Terraform Association Certification Guide

This guide will help you to prepare and understand the Hashicorp Terraform Associate certification from basics. Terraform certification is intended for automation engineer who are having automation skills. Certification will show your capability in IT industries to write, manage and deploy infrastructure as Code (IaC).

Terraform Associate Certificate

Why Terraform?

You might have question there are many IAC (Infrastructure as Code) in market why only we should focus in Terraform, reason behind that terraform is platform agnostic. In simple words, we can use terraform for multi providers by making changes to API calls for specific providers. We don’t have to learn any new tool as terraform supports many providers in same way others. On other side if we go opt for other tools like Cloud Formation (AWS Native Tool), Google Deployment Manager(GCP) and many more we have to learn each on for different cloud providers.

About Certification:

  • Duration of exam is 1 hour.
  • There will be total of 57 questions, which consists of Multiple choice questions, Fill in the blanks, True/false type and multi answer as well.
  • Cost of exam is $70.50.
  • This will be online proctored exam.
  • Certification will be valid for 2 years.
  • Official exam guide

Preparation 📚

I would say Terraform Associate is not very tough exam to clear, but suggesting to prepare like other exam which will help you to explore more features of Terraform. I am having good hands-on experience for the terraform working with multiple projects. So, I spend less time for preparing exams.

Preparation content:

  • Official document is enough to clear the exam, cover all the pointers mentioned in study guide.
  • I also purchased Zeal Vora course from Udemy, to get a feel for exam.
  • Do practice, this will not only help to build confidence for exam, but will also help for real time issues.
  • Make use of terraform console, which will help you to play around functions without implementing in code.
  • Look for examples mentioned in terraform documentation.

IaC tools Benefits:

  1. Versioning, Infrastructure can be versioned easily with source control system.
  2. Automation, we can create and destroy infrastructure in few minutes.
  3. Re-usability, Code can be used N number of times with some small changes only.

Terraform Terminologies:

Now we will understand the basic terminologies for the terraform configuration file:

resource "aws_instance" "myec2"{
ami = "ami-313f132"
instance_type = "t2.large"
}

From above example →

  • aws_instance: Resource Type
  • myec2: Local Name
  • ami & instance_type: Argument Name
  • ami_313f132 & t2.large: Argument Value

Terraform Settings

  1. It can accepts version constraint to control terraform version.
  2. If version not match it will not take any action, it will exit.
  3. >=, <= , ~>2.0 , >=2.0, <=3.0

required_providers

terraform {
required_providers {
mycloud = {
source = “myorg/mycloud”
version = “1.0.0” }
}
}

Quick summary for all Terraform features

In this section I am sharing my personal notes which I prepared while studying hoping it might help you for revision before exam.

Terraform Providers:

  1. Understands API interactions and expose resource.
  2. We can define specific version for the provider in provider block.
  3. To update Terraform provider to acceptable terraform init -upgrade
  4. Multiple provider instance with help of alias.
  5. This is not required for all configurations.

Terraform init:

  1. Used to Initialize the working directory containing terraform config files.
  2. It search for module blocks and referenced while init
  3. Terraform must initialize provider before used.
  4. It also downloads and installs provider’s plugins so it can be used later.

Terraform Plan:

  1. Used to create execution plan.
  2. Will not modify infrastructure.
  3. It performs refresh, unless mentioned -refresh=false
  4. It is way to match changes if these are expected.
  5. terraform plan -destroy to preview destroy command.

Terraform Apply:

  1. Used to apply changes to infrastructure, required to used to reach to desired state.
  2. It will also write data to terraform state file.

Terraform Refresh:

  1. It is used to reconcile the TFSTATE file Terraform knows about, with real infrastructure.
  2. It will not modify infra, but only state file

Terraform Destroy:

  1. It is used to destroy resources.
  2. It is not only command to delete resources, removing block from config files will also delete resource.
  3. Also, consecutively terraform plan -destory and terraform apply will do the same task.
  4. To destroy specific resource make use of -target flag OR simple remove the code block from configuration files and run terraform apply

Terraform Format:

  1. terraform fmt
  2. terraform fmt` used to rewrite TF Config files to canonical format and style.

2. By default, fmt scans the current directory for configuration files. If the dir argument is provided then it will scan that given directory instead

Terraform Validate:

  1. It validates config files in directory.
  2. Checks syntax, as well as variable types and defined.
  3. It can be run before terraform plan.

