Terraform Assignment– 6

Terraform with DevOps & Cloud

Basic Questions

  1. Install Terraform on your CI runner and print the version in the pipeline logs.
  2. Create a Jenkins pipeline stage that runs terraform fmt -check and terraform validate.
  3. Create a GitLab CI job that runs terraform init and terraform plan on a sample workspace.
  4. Create a GitHub Actions workflow using hashicorp/setup-terraform to run init → plan.
  5. Store cloud credentials securely in your CI platform and reference them in the Terraform job.
  6. Cache the .terraform directory in CI to speed up future runs.
  7. Publish the terraform plan output as a pipeline artifact for review.
  8. Add a CI job that fails when terraform fmt -check detects formatting issues.
  9. Install Checkov locally and scan your Terraform folder with checkov -d ..
  10. Add a CI job that runs Checkov and fails on high-severity findings.
  11. Initialize a Terraform Cloud workspace and connect it to a VCS repository.
  12. Create a basic Sentinel policy that denies resources without a project tag.
  13. Enable policy checks in Terraform Cloud for your workspace.
  14. Configure providers for AWS and Azure in one root module without creating resources.
  15. Configure the Kubernetes provider pointing to a kubeconfig file path variable.
  16. Create a minimal Terraform file that defines an EKS cluster name variable only.
  17. Add an output that prints the active workspace terraform.workspace.
  18. Create a Makefile target ci-plan that wraps init → validate → plan.
  19. Add .terraform.lock.hcl to version control and explain its purpose in a README.
  20. Generate a skeleton main.tf/variables.tf/outputs.tf for an EKS stack without resources.

Intermediate Questions

  1. Create a Jenkins pipeline with separate stages: fmt, validate, plan, and archive plan.
  2. Create a GitLab .gitlab-ci.yml that runs plan on merge requests and apply on protected branches only.
  3. Create a GitHub Actions workflow that uses OpenID Connect (OIDC) to assume an AWS IAM role for plans.
  4. Add a manual approval step in CI before running terraform apply.
  5. Configure a remote S3 backend with DynamoDB locking and use it from CI.
  6. Run Checkov in CI and allow only documented suppressions via a checkov.yaml config file.
  7. Add a Terratest Go module that runs terraform init/plan and asserts no errors.
  8. Extend the Terratest to apply a small module and verify an output value.
  9. Write a Sentinel policy that restricts AWS regions to [“us-east-1″,”us-west-2”].
  10. Attach the Sentinel policy to your Terraform Cloud workspace and verify a deny event.
  11. Create a small multi-cloud plan: one AWS S3 bucket and one GCP storage bucket (separate providers).
  12. Use for_each to create three Kubernetes namespaces via the Kubernetes provider.
  13. Create a Helm release for NGINX Ingress using the Helm provider after the cluster is ready.
  14. Build an EKS cluster using the terraform-aws-eks Registry module with a single managed node group.
  15. Export kubeconfig data as outputs and write it to a file using a local_file resource.
  16. Add CI artifacts for kubeconfig and EKS outputs, restricted to protected branches.
  17. Implement drift detection in CI by running a nightly terraform plan and posting results.
  18. Add tagging standards in variables and apply them to all AWS resources in the stack.
  19. Create separate workspaces dev and prod and deploy the EKS stack with different node counts.
  20. Add a destroy job in CI that only runs on a destroy/* branch with manual approval.

Advanced Questions

  1. Build a full GitHub Actions workflow: OIDC assume-role → fmt → validate → plan → approval → apply for the EKS stack.
  2. Write a comprehensive Terratest that provisions EKS, fetches kubeconfig, and asserts node readiness (Ready status > 0).
  3. Extend Terratest to deploy a sample Service and verify it responds over ClusterIP using Kubernetes client-go.
  4. Enforce Sentinel policies: require mandatory tags, block public S3 buckets, and cap instance types to t3.*.
  5. Configure multi-cloud modules that deploy AWS EKS and Azure AKS from the same repo using per-workspace variables.
  6. Add Checkov as a required status check in your VCS and block merges on critical findings.
  7. Parameterize node groups with for_each, taints, labels, and desired/min/max scaling in the EKS module call.
  8. Automate VPC creation, EKS cluster, managed node groups, IAM roles for service accounts (IRSA), and outputs in a single apply.
  9. Deploy cluster add-ons with Terraform: VPC CNI, CoreDNS, kube-proxy, and metrics-server via Helm provider.
  10. Deliver an end-to-end hands-on: from CI trigger → plan on PR → Sentinel & Checkov gates → approval → apply EKS → Helm deploy NGINX → print Service endpoint in outputs.