[Terraform](https://www.terraform.io/intro): "HashiCorp Terraform is an infrastructure as code tool that lets you define both cloud and on-prem resources in human-readable configuration files that you can version, reuse, and share. You can then use a consistent workflow to provision and manage all of your infrastructure throughout its lifecycle. Terraform can manage low-level components like compute, storage, and networking resources, as well as high-level components like DNS entries and SaaS features."
- Full automation: In the past, resource creation, modification and removal were handled manually or by using a set of tooling. With Terraform or other IaC technologies, you manage the full lifecycle in an automated fashion.<br>
- Modular and Reusable: Code that you write for certain purposes can be used and assembled in different ways. You can write code to create resources on a public cloud and it can be shared with other teams who can also use it in their account on the same (or different) cloud><br>
- Improved testing: Concepts like CI can be easily applied on IaC based projects and code snippets. This allow you to test and verify operations beforehand
- Declarative: Terraform uses the declarative approach (rather than the procedural one) in order to define end-status of the resources
- No agents: as opposed to other technologies (e.g. Puppet) where you use a model of agent and server, with Terraform you use the different APIs (of clouds, services, etc.) to perform the operations
- Community: Terraform has strong community who constantly publishes modules and fixes when needed. This ensures there is good modules maintenance and users can get support quite quickly at any point
1. Write Terraform definitions: `.tf` files written in HCL that described the desired infrastructure state (and run `terraform init` at the very beginning)
This is a manual process. Most of the time this is automated so user submits a PR/MR to propose terraform changes, there is a process to test these changes and once merged they are applied (`terraform apply`).
- Infra provisioning and management: You need to automated or code your infra so you are able to test it easily, apply it and make any changes necessary.
- Consistent environments: You manage environments such as test, production, staging, ... and looking for a way to have them consistent so any modification in one of them, applies to other environments as well
<summary>What's the difference between Terraform and technologies such as Ansible, Puppet, Chef, etc.</summary><br><b>
Terraform is considered to be an IaC technology. It's used for provisioning resources, for managing infrastructure on different platforms.
Ansible, Puppet and Chef are Configuration Management technologies. They are used once there is an instance running and you would like to apply some configuration on it like installing an application, applying security policy, etc.
To be clear, CM tools can be used to provision resources so in the end goal of having infrastructure, both Terraform and something like Ansible, can achieve the same result. The difference is in the how. Ansible doesn't saves the state of resources, it doesn't know how many instances there are in your environment as opposed to Terraform. At the same time while Terraform can perform configuration management tasks, it has less modules support for that specific goal and it doesn't track the task execution state as Ansible. The differences are there and it's most of the time recommended to mix the technologies, so Terraform used for managing infrastructure and CM technologies used for configuration on top of that infrastructure.
Run `terraform init`. This will scan the code in the directory to figure out which providers are used (in this case AWS provider) and will download them.
<summary>You've executed <code>terraform init</code> and now you would like to move forward to creating the resources but you have concerns and would like to make be 100% sure on what you are going to execute. What should you be doing?</summary><br><b>
Execute `terraform plan`. That will provide a detailed information on what Terraform will do once you apply the changes.
</b></details>
<details>
<summary>You've downloaded the providers, seen the what Terraform will do (with terraform plan) and you are ready to actually apply the changes. What should you do next?</summary><br><b>
Run `terraform apply`. That will apply the changes described in your .tf files.
</b></details>
<details>
<summary>Explain the meaning of the following strings that seen at the beginning of each line When you run <code>terraform apply</code>
* '+'
* '-'
* '-/+'
</summary><br><b>
* '+' - The resource or attribute is going to be added
* '-' - the resource or attribute is going to be removed
* '-/+' - the resource or attribute is going to be replaced
`terraform destroy` will cleanup all the resources tracked by Terraform.
A user should be careful with this command because there is no way to revert it. Sure, you can always run again "apply" but that can take time, generates completely new resources, etc.
<summary>Sometimes you need to reference some resources in the same or separate .tf file. Why and how it's done?</summary><br><b>
Why: because resources are sometimes connected or need to be connected. For example, you create an AWS instance with "aws_instance" resource but, at the same time you would like also to allow some traffic to it (because by default traffic is not allowed). For that you'll create a "aws_security_group" resource and then, in your aws_instance resource, you'll reference it.
<summary>Does it matter in which order Terraform creates resources?</summary><br><b>
Yes, when there is a dependency between different Terraform resources, you want the resources to be created in the right order and this is exactly what Terraform does.
