Challenge - 5 Problems

🎖️

Data Source Dependency Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ Configuration

intermediate

2:00remaining

Identify the correct data source dependency resolution

Given the Terraform configuration below, which option correctly describes the order in which Terraform resolves the data sources?

Terraform

data "aws_vpc" "main" {
  filter {
    name   = "tag:Name"
    values = ["main-vpc"]
  }
}

data "aws_subnet" "selected" {
  filter {
    name   = "vpc-id"
    values = [data.aws_vpc.main.id]
  }
  filter {
    name   = "tag:Environment"
    values = ["prod"]
  }
}

ATerraform resolves aws_subnet.selected first, then aws_vpc.main because subnet depends on VPC ID.

BTerraform resolves both data sources in parallel since they are independent.

CTerraform cannot resolve either data source because of circular dependency.

DTerraform resolves aws_vpc.main first, then aws_subnet.selected because subnet depends on VPC ID from aws_vpc.main.

Attempts:

2 left

❓ service_behavior

intermediate

2:00remaining

Effect of missing data source dependency in Terraform

What happens if a Terraform data source references an attribute from another data source that is not declared or does not exist?

Terraform

data "aws_subnet" "example" {
  filter {
    name   = "vpc-id"
    values = [data.aws_vpc.missing.id]
  }
}

ATerraform will throw a runtime error during plan/apply indicating the reference is invalid.

BTerraform will ignore the missing data source and proceed with a null value.

CTerraform will create a new VPC automatically to satisfy the missing data source.

DTerraform will skip the data source and continue without error.

Attempts:

2 left

❓ Architecture

advanced

3:00remaining

Designing data source dependencies for multi-region infrastructure

You have a Terraform configuration that needs to fetch VPC IDs from multiple AWS regions dynamically using data sources. Which approach ensures correct dependency resolution and avoids race conditions?

AUse a single data source with a for_each loop over regions, referencing each region's VPC data source independently without explicit dependencies.

BUse a local variable to store region list and dynamically create data sources with for_each, relying on Terraform's implicit dependency graph.

CDefine separate data sources for each region with explicit depends_on blocks to enforce order of resolution across regions.

DManually run Terraform apply separately for each region to avoid dependency conflicts.

Attempts:

2 left

❓ security

advanced

2:30remaining

Security implications of data source dependencies in Terraform

Which of the following is a security risk when using data source dependencies in Terraform configurations that fetch sensitive information?

AStoring sensitive data fetched by data sources in Terraform state files without encryption.

BUsing data sources to fetch public information like AMI IDs.

CReferencing data sources across modules without outputs.

DUsing data sources with filters based on tags.

Attempts:

2 left

✅ Best Practice

expert

3:00remaining

Optimizing Terraform data source dependencies for large infrastructure

In a large Terraform project with many data sources depending on each other, what is the best practice to optimize plan and apply times while ensuring correct dependency resolution?

AFlatten all data sources into a single module to reduce overhead and force sequential resolution.

BUse explicit depends_on for every data source to control order strictly, even if Terraform can infer dependencies.

CGroup related data sources into separate modules with clear input/output interfaces and rely on Terraform's implicit dependency graph.

DAvoid using data sources and hardcode resource IDs to eliminate dependencies.

Attempts:

2 left