Gokul Pisharody's Blog

Day-8-terraform

Mastering Terraform: Key Interview Scenarios Explained

Gokul Pisharody's photo
Gokul Pisharody
·

4 min read

TLDR: This blog post covers two critical Terraform interview scenarios: migrating existing infrastructure to Terraform and detecting configuration drift. It provides detailed explanations and demonstrations of how to handle these scenarios effectively, ensuring candidates are well-prepared for technical interviews.

In this bonus episode of the Terraform Zero to Hero series, we delve into two of the most commonly asked interview scenarios related to Terraform. As many candidates find themselves struggling with scenario-based questions during interviews, this post aims to clarify these scenarios with detailed explanations and live demonstrations.

Scenario 1: Migrating Existing Infrastructure to Terraform

Overview

Imagine you have an existing infrastructure on a cloud provider like AWS, which was initially created using CloudFormation templates. Now, your team has decided to migrate to Terraform. The key question is: how do you import the existing configuration into Terraform?

The Import Process

To begin, you can simply state that you will use the terraform import command. However, interviewers will expect you to elaborate on the challenges involved in this process. Here’s how to approach it:

  1. Set Up Your Environment: Create a new folder for your Terraform project. For this example, we will create a folder named day-eight and a subfolder called scenario-one.

  2. Create the Main Configuration File: In your main.tf file, start by defining your provider configuration. For instance, specify the AWS region as us-east-1.

  3. Utilize the Import Block: Terraform 1.5 introduced the import block, which allows you to specify the resource ID you want to import. For example, if you have an EC2 instance, you would provide its instance ID in the import block.

  4. Generate Configuration: Run the command terraform plan -generate-config-out=<filename> to create a new configuration file that includes all the details of the existing EC2 instance.

  5. Import the Resource: Execute the command terraform import aws_instance.example <instance_id>. This command will create a state file that contains all the information about the imported resource.

  6. Verify the Import: After running the import command, execute terraform plan to ensure that Terraform recognizes the existing resource and does not attempt to create a new one.

Challenges Faced

While the import process may seem straightforward, candidates should be prepared to discuss potential challenges, such as:

  • Handling multiple resources (e.g., hundreds of EC2 instances) can be cumbersome without automation.

  • Understanding the importance of the state file, which is crucial for Terraform to manage resources effectively.

Scenario 2: Detecting Configuration Drift

Overview

In this scenario, you have a fully operational infrastructure managed by Terraform. However, a team member manually modifies a resource, such as an S3 bucket's lifecycle policy. The challenge is to detect this change, known as configuration drift.

Drift Detection Strategies

  1. Using Terraform Refresh: The terraform refresh command updates the state file with the current state of the infrastructure. However, this command is not fully endorsed by Terraform and may undergo changes in future versions. To implement this:

    • Set up a cron job to run terraform refresh at regular intervals (e.g., every hour or day).

    • Monitor the output for any discrepancies between the state file and the actual infrastructure.

  2. Implementing Strict IAM Policies: To prevent unauthorized changes, configure strict IAM policies that limit access to AWS resources. This can include:

    • Restricting access to only those who need it.

    • Requiring approval for any manual changes to the infrastructure.

  3. Utilizing Audit Logs and Automation: Set up audit logs to track changes made to resources. You can use AWS CloudWatch or similar tools to monitor these logs. Implement Lambda functions to:

    • Check if any changes were made manually to resources managed by Terraform.

    • Send notifications if unauthorized changes are detected.

Summary of Drift Detection Approaches

  • Terraform Refresh: Use this command in a cron job to regularly check for drift.

  • Audit Logs and Lambda Functions: Automate the detection of manual changes and notify the team accordingly.

Conclusion

Understanding these two scenarios—migrating existing infrastructure to Terraform and detecting configuration drift—is crucial for anyone preparing for a Terraform-related interview. By practicing these scenarios and being aware of the challenges involved, candidates can demonstrate their expertise and readiness for real-world Terraform management.

If you have any questions or need further clarification on these scenarios, feel free to leave a comment. Happy learning!

Interview Scenarios Terraform