How I Audited My Gaps and Built a Study Plan
Day 23 of the 30-Day Terraform Challenge — and today I shifted from building infrastructure to preparing for the certification.
After 22 days of hands-on work, I thought I was ready. Then I looked at the official exam objectives.
I wasn't as ready as I thought.
The Domain Audit
The exam covers 9 domains with different weights. Here's my honest self-assessment:
| Domain | Weight | My Rating |
|---|---|---|
| IaC concepts | 16% | 🟢 Green |
| Terraform's purpose | 20% | 🟢 Green |
| Terraform basics | 24% | 🟢 Green |
| Terraform CLI | 26% | 🟡 Yellow |
| Modules | 12% | 🟢 Green |
| Core workflow | 8% | 🟢 Green |
| State management | 8% | 🟡 Yellow |
| Configuration | 8% | 🟢 Green |
| Terraform Cloud | 4% | 🔴 Red |
Green = I can explain and have done it hands-on.
Yellow = I understand conceptually but need practice.
Red = I need to learn this.
The CLI and state sections are more detailed than I expected. Terraform Cloud is almost entirely new to me.
CLI Commands — Know Them Cold
The exam tests specific command flags. You need to know what each command does and when to use it.
| Command | What it does |
|---|---|
terraform init |
Downloads providers, initializes backend |
terraform validate |
Checks syntax and consistency |
terraform fmt |
Formats code to canonical style |
terraform plan |
Shows proposed changes |
terraform apply |
Creates or updates infrastructure |
terraform destroy |
Removes all resources |
terraform output |
Reads outputs from state |
terraform state list |
Lists resources in state |
terraform state show |
Shows resource attributes |
terraform state mv |
Moves resource between states |
terraform state rm |
Removes from state (no destroy) |
terraform import |
Imports existing resources |
terraform workspace |
Manages multiple state files |
terraform providers |
Shows provider versions |
terraform graph |
Outputs dependency graph |
The trickiest is understanding what terraform state rm does to real infrastructure — nothing. It only removes from state.
Non-Cloud Providers
Terraform isn't just for AWS. The random and local providers appear frequently on the exam:
resource "random_id" "suffix" {
byte_length = 4
}
resource "random_password" "db_pass" {
length = 16
special = true
}
resource "local_file" "config" {
content = "Password: ${random_password.db_pass.result}"
filename = "${path.module}/config.txt"
}
Why this matters: The exam expects you to know Terraform works with DNS, TLS, random values, and local files — not just cloud providers.
Terraform Cloud — My Biggest Gap
I used S3 + DynamoDB for remote state. Terraform Cloud has features I haven't touched:
- Remote runs (vs local runs)
- Sentinel policies (run after plan, before apply)
- Private module registry
- Workspace-specific variables
- Cost estimation
This is only 4% of the exam, but it's 100% new to me.
My Study Plan (Days 24-30)
| Topic | Study Method | Time |
|---|---|---|
| terraform state commands | Run each command on test resources | 45 min |
| Sentinel policies | Read docs + write 2 policies | 60 min |
| Terraform Cloud | Complete TFC lab exercises | 90 min |
| CLI flags (-out, -target) | Practice each flag | 45 min |
| Random/local providers | Build example configs | 30 min |
| Official sample questions | Complete all | 60 min |
Practice Questions — Write Your Own
Writing questions forces you to understand the material deeply. Here's one I wrote:
Q: You run terraform state rm aws_instance.web. What happens to the actual EC2 instance?
- A) Terminated immediately
- B) Removed from state only (continues running) ✅
- C) Stopped
- D) Removed from state and terminated
Why the wrong answers are wrong:
- A, C, D describe actions that affect real infrastructure
- Only B correctly states that
state rmaffects only the state file
Official Sample Questions
I scored 8/10 on my first attempt. The two I missed were about:
- Sentinel policy execution timing (runs after plan, before apply)
- Terraform Cloud workspace vs directory structure
These went straight into my study plan.
What I Learned
The CLI section is more detailed than most people expect. You need to know specific flags, not just commands.
Non-cloud providers are tested. Don't skip the random and local providers.
Terraform Cloud is different from open source. If you only used S3 backend, you need to study TFC separately.
Writing practice questions is the best study technique. It forces you to think like the exam writer.
The Bottom Line
The exam tests specific knowledge, not just experience. You can build infrastructure for weeks and still miss questions about terraform state mv or Sentinel policy syntax.
My advice:
- Print the official study guide
- Audit yourself honestly against every objective
- Build a concrete study plan for your gaps
- Write your own practice questions
- Don't underestimate the CLI section
Resources:
Top comments (0)