Terraform

data "aws_subnet" "example" {
  filter {
    name   = "tag:Name"
    values = ["subnet-1"]
  }
  filter {
    name   = "availability-zone"
    values = ["us-east-1a"]
  }
}

AIt causes a Terraform error because multiple filters are not allowed

BIt returns all subnets matching either the tag or the availability zone

CIt returns the first subnet matching the tag Name=subnet-1, ignoring the availability zone filter

DIt returns the subnet matching both the tag Name=subnet-1 and availability zone us-east-1a

Attempts:

2 left