{"id":24402,"date":"2025-11-11T20:19:43","date_gmt":"2025-11-11T14:49:43","guid":{"rendered":"https:\/\/cloudsoftsol.com\/2026\/?p=24402"},"modified":"2025-11-11T20:55:17","modified_gmt":"2025-11-11T15:25:17","slug":"50-terraform-interview-questions-every-devops-engineer-must-know","status":"publish","type":"post","link":"https:\/\/cloudsoftsol.com\/2026\/interview-questions\/50-terraform-interview-questions-every-devops-engineer-must-know\/","title":{"rendered":"50+ Terraform Interview Questions Every DevOps Engineer Must Know"},"content":{"rendered":"\n<p><strong>Comprehensive guide<\/strong> for Cloud \/ DevOps interviews (3\u201310 years). Kept original numbering and organized into Beginner \u2192 Intermediate \u2192 Advanced \u2192 Scenario \u2192 Modules \u2192 Troubleshooting \u2192 Terragrunt sections \u2014 blog-ready and SEO-friendly.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Table of Contents<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Basic Terraform Interview Questions (Q1\u2013Q5)<\/li>\n\n\n\n<li>Intermediate Terraform Questions (Q6\u2013Q14)<\/li>\n\n\n\n<li>Advanced Terraform Questions (Q15\u2013Q25)<\/li>\n\n\n\n<li>Curated 25 Questions (4-year experience flavor)<\/li>\n\n\n\n<li>Advanced \/ Experienced Interview Questions (1\u201330)<\/li>\n\n\n\n<li>Scenario-Based Interview Questions &amp; Answers<\/li>\n\n\n\n<li>Real-Time Scenarios &amp; Hands-On Examples<\/li>\n\n\n\n<li>Terraform Enterprise Features &amp; Use Cases<\/li>\n\n\n\n<li>Terraform Modules Interview Questions &amp; Answers<\/li>\n\n\n\n<li>Troubleshooting &amp; Best Practices (AWS + Azure)<\/li>\n\n\n\n<li>Terragrunt: Use Cases, Scenarios, and Interview Questions<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">\ud83d\udfe2 Basic Terraform Interview Questions<\/h1>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>What is Terraform?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>Terraform is an open-source Infrastructure-as-Code (IaC) tool by HashiCorp used to provision, manage, and version cloud infrastructure using declarative configuration files. It supports multiple providers like AWS, Azure, GCP, VMware, and more.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>What are the key components of Terraform?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Providers<\/strong> \u2013 Define which cloud\/service APIs to interact with (e.g., AWS, Azure).<\/li>\n\n\n\n<li><strong>Resources<\/strong> \u2013 The actual infrastructure components (e.g., EC2 instance, VNet).<\/li>\n\n\n\n<li><strong>Modules<\/strong> \u2013 Reusable collections of Terraform configurations.<\/li>\n\n\n\n<li><strong>State File<\/strong> \u2013 Tracks the current infrastructure status (terraform.tfstate).<\/li>\n\n\n\n<li><strong>Variables &amp; Outputs<\/strong> \u2013 Parameterize configurations and share results.<\/li>\n\n\n\n<li><strong>Backend<\/strong> \u2013 Defines where the Terraform state file is stored (local, S3, etc.).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>What language is Terraform written in and what is HCL?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>Terraform is written in <strong>Go<\/strong>. It uses <strong>HCL (HashiCorp Configuration Language)<\/strong> \u2014 a human-readable declarative language designed for infrastructure automation.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><strong>What is the difference between <code>terraform plan<\/code> and <code>terraform apply<\/code>?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>terraform plan<\/code>: Shows the changes Terraform will make without applying them.<\/li>\n\n\n\n<li><code>terraform apply<\/code>: Executes those changes and provisions\/updates resources.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li><strong>What is a Terraform provider?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>A provider is a plugin that enables Terraform to interact with APIs of cloud providers or services (e.g., <code>aws<\/code>, <code>azurerm<\/code>, <code>google<\/code>, <code>kubernetes<\/code>, etc.).<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">\ud83d\udfe1 Intermediate Terraform Questions<\/h1>\n\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li><strong>What is the Terraform state file? Why is it important?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>The state file (<code>terraform.tfstate<\/code>) keeps track of the current infrastructure deployed by Terraform. It maps your configuration to real-world resources, allowing Terraform to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect drift (changes outside Terraform).<\/li>\n\n\n\n<li>Plan accurate updates.