Bird
Raised Fist0
Terraformcloud~20 mins

Preconditions and postconditions in Terraform - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Preconditions and Postconditions Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Configuration
intermediate
2:00remaining
Terraform precondition blocks usage
Given the following Terraform resource configuration, what will happen if the variable instance_count is set to 0?

resource "aws_instance" "example" {
  count = var.instance_count

  ami           = "ami-123456"
  instance_type = "t2.micro"

  lifecycle {
    precondition {
      condition     = var.instance_count > 0
      error_message = "instance_count must be greater than zero"
    }
  }
}
ATerraform plan will fail with error: "instance_count must be greater than zero".
BTerraform plan will succeed and create zero instances without error.
CTerraform apply will fail but plan will succeed.
DTerraform plan will ignore the precondition and create one instance.
Attempts:
2 left
💡 Hint
Preconditions in lifecycle blocks run during plan phase to validate conditions.
service_behavior
intermediate
2:00remaining
Terraform postcondition effect on resource creation
Consider this Terraform resource with a postcondition:

resource "aws_s3_bucket" "bucket" {
  bucket = var.bucket_name

  lifecycle {
    postcondition {
      condition     = length(aws_s3_bucket.bucket.id) > 0
      error_message = "Bucket ID must be set after creation"
    }
  }
}

What happens if after bucket creation, no ID is assigned?
ATerraform apply will fail after resource creation with the postcondition error.
BTerraform apply will succeed but postcondition error is ignored.
CTerraform plan will fail before apply due to postcondition.
DTerraform apply will retry bucket creation until postcondition passes.
Attempts:
2 left
💡 Hint
Postconditions run after resource creation to validate state.
Architecture
advanced
3:00remaining
Designing Terraform modules with preconditions and postconditions
You are designing a Terraform module that creates an AWS RDS instance. You want to ensure:
1. The allocated storage is at least 20 GB before creation.
2. After creation, the instance endpoint is not empty.

Which lifecycle blocks correctly enforce these preconditions and postconditions?
A
lifecycle {
  precondition {
    condition     = length(aws_db_instance.db.endpoint) > 0
    error_message = "Endpoint must be set after creation"
  }
  postcondition {
    condition     = var.allocated_storage >= 20
    error_message = "Storage must be at least 20 GB"
  }
}
B
lifecycle {
  precondition {
    condition     = var.allocated_storage >= 20
    error_message = "Storage must be at least 20 GB"
  }
  postcondition {
    condition     = length(aws_db_instance.db.endpoint) > 0
    error_message = "Endpoint must be set after creation"
  }
}
C
lifecycle {
  precondition {
    condition     = var.allocated_storage > 0
    error_message = "Storage must be positive"
  }
  postcondition {
    condition     = aws_db_instance.db.endpoint != null
    error_message = "Endpoint must be set after creation"
  }
}
D
lifecycle {
  precondition {
    condition     = var.allocated_storage >= 20
    error_message = "Storage must be at least 20 GB"
  }
}
Attempts:
2 left
💡 Hint
Preconditions check inputs before creation; postconditions check resource attributes after creation.
security
advanced
3:00remaining
Using preconditions to enforce security policies in Terraform
You want to enforce that all AWS EC2 instances created by Terraform use an approved security group ID stored in var.approved_sg_ids. Which precondition block correctly enforces this?
A
precondition {
  condition     = length(aws_instance.example.vpc_security_group_ids) > 0
  error_message = "Instance must have a security group"
}
B
precondition {
  condition     = aws_instance.example.vpc_security_group_ids[0] == var.approved_sg_ids[0]
  error_message = "Security group is not approved"
}
C
precondition {
  condition     = aws_instance.example.vpc_security_group_ids != null
  error_message = "Security group must be assigned"
}
D
precondition {
  condition     = contains(var.approved_sg_ids, aws_instance.example.vpc_security_group_ids[0])
  error_message = "Security group is not approved"
}
Attempts:
2 left
💡 Hint
Use the contains function to check membership in a list.
Best Practice
expert
3:00remaining
Ensuring consistent infrastructure state with postconditions in Terraform
You have a Terraform resource that creates an Azure Storage Account. You want to ensure that after creation, the storage account's primary endpoint URL starts with https://. Which postcondition block correctly enforces this?
A
postcondition {
  condition     = substr(azurerm_storage_account.example.primary_blob_endpoint, 0, 8) == "https://"
  error_message = "Primary endpoint must use HTTPS"
}
B
postcondition {
  condition     = contains(azurerm_storage_account.example.primary_blob_endpoint, "https://")
  error_message = "Primary endpoint must use HTTPS"
}
C
postcondition {
  condition     = startswith(azurerm_storage_account.example.primary_blob_endpoint, "https://")
  error_message = "Primary endpoint must use HTTPS"
}
D
postcondition {
  condition     = azurerm_storage_account.example.primary_blob_endpoint != null
  error_message = "Primary endpoint must be set"
}
Attempts:
2 left
💡 Hint
Use the startswith function for prefix checks.

Practice

(1/5)
1. What is the main purpose of precondition blocks in Terraform?
easy
A. To check conditions before applying changes
B. To verify outputs after deployment
C. To define resource dependencies
D. To configure provider settings

Solution

  1. Step 1: Understand preconditions role

    Preconditions are rules that Terraform checks before making any changes to infrastructure.

