𧱠Terraform β 20 Scenario-Based Real-World Interview Questions (Part 2)
β Q1 β Terraform apply failed midway. Some resources created, some not. What do you do?
First run terraform plan again β Terraform reads state and detects drift. It will propose creating only missing resources. Never manually recreate unless state is broken. If needed, use terraform import to sync manually created resources.
β Q2 β Someone manually changed an AWS resource created by Terraform. How do you detect it?
Run terraform plan β it will show drift between state and real infra. Terraform compares provider API data with state file. Plan output will show changes to revert or update. Drift detection is automatic via refresh.
β Q3 β State file got corrupted locally. Recovery options?
If using remote backend with versioning (S3), restore previous version. Thatβs why versioning must be enabled. Without backup β you may need to import resources again. Local-only state is a production mistake.
β Q4 β Two engineers ran apply at same time β infra broke. How prevent this?
Use remote backend with state locking (S3 + DynamoDB lock table). Lock prevents concurrent writes. Terraform will block second apply. Never allow shared local state in teams.
β Q5 β You renamed a resource block β Terraform wants to recreate it. How avoid that?
Use terraform state mv to move state mapping to new resource name. This preserves real infra and avoids destroy/create. Renaming in code alone causes recreation.
β Q6 β You want to reuse VPC module across dev/stage/prod with different sizes. How?
Parameterize using variables. Pass different tfvars per environment. Keep module generic, env config specific. Never hardcode values inside module.
β Q7 β Terraform shows resource will be destroyed but you know it shouldnβt. What first?
Stop. Donβt apply. Check variable values, count/for_each keys, and conditional logic. Most accidental destroys come from changed keys or indexes. Review plan diff carefully.
β Q8 β Need to create 50 similar resources dynamically. Best approach?
Use for_each or count. Prefer for_each when resources have unique keys. It avoids index-shift destroy problems. Use maps for stable identity.
β Q9 β count vs for_each β when does count become dangerous?
When list order changes. Terraform reindexes and destroys/recreates resources. This causes unexpected churn. for_each with map keys is safer for production.
β Q10 β You must use an existing manually created resource in Terraform. How?
Use terraform import. It maps existing resource ID to Terraform state. After import, adjust config to match actual settings. Then run plan to verify no drift.
β Q11 β Terraform apply is very slow β what can you tune?
Increase parallelism with -parallelism flag. Reduce unnecessary dependencies. Split large configs into modules/stacks. Avoid huge single-state monolith.
β Q12 β Need output from one Terraform stack in another. How?
Use remote state data source. Example: data terraform_remote_state. Pull outputs from shared backend. Avoid copy-paste values.
β Q13 β Sensitive values like DB password β how manage?
Use sensitive variables + secret manager integration. Donβt hardcode in tf files. Use CI secret injection or Vault/SSM. Mark outputs as sensitive.
β Q14 β Terraform plan shows change every run for same resource. Why?
Usually unordered fields or timestamps in config. Or provider bug. Use lifecycle ignore_changes for non-critical drift fields. Fix root cause if possible.
β Q15 β Need zero-downtime replacement of resource. What Terraform feature helps?
Use lifecycle { create_before_destroy = true }. It creates new resource first, then deletes old. Works for supported resources only.
β Q16 β How do you prevent accidental resource deletion?
Use lifecycle prevent_destroy = true. Terraform will error instead of destroying. Common for DB and production buckets.
β Q17 β Module depends on resource outside module β how enforce order?
Pass resource output as module input β creates implicit dependency. Or use depends_on at module level. Avoid hidden ordering assumptions.
β Q18 β Terraform needs different configs per region. How design?
Use provider aliases per region. Or separate stacks per region. Avoid multi-region in single state unless necessary.
β Q19 β CI/CD pipeline running Terraform β what extra safety step?
Always run terraform plan and require approval before apply. Store plan file artifact. Never auto-apply to prod blindly.
β Q20 β Large team Terraform best practice?
Small states, reusable modules, remote backend, locking, versioned modules, PR-based plan review. Monolithic state is a scaling killer.