Answer: Terraform is an open source infrastructure-based protocol (IaC) tool for planning and managing infrastructure resources. It allows you to define your infrastructure using a declarative configuration language called HashiCorp Configuration Language (HCL). Terraform works by creating an execution plan based on the desired state specified in the configuration file. It then compares the current state of the infrastructure with the desired state and makes the necessary changes to reach the desired state.
Q2.What is the difference between Terraform and Ansible?
Answer: Terraform and Ansible are infrastructure automation tools, but they work differently. Terraform focuses on configuration and management while Ansible is a configuration management tool. Terraform is primarily used to create, update and destroy infrastructure resources while Ansible is used to provision and manage software on existing systems.
Q3. What are Terraform providers?
Answer: Terraform providers are plugins that allow Terraform to interact with various infrastructure platforms and services such as AWS, Azure, Google Cloud Platform, and more. Providers define a set of resources and data sources that can be managed through Terraform.
Q4. What is the difference between a resource and a data source in Terraform?
Answer: In Terraform, a resource is a piece of infrastructure that you want to manage, such as an AWS EC2 instance or an Azure virtual network. Resources are created, updated, and destroyed by Terraform. On the other hand, a data source is a way to fetch existing information about infrastructure that was not created by Terraform. For example, you can use a data source to retrieve information about an existing AWS S3 bucket or an Azure virtual machine.
Q5.What is the purpose of the Terraform state?
Answer: Terraform status is a document used to track resources created and managed by Terraform. It maintains a map of the resources defined in the configuration file and their real-world properties. Status information is used to control and monitor changes over time. It also allows Terraform to plan and implement additional changes.
Q6. How does Terraform work on resource expectations?
Answer: Terraform automatically manages dependencies on resources based on configuration. When you define resources in your configuration, Terraform identifies dependencies between resources and ensures that resources are created correctly. For example, if a security group needs to be created before starting an EC2 instance, Terraform will automatically manage this dependency.
Q7. What is the Terraform program and application?
Answer: Planning and implementation of workflows is an important process in
Terraform. First, run the terraform command to create a complete plan. The plan tells what Terraform intends to do in terms of change – whether it is to create, modify or destroy resources. After reviewing the plan, you can run the 'terraform request' command to complete the plan and modify the process.
Q8. What are Terraform modules?
Answer: Terraform modules are reusable containers that contain components and their configurations. Modules help organize and modify Terraform code, making it easier to maintain and reuse across projects.
Modules can be created by you or are available from the Terraform Registry, a public repository of prebuilt Terraform products.
Q9. How does Terraform handle confidential and sensitive information?
Answer: Terraform provides a mechanism called "input variables" to handle confidential and sensitive information. You can define different strategies in your Terraform configuration file and use them when publishing resources.
However, it is important to note that the different strategies are not encrypted or hidden by default, so they should not be used to directly store data such as passwords or API keys.
Terraform integrates with external systems such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault to securely manage secrets. These systems act as secure repositories for sensitive data where Terraform can store passwords at runtime. Instead of coding secrets into the configuration file, you reference them using the interpolation syntax with the appropriate plugins provided by your secret management system.
For example, if you are using the HashiCorp Vault, you can configure the Vault provider and use the vault_generic_secret file to store confidential information.
The stored data can then be used in place of the source.