  2. Step 2: Differentiate from postconditions

    Postconditions check after changes, but preconditions ensure safety before changes.

  3. Final Answer:

    To check conditions before applying changes -> Option A

  4. Quick Check:

    Preconditions = Before changes check [OK]
Hint: Preconditions run before changes to avoid errors [OK]
Common Mistakes:
  • Confusing preconditions with postconditions
  • Thinking preconditions run after deployment
  • Assuming preconditions configure providers
2. Which of the following is the correct syntax to define a postcondition in a Terraform resource?
easy
A. postcondition { condition = var.enabled error_message = "Must be enabled" }
B. postconditions { condition = var.enabled == true error_message = "Must be enabled" }
C. postcondition { condition = var.enabled == true error_message = "Must be enabled" }
D. postcondtion { condition = var.enabled == true error_message = "Must be enabled" }

Solution

  1. Step 1: Recall correct block name and syntax

    The block is singular postcondition with a condition attribute.

  2. Step 2: Check condition expression format

    Using var.enabled == true is explicit and correct for boolean check.

  3. Final Answer:

    postcondition { condition = var.enabled == true error_message = "Must be enabled" } -> Option C

  4. Quick Check:

    Correct syntax uses singular postcondition and explicit condition [OK]
Hint: Use singular 'postcondition' with condition attribute [OK]
Common Mistakes:
  • Using plural 'postconditions' block
  • Omitting '== true' for boolean checks
  • Misspelling 'postcondition'
3. Given this Terraform snippet inside a resource:
precondition {
  condition     = var.size > 0
  error_message = "Size must be positive"
}
postcondition {
  condition     = length(self.id) > 0
  error_message = "Resource ID must be set"
}

What happens if var.size is 0 during apply?
medium
A. Terraform applies changes but shows a warning
B. Terraform stops and shows "Size must be positive" error
C. Terraform applies changes and postcondition fails silently
D. Terraform ignores precondition and applies changes

Solution

  1. Step 1: Understand precondition behavior

    Preconditions run before applying changes and block apply if false.

  2. Step 2: Evaluate condition with var.size = 0

    Condition var.size > 0 is false, so Terraform stops with error message.

  3. Final Answer:

    Terraform stops and shows "Size must be positive" error -> Option B

  4. Quick Check:

    Precondition false stops apply with error [OK]
Hint: Precondition false stops apply with error message [OK]
Common Mistakes:
  • Thinking preconditions only warn, not stop
  • Confusing precondition with postcondition timing
  • Assuming apply continues despite precondition failure
4. You wrote this postcondition in a Terraform resource:
postcondition {
  condition     = self.name != ""
  error_message = "Name must not be empty"
}

But Terraform never shows the error even if name is empty. What is the likely problem?
medium
A. Postconditions run after apply, but self.name is not set yet
B. The condition should use length(self.name) > 0 instead of self.name != ""
C. The postcondition block is misspelled and ignored
D. Postconditions run before resource creation, so condition is not checked properly

Solution

  1. Step 1: Understand postcondition timing

    Postconditions run after resource creation to verify results.

  2. Step 2: Analyze condition evaluation

    If self.name is null (not set) rather than empty string after apply, self.name != "" is true because null != "", so no error is triggered.

  3. Final Answer:

    Postconditions run after apply, but self.name is not set yet -> Option A

  4. Quick Check:

    null != "" passes; check availability [OK]
Hint: Postconditions check after apply; ensure attribute is set [OK]
Common Mistakes:
  • Assuming postconditions run before apply
  • Using wrong condition syntax without checking attribute availability
  • Misspelling postcondition block name
5. You want to ensure a Terraform resource only applies if var.region is either "us-east-1" or "us-west-2", and after apply, the resource's status attribute must be "active". Which is the correct way to write preconditions and postconditions?
hard
A. 
precondition {
  condition     = var.region == "us-east-1" && var.region == "us-west-2"
  error_message = "Region must be us-east-1 and us-west-2"
}
postcondition {
  condition     = self.status != "active"
  error_message = "Status must not be active"
}
B. 
precondition {
  condition     = var.region == "us-east-1" || var.region == "us-west-2"
  error_message = "Region must be us-east-1 or us-west-2"
}
postcondition {
  condition     = self.status != "active"
  error_message = "Status must not be active"
}
C. 
precondition {
  condition     = var.region != "us-east-1" && var.region != "us-west-2"
  error_message = "Region must not be us-east-1 or us-west-2"
}
postcondition {
  condition     = self.status == "active"
  error_message = "Status must be active"
}
D. 
precondition {
  condition     = var.region == "us-east-1" || var.region == "us-west-2"
  error_message = "Region must be us-east-1 or us-west-2"
}
postcondition {
  condition     = self.status == "active"
  error_message = "Status must be active"
}

Solution

  1. Step 1: Write correct precondition for region

    Use logical OR (||) to allow either region, with proper error message.

  2. Step 2: Write correct postcondition for status

    Check that self.status equals "active" after apply, with matching error message.

  3. Final Answer:

    Precondition uses OR for region check; postcondition checks status equals "active" -> Option D

  4. Quick Check:

    Precondition OR and postcondition equality check [OK]
Hint: Use OR for precondition, equality for postcondition [OK]
Common Mistakes:
  • Using AND instead of OR in precondition
  • Checking for inequality in postcondition wrongly
  • Mixing error messages with wrong logic