Challenge - 5 Problems

🎖️

Terraform Dynamic Blocks Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

When to use dynamic blocks instead of for_each in Terraform?

Which situation best justifies using a dynamic block over for_each in Terraform configuration?

AWhen you want to conditionally create a resource based on a boolean variable.

BWhen you want to create multiple independent resources from a map of values.

CWhen you need to generate multiple nested blocks inside a resource based on a list or map.

DWhen you want to loop over a list to create multiple top-level modules.

Attempts:

2 left

❓ Architecture

intermediate

2:00remaining

Choosing between dynamic blocks and for_each for nested security rules

You have a Terraform resource for a firewall that supports multiple security_rule nested blocks. You have a list of security rules to apply. Which approach correctly applies all rules inside a single firewall resource?

Terraform

resource "firewall" "example" {
  name = "example-firewall"

  # Fill in here
}

AUse for_each on the firewall resource to create multiple firewall resources, each with one security_rule.

BUse a dynamic block to iterate over the list and create multiple <code>security_rule</code> blocks inside the firewall resource.

CUse count on the firewall resource to create multiple firewalls, each with all security rules.

DUse a separate resource for each security_rule outside the firewall resource.

Attempts:

2 left

❓ Configuration

advanced

2:00remaining

Terraform code output with dynamic block vs for_each

Given the following Terraform snippet, what will be the value of resource.firewall.example.security_rule after apply?

Terraform

variable "rules" {
  default = [
    { name = "allow-ssh", port = 22 },
    { name = "allow-http", port = 80 }
  ]
}

resource "firewall" "example" {
  name = "example-firewall"

  dynamic "security_rule" {
    for_each = var.rules
    content {
      name = each.value.name
      port = each.value.port
    }
  }
}

Anull

B{"allow-ssh":22,"allow-http":80}

C["allow-ssh","allow-http"]

D[{"name":"allow-ssh","port":22},{"name":"allow-http","port":80}]

Attempts:

2 left

❓ security

advanced

2:00remaining

Security risk of using for_each on resource vs dynamic block for nested blocks

What is a potential security risk when using for_each to create multiple resources instead of using a dynamic block to create nested blocks inside a single resource?

AMultiple resources may cause inconsistent security policies if one resource is updated but others are not.

BDynamic blocks always encrypt data, so for_each is less secure.

CUsing for_each causes resources to be publicly accessible by default.

Dfor_each disables Terraform state locking, risking concurrent changes.

Attempts:

2 left

❓ service_behavior

expert

3:00remaining

Terraform behavior when mixing dynamic blocks and for_each on nested blocks

Consider a Terraform resource that uses both for_each on the resource itself and a dynamic block inside it to create nested blocks. What is the expected behavior after apply?

Terraform

variable "instances" {
  default = ["one", "two"]
}

variable "rules" {
  default = [
    { name = "rule1", port = 8080 },
    { name = "rule2", port = 9090 }
  ]
}

resource "firewall" "example" {
  for_each = toset(var.instances)
  name = "firewall-${each.key}"

  dynamic "security_rule" {
    for_each = var.rules
    content {
      name = each.value.name
      port = each.value.port
    }
  }
}

ACreates two firewall resources, each with two nested security_rule blocks as defined in var.rules.

BCreates two firewall resources but only one nested security_rule block each.

CFails to apply due to conflicting for_each usage inside resource and dynamic block.

DCreates one firewall resource with four nested security_rule blocks combining all rules.

Attempts:

2 left