0
0
Terraformcloud~10 mins

State encryption at rest in Terraform - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to enable encryption for the Terraform state backend.

Terraform
terraform {
  backend "s3" {
    bucket = "my-terraform-state"
    key    = "state.tfstate"
    region = "us-west-2"
    [1] = true
  }
}
Drag options to blanks, or click blank then click option'
Aencrypt
Bencryption
Cenable_encryption
Dstate_encryption
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'encryption' instead of 'encrypt'
Using 'enable_encryption' which is not a valid attribute
Using 'state_encryption' which does not exist
2fill in blank
medium

Complete the code to specify the KMS key for encrypting the Terraform state.

Terraform
terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "state.tfstate"
    region         = "us-west-2"
    encrypt        = true
    [1] = "arn:aws:kms:us-west-2:123456789012:key/abcd-1234-efgh-5678"
  }
}
Drag options to blanks, or click blank then click option'
Akms_arn
Bkms_key
Ckms_key_id
Dencryption_key
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'kms_key' which is not recognized
Using 'encryption_key' which is invalid
Using 'kms_arn' which is not the correct attribute
3fill in blank
hard

Fix the error in the backend configuration to properly enable encryption at rest.

Terraform
terraform {
  backend "s3" {
    bucket = "my-terraform-state"
    key    = "state.tfstate"
    region = "us-west-2"
    encrypt = [1]
  }
}
Drag options to blanks, or click blank then click option'
A1
B"true"
CTrue
Dtrue
Attempts:
3 left
💡 Hint
Common Mistakes
Using quotes around true, making it a string
Using capitalized True which is invalid in Terraform
Using 1 instead of true for boolean
4fill in blank
hard

Fill both blanks to configure the S3 backend with encryption and a KMS key.

Terraform
terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "state.tfstate"
    region         = "us-west-2"
    [1] = true
    [2] = "arn:aws:kms:us-west-2:123456789012:key/abcd-1234-efgh-5678"
  }
}
Drag options to blanks, or click blank then click option'
Aencrypt
Bkms_key_id
Cencryption_key
Denable_encryption
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'enable_encryption' instead of 'encrypt'
Using 'encryption_key' instead of 'kms_key_id'
Mixing up the order of attributes
5fill in blank
hard

Fill all three blanks to configure the S3 backend with encryption, KMS key, and versioning enabled.

Terraform
terraform {
  backend "s3" {
    bucket          = "my-terraform-state"
    key             = "state.tfstate"
    region          = "us-west-2"
    [1]  = true
    [2]  = "arn:aws:kms:us-west-2:123456789012:key/abcd-1234-efgh-5678"
    [3] = true
  }
}
Drag options to blanks, or click blank then click option'
Aencrypt
Bkms_key_id
Cversioning
Denable_versioning
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'enable_versioning' instead of 'versioning'
Forgetting to enable versioning
Incorrect attribute names for encryption