<\/li>\n\n\n\n<li>Enable collaboration when stored remotely.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li><strong>What are remote backends in Terraform?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>Remote backends store the Terraform state file in a centralized, shared location (e.g., AWS S3, Azure Blob, Terraform Cloud). They improve collaboration, enable state locking, and prevent data loss.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"8\" class=\"wp-block-list\">\n<li><strong>How do you handle secrets in Terraform?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use environment variables instead of hardcoding secrets.<\/li>\n\n\n\n<li>Use Terraform Cloud or Vault for secret management.<\/li>\n\n\n\n<li>Integrate with AWS Secrets Manager or Azure Key Vault.<\/li>\n\n\n\n<li>Avoid committing <code>.tfstate<\/code> files with sensitive data to Git.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"9\" class=\"wp-block-list\">\n<li><strong>What are Terraform modules?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>Modules are reusable Terraform configurations \u2014 they help reduce code duplication and standardize infrastructure setup.<\/p>\n\n\n\n<p><strong>Example:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>module \"vpc\" {\n  source = \"terraform-aws-modules\/vpc\/aws\"\n  cidr_block = \"10.0.0.0\/16\"\n}\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"10\" class=\"wp-block-list\">\n<li><strong>What is the difference between <code>terraform import<\/code> and <code>terraform state<\/code> commands?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>terraform import<\/code>: Brings existing resources under Terraform management.<\/li>\n\n\n\n<li><code>terraform state<\/code>: Manages or inspects state files (e.g., remove, list, show resources).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"11\" class=\"wp-block-list\">\n<li><strong>What is the purpose of the <code>.terraform.lock.hcl<\/code> file?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>It locks provider versions used in the configuration to ensure consistent builds across environments.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"12\" class=\"wp-block-list\">\n<li><strong>Explain Terraform lifecycle meta-arguments.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>Used to control resource creation, updates, and destruction:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>lifecycle {\n  create_before_destroy = true\n  prevent_destroy       = true\n  ignore_changes        = &#91;tags]\n}\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"13\" class=\"wp-block-list\">\n<li><strong>What is the difference between <code>count<\/code> and <code>for_each<\/code> in Terraform?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>count<\/code>: Creates multiple resources based on index (integer-based).<\/li>\n\n\n\n<li><code>for_each<\/code>: Creates multiple resources based on keys (map\/set-based).<\/li>\n<\/ul>\n\n\n\n<p><strong>Example:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>resource \"aws_instance\" \"web\" {\n  for_each = toset(&#91;\"dev\", \"test\", \"prod\"])\n  tags = { Name = each.key }\n}\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"14\" class=\"wp-block-list\">\n<li><strong>What is Terraform Drift?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>Drift occurs when infrastructure is changed outside Terraform (e.g., manual console updates), making the actual state different from the <code>.tfstate<\/code>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">\ud83d\udd35 Advanced Terraform Questions<\/h1>\n\n\n\n<ol start=\"15\" class=\"wp-block-list\">\n<li><strong>How do you manage multiple environments (dev\/stage\/prod)?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use workspaces: <code>terraform workspace new dev<\/code><\/li>\n\n\n\n<li>Use separate directories or state files.<\/li>\n\n\n\n<li>Use variable files (<code>dev.tfvars<\/code>, <code>prod.tfvars<\/code>).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"16\" class=\"wp-block-list\">\n<li><strong>How can you integrate Terraform with CI\/CD pipelines?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>Use tools like Jenkins, GitHub Actions, or Azure DevOps to run <code>terraform fmt<\/code>, <code>terraform validate<\/code>, <code>terraform plan<\/code>, and <code>terraform apply<\/code>. Use remote backends and service principals for authentication.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"17\" class=\"wp-block-list\">\n<li><strong>What are Terraform provisioners and when should they be used?