0
0
Terraformcloud~20 mins

Dynamic blocks in security groups in Terraform - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Dynamic Blocks Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Configuration
intermediate
2:00remaining
Identify the output of this Terraform security group with dynamic blocks
Given the following Terraform code snippet, what will be the number of ingress rules created in the security group?
Terraform
variable "ports" {
  type = list(number)
  default = [22, 80, 443]
}

resource "aws_security_group" "example" {
  name = "example-sg"

  dynamic "ingress" {
    for_each = var.ports
    content {
      from_port   = ingress.value
      to_port     = ingress.value
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    }
  }
}
ANo ingress rules created due to syntax error
B1 ingress rule with ports 22, 80, and 443 combined
CIngress rules created only for port 22
D3 ingress rules, one for each port 22, 80, and 443
Attempts:
2 left
💡 Hint
Think about how dynamic blocks iterate over lists to create multiple nested blocks.
service_behavior
intermediate
2:00remaining
What happens if the dynamic block's for_each is an empty list?
Consider the same Terraform security group code but with variable ports set to an empty list. What will be the behavior after applying?
Terraform
variable "ports" {
  type = list(number)
  default = []
}

resource "aws_security_group" "example" {
  name = "example-sg"

  dynamic "ingress" {
    for_each = var.ports
    content {
      from_port   = ingress.value
      to_port     = ingress.value
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    }
  }
}
AOne ingress rule with port 0 will be created
BTerraform will throw a runtime error due to empty for_each
CNo ingress rules will be created in the security group
DIngress rules from previous apply will persist unchanged
Attempts:
2 left
💡 Hint
What does an empty list mean for dynamic blocks in Terraform?
Architecture
advanced
2:30remaining
Choose the correct Terraform code to create multiple egress rules dynamically
You want to create an AWS security group with multiple egress rules for ports 53 and 123 using dynamic blocks. Which Terraform snippet correctly achieves this?
A
dynamic "egress" {
  for_each = [53, 123]
  content {
    from_port   = egress.value
    to_port     = egress.value
    protocol    = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
B
dynamic "egress" {
  for_each = [53, 123]
  content {
    from_port   = egress.key
    to_port     = egress.key
    protocol    = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
C
dynamic "egress" {
  for_each = {53 = "udp", 123 = "udp"}
  content {
    from_port   = egress.key
    to_port     = egress.key
    protocol    = egress.value
    cidr_blocks = ["0.0.0.0/0"]
  }
}
D
dynamic "egress" {
  for_each = [53, 123]
  content {
    from_port   = egress.value
    to_port     = egress.value
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
Attempts:
2 left
💡 Hint
Remember that for_each over a list uses .value for the current item, and protocol must match the port's protocol.
security
advanced
2:00remaining
What security risk arises if dynamic blocks in security groups use cidr_blocks = ["0.0.0.0/0"] indiscriminately?
If a Terraform security group uses dynamic blocks to create multiple ingress rules all allowing traffic from 0.0.0.0/0, what is the main security concern?
AThe security group allows unrestricted access from any IP, increasing exposure to attacks
BTerraform will block the deployment due to insecure CIDR blocks
CThe security group will only allow traffic from the local network
DDynamic blocks prevent any ingress traffic regardless of CIDR blocks
Attempts:
2 left
💡 Hint
Think about what 0.0.0.0/0 means in network terms.
Best Practice
expert
3:00remaining
Which Terraform pattern best avoids duplication when creating multiple similar ingress rules with dynamic blocks?
You need to create multiple ingress rules with different ports and CIDR blocks. Which approach follows best practice to keep Terraform code clean and maintainable?
AHardcode all ingress rules inside one dynamic block with a fixed port and CIDR block
BUse a single variable list of objects with port and cidr_block, then a dynamic block iterating over it to create ingress rules
CUse multiple dynamic blocks each iterating over a separate list for ports and CIDR blocks independently
DWrite separate ingress blocks manually for each port and CIDR block without dynamic blocks
Attempts:
2 left
💡 Hint
Think about how to combine related data to simplify iteration.