To make it ever more clear, if you have a resource X that references the ID of resource Y, it doesn't makes sense to create first resource X because it won't have any ID to get from a resource that wasn't created yet.
</b></details>
<details>
<summary>Is there a way to print/see the dependencies between the different resources?</summary><br><b>
Yes, with `terraform graph`
The output is in DOT - A graph description language.
<summary>Explain what is a "provider"</summary><br><b>
[terraform.io](https://www.terraform.io/docs/language/providers/index.html): "Terraform relies on plugins called "providers" to interact with cloud providers, SaaS providers, and other APIs...Each provider adds a set of resource types and/or data sources that Terraform can manage. Every resource type is implemented by a provider; without providers, Terraform can't manage any kind of infrastructure."
<summary>Write a configuration of a Terraform provider (any type you would like)</summary><br><b>
AWS is one of the most popular providers in Terraform. Here is an example of how to configure it to use one specific region and specifying a specific version of the provider
Variables allow you define piece of data in one location instead of repeating the hardcoded value of it in multiple different locations. Then when you need to modify the variable's value, you do it in one location instead of changing each one of the hardcoded values.
You can use something like the `-var` option to provide the value and avoid being prompted to insert a value. Another option is to run `export TF_VAR_<VAR_NAME>=<VALUE>`.
<summary>What are output variables? Why do we need them?</summary><br><b>
Output variable allow you to display/print certain piece of data as part of Terraform execution.
The most common use case for it is probably to print the IP address of an instance. Imagine you provision an instance and you would like to know what the IP address to connect to it. Instead of looking for it for the console/OS, you can use the output variable and print that piece of information to the screen
</b></details>
<details>
<summary>Explain the "sensitive" parameter of output variable</summary><br><b>
When set to "true", Terraform will avoid logging output variable's data. The use case for it is sensitive data such as password or private keys.
<summary>Explain the "depends" parameter of output variable</summary><br><b>
It is used to set explicitly dependency between the output variable and any other resource. Use case: some piece of information is available only once another resource is ready.
Similarly to variables they serve as placeholders for data and values. Differently from variables, users can't override them by passing different values.
</b></details>
<details>
<summary>What's the use case for using locals?</summary><br><b>
You have multiple hardcoded values that repeat themselves in different sections, but at the same time you don't want to expose them as in, allow users to override values.
<summary>Is it possible to modify the default lifecycle? How? Why?</summary><br><b>
Yes, it's possible. There are different lifecycles one can choose from. For example "create_before_destroy" which inverts the order and first creates the new resource, updates all the references from old resource to the new resource and then removes the old resource.
How to use it:
```
lifecycle {
create_before_destroy = true
}
```
Why to use it in the first place: you might have resources that have dependency where they dependency itself is immutable (= you can't modify it hence you have to create a new one), in such case the default lifecycle won't work because you won't be able to remove the resource that has the dependency as it still references an old resource. AWS ASG + launch configurations is a good example of such use case.
<summary>You've deployed a virtual machine with Terraform and you would like to pass data to it (or execute some commands). Which concept of Terraform would you use?</summary><br><b>
<summary>Why is it often recommended to use provisioners as last resort?</summary><br><b>
Since a provisioner can run a variety of actions, it's not always feasible to plan and understand what will happen when running a certain provisioner. For this reason, it's usually recommended to use Terraform built-in option, whenever's possible.
<code>terraform taint resource.id</code> manually marks the resource as tainted in the state file. So when you run <code>terraform apply</code> the next time, the resource will be destroyed and recreated.
<summary>What are output variables and what <code>terraform output</code> does?</summary><br><b>
Output variables are named values that are sourced from the attributes of a module. They are stored in terraform state, and can be used by other modules through <code>remote_state</code>
</b></details>
<details>
<summary>Explain <code>remote-exec</code> and <code>local-exec</code></summary><br><b>
</b></details>
<details>
<summary>Explain "Remote State". When would you use it and how?</summary><br><b>
Terraform generates a `terraform.tfstate` json file that describes components/service provisioned on the specified provider. Remote
State stores this file in a remote storage media to enable collaboration amongst team.
State locking is a mechanism that blocks an operations against a specific state file from multiple callers so as to avoid conflicting operations from different team members. Once the first caller's operation's lock is released the other team member may go ahead to
carryout his own operation. Nevertheless Terraform will first check the state file to see if the desired resource already exist and
[terraform.io](https://www.terraform.io/language/state): "Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures."