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>Provisioners (e.g., <code>remote-exec<\/code>, <code>local-exec<\/code>) run scripts or commands on resources after creation. They should be used sparingly, as they break declarative design principles.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"18\" class=\"wp-block-list\">\n<li><strong>How do you perform a Terraform destroy for only one resource?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>terraform destroy -target=aws_instance.web\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"19\" class=\"wp-block-list\">\n<li><strong>How does <code>depends_on<\/code> work in Terraform?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>It defines an explicit dependency between resources to ensure correct creation order.<\/p>\n\n\n\n<p><strong>Example:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>resource \"aws_instance\" \"app\" {\n  depends_on = &#91;aws_security_group.app_sg]\n}\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"20\" class=\"wp-block-list\">\n<li><strong>Explain Terraform Cloud and Terraform Enterprise.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Terraform Cloud:<\/strong> Managed SaaS by HashiCorp for remote runs, version control, and team collaboration.<\/li>\n\n\n\n<li><strong>Terraform Enterprise:<\/strong> Self-hosted version for organizations needing governance, policy checks, and private modules.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"21\" class=\"wp-block-list\">\n<li><strong>What is a Terraform workspace?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>Workspaces allow multiple state files within the same configuration \u2014 useful for managing multiple environments (e.g., <code>default<\/code>, <code>dev<\/code>, <code>prod<\/code>).<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"22\" class=\"wp-block-list\">\n<li><strong>How do you upgrade provider versions in Terraform?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><br>Update the <code>required_providers<\/code> block and run:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>terraform init -upgrade\n<\/code><\/pre>\n\n\n\n<p><strong>Example:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>terraform {\n  required_providers {\n    aws = { version = \"~&gt; 5.0\" }\n  }\n}\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"23\" class=\"wp-block-list\">\n<li><strong>How do you debug Terraform issues?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Run with debug flag: <code>TF_LOG=DEBUG terraform apply<\/code><\/li>\n\n\n\n<li>Check plan and state for mismatches.<\/li>\n\n\n\n<li>Use <code>terraform refresh<\/code> or <code>terraform state list<\/code>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"24\" class=\"wp-block-list\">\n<li><strong>What are some common Terraform best practices?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use version control (Git).<\/li>\n\n\n\n<li>Store state remotely and enable locking.<\/li>\n\n\n\n<li>Use modules and variables.<\/li>\n\n\n\n<li>Run <code>terraform fmt<\/code> and <code>terraform validate<\/code>.<\/li>\n\n\n\n<li>Implement CI\/CD validation stages.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<ol start=\"25\" class=\"wp-block-list\">\n<li><strong>What is the difference between <code>local-exec<\/code> and <code>remote-exec<\/code> provisioners?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>local-exec<\/code>: Executes a command on the machine running Terraform.<\/li>\n\n\n\n<li><code>remote-exec<\/code>: Executes a command inside the target resource (e.g., EC2 instance via SSH).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Curated \u2014 25 Terraform interview questions (4-year DevOps experience flavor)<\/h1>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Concise, experience-focused answers grouped by difficulty to help mid-level candidates prepare for real-world interview scenarios.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Beginner \/ Fundamentals (Q1\u2013Q6)<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>What is Terraform and how does it differ from other IaC tools?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Terraform is an <strong>immutable, declarative IaC tool<\/strong> that uses HCL to define infrastructure in code. Unlike Ansible\/Chef (configuration management), it <strong>creates\/destroys resources<\/strong> via providers. Key differences: state management, plan\/apply workflow, multi-cloud support.<\/p>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>Explain the Terraform workflow.