This article is in the continuation with the 10th article of the series where we are studying about important pointers for Terraform Associate exam. This is definitely going to help you ace the exam and help you pass with flying colors.

Pointer 18 - Accessing Output Values in Modules

The resources defined in a module are encapsulated, so the calling module cannot access their attributes directly.

However, the child module can declare output values to selectively export certain values to be accessed by the calling module.

A module includes a module block like this is the calling module of the child module.

Pointer 19 -Suppressing Values in CLI Output

An output can be marked as containing sensitive material using the optional sensitive argument:

Setting an output value in the root module as sensitive prevents Terraform from showing its value in the list of outputs at the end of terraform apply

Sensitive output values are still recorded in the state, and so will be visible to anyone who is able to access the state data.

Pointer 20 - Module Versions

It is recommended to explicitly constraining the acceptable version numbers for each external module to avoid unexpected or unwanted changes.

Version constraints are supported only for modules installed from a module registry, such as the Terraform Registry or Terraform Cloud's private module registry.

Pointer 21 - Terraform Registry

The Terraform Registry is integrated directly into Terraform.

The syntax for referencing a registry module is


For example hashicorp/consul/aws

Pointer 22 - Private Registry for Module Sources

You can also use modules from a private registry, like the one provided by Terraform Cloud.

Private registry modules have source strings of the following form:


This is the same format as the public registry, but with an added hostname prefix.

While fetching a module, having a version is required.

Pointer 23 - Terraform Functions

The Terraform language includes a number of built-in functions that you can use to transform and combine values.

> max(5, 12, 9)


The Terraform language does not support user-defined functions, and so only the functions built into the language are available for use

Be aware of basic functions like element, lookup.

Pointer 24 - Count and Count Index

The count parameter on resources can simplify configurations and let you scale resources by simply incrementing a number.

In resource blocks where the count is set, an additional count object (count.index) is available in expressions, so that you can modify the configuration of each instance.

Pointer 25 - Find the Issue Use-Case

You can expect use-case with terraform code, and you have to find what should be removed as part of Terraform best practice.

Pointer 26 - Terraform Lock

If supported by your backend, Terraform will lock your state for all operations that could write state.

Terraform has a force-unlock command to manually unlock the state if unlocking failed.

Pointer 27 - Use-Case - Resources Deleted Out of Terraform

You have created an EC2 instance. Someone has modified the EC2 instance manually. What will happen if you do terraform plan yet again?

  • Someone has changed EC2 instance type from t2.micro to t2.large?

  • Someone has terminated the EC2 instance.

Answer 1. Terraform’s current state will have t2.large, and the desired state is t2.micro. It will try to change back instance type to t2.micro.

Answer 2. Terraform will create a new EC2 instance.

Pointer 28 - Resource Block

Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records.

A resource block declares a resource of a given type ("aws_instance") with a given local name ("web")

Pointer 29 - Sentinel

Sentinel is an embedded policy-as-code framework integrated with the HashiCorp Enterprise products.

Can be used for various use-cases like:

  • Verify if EC2 instance has tags.

  • Verify if the S3 bucket has encryption enabled.

Pointer 30 - Sensitive Data in State File

If you manage any sensitive data with Terraform (like database passwords, user passwords, or private keys), treat the state itself as sensitive data.

Approaches in such a scenario:

Terraform Cloud always encrypts the state at rest and protects it with TLS in transit. Terraform Cloud also knows the identity of the user requesting state and maintains a history of state changes.

The S3 backend supports encryption at rest when the encrypt option is enabled.

Pointer 31 - Dealing with Credentials in Config

Hard-coding credentials into any Terraform configuration are not recommended, and risks the secret leakage should this file ever be committed to a public version control system.

You can store the credentials outside of terraform configuration.

Storing credentials as part of environment variables is also a much better approach than hard coding it in the system.

Pointer 32 - Remote Backend for Terraform Cloud

The remote backend stores Terraform state and may be used to run operations in Terraform Cloud.

When using full remote operations, operations like terraform plan or terraform apply can be executed in Terraform Cloud's run environment, with log output streaming to the local terminal.

Pointer 33 - Miscellaneous Pointers

Terraform does not require go as a prerequisite.

It works well in Windows, Linux, MAC.

Windows Server is not mandatory.

Alright people now it's the time to study and study and study more .

Quiz Coming Soon !!!!


66 views0 comments

Recent Posts

See All