HashiCorp Terraform Associate Exam Guide (003)
Prove your Infrastructure as Code expertise with this comprehensive Terraform Associate study guide covering IaC concepts, Terraform workflow, configuration language, state management, modules, and the Terraform Cloud ecosystem. This guide provides a structured path through all exam objectives with HCL code examples, CLI exercises, and practice questions that test both conceptual understanding and practical skills. Terraform is the industry standard for multi-cloud infrastructure provisioning, and this certification validates that you can write, plan, and apply Terraform configurations in production environments.
Key Features
- All exam objectives covered with study priorities and hands-on exercises
- HCL language deep dives covering resources, variables, outputs, locals, data sources, and expressions
- State management patterns including remote backends, state locking, and state manipulation
- Module development with input variables, output values, versioning, and registry publishing
- Terraform workflow mastery: init, plan, apply, destroy with real-world patterns
- Provider configuration for multi-cloud and multi-region deployments
- Terraform Cloud and Enterprise features: workspaces, sentinel policies, and VCS integration
Study Plan
Week 1-2: IaC Concepts and Terraform Basics (18% of exam)
- Infrastructure as Code benefits: versioning, automation, consistency, collaboration
- Terraform vs. other IaC tools: CloudFormation, Pulumi, Ansible
- Terraform workflow: write, plan, apply, destroy
- Provider architecture and the Terraform Registry
- Installing Terraform and configuring the CLI
Week 3-4: Terraform Configuration Language (30% of exam)
- Resources: arguments, attributes, meta-arguments (count, for_each, depends_on)
- Variables: input variables, type constraints, defaults, validation rules
- Outputs: declaring, referencing, and using outputs across configurations
- Data sources: querying existing infrastructure
- Expressions: conditionals, for expressions, splat expressions, dynamic blocks
- Built-in functions: string, numeric, collection, filesystem, type conversion
Week 5-6: State Management (14% of exam)
- Purpose of Terraform state and how it maps to real infrastructure
- Remote backends: S3, Azure Blob, GCS, Terraform Cloud
- State locking and consistency mechanisms
- State commands: terraform state list, show, mv, rm, pull, push
- Sensitive data in state and state encryption
Week 7-8: Modules and Workspaces (18% of exam)
- Module structure: main.tf, variables.tf, outputs.tf, versions.tf
- Using modules from the registry, Git, and local paths
- Module versioning and dependency management
- Terraform workspaces for environment management
- Module composition patterns
Week 9-10: Terraform Cloud and Workflow (20% of exam)
- Terraform Cloud workspaces vs. CLI workspaces
- VCS-driven workflow and API-driven workflow
- Sentinel policy as code framework
- Cost estimation and run notifications
- Private module registry and team management
Key Topics
| Domain | Weight | Focus Areas |
|---|---|---|
| IaC Concepts | 18% | Benefits, workflow, providers |
| Configuration Language | 30% | Resources, variables, expressions |
| State Management | 14% | Remote state, locking, commands |
| Modules and Workspaces | 18% | Structure, registry, versioning |
| Terraform Cloud | 20% | Workspaces, Sentinel, VCS |
Practice Questions
Q1: A Terraform configuration uses count = 3 on an aws_instance resource. How do you reference the second instance in an output?
A1: aws_instance.example[1] — when using count, resources are indexed starting at 0. The second instance is at index 1. To reference all instances, use the splat expression aws_instance.example[*].id. To reference a specific attribute: aws_instance.example[1].public_ip.
Q2: A team wants to use the same Terraform configuration for dev, staging, and production environments with different variable values. What is the recommended approach?
A2: Use Terraform workspaces combined with .tfvars files for each environment. Create workspaces with terraform workspace new dev, terraform workspace new staging, terraform workspace new prod. Use terraform.workspace in the configuration to conditionally set values, and apply with -var-file=environments/dev.tfvars. For larger teams, Terraform Cloud workspaces provide better isolation with separate state files and variable sets per environment.
Q3: After applying a configuration, a colleague manually changes a resource's tags in the AWS Console. What happens on the next terraform plan?
A3: Terraform will detect the drift between the state file and the actual infrastructure. The plan will show a modification to change the tags back to match the configuration. Terraform state represents the last known configuration, and plan compares desired state (config) with actual state (API) to generate a diff. To accept the manual change, either update the configuration to match or run terraform apply -refresh-only to update state without changing infrastructure.
Q4: A module needs to create either a public or private S3 bucket based on an input variable. How should this be implemented?
A4:
A4: Use a boolean variable is_public with conditional arguments on aws_s3_bucket_public_access_block — set block_public_acls = !var.is_public, etc. Avoid using count to conditionally create entirely different resources when a single resource with conditional arguments is cleaner.
Lab Exercises
Lab 1: Core Terraform Workflow
mkdir terraform-lab && cd terraform-lab
# Create main.tf with provider, variable, resource, and output blocks
# Key pattern: terraform { required_providers { aws = { source = "hashicorp/aws" } } }
# Execute the full workflow
terraform init # Download providers
terraform plan -out=tfplan # Preview changes
terraform apply tfplan # Apply changes
terraform output # View outputs
terraform destroy -auto-approve # Clean up
Lab 2: Module Development
# modules/vpc/main.tf — define reusable VPC module
variable "cidr_block" { type = string }
variable "environment" { type = string }
resource "aws_vpc" "this" {
cidr_block = var.cidr_block
enable_dns_hostnames = true
tags = { Name = "${var.environment}-vpc" }
}
output "vpc_id" { value = aws_vpc.this.id }
# Root main.tf — consume the module with different inputs
module "dev_vpc" { source = "./modules/vpc"; cidr_block = "10.0.0.0/16"; environment = "dev" }
module "prod_vpc" { source = "./modules/vpc"; cidr_block = "10.1.0.0/16"; environment = "prod" }
Lab 3: State Management Operations
terraform state list # List all resources
terraform state show aws_s3_bucket.lab # Show resource details
terraform state mv aws_s3_bucket.lab aws_s3_bucket.app # Rename in state
terraform state rm aws_s3_bucket.legacy # Remove from state
terraform import aws_s3_bucket.existing my-bucket-name # Import existing
Exam Tips
- Configuration Language is 30% — the biggest domain; master resources, variables, data sources, and expressions
-
Know the workflow order —
init(plugins) ->validate(syntax) ->plan(diff) ->apply(execute) ->destroy(teardown) - State file is critical — understand that Terraform state maps config to real resources; never edit state manually
-
count vs. for_each —
countuses integer index,for_eachuses map/set keys;for_eachis preferred for resources that might be removed from the middle -
Backend configuration — cannot use variables in backend blocks; use
-backend-configflags or partial configuration -
Provider version constraints —
~> 5.0means>= 5.0, < 6.0;>= 5.0, < 5.5is explicit range - Read the Terraform docs — the exam tests real knowledge; bookmark the functions page and meta-arguments page
Resources
- Terraform Associate Exam Review
- Terraform Documentation
- Terraform Registry
- Terraform Built-in Functions
This is 1 of 11 resources in the Certification Prep Pro toolkit. Get the complete [Terraform Associate Cert Prep] with all files, templates, and documentation for $49.
Or grab the entire Certification Prep Pro bundle (11 products) for $249 — save 30%.
Top comments (0)