In other words, it's a mechanism in Terraform to track resources you've created or cleaned up. This is how terraform knows what to update/create/delete when you run `terraform apply` and also other commands like `terraform destroy`.
<summary>Where Terraform state is stored?</summary><br><b>
There is more than one answer to this question. It's very much depends on whether you share it with others or it's only local in your Terraform directory, but taking a beginner's case, when you run terraform in a directory, the state will be stored in that directory in `terraform.tfstate` file.
* The representation of resources - JSON format of the resources, their attributes, IDs, ... everything that required to identify the resource and also anything that was included in the .tf files on these resources
<summary>Why does it matter where you store the tfstate file? In your answer make sure to address the following:
* Public vs. Private
* Git repository vs. Other locations
</summary><br><b>
- tfstate contains credentials in plain text. You don't want to put it in publicly shared location
- tfstate shouldn't be modified concurrently so putting it in a shared location available for everyone with "write" permissions might lead to issues. (Terraform remote state doesn't has this problem).
- tfstate is an important file. As such, it might be better to put it in a location that has regular backups and good security.
As such, tfstate shouldn't be stored in git repositories. secured storage such as secured buckets, is a better option.
In general, storing state file on your computer isn't a problem. It starts to be a problem when you are part of a team that uses Terraform and then you would like to make sure it's shared. In addition to being shared, you want to be able to handle the fact that different teams members can edit the file and can do it at the same time, so locking is quite an important aspect as well.
</b></details>
<details>
<summary>Mention some best practices related to tfstate</summary><br><b>
- Don't edit it manually. tfstate was designed to be manipulated by terraform and not by users directly.
- Store it in secured location (since it can include credentials and sensitive data in general)
- Backup it regularly so you can roll-back easily when needed
- Store it in remote shared storage. This is especially needed when working in a team and the state can be updated by any of the team members
- Enabled versioning if the storage where you store the state file, supports it. Versioning is great for backups and roll-backs in case of an issue.
If there are two users or processes concurrently editing the state file it can result in invalid state file that doesn't actually represents the state of resources.<br>
To avoid that, Terraform can apply state locking if the backend supports that. For example, AWS s3 supports state locking and consistency via DynamoDB. Often, if the backend supports it, Terraform will make use of state locking automatically so nothing is required from the user to activate it.
<summary>Describe how you manage state file(s) when you have multiple environments (e.g. development, staging and production)</summary><br><b>
Probably no right or wrong answer here, but it seems, based on different source, that the overall preferred way is to have a dedicated state file per environment.
* Sensitive data: some resources may specify sensitive data (like passwords and tokens) and everything in a state file is stored in plain text
* Prone to errors: when working with Git repos, you mayo often find yourself switch branches, checkout specific commits, perform rebases, ... all these operations may end up in you eventually performing `terraform apply` on non-latest version of your Terraform code
Terraform backend determines how the Terraform state is stored and loaded. By default the state is local, but it's possible to set a remote backend
</b></details>
<details>
<summary>Describe how to set a remote backend of any type you choose</summary><br><b>
Let's say we chose use Amazon s3 as a remote Terraform backend where we can store Terraform's state.
1. Write Terraform code for creating an s3 bucket
1. It would be a good idea to add lifecycle of "prevent_destroy" to it so it's not accidentally deleted
2. Enable versioning (add a resource of "aws_s3_bucket_versioning")
3. Encrypt the bucket ("aws_s3_bucket_server_side_encryption_configuration")
4. Block public access
5. Handle locking. One way is to add DB for it
6. Add the point you'll want to run init and apply commands to avoid an issue where you at the same time create the resources for remote backend and also switch to a remote backend
7. Once resources were created, add Terraform backend code
```
terraform {
backend "s3" {
bucket ...
}
}
```
7. Run `teraform init` as it will configure the backend
That's true and quite a limitation as it means you'll have to go to the resources of the remote backend and copy some values to the backend configuration.
One way to deal with it is using partial configurations in a completely separate file from the backend itself and then load them with `terraform init -backend-config=some_backend_partial_conf.hcl`
[developer.hashicorp.com](https://developer.hashicorp.com/terraform/language/state/workspaces): "The persistent data stored in the backend belongs to a workspace. The backend initially has only one workspace containing one Terraform state associated with that configuration. Some backends support multiple named workspaces, allowing multiple states to be associated with a single configuration."