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> <code>terraform init<\/code> \u2192 <code>terraform plan<\/code> \u2192 <code>terraform apply<\/code> \u2192 <code>terraform destroy<\/code>.<\/p>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>What is Terraform state? Why is it important?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> JSON file (<code>terraform.tfstate<\/code>) mapping resources to real IDs. Enables incremental changes, collaboration, and drift detection. <strong>Never commit<\/strong> to VCS without remote backend + locking.<\/p>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><strong>What are remote backends? Name a few.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Store state in shared, lockable storage: <strong>S3 + DynamoDB<\/strong>, <strong>Terraform Cloud<\/strong>, <strong>Azure RM<\/strong>, <strong>GCS<\/strong>, <strong>Consul<\/strong>.<\/p>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li><strong>What is a provider? Give examples.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Plugin that interacts with APIs. Examples: <code>aws<\/code>, <code>azurerm<\/code>, <code>google<\/code>, <code>kubernetes<\/code>, <code>vault<\/code>.<\/p>\n\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li><strong>Explain <code>terraform fmt<\/code>, <code>validate<\/code>, <code>taint<\/code>, <code>import<\/code>.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>fmt<\/code> \u2192 canonical HCL style<\/li>\n\n\n\n<li><code>validate<\/code> \u2192 syntax + schema check<\/li>\n\n\n\n<li><code>taint<\/code> \u2192 mark resource for recreation (deprecated; use <code>-replace<\/code> in v1+)<\/li>\n\n\n\n<li><code>import<\/code> \u2192 bring existing infra under TF management<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Intermediate (Q7\u2013Q15)<\/h2>\n\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li><strong>How do you manage secrets in Terraform?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Use <code>sensitive = true<\/code>, Vault, Secrets Manager, env variables (<code>TF_VAR_<\/code>), Terraform Cloud encrypted variables.<\/p>\n\n\n\n<ol start=\"8\" class=\"wp-block-list\">\n<li><strong>What are modules? When would you create one?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Reusable, versioned directories with inputs\/outputs \u2014 create for VPC, ECS, RDS, etc.<\/p>\n\n\n\n<ol start=\"9\" class=\"wp-block-list\">\n<li><strong>Explain <code>count<\/code>, <code>for_each<\/code>, and <code>depends_on<\/code>.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>count<\/code> \u2192 N identical resources<\/li>\n\n\n\n<li><code>for_each<\/code> \u2192 iterate over maps\/sets<\/li>\n\n\n\n<li><code>depends_on<\/code> \u2192 explicit dependency<\/li>\n<\/ul>\n\n\n\n<ol start=\"10\" class=\"wp-block-list\">\n<li><strong>What is a <code>data<\/code> source? Give an example.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Reads existing resources without managing them (e.g., <code>data \"aws_ami\" \"latest\" { ... }<\/code>).<\/p>\n\n\n\n<ol start=\"11\" class=\"wp-block-list\">\n<li><strong>How do you handle drift detection?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Run <code>terraform plan<\/code> in CI; <code>terraform refresh<\/code> to update state; use Terraform Cloud\/Atlantis for drift checks.<\/p>\n\n\n\n<ol start=\"12\" class=\"wp-block-list\">\n<li><strong>What is <code>terraform workspace<\/code>? When to use vs. directories?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Isolated state per workspace \u2014 good for simple envs; prefer directory-per-env for complex configs.<\/p>\n\n\n\n<ol start=\"13\" class=\"wp-block-list\">\n<li><strong>Explain <code>null_resource<\/code> and a use-case.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Executes scripts when no native resource exists; use for DB seeding or orchestration with <code>triggers<\/code>.<\/p>\n\n\n\n<ol start=\"14\" class=\"wp-block-list\">\n<li><strong>What are provisioners? When should you avoid them?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> <code>local-exec<\/code>\/<code>remote-exec<\/code>\u2014use sparingly; prefer cloud-init or native resource support.<\/p>\n\n\n\n<ol start=\"15\" class=\"wp-block-list\">\n<li><strong>How do you version Terraform configurations?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Use Git tags and semantic versioning in module source references.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Advanced \/ Scenario-Based (Q16\u2013Q25)<\/h2>\n\n\n\n<ol start=\"16\" class=\"wp-block-list\">\n<li><strong>Design a multi-account AWS landing zone with Terraform.