0
0
Terraformcloud~20 mins

Preconditions and postconditions in Terraform - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Preconditions and Postconditions Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Configuration
intermediate
2:00remaining
Terraform precondition blocks usage
Given the following Terraform resource configuration, what will happen if the variable instance_count is set to 0?

resource "aws_instance" "example" {
  count = var.instance_count

  ami           = "ami-123456"
  instance_type = "t2.micro"

  lifecycle {
    precondition {
      condition     = var.instance_count > 0
      error_message = "instance_count must be greater than zero"
    }
  }
}
ATerraform plan will fail with error: "instance_count must be greater than zero".
BTerraform plan will succeed and create zero instances without error.
CTerraform apply will fail but plan will succeed.
DTerraform plan will ignore the precondition and create one instance.
Attempts:
2 left
💡 Hint
Preconditions in lifecycle blocks run during plan phase to validate conditions.
service_behavior
intermediate
2:00remaining
Terraform postcondition effect on resource creation
Consider this Terraform resource with a postcondition:

resource "aws_s3_bucket" "bucket" {
  bucket = var.bucket_name

  lifecycle {
    postcondition {
      condition     = length(aws_s3_bucket.bucket.id) > 0
      error_message = "Bucket ID must be set after creation"
    }
  }
}

What happens if after bucket creation, no ID is assigned?
ATerraform apply will fail after resource creation with the postcondition error.
BTerraform apply will succeed but postcondition error is ignored.
CTerraform plan will fail before apply due to postcondition.
DTerraform apply will retry bucket creation until postcondition passes.
Attempts:
2 left
💡 Hint
Postconditions run after resource creation to validate state.
Architecture
advanced
3:00remaining
Designing Terraform modules with preconditions and postconditions
You are designing a Terraform module that creates an AWS RDS instance. You want to ensure:
1. The allocated storage is at least 20 GB before creation.
2. After creation, the instance endpoint is not empty.

Which lifecycle blocks correctly enforce these preconditions and postconditions?
A
lifecycle {
  precondition {
    condition     = length(aws_db_instance.db.endpoint) > 0
    error_message = "Endpoint must be set after creation"
  }
  postcondition {
    condition     = var.allocated_storage >= 20
    error_message = "Storage must be at least 20 GB"
  }
}
B
lifecycle {
  precondition {
    condition     = var.allocated_storage >= 20
    error_message = "Storage must be at least 20 GB"
  }
  postcondition {
    condition     = length(aws_db_instance.db.endpoint) > 0
    error_message = "Endpoint must be set after creation"
  }
}
C
lifecycle {
  precondition {
    condition     = var.allocated_storage > 0
    error_message = "Storage must be positive"
  }
  postcondition {
    condition     = aws_db_instance.db.endpoint != null
    error_message = "Endpoint must be set after creation"
  }
}
D
lifecycle {
  precondition {
    condition     = var.allocated_storage >= 20
    error_message = "Storage must be at least 20 GB"
  }
}
Attempts:
2 left
💡 Hint
Preconditions check inputs before creation; postconditions check resource attributes after creation.
security
advanced
3:00remaining
Using preconditions to enforce security policies in Terraform
You want to enforce that all AWS EC2 instances created by Terraform use an approved security group ID stored in var.approved_sg_ids. Which precondition block correctly enforces this?
A
precondition {
  condition     = length(aws_instance.example.vpc_security_group_ids) > 0
  error_message = "Instance must have a security group"
}
B
precondition {
  condition     = aws_instance.example.vpc_security_group_ids[0] == var.approved_sg_ids[0]
  error_message = "Security group is not approved"
}
C
precondition {
  condition     = aws_instance.example.vpc_security_group_ids != null
  error_message = "Security group must be assigned"
}
D
precondition {
  condition     = contains(var.approved_sg_ids, aws_instance.example.vpc_security_group_ids[0])
  error_message = "Security group is not approved"
}
Attempts:
2 left
💡 Hint
Use the contains function to check membership in a list.
Best Practice
expert
3:00remaining
Ensuring consistent infrastructure state with postconditions in Terraform
You have a Terraform resource that creates an Azure Storage Account. You want to ensure that after creation, the storage account's primary endpoint URL starts with https://. Which postcondition block correctly enforces this?
A
postcondition {
  condition     = substr(azurerm_storage_account.example.primary_blob_endpoint, 0, 8) == "https://"
  error_message = "Primary endpoint must use HTTPS"
}
B
postcondition {
  condition     = contains(azurerm_storage_account.example.primary_blob_endpoint, "https://")
  error_message = "Primary endpoint must use HTTPS"
}
C
postcondition {
  condition     = startswith(azurerm_storage_account.example.primary_blob_endpoint, "https://")
  error_message = "Primary endpoint must use HTTPS"
}
D
postcondition {
  condition     = azurerm_storage_account.example.primary_blob_endpoint != null
  error_message = "Primary endpoint must be set"
}
Attempts:
2 left
💡 Hint
Use the startswith function for prefix checks.