Challenge - 5 Problems

🎖️

Dynamic Blocks Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

💻 Command Output

intermediate

2:00remaining

Output of Terraform plan with dynamic ingress blocks

Given the Terraform snippet below, what will be the number of ingress rules created in the security group after running terraform plan?

Terraform

variable "ports" {
  type = list(number)
  default = [22, 80, 443]
}

resource "aws_security_group" "example" {
  name = "example-sg"

  dynamic "ingress" {
    for_each = var.ports
    content {
      from_port   = ingress.value
      to_port     = ingress.value
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    }
  }
}

A3 ingress rules will be created, one for each port 22, 80, and 443

B1 ingress rule will be created with ports 22, 80, and 443 combined

CNo ingress rules will be created because dynamic blocks are invalid here

DAn error will occur because the variable ports is not referenced correctly

Attempts:

2 left

❓ Configuration

intermediate

2:00remaining

Correct dynamic block syntax for multiple CIDR blocks

You want to create ingress rules for port 8080 but allow access from multiple CIDR blocks dynamically. Which Terraform code snippet correctly uses a dynamic block to achieve this?

ingress {
  from_port   = 8080
  to_port     = 8080
  protocol    = "tcp"
  cidr_blocks = var.cidr_blocks
}

dynamic "ingress" {
  for_each = var.cidr_blocks
  content {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = ingress.value
  }
}

dynamic "ingress" {
  for_each = var.cidr_blocks
  content {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = [ingress.value]
  }
}

dynamic "ingress" {
  for_each = var.cidr_blocks
  content {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Attempts:

2 left

❓ Troubleshoot

advanced

2:00remaining

Error caused by incorrect dynamic block usage in ingress

What error will Terraform produce when applying the following resource configuration?

Terraform

resource "aws_security_group" "bad_example" {
  name = "bad-example"

  dynamic "ingress" {
    for_each = var.ports
    content {
      from_port   = ingress.value
      to_port     = ingress.value
      protocol    = "tcp"
      cidr_blocks = ingress.value
    }
  }
}

ANo error, configuration applies successfully

BError: Incorrect attribute value type: cidr_blocks must be a list of strings, but a number was provided

CError: Dynamic block 'ingress' cannot be used inside aws_security_group

DError: Missing required argument 'cidr_blocks' in ingress block

Attempts:

2 left

🔀 Workflow

advanced

2:00remaining

Best workflow to update ingress rules dynamically

You have a Terraform configuration with dynamic ingress blocks based on a variable list of ports. You want to add port 3306 to the list and apply changes safely. What is the best sequence of commands to update your infrastructure?

1. Destroy the security group
2. Update variable list
3. Run terraform apply

1. Run terraform apply
2. Update variable list to include 3306
3. Run terraform plan

1. Update variable list to include 3306
2. Run terraform apply without plan
3. Verify changes manually

1. Update variable list to include 3306
2. Run terraform plan
3. Review changes
4. Run terraform apply

Attempts:

2 left

🧠 Conceptual

expert

2:00remaining

Why use dynamic blocks for ingress rules in Terraform?

Which of the following is the main advantage of using dynamic blocks for ingress rules in Terraform security groups?

AThey allow creating multiple ingress rules based on variable input without repeating code blocks

BThey improve Terraform apply speed by parallelizing rule creation

CThey automatically detect open ports on the server and create rules accordingly

DThey replace the need for provider plugins in Terraform

Attempts:

2 left