π― Real-World Scenario
You just joined a company as a DevOps Engineer.
Your manager asks you:
βSet up a new Terraform project that uses AWS as the provider, and configure the backend so our state is stored safely in S3. Also, set up state locking using DynamoDB.β
This is the first thing Terraform engineers do in any company.
𧩠What you will learn (Interview Value)
- What a provider is in Terraform
- Why Terraform uses a backend
- What state, remote backend, and state locking mean
- Why companies NEVER allow local state
- How to write backend and provider blocks
- How terraform init works internally
These are asked in 90% of Terraform interviews.
ποΈ Folder Structure for Practice
Create a folder:
terraform-lab-01/
βββ main.tf
βββ backend.tf
βββ provider.tf
π§ͺ Step 1 β Create the S3 bucket and DynamoDB table (manually)
Before Terraform can use backend, the backend must exist already.
Create S3 bucket:
tf-backend-lab-123
Create DynamoDB table:
Name: tf-state-lock
Partition key: LockID (String)
π§ͺ Step 2 β Create backend.tf
terraform {
backend "s3" {
bucket = "tf-backend-lab-123"
key = "env/dev/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "tf-state-lock"
encrypt = true
}
}
π¬ Interview Tip:
If they ask βWhy do we store state in S3?β:
β Remote state enables team collaboration
β Prevents βstate corruptionβ
β S3 gives versioning, encryption, backups
β DynamoDB prevents multiple people applying at the same time
β Required for CI/CD automation
π§ͺ Step 3 β Create provider.tf
provider "aws" {
region = var.region
}
Create variables.tf (optional but clean):
variable "region" {
default = "us-east-1"
}
π§ͺ Step 4 β Add a simple resource to test the setup
In main.tf:
resource "aws_s3_bucket" "demo" {
bucket = "latchudevops-bucket-12345"
}
π§ͺ Step 5 β Initialize the project
Run:
terraform init
You should see:
Initializing the backend...
Terraform has been successfully initialized!
This means:
- Backend is connected
- Terraform downloaded the AWS provider plugin
- State file will be written to S3 bucket
π§ͺ Step 6 β Run plan & apply
terraform plan
terraform apply
The S3 bucket should be created.
π§ͺ Step 7 β Verify remote state
Check:
- S3 β your state file env/dev/terraform.tfstate
- DynamoDB β new lock entry during apply
π€ Interview-Level Explanation (Use this Answer!)
Q: What is a provider in Terraform?
Terraform does not create resources directly. Providers act as plugins to interact with cloud platforms like AWS, Azure, GCP, GitHub, Kubernetes, etc.
The AWS provider allows Terraform to call AWS APIs and manage resources.
Q: What is Terraform state? Why do we need it?
Terraform keeps a map of your real AWS resources in a state file.
Without state, Terraform can't understand what it created previously.
State helps Terraform:
- Detect drift
- Track changes
- Plan updates
- Destroy resources safely
Q: Why use a remote backend like S3?
Because local state cannot be used by teams. Remote backend (S3 + DynamoDB) gives:
β Shared state for team collaboration
β State locking β prevents corruption
β Encryption and versioning
β Required for CI/CD pipelines
Q: Why do we need DynamoDB for state locking?
To prevent two engineers (or CI/CD pipeline) from applying at the same time.
It ensures only 1 apply runs at a time β avoids broken state.
Q: What happens during terraform init?
- Downloads providers
- Initializes backend
- Prepares terraform working directory
- Checks and migrates state if backend changes
βοΈ Expected Output
You end Day 1 with:
β Terraform project initialized
β AWS provider configured
β Remote backend working (S3 + DynamoDB)
β First resource deployed
β You understand providers, backends, state & locking
β You can answer real Terraform interview questions
π Thanks for reading! If this post added value, a like β€οΈ, follow, or share would encourage me to keep creating more content.
β Latchu | Senior DevOps & Cloud Engineer
βοΈ AWS | GCP | βΈοΈ Kubernetes | π Security | β‘ Automation
π Sharing hands-on guides, best practices & real-world cloud solutions
Top comments (0)