Terraform provisioners:

  1. Used to run some specific code on remote and local machines.
  2. Provisioners are the last option which should be considered, there are alternatives available like configuration management tools.
  3. Provisioners will be mentioned under resource block.

local-exec

  1. It invokes executable on machine where TF running.

remote-exec

  1. It invokes on machine which is launched by terraform, supported connection is ssh and winrm
  2. By default if provisioner fail will cause terraform to apply to fail.
  3. on_failurecan be used to override the default behavior.
  • Continue: Ignore the error and completes apply / destroy
  • fail (default): Raise error and stop applying.

Provisioners Types:

  1. Create time: This is only applicable when created not updated or any other changes. Once it fails resource is marked as tainted.
  2. Destroy time: It is run before resource destroyed.

Terraform Debugging:

  1. TF_LOG → Can be set one from mentioned below: TRACE,DEBUG,INFO,WARN,ERROR
  2. Environment Variable TF_LOG_PATH needs to be set to store log to specific location.
  3. Default log level is TRACE

Terraform Import:

  1. Import to TF which is created by other means like manually.
  2. It imports information to state file, not creates terraform config files.
  3. Prior to import, we must write the TF config block.

terraform import aws_instance.myec2 i-xxxxxxx

Local Values:

  1. Assign name to expression, which can be used multiple times in terraform config files without repeating.
  2. Local value can refer to other local blocks, but not to self value or self variables.

Data Types:

  1. String → “Certificate” , “terraform”
  2. List → [“terraform”, “associate”]
  3. Map → { a = “terraform” , b = “certificate” }
  4. Number → 3, 23, 91

Terraform Workspace:

  1. With help of work spaces we can set deploy different environment with same terraform configuration files.
  2. It also helps to create multiple state files for set of same terraform configuration files.
  3. All state files are stored in /.terraform.state.d/<workspacename>
  4. Not suitable for strong separation between environments.

Terraform Modules:

  1. Writes a code which can be used from multiple projects.
  2. The module where source is defined is called root module
  3. The module which is called is called child module
  4. Version control is only supported which are installed from registry such as terraform public registry or terraform Cloud private registry.
  5. Source can be local paths, TF registry , S3 , GitHub etc

Sensitive Parameter:

  1. Output and variables can be set as sensitive by giving sensitive = true
  2. The sensitive variables and outputs are still available in state file as plain text.

Terraform registry:

  1. Naming convention for the modules: <NAMESPACE>/<NAME>/<PROVIDER>

Private registry:

  1. Naming convention for modules in private registry: <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>
  2. Having version for modules is required.

Terraform Functions:

  1. We can only use terraform inbuilt functions.
  2. Functions are used widely in terraform code to make the code more useful.
  3. Functions are classified into many big groups like Numeric functions, String functions and so on.

Count & Count.index:

  1. If we want to run the same code multiple times, we don’t have to duplicate code in configuration files we can make use of count i,e., count = 2 This will create specific resource twice.
  2. To change specific value for specific loop we need count.index

Terraform Lock:

  1. Terraform will automatically lock state for all operations that could write state, to make sure there are no more than single write to same state file.
  2. We can make use of force-unlock command, if lock does not removes automatically.
terraform force-unlock LOCK-ID

Terraform Taint:

  1. This feature should be used if user wants to delete resource and recreates in the next apply.
  2. It can also be used to taint resource within a module by following command.
terraform taint “module.vpc.aws_instance.myec2” Nested modules:`module.foo.module.bar.aws_instance.myec2`

Resource Block:

  1. It defines one or more infra objects in terraform configuration files.
  2. Local Name is referred which we define with resource block so terraform can read in later usage.
 resource “aws_instance” “my_instance” In above example my_instance will be considered as local name of resource aws_instance.