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer (high level):<\/strong> Root module for Organizations, per-account modules via <code>for_each<\/code>, remote state per account, assume-role provider aliases.<\/p>\n\n\n\n<ol start=\"17\" class=\"wp-block-list\">\n<li><strong>How to implement blue\/green zero-downtime?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Use AWS CodeDeploy or ECS, manage two target groups, <code>create_before_destroy<\/code>, Route53 weighted DNS or ALB target switching.<\/p>\n\n\n\n<ol start=\"18\" class=\"wp-block-list\">\n<li><strong>Explain Terraform state locking and DynamoDB.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Prevent concurrent <code>apply<\/code>. DynamoDB table stores a lock item; used with S3 backend.<\/p>\n\n\n\n<ol start=\"19\" class=\"wp-block-list\">\n<li><strong>What is <code>terraform graph<\/code>?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Outputs DOT dependency graph for visualization and circular dependency detection.<\/p>\n\n\n\n<ol start=\"20\" class=\"wp-block-list\">\n<li><strong>Handling partial state with <code>state mv<\/code> \/ <code>rm<\/code>.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> <code>mv<\/code> to rename addresses after refactor; <code>rm<\/code> to remove from state (dangerous)\u2014always backup.<\/p>\n\n\n\n<ol start=\"21\" class=\"wp-block-list\">\n<li><strong>Module supporting AWS and Azure with same interface?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Use provider aliases and conditional <code>count<\/code> to enable the desired provider.<\/p>\n\n\n\n<ol start=\"22\" class=\"wp-block-list\">\n<li><strong>Integrate Terraform with GitHub Actions (example).<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Setup job to run <code>init<\/code>, <code>plan -out<\/code>, store plan, manual approval stage, <code>apply plan<\/code>. Add tfsec\/infracost for checks.<\/p>\n\n\n\n<ol start=\"23\" class=\"wp-block-list\">\n<li><strong><code>terraform refresh<\/code> vs <code>apply -refresh-only<\/code>.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> <code>refresh<\/code> updates state only. <code>apply -refresh-only<\/code> creates a plan to sync state and requires apply to change infra.<\/p>\n\n\n\n<ol start=\"24\" class=\"wp-block-list\">\n<li><strong>Terraform Cloud\/Enterprise features used in production.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Remote execution, VCS workflows, Sentinel, private registry, cost estimation, SSO.<\/p>\n\n\n\n<ol start=\"25\" class=\"wp-block-list\">\n<li><strong>How to perform canary deployments with Terraform?<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Answer:<\/strong> Two ASGs or ECS services, weighted routing, <code>create_before_destroy<\/code>, and CI-driven traffic shift.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Quick Revision Cheat-Sheet (4-yr DevOps)<\/h1>\n\n\n\n<pre class=\"wp-block-code\"><code># versions.tf\nterraform {\n  required_version = \"&gt;= 1.6.0\"\n  required_providers { aws = { source = \"hashicorp\/aws\", version = \"~&gt; 5.0\" } }\n  backend \"s3\" { bucket = \"my-tf-state\", key = \"prod.tfstate\", dynamodb_table = \"lock\" }\n}\n\n# variables.tf (sensitive)\nvariable \"db_password\" { type = string, sensitive = true }\n\n# main.tf\nprovider \"aws\" { reg\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Comprehensive guide for Cloud \/ DevOps interviews (3\u201310 years). Kept original numbering and organized into Beginner \u2192 Intermediate \u2192 Advanced \u2192 Scenario \u2192 Modules \u2192 Troubleshooting \u2192 Terragrunt sections \u2014 blog-ready and SEO-friendly. Table of Contents \ud83d\udfe2 Basic Terraform Interview &hellip; <\/p>\n","protected":false},"author":1,"featured_media":24403,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[246],"tags":[458],"class_list":["post-24402","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-interview-questions","tag-terraform"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/posts\/24402","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/comments?post=24402"}],"version-history":[{"count":2,"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/posts\/24402\/revisions"}],"predecessor-version":[{"id":24406,"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/posts\/24402\/revisions\/24406"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/media\/24403"}],"wp:attachment":[{"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/media?parent=24402"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/categories?post=24402"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudsoftsol.com\/2026\/wp-json\/wp\/v2\/tags?post=24402"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}