This repository contains notes for the HashiCorp Certified: Terraform Associate (003) exam. The notes are based on the official study guide provided by HashiCorp.
For the exam objectives and general information go here
Write Your Terraform Code
Review
Deploy
Method 1: Download, Unzip, Use
$PATH
as a best practice.Method 2: Set Up Terraform Repository on Linux
terraform init
), Terraform finds and installs providers.resource
keyword, each block specifies the resource type and a name to reference it within the configuration.resource
keyword.aws_instance
, azurerm_virtual_network
).resource "<PROVIDER>_<RESOURCE_TYPE>" "<NAME>" {
# Configuration arguments
}
data
keyword, followed by the type of data source and a name. The data can then be accessed and used in other parts of the Terraform configuration.data
keyword.aws_ami
, azurerm_resource_group
).data "<PROVIDER>_<DATA_SOURCE_TYPE>" "<NAME>" {
# Configuration arguments
}
Block Type | Addressing Format |
---|---|
Provider | provider.<provider_name> |
Data | data.<data_source_type>.<name> |
Resource | resource.<resource_type>.<name> |
terraform.tfstate
.These commands are used to manipulate and interact with the Terraform state file directly.
Command | Description | Use Case |
---|---|---|
terraform state show |
Displays detailed state information for a given resource | Useful for inspecting current state of a specific resource |
terraform state rm |
Removes a specified resource from the state file | Use when a resource needs to be unmanaged by Terraform |
terraform state list |
Lists all resources currently tracked in the state | Helpful for viewing all managed resources |
terraform state mv |
Moves a resource from one state to another | Used for refactoring or re-structuring Terraform configuration |
terraform state pull |
Retrieves the state file from its remote storage location | Use to download and view the current remote state |
terraform state push |
Uploads a local state file to the configured remote state location | Used to manually synchronize the local state with remote state |
terraform state replace-provider |
Replaces provider references in the state file | Useful when changing providers or their versions |
terraform state show |
Shows attributes of a single resource in the state | Inspect detailed information about a specific resource |
sensitive
argument to mark a variable as sensitive.variable "db_password" {
description = "The password for the database"
type = string
sensitive = true
}
validation
block within a variable declaration to define validation rules.variable "port" {
description = "The port on which the application runs"
type = number
validation {
condition = var.port >= 1 && var.port <= 65535
error_message = "The port number must be between 1 and 65535."
}
}
Type | Description | Example |
---|---|---|
String | Represents text | "example string" |
Number | Represents numerical values | 42 |
Bool | Represents true or false values | true |
List | An ordered sequence of values | ["item1", "item2"] |
Map | A collection of key-value pairs | {"key1" = "value1"} |
Set | A collection of unique values | set("item1", "item2") |
Object | A collection of named attributes | object({name=string}) |
Tuple | A sequence of values of different types | tuple([string, number]) |
terraform apply
.Example:
resource "aws_instance" "example" {
# resource configuration
provisioner "remote-exec" {
inline = [
"sudo apt-get update",
"sudo apt-get install -y nginx"
]
}
}
Example:
resource "aws_instance" "example" {
# resource configuration
provisioner "local-exec" {
command = "echo 'Hello, World!'"
}
}
module
block.count
for_each
providers
depends_on
module.<name-of-module>.<name-of-output>
function_name(arg1, arg2, …)
Examples of Terraform built-in functions:
Function | Description |
---|---|
abs |
Returns the absolute value of a number. |
ceil |
Rounds a number up to the nearest whole number. |
floor |
Rounds a number down to the nearest whole number. |
max |
Returns the maximum value from a list of numbers. |
min |
Returns the minimum value from a list of numbers. |
concat |
Concatenates multiple strings together. |
element |
Returns the element at a specific index in a list. |
length |
Returns the length of a string or list. |
lower |
Converts a string to lowercase. |
upper |
Converts a string to uppercase. |
replace |
Replaces occurrences of a substring in a string. |
split |
Splits a string into a list of substrings based on a delimiter. |
join |
Joins a list of strings into a single string using a delimiter. |
format |
Formats a string using placeholders and values. |
jsonencode |
Converts a value to its JSON representation. |
jsondecode |
Converts a JSON string to its corresponding value. |
Collection: These allow multiple values of one primitive type to be grouped together.
list(type)
: A list of values of a specific type.map(type)
: A map of keys to values, all of a specific type.set(type)
: A set of unique values of a specific type.Structural Types: These allow multiple values of different primitive types to be grouped together.
object(type)
: An object with named attributes, each having a type.tuple(type)
: A tuple that can have a fixed number of elements, each with a different type.Supported Block Types: Dynamic blocks are supported within the following block types:
resource
data
provider
provisioner
Usage: Dynamic blocks make your code cleaner by reducing redundancy. They act like a for loop, outputting a nested block for each element in a complex variable type.
terraform fmt
previously known as
taint
anduntaint
commands before Terraform v0.12
terraform apply -replace="RESOURCE_ADDRESS"
terraform import RESOURCE_ADDRESS ID
terraform validate
terraform plan
or terraform apply
.terraform show
terraform graph | dot -Tpng > graph.png
Example output:
terraform output [NAME]
terraform refresh
terraform console
default
, which cannot be deleted.${terraform.workspace}
variable.Command | Description |
---|---|
terraform workspace list |
Lists all the workspaces in the current working directory. Displays an asterisk (*) next to the current workspace. |
terraform workspace show |
Shows the name of the current workspace. |
terraform workspace new <name> |
Creates a new workspace with the specified name. This also switches to the newly created workspace. |
terraform workspace select <name> |
Switches to the specified workspace. If the workspace does not exist, it will return an error. |
terraform workspace delete <name> |
Deletes the specified workspace. The workspace must not be currently selected, and it must be empty (no managed resources). |
terraform workspace select default |
Switches back to the default workspace. |
TF_LOG_PATH
environment variable to save logs to a file.export TF_LOG=TRACE
export TF_LOG_PATH=./terraform.log
t3.micro
.Feature | HashiCorp Cloud Platform (HCP) | Local State | External State |
---|---|---|---|
Storage Location | Managed by HashiCorp in the cloud | Stored on local disk of the user’s machine | Stored in remote services (e.g., AWS S3, Azure Blob Storage) |
Access Control | Built-in authentication and RBAC (Role-Based Access Control) | Access controlled by file system permissions | Access control managed by the external service (e.g., IAM policies for S3) |
Collaboration | Native support for team collaboration with shared state and locking | Limited, as only the local user can modify the state | Supports collaboration through state locking and shared access via remote storage |
State Locking | Automatic state locking to prevent conflicts | No built-in locking; risk of state corruption with concurrent use | Supports state locking using a service like DynamoDB (with S3 backend) |
Security | Secure storage with encryption and automated backups | Relies on local machine’s security; encryption is manual | Security features depend on the remote service (e.g., server-side encryption for S3) |
Backup and Recovery | Automatic state versioning and backups | Manual backups required | Automatic backups and versioning can be configured (e.g., S3 versioning) |
Scalability | Highly scalable, managed by HashiCorp | Limited by local machine’s storage capacity and performance | Scalable based on the chosen external storage solution |
Ease of Setup | Simple setup with Terraform Cloud integration | Very easy, no setup needed for local use | Requires configuration of backend and authentication |
Cost | Subscription-based pricing model for HCP | No cost beyond local storage | Cost depends on the external storage service (e.g., AWS S3 storage fees) |
Compliance and Governance | Built-in compliance tools like Sentinel for policy enforcement | No built-in compliance tools | Compliance depends on the external service; may require custom solutions |