One reason is that all the workspaces are stored in one location (as in one backend) and usually you don't want to use the same access control and authentication for both staging and production for obvious reasons. Also working in workspaces is quite prone to human errors as you might accidentally think you are in one workspace, while you are working a completely different one.
<summary>How to define an input variable which is a list of numbers?</summary><br><b>
```
variable "list_of_nums" {
type = list(number)
description = "An example of list of numbers"
default = [2, 0, 1, 7]
}
```
</b></details>
<details>
<summary>How to create a number of resources based on the length of a list?</summary><br><b>
```
resource "some_resource" "some_name" {
count = length(var.some_list)
}
```
</b></details>
<details>
<summary>You have a list variable called "users". How to access the second item in that list and attribute called "name"?</summary><br><b>
`users[1].name`
</b></details>
<details>
<summary>You have a list variable called "users". How to access attribute "name" of all items?</summary><br><b>
`users[*].name`
</b></details>
#### Loops
<details>
<summary>What loops are useful for in Terraform?</summary><br><b>
The most common use case is when you need to create multiple resources with only a slight difference (like different name). Instead of defining multiple separate resources, you can define it once and create multiple instances of it using loops.
</b></details>
<details>
<summary>Demonstrate how to define a simple Terraform loop</summary><br><b>
```
resource "aws_instance" "server" {
count = 15
}
```
The above configuration will create 15 aws instances.
</b></details>
<details>
<summary>How to create multiple AWS instances but each with a different name?</summary><br><b>
```
resource "aws_instance" "server" {
count = 6
tags = {
Name = "instance-${count.index}"
}
}
```
The above configuration will create 6 instances, each with a different name.
</b></details>
<details>
<summary>You have the following variable defined in Terraform
```
variable "users" {
type = list(string)
default = ["mario", "luigi", "peach"]
}
```
How to use it to create users on one of the public clouds (or any other platform, infra)?
</summary><br><b>
```
resource "aws_iam_user" "user" {
count = length(var.users)
name = var.users[count.index]
}
```
</b></details>
<details>
<summary>Is there any limitation to "count" meta-argument?</summary><br><b>
*`count` isn't supported within an inline block
* It's quite limited when it comes to lists.You'll notice that modifying items in lists or even operations like removal sometimes interpreted in a way you didn't expect. For example, removing an item from a list, may shift other items to a new position and since each position represents a resource with count, that may lead to a result where wrong resources are being modified and removed. There are ways to do deal it, but still using count with lists is not always straightforward
</b></details>
<details>
<summary>What's a for_each loop? How is it different from "count"?</summary><br><b>
* for_each can applied only on collections like maps or sets (as opposed to count that can be applied on lists)
* for_each helps to deal with the limitation of `count` which isn't optimal for use cases of modifying lists
* for_each supports inline blocks as opposed to `count`
</b></details>
<details>
<summary>Demonstrate how to use the for_each loop</summary><br><b>
<summary>There is a list variable called "users". You would like to define an output variable with a value of all users in uppercase. How to achieve that?</summary><br><b>
The above code will fail as it's not possible to reference resource outputs with count, because Terraform has to compute count before any resources are created (or modified).
</b></details>
<details>
<summary>There is a variable called "values" with the following value: ["mario", "luigi", "peach"]. How to create an output variable with the string value of the items in the list: "mario, luigi, peach," ?</summary><br><b>
```
output "users" {
value = "%{ for name in var.values }${name}, %{ endfor }"
}
```
</b></details>
<details>
<summary>There is a list variable called "users". You would like to define an output variable with a value of all users in uppercase but only if the name is longer than 3 characters. How to achieve that?</summary><br><b>
value = [for name in var.user_names : upper(name) if length(name) > 3]
}
```
</b></details>
#### Maps
<details>
<summary>There is a map called "instances"
* How to extract only the values of that map?
* How to extract only the attribute "name" from each value?
</summary><br><b>
* Using the values built-in function: `values(instances)`
*`values(instances)[*].name`
</b></details>
<details>
<summary>You have a map variable, called "users", with the keys "name" and "age". Define an output list variable with the following "my name is {name} and my age is {age}"</summary><br><b>
```
output "name_and_age" {
value = [for name, age in var.users : "my name is ${name} and my age is ${age}"]
<summary>You have a map variable, called "users", with the keys "name" (string) and "age" (float). Define an output map variable with the key being name in uppercase and value being age in the closest whole number </summary><br><b>
```
output "name_and_age" {
value = {for name, age in var.users : upper(name) => floor(age)
}
```
</b></details>
#### Conditionals
<details>
<summary>How to use conditional expressions in Terraform?</summary><br><b>
<summary>What are meta-arguments in Terraform?</summary><br><b>
Arguments that affect the lifecycle of a resources (its creation, modification, ...) and supported by Terraform regardless to the type of resource in which they are used.
