Skip to main content

Terraform Interview Questions

DevOpsMe4/3/25About 6 minterraformterraforminfrastructure-as-codeiacdevops

How to Structure Your Terraform Interview Answers

When answering Terraform interview questions, follow these guidelines to create clear, concise, and impactful responses:

  1. Start with a concise definition: Begin with a clear, direct definition or explanation of the core concept.
  2. Use the STAR method for experience-based questions: Situation, Task, Action, Result.
  3. Provide concrete examples: Include brief code snippets or real-world scenarios when applicable.
  4. Highlight practical benefits: Explain why a concept matters in real-world infrastructure management.
  5. Demonstrate both breadth and depth: Show general knowledge but also dive deeper into specifics.
  6. Connect concepts: Relate your answer to other Terraform or DevOps concepts to show holistic understanding.
  7. Mention best practices: Include industry best practices when relevant.
  8. Be honest about limitations: Acknowledge limitations or trade-offs where appropriate.

What is Terraform and what problem does it solve?

Tips for answering

Focus on defining Terraform concisely, then outline its key benefits using a problem-solution approach. Mention both technical advantages and organizational benefits. Demonstrate your understanding of infrastructure challenges that existed before IaC.

Answer

Terraform is an open-source infrastructure as code tool that enables you to safely and predictably create, change, and improve infrastructure. It solves several key problems:

  1. Manual infrastructure management: Terraform replaces error-prone manual processes with declarative code.
  2. Configuration drift: Infrastructure defined as code ensures consistency across environments.
  3. Complexity management: Terraform handles both low-level resources (compute, storage) and high-level components (DNS, SaaS features).
  4. Multi-provider orchestration: It works across 100+ providers through a unified workflow.
  5. Collaboration barriers: Teams can use version control to collaborate on infrastructure.

By defining infrastructure as code, Terraform makes deployments more reliable, traceable, and repeatable.

What is the Terraform workflow?

Tips for answering

Structure your answer around the core Terraform commands in their logical order. Use brief explanations for each step and highlight how they connect. Mention how this workflow supports infrastructure lifecycle management.

Answer

The core Terraform workflow follows a write-plan-apply pattern:

  1. Write: Define infrastructure in HCL (HashiCorp Configuration Language) files with a .tf extension.

    resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}

  2. Plan: Run terraform plan to preview changes before applying them. This creates an execution plan showing what Terraform will do when applied.

  3. Apply: Execute terraform apply to provision the resources defined in your configuration. Terraform creates, updates, or deletes resources to match your configuration.

This workflow is supplemented by:

  • terraform init: Initialize a working directory, download providers and modules
  • terraform validate: Check configuration syntax and consistency
  • terraform destroy: Remove all resources defined in the configuration

This cycle enables predictable infrastructure changes with clear visibility into what will happen before changes are applied.

What is Terraform state and why is it important?

Tips for answering

Begin with a clear definition of state, then explain its importance through specific functions it serves. Use real-world examples to illustrate what would happen without state management. Address both technical and operational aspects.

Answer

Terraform state is a JSON mapping that connects your configuration to real-world infrastructure resources. It's crucial for several reasons:

  1. Resource tracking: State maps configuration to actual resources, allowing Terraform to know what it manages.

  2. Metadata storage: It maintains resource dependencies and other metadata needed for operations.

  3. Performance optimization: For large infrastructures, state prevents Terraform from querying providers for every resource on each run.

  4. Team collaboration: Remote state enables teams to work together on the same infrastructure safely.

Without state, Terraform couldn't determine which resources already exist, causing it to attempt recreation of existing resources or fail to update/delete resources it previously created. This would make infrastructure management unpredictable and potentially destructive.

Best practice is storing state remotely (S3, Azure Blob, HCP Terraform) with proper access controls and versioning enabled.

How does Terraform handle dependencies between resources?

Tips for answering

Start with the different ways Terraform manages dependencies, then provide specific examples. Show both basic and advanced understanding by mentioning the resource graph. Include a practical example with code if possible.

Answer

Terraform manages resource dependencies through:

  1. Implicit dependencies: Automatically detected when one resource references another's attributes:

    # The instance implicitly depends on the security group
resource "aws_instance" "app" {
  security_groups = [aws_security_group.allow_http.id]
}

  2. Explicit dependencies: Defined using the depends_on argument for dependencies Terraform can't automatically infer:

    resource "aws_s3_bucket_object" "data" {
  depends_on = [aws_s3_bucket.example]
  # Other attributes...
}

  3. Resource graph: Terraform builds a directed acyclic graph (DAG) of all resources to determine creation order and identify parallelization opportunities.

  4. Module dependencies: Resources across modules can depend on each other through outputs and variable passing.

This dependency system ensures resources are created, modified, and destroyed in the correct order, preventing errors like referencing resources that don't exist yet.

What is a Terraform module and why would you use one?

Tips for answering

Define modules clearly and focus on their practical benefits. Use an example of how a module might be structured and called. Emphasize both technical advantages and organizational benefits of modular infrastructure.

Answer

A Terraform module is a self-contained package of Terraform configurations that are managed as a group. Essentially, it's a reusable infrastructure component.

