Bird
Raised Fist0
Terraformcloud~5 mins

Code review for infrastructure changes in Terraform - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is the main purpose of a code review in infrastructure changes?
To ensure the infrastructure code is correct, secure, and follows best practices before deployment.
Click to reveal answer
beginner
Name one key aspect to check during a Terraform code review.
Check that resource naming is consistent and meaningful to avoid confusion.
Click to reveal answer
intermediate
Why should you review Terraform state file changes during a code review?
To verify that the planned infrastructure changes match the intended updates and avoid accidental deletions or modifications.
Click to reveal answer
beginner
What is a common security check in infrastructure code reviews?
Ensure no sensitive data like passwords or keys are hardcoded in the code.
Click to reveal answer
intermediate
How can peer reviews improve infrastructure code quality?
They catch errors early, share knowledge, and enforce standards, leading to safer and more reliable infrastructure.
Click to reveal answer
What should you verify first in a Terraform code review?
AThe color scheme of the code editor
BThe planned changes match the intended infrastructure updates
CThe number of comments in the code
DThe size of the Terraform binary
Which of the following is a bad practice in infrastructure code?
AHardcoding passwords directly in the code
BWriting clear resource names
CUsing variables for sensitive data
DAdding comments to explain complex parts
During a code review, why is it important to check resource dependencies?
ATo make the code look cleaner
BTo reduce the number of lines of code
CTo ensure resources are created in the correct order
DTo increase the size of the state file
What tool can help visualize Terraform plan changes during review?
ATerraform plan output
BText editor themes
CBrowser bookmarks
DOperating system logs
Which practice improves collaboration in infrastructure code reviews?
ADeploying without review
BIgnoring comments from reviewers
CSkipping tests before merging
DUsing pull requests for changes
Explain the key steps you take when reviewing Terraform infrastructure code changes.
Think about what you want to see before applying changes to real infrastructure.
You got /5 concepts.
    Describe why code reviews are important for infrastructure as code and how they help prevent problems.
    Consider the risks of deploying infrastructure without review.
    You got /5 concepts.

      Practice

      (1/5)
      1. What is the main purpose of running terraform plan before applying changes?
      easy
      A. To apply the changes directly to the cloud resources
      B. To preview the changes Terraform will make to the infrastructure
      C. To delete all existing infrastructure
      D. To create a backup of the current infrastructure state

      Solution

      1. Step 1: Understand the role of terraform plan

        This command shows what changes Terraform will perform without making any actual changes.

      2. Step 2: Differentiate from other commands

        terraform apply makes changes, while terraform plan previews them safely.

      3. Final Answer:

        To preview the changes Terraform will make to the infrastructure -> Option B

      4. Quick Check:

        Preview changes = terraform plan [OK]
      Hint: Remember: plan previews, apply executes changes [OK]
      Common Mistakes:
      • Confusing plan with apply
      • Thinking plan deletes resources
      • Assuming plan creates backups
      2. Which of the following is the correct syntax to initialize a Terraform working directory?
      easy
      A. terraform init
      B. terraform start
      C. terraform setup
      D. terraform configure

      Solution

      1. Step 1: Identify the initialization command

        terraform init sets up the working directory by downloading providers and preparing backend.

      2. Step 2: Verify other options

        Commands like terraform start, terraform setup, and terraform configure do not exist in Terraform CLI.

      3. Final Answer:

        terraform init -> Option A

      4. Quick Check:

        Initialize = terraform init [OK]
      Hint: Init means start setup in Terraform [OK]
      Common Mistakes:
      • Using non-existent commands
      • Confusing init with apply
      • Assuming configure is a Terraform command
      3. Given this Terraform snippet:
      resource "aws_instance" "example" {
  ami           = "ami-123456"
  instance_type = "t2.micro"
}

output "instance_id" {
  value = aws_instance.example.id
}

      What will terraform apply output after successful deployment?
      medium
      A. The ID of the created AWS instance
      B. The AMI ID used in the instance
      C. The instance type string
      D. An error because output is missing

      Solution

      1. Step 1: Understand the output block

        The output named instance_id returns the ID of the created AWS instance resource.

      2. Step 2: Confirm output value

        The value is set to aws_instance.example.id, which is the unique instance ID assigned by AWS.

      3. Final Answer:

        The ID of the created AWS instance -> Option A

      4. Quick Check:

        Output shows instance ID = The ID of the created AWS instance [OK]
      Hint: Output shows resource attributes, not input values [OK]
      Common Mistakes:
      • Confusing output value with input AMI
      • Expecting instance type as output
      • Thinking output block is missing or invalid
      4. You see this Terraform code snippet in a pull request:
      resource "aws_s3_bucket" "my_bucket" {
  bucket = "my-unique-bucket-name"
  acl    = "public-read"
}

      What is the main concern during code review before applying?
      medium
      A. The bucket name might not be unique globally
      B. The code is missing a region specification
      C. The resource type is incorrect for S3 buckets
      D. The ACL setting makes the bucket publicly readable, which may be a security risk

      Solution

      1. Step 1: Analyze the ACL setting

        The ACL is set to public-read, which allows anyone on the internet to read bucket contents.

      2. Step 2: Consider security best practices

        Making buckets public can expose sensitive data; this should be reviewed carefully before applying.

      3. Final Answer:

        The ACL setting makes the bucket publicly readable, which may be a security risk -> Option D

      4. Quick Check:

        Public ACL = security risk [OK]
      Hint: Watch for public access settings in code reviews [OK]
      Common Mistakes:
      • Ignoring security implications of ACL
      • Assuming bucket name uniqueness is the main issue
      • Thinking region is mandatory in resource block
      5. A team wants to share Terraform infrastructure changes for review before applying. Which practice best supports safe collaboration?
      hard
      A. Send raw Terraform files via email for manual review
      B. Run terraform apply directly on the main branch without review
      C. Share terraform plan output in a pull request for team feedback
      D. Apply changes first, then notify the team

      Solution

      1. Step 1: Understand collaboration best practices

        Sharing terraform plan output in pull requests allows the team to see proposed changes safely before applying.

      2. Step 2: Evaluate other options

        Applying changes without review or sending raw files lacks safety and clarity; notifying after applying is risky.

      3. Final Answer:

        Share terraform plan output in a pull request for team feedback -> Option C

      4. Quick Check:

        Plan + PR = safe collaboration [OK]
      Hint: Use plan output in PRs for safe team review [OK]
      Common Mistakes:
      • Skipping review before apply
      • Sharing raw files without context
      • Applying changes before team agreement