Given the Terraform configuration below, what will be the name of the AWS S3 bucket created when the workspace is production?
resource "aws_s3_bucket" "example" { bucket = "myapp-${terraform.workspace}-bucket" acl = "private" }
Remember that terraform.workspace returns the current workspace name exactly as it is.
The terraform.workspace interpolation inserts the current workspace name into the bucket name. Since the workspace is production, the bucket name becomes myapp-production-bucket.
You want to deploy separate AWS VPCs for dev and prod environments using Terraform workspaces. Which configuration snippet correctly uses terraform.workspace to create unique VPC CIDR blocks for each workspace?
Use a conditional expression to select CIDR blocks based on workspace name.
Option C uses a conditional expression to assign different CIDR blocks for prod and other workspaces. Option C is invalid because you cannot interpolate a string directly into an IP address like that. Option C uses a fixed CIDR block, ignoring workspace. Option C uses an invalid conditional syntax.
Consider a Terraform configuration that tags AWS resources with the current workspace name using terraform.workspace. What is a potential security risk of this practice?
Think about what information resource tags can expose to users with access to cloud resources.
Tagging resources with workspace names can expose environment details (like 'prod' or 'dev') to anyone who can view resource metadata, which might be sensitive information. Options B, C, and D are incorrect because they misunderstand the behavior or risk.
Which backend configuration snippet correctly uses terraform.workspace to create separate state files per workspace in an S3 backend?
Use interpolation syntax to insert the workspace name dynamically.
Option D correctly uses ${terraform.workspace} to interpolate the current workspace name into the key path, creating separate state files per workspace. Option D treats terraform.workspace as a literal string. Option D uses an undefined variable workspace. Option D does not separate states by workspace.
You have a Terraform module that creates resources and you want to deploy it in multiple workspaces. Which approach correctly passes the workspace name to the module to customize resource names?
module "app" { source = "./modules/app" env = terraform.workspace }
Modules can receive variables from the root module, including workspace names.
Option B is correct because passing terraform.workspace as a variable allows the module to customize resources per environment. Option B is false; modules can receive variables. Option B is inflexible and breaks multi-environment use. Option B ignores workspace, defeating the purpose.