Benefits of modules:

  1. Encapsulation: Complex logic is hidden behind a simple interface
  2. Reusability: Common patterns can be standardized and reused
  3. Maintainability: Changes to shared infrastructure need to be made in only one place
  4. Consistency: Standardized implementations across environments and teams
  5. Versioning: Infrastructure components can be versioned, tested, and upgraded systematically

Example of using a module:

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "3.14.0"
  
  name = "my-vpc"
  cidr = "10.0.0.0/16"
  
  azs             = ["us-west-2a", "us-west-2b"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24"]
}

Modules shine when you need to enforce standards, share infrastructure patterns across teams, or isolate complex components for easier management.

How does Terraform handle secrets and sensitive data?

Tips for answering

Focus on both the technical mechanisms and best practices. Organize your answer from basic to advanced approaches. Include code examples where relevant and emphasize security considerations.

Answer

Terraform provides multiple layers for handling sensitive data:

  1. Marking variables as sensitive:

    variable "db_password" {
  type      = string
  sensitive = true  # Hides value in plan/apply output
}

  2. Protecting outputs:

    output "password" {
  value     = aws_db_instance.db.password
  sensitive = true
}

  3. Environment variables: Pass secrets using TF_VAR_ prefix

    export TF_VAR_db_password="securepassword"

  4. External secret management:

    data "vault_generic_secret" "db_creds" {
  path = "secret/database/creds"
}

  5. State encryption: Use backends that support encryption at rest

Best practices:

  • Never commit secrets to version control
  • Use remote state with access controls
  • Consider HashiCorp Vault or cloud provider secret managers
  • Use environment-specific variable files (.tfvars) excluded from version control
  • Apply least-privilege principle to Terraform execution environments

The most secure approach combines several of these techniques based on your security requirements.

What is the difference between Terraform and other IaC tools like Ansible, CloudFormation, or Pulumi?

Tips for answering

Structure your answer as clear comparisons focusing on key strengths and differences. Use categories (like "state management" or "language") to make comparisons consistent. Remain objective rather than simply favoring Terraform.

Answer

Terraform differs from other IaC tools in several distinct ways:

Terraform vs. Ansible:

  • Approach: Terraform is declarative (what should exist); Ansible is procedural (steps to take)
  • Focus: Terraform excels at provisioning infrastructure; Ansible specializes in configuration management
  • State: Terraform maintains state; Ansible is generally stateless
  • Idempotency: Both aim for idempotency but implement it differently

Terraform vs. CloudFormation:

  • Scope: Terraform is multi-cloud; CloudFormation is AWS-only
  • Syntax: HCL is often considered more readable than CloudFormation's JSON/YAML
  • Workflow: Terraform has explicit plan/apply stages; CloudFormation uses ChangeSets
  • Integration: CloudFormation has deeper AWS integration; Terraform offers broader ecosystem

Terraform vs. Pulumi:

  • Language: Terraform uses HCL; Pulumi uses general programming languages (Python, Go, etc.)
  • Abstractions: Pulumi enables higher-level programming constructs and reuse patterns
  • Adoption: Terraform has larger community and ecosystem
  • State: Both use state files with similar approaches

Each tool has its place depending on your requirements, team skills, and existing ecosystem integration needs.

What are the key components of a Terraform configuration?

Tips for answering

Organize your answer by listing the main components and explaining each with a brief example. Focus on showing both breadth of knowledge and understanding of how components work together.

Answer

A Terraform configuration consists of these core components:

  1. Provider blocks: Define and configure providers (AWS, Azure, GCP, etc.)

    provider "aws" {
  region = "us-west-2"
}

  2. Resource blocks: Define infrastructure objects to create

    resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}

  3. Data sources: Query existing infrastructure

    data "aws_vpc" "default" {
  default = true
}

  4. Variables: Define parameterized inputs

    variable "instance_type" {
  type    = string
  default = "t2.micro"
}

  5. Outputs: Expose information about created resources

    output "ip" {
  value = aws_instance.web.public_ip
}

  6. Modules: Reusable configuration components

    module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "3.14.0"
}

  7. Locals: Named expressions for reuse within a module

    locals {
  common_tags = {
    Environment = var.environment
  }
}

  8. Backend configuration: Define state storage location

    terraform {
  backend "s3" {
    bucket = "terraform-state"
    key    = "project/terraform.tfstate"
  }
}

These components work together to define, parameterize, and organize your infrastructure definitions.

What are Terraform workspaces and when would you use them?

Tips for answering

Begin with a clear definition of workspaces, explain how they work technically, then discuss appropriate use cases. Include command examples and mention both advantages and limitations.

Answer

Terraform workspaces are isolated instances of state within a single configuration directory that allow you to maintain multiple environments using the same Terraform code.

Key workspace commands:

terraform workspace new dev      # Create new workspace
terraform workspace select prod  # Switch workspaces
terraform workspace list         # Show available workspaces

Within configuration, access the current workspace:

resource "aws_instance" "web" {
  instance_type = terraform.workspace == "prod" ? "t2.medium" : "t2.micro"
  
  tags = {
    Environment = terraform.workspace
  }
}

Appropriate use cases:

  • Testing changes: Experiment without affecting production
  • Simple environment separation: Manage dev/test/prod with minimal overhead
  • Feature branches: Create temporary infrastructure for feature branches
  • Multi-tenant deployments: Deploy the same stack for different clients

Limitations:

  • All workspaces share the same backend and provider configuration
  • Doesn't handle significant configuration differences between environments
  • Can become difficult to manage with complex deployments

For complex multi-environment setups, consider separate configuration directories with a DRY approach using modules instead of workspaces.

Copyright © 2025 DevOpsMe