Data Block:

  1. Data block is used to fetch information from providers or from state files to use in terraform config files.
data "aws_ami" "example" {
most_recent = true
owners = ["self"]

filter {
name = "name"
values = ["my_ami_ubuntu"]
}

Terraform Variables:

  1. If undefined, it will ask you at TF_PLAN & TF_APPLY , it will not throw an error.
  2. Variables can be set in environment variables with help of name TF_VAR_<variable_name> example: “TF_VAR_region=us-west-1”
  3. Can be set in command line while running plan or apply example: terraform plan -var="region=us-west-1"
  4. Also we can assign with custom files apart from terraform.tfvars or terraform.tfvars.json or .auto.tfvars.json
  5. All custom files will be loaded alphabetically order. To make use of custom variable files -var-file needs to be used.

terraform apply -var-file = custom.tfvars

6. Order in which variables will be picked up is : Environment variables → terraform.tfvars → terraform.tfvars.json → *.auto.tfvars → -var & -var-file.

7. Last one is taken if defined multiple times.

Terraform Output:

  1. Used to extract value of an output variable from state file.
  2. terraform output myec2

Sentinel Policy:

  1. It is embedded policy as a code framework integrated with the Hashicorp enterprise.
  2. This will be applied and checked before terraform apply command.
  3. Example: This will help us to check if correct tags are present in the resource OR S3 bucket is encrypted.

Terraform State:

  1. State file should be encrypted whens stored in remote backend. Terraform cloud by default encrypts the state file.
  2. This file will be storing all the data which is managed by terraform.

Remote Backend:

  1. With help of this, we can see or visualize the terraform operations in local machines even operations are running in remote environment (Terraform Cloud)

Terraform Backend:

1. These are configured directly in terraform files in terraform section.

2. After configuring needs initialization by terraform init

3. First time config → terraform will give you option to migrate state from A to B.

4. Partial config → We can skip giving all values in backend block, but then it needs to be specified at time of init like terraform init -backend-config="path=terraform/state"

Terraform Cloud:

  1. It is used to generate visual representation of config files or execution plan.
  2. The output of terraform graph in DOT format, which can be later converted to image.

Splat expression:

1. Allows to get a multiple list of attributes.

2. aws_iam_user.[*].arn

TF Enterprise & TF Cloud:

  1. Benefits over free version: Single Sign On, Private data center networking, Auditing & Clustering.
  2. Team and governance is not available in FREE version.
  3. FREE, Team and Governance & Business are the types of support available.

Pointers to cover and read before exam:

  1. Make sure you are aware of order in which variables will be picked up when multiple values are assigned.
  2. Understand and practice all basic functions using terraform console actively.
  3. Understand Logging usage for each type [Trace, Debug, Info, Error]
  4. Functionality for Dynamic Block to not duplicating code for nested blocks.
  5. Basic difference for provisioners like create-time & destroy-time & local-exec & remote-exec.
  6. Workspace functionality and use-cases, make use of CLI, avaiable commands are new, list, select, delete & show
  7. Type of module sources like local, git, terraform registry, GitHub.
  8. What is remote backends and type of remote backends. This is to run TF operations in terraform Cloud from local machine.Terraform Cloud token is needed which we can get by running terraform login and follow steps in browser.
  9. Understood Terraform Cloud & Terraform enterprises support level and difference of benefits.
  10. Understand the sentinel policy.
  11. Understand basic terraform workflow init >> plan >> apply
  12. Know about keywords reserved by Terraform which can not be used as variables. → Source , version, providers, count , for_each, lifecycle, depends_on, locals
  13. Read and see example for Structural Data Types.
  14. Modules in registry, also understand pre-reuisites to have module in registry.
  15. terraform-<provider>-<name>should be public for public repo, git and github, TF needs access for create hookups.
  16. Datastore type for Terraform Enterprise.
  17. Understand different ways to comment in Terraforms.
  18. Read about air-gapped installation.
  19. Read about basics recommendations from terraform for writing.

Basic Commands for examination

  • terraform init & terraform init -upgrade
  • terraform plan & terraform plan -destroy
  • terraform apply
  • terraform refresh
  • Usage of -refresh & -target flags.
  • terraform taint
  • terraform workspace
  • terraform state : Available commands rm, mv, list, push, show, pull & replace-provider
  • terraform graph
  • terraform login & terraform logout
  • terraform show
  • terraform import
Terraform Badge

In my opinion, this is all about for Terraform Associate Guide is good to pass the exam without any issues. I am hopeful that guide everyone who is trying to get their Terraform Associate certification. If you need any help regarding certification. Please feel free to reach out to me via comment section.

Good luck with your exam and if you pass it, come back and share your badge! If above guide helps show your support by Clap.!! Cheers !!

Cloud Architect and New tech enthusiastic. Photographer by choice.