This article is in the continuation with the 10th article of the series where we are studying about important pointers for Terraform Associate exam. This is definitely going to help you ace the exam and help you pass with flying colors.
Pointer 18 - Accessing Output Values in Modules
The resources defined in a module are encapsulated, so the calling module cannot access their attributes directly.
However, the child module can declare output values to selectively export certain values to be accessed by the calling module.
A module includes a module block like this is the calling module of the child module.
Pointer 19 -Suppressing Values in CLI Output
An output can be marked as containing sensitive material using the optional sensitive argument:
Setting an output value in the root module as sensitive prevents Terraform from showing its value in the list of outputs at the end of terraform apply
Sensitive output values are still recorded in the state, and so will be visible to anyone who is able to access the state data.
Pointer 20 - Module Versions
It is recommended to explicitly constraining the acceptable version numbers for each external module to avoid unexpected or unwanted changes.
Version constraints are supported only for modules installed from a module registry, such as the Terraform Registry or Terraform Cloud's private module registry.
Pointer 21 - Terraform Registry
The Terraform Registry is integrated directly into Terraform.
The syntax for referencing a registry module is
For example hashicorp/consul/aws
Pointer 22 - Private Registry for Module Sources
You can also use modules from a private registry, like the one provided by Terraform Cloud.
Private registry modules have source strings of the following form:
This is the same format as the public registry, but with an added hostname prefix.
While fetching a module, having a version is required.
Pointer 23 - Terraform Functions
The Terraform language includes a number of built-in functions that you can use to transform and combine values.
> max(5, 12, 9)
The Terraform language does not support user-defined functions, and so only the functions built into the language are available for use
Be aware of basic functions like element, lookup.
Pointer 24 - Count and Count Index
The count parameter on resources can simplify configurations and let you scale resources by simply incrementing a number.
In resource blocks where the count is set, an additional count object (count.index) is available in expressions, so that you can modify the configuration of each instance.
Pointer 25 - Find the Issue Use-Case
You can expect use-case with terraform code, and you have to find what should be removed as part of Terraform best practice.
Pointer 26 - Terraform Lock
If supported by your backend, Terraform will lock your state for all operations that could write state.
Terraform has a force-unlock command to manually unlock the state if unlocking failed.
Pointer 27 - Use-Case - Resources Deleted Out of Terraform
You have created an EC2 instance. Someone has modified the EC2 instance manually. What will happen if you do terraform plan yet again?
Someone has changed EC2 instance type from t2.micro to t2.large?
Someone has terminated the EC2 instance.
Answer 1. Terraform’s current state will have t2.large, and the desired state is t2.micro. It will try to change back instance type to t2.micro.
Answer 2. Terraform will create a new EC2 instance.
Pointer 28 - Resource Block
Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records.
A resource block declares a resource of a given type ("aws_instance") with a given local name ("web")
Pointer 29 - Sentinel
Sentinel is an embedded policy-as-code framework integrated with the HashiCorp Enterprise products.
Can be used for various use-cases like:
Verify if EC2 instance has tags.
Verify if the S3 bucket has encryption enabled.
Pointer 30 - Sensitive Data in State File
If you manage any sensitive data with Terraform (like database passwords, user passwords, or private keys), treat the state itself as sensitive data.
Approaches in such a scenario:
Terraform Cloud always encrypts the state at rest and protects it with TLS in transit. Terraform Cloud also knows the identity of the user requesting state and maintains a history of state changes.
The S3 backend supports encryption at rest when the encrypt option is enabled.
Pointer 31 - Dealing with Credentials in Config
Hard-coding credentials into any Terraform configuration are not recommended, and risks the secret leakage should this file ever be committed to a public version control system.
You can store the credentials outside of terraform configuration.
Storing credentials as part of environment variables is also a much better approach than hard coding it in the system.
Pointer 32 - Remote Backend for Terraform Cloud
The remote backend stores Terraform state and may be used to run operations in Terraform Cloud.
When using full remote operations, operations like terraform plan or terraform apply can be executed in Terraform Cloud's run environment, with log output streaming to the local terminal.
Pointer 33 - Miscellaneous Pointers
Terraform does not require go as a prerequisite.
It works well in Windows, Linux, MAC.
Windows Server is not mandatory.
Alright people now it's the time to study and study and study more .