Some examples:
* count: how many resources to create out of one definition of a resource
* lifecycle: how to treat resource creation or removal
</b></details>
<details>
<summary>What meta-arguments are you familiar with?</summary><br><b>
* count: how many resources to create out of one definition of a resource
* lifecycle: how to treat resource creation or removal
* depends_on: create a dependency between resources
<summary>What <code>templatefile</code> function does?</summary><br><b>
Renders a template file and returns the result as string.
</b></details>
<details>
<summary>You are trying to use templatefile as part of a module and you use a relative path to load a file but sometimes it fails, especially when others try to reuse the module. How can you deal with that?</summary><br><b>
Switch relative paths with what is known as path references. These are fixes paths like module root path, module expression file path, etc.
</b></details>
<details>
<summary>How do you test terraform syntax?</summary><br><b>
A valid answer could be "I write Terraform configuration and try to execute it" but this makes testing cumbersome and quite complex in general.
There is `terraform console` command which allows you to easily execute terraform functions and experiment with general syntax.
</b></details>
<details>
<summary>True or False? Terraform console should be used carefully as it may modify your resources</summary><br><b>
False. terraform console is ready-only.
</b></details>
<details>
<summary>You need to render a template and get it as string. Which function would you use?</summary><br><b>
`depends_on` used to create a dependency between resources in Terraform. For example, there is an application you would like to deploy in a cluster. If the cluster isn't ready (and also managed by Terraform of course) then you can't deploy the app. In this case, you will define "depends_on" in the app configuration and its value will be the cluster resource.
[Terraform.io](https://www.terraform.io/language/modules/develop): "A module is a container for multiple resources that are used together. Modules can be used to create lightweight abstractions, so that you can describe your infrastructure in terms of its architecture, rather than directly in terms of physical objects."
In addition, modules are great for creating reusable Terraform code that can be shared and used not only between different repositories but even within the same repo, between different environments (like staging and production).
There are multiple answers, but the most common answer would likely to be using the tool <code>terratest</code>, and to test that a module can be initialized, can create resources, and can destroy those resources cleanly.
<summary>When creating a module, do you prefer to use inline blocks, separate resources or both? why?</summary>
No right or wrong here.
Personally, I prefer to use only separate resources in modules as it makes modules more flexible. So if a resource includes inline blocks, that may limit you at some point.
</b></details>
<details>
<summary>True or False? Module source can be only local path</summary>
False. It can be a Git URL, HTTP URL, ... for example:
<summary>You noticed there are relative paths in some of your modules and you would like to change that. What can you do and why is that a problem in the first place?</summary><br><b>
Relative paths usually work fine in your own environment as you are familiar with the layout and paths used, but when sharing a module and making it reusable, you may bump into issues as it runs on different environments where the relative paths may no longer be relevant.
A better approach would be to use `path reference` like one of the following:
*`path.module`: the path of the module where the expression is used
*`path.cwd`: the path of the current working directory
*`path.root`: the path of the root module
</b></details>
#### Modules Hands-On
<details>
<summary>How to use a module?</summary><br><b>
The general syntax is:
```
module "<MODULE_NAME>" {
source = "<MODULE_SOURCE>"
...
}
```
The critical part is the source which you use to tell Terraform where the module can be found.
</b></details>
<details>
<summary>Demonstrate using a module called "amazing_modle" in the path "../modules/amazing-module"</summary><br><b>
```
module "amazing_module" {
source = "../modules/amazing-module"
}
```
</b></details>
<details>
<summary>What should be done every time you modify the source parameter of a module?</summary><br><b>
`terraform init` should be executed as it takes care of downloading and installing the module from the new path.
<summary>You have a Git repository with Terraform files but no .gitignore. What would you add to a .gitignore file in Terraform repository?</summary><br><b>
```
.terraform
*.tfstate
*.tfstate.backup
```
You don't want to store state file nor any downloaded providers in .terraform directory. It also doesn't makes sense to share/store the state backup files.
<summary>You manage ASG with Terraform which means you also have "aws_launch_configuration" resources. The problem is that launch configurations are immutable and sometimes you need to change them. This creates a problem where Terraform isn't able to delete ASG because they reference old launch configuration. How to do deal with it?</summary><br><b>
Add the following to "aws_launch_configuration" resource
```
lifecycle {
create_before_destroy = true
}
```
This will change the order of how Terraform works. First it will create the new resource (launch configuration). then it will update other resources to reference the new launch configuration and finally, it will remove old resources
<summary>How would you enforce users that use your variables to provide values with certain constraints? For example, a number greater than 1</summary><br><b>
Using `validation` block
```
variable "some_var" {
type = number
validation {
condition = var.some_var > 1
error_message = "you have to specify a number greater than 1"
<summary>What's the issue with the following provider configuration?
```
provider "aws" {
region = "us-west-1"
access_key = "blipblopblap"
secret_key = "bipbopbipbop"
}
```
</summary><br><b>
It's not secure! you should never store credentials in plain text this way.
</b></details>
<details>
<summary>What can you do to NOT store provider credentials in Terraform configuration files in plain text?</summary><br><b>
1. Use environment variables
2. Use password CLIs (like 1Password which is generic but there also specific provider options like aws-vault)
</b></details>
<details>
<summary>How can you manage secrets/credentials in CI/CD?</summary><br><b>
That very much depends on the CI/CD system/platform you are using.
- GitHub Actions: Use Open ID Connect (OIDC) to establish connection with your provider. You then can specify in your GitHub Actions workflow the following:
```
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::someIamRole
aws-region: ...
```
- Jenkins: If Jenkins runs on the provider, you can use the provider access entities (like roles, policies, ...) to grant the instance, on which Jenkins is running, access control
- CircleCI: you can use `CircleCI Context` and then specify it in your CircleCI config file
```
context:
- some-context
```
</b></details>
<details>
<summary>What are the pros and cons of using environment variables for managing secrets in Terraform configurations?</summary><br><b>
Pros:
* You avoid using secrets directly in configurations in plain text
* free (no need to pay for secret management platforms/solutions)
* Straightforward to use
Cons:
* Configurations might not be usable without the environment variables which may make impact the user experience as the user has to know what environment variables he should pass for everything to work properly
* Mostly managed outside of Terraform mechanisms which makes it hard to enforce, track, ... anything that is related to secrets when it depends on the user to pass environment variables
</b></details>
<details>
<summary>True or False? If you pass secrets with environment variables, they are not visible in your state file</summary><br><b>
False. State files include sensitive data as it is. Which means it's very important that wherever you store your state file, it's encrypted and accessible only to those who should be able to access it.
</b></details>
<details>
<summary>True or False? If you pass secrets from a centralized secrets store (like Hashicorp Vault) they are not visible in plan files (terraform plan)</summary><br><b>
False. It doesn't matter where your secrets store (file, environment variables, centralized secrets store), they will be visible in both state file and plan output.
<summary>An engineer in your team complains about having to copy-paste quite a lot of code between different folders and files of Terraform. What would you do?</summary><br><b>
<summary>When working with nested layout of many directories, it can make it cumbresome to run terraform commands in many different folders. How to deal with it?</summary><br><b>
<summary>One of the engineers in your team complains the inline shell scripts are quite big and maintaining them in Terraform files seems like a bad idea. What would you do?</summary><br><b>
A good solution for not including shell scripts inline (as in inside terraform configuration files) is to keep them in a separate file and then use the terraform `templatefile` function to render and get them as a string
<summary>You noticed a lot of your Terraform code/configuration is duplicated, between repositories and also within the same repository between different directories. What one way you may adopt that will help handling with that?</summary><br><b>
Using Terraform modules can help greatly with duplicated code and so different environments for example (staging and production) can reuse the same code by using the same modules.
<summary>You noticed your Terraform code includes quite a lot of hardcoded values (like ports, subnets, ...) and they are duplicated in many locations. How'd you deal with it?</summary><br><b>
Using variables might not be a good solution because some things shouldn't be exposed and accidentally overridden. In such case you might want to use the concept of `locals`
<summary>Every time there is a change in tags standards (for example your team decided to change one of the tags' name) you find yourself changing tags in multiple files and you find the process quite tedious. What can be done about it?</summary><br><b>
Instead of defining tags at resource level, consider using `default_tags` as part of the provider configuration.
<summary>You try to deploy a cluster and an app on that cluster, but the app resource was created before the cluster. How to manage such situation?</summary><br><b>
Use the meta-argument `depends_on` in the app resource definition. This way the app will depend on the cluster resource and order will be maintained